So, what happens if I download the client on one of laptops/PCs (for example my work computer) use it to communicate with peers...And then i wish to setup the client on another laptop/PC (for example my home computer) to contact my same peer/friends...How does the overall network (I guess DHT?) know that "its me!" (the same "me"), and not a different/new peer? With a centralized system there was the concept of identity...but I just don't get how this would work here.
I'll admit I'm not a networking guru here, and I'm absolutely in favor of decentralized communications ...so my question above is not at all to knock on Tox; its me really wanting to know how the above scenario would play out...because I often need to bounce between a few different computers. Anyone know how this would work?
Side note: I am currently using matrix protocol via a synapse/matrix.org home server (using the chat client from https://riot.im/), so for any computer that I use/jump to, I'm represented by my home server (up in the cloud)...so that makes sense to me. I just don't get how jumping computers would work on Tox. Anyone know?
This has been the #1 reason that I havent convinced people to use tox yet.
I sometimes get up and walk away from a computer mid conversation, expecting to continue the conversation on my phone. It's the same reason I won't be using google allo. I need conversations to "sync" across mobile and PC.
I'm not going to sit at a desk all day chatting on my phone, and I'm not going to miss messages just because I went mobile.
I saw somewhere in a previous tox chat, that a possible solution would be a way to pin identities together (i say from desktop "this mobile is me" and from mobile "this desktop is me" and when they match, allow them to pair). And then send every message encrypted to both peers. If you have 5 devices linked, tox would behind the scenes send the message to 5 different destinations.
They havent done anything like this yet as far as I know.
> If you have 5 devices linked, tox would behind the scenes send the message to 5 different destinations.
I dislike existing systems that implement this kind of model since it is too easy for a ghost device to be getting copies of everything. My phone transitioning to different UX clients with notifications/verifications of transitions on its own UX is better.
I agree that I dont like that system (and may be the reason that it hasnt been done), but I'm not fully sure of alternatives either.
But, I dont think a client should transition from one to the other either. I often just get up and walk away from my computer with chats in the background. I wouldnt want to have to tell it to transition.
If you always have one device with you that you trust (your phone) then it can seemlessly transition to duplicating and accepting (some) content to other devices you trust less as you encouter them, in a temporary/renewing fashion. There can be lots of levels of convenience verse paranoia in that kind of system.
If you treat multiple devices equally (even when you routinely leave them unatended) then things quickly fall apart and no paranoia helps.
You could look at kerberos for an example of this style of loaning limited tickets for credentials.
Be warned, Tox claims to protect users from "governments", which is a huge claim.
Yet, it's written in C, it hasn't had a security audit, it does not publish a list of security risks and mitigations, and, regarding its roots in 4chan, see for yourself: https://github.com/irungentoo/toxcore/issues/1186
As for security risks and mitigations, I'd like to do that when we have a web presence with space for it. Right now, the web presence is fairly poor (http://toktok.github.io/). The specification contains some security risks and mitigations.
We are doing exactly that: we are improving the current core and at the same time modelling the behaviour in Haskell. The Haskell version does not do networking and only represents an executable model of the environment. We use that to test core functionality. See http://toktok.github.io/design/testing.
Regarding security audit: my day job is developing high security software. I could do a formal audit, and it would take about 2-3 person-weeks, and be completely useless, because it would result in a huge number of trivial issues that need to be resolved before it could identify real problems. So instead of wasting time and money on that, I've decided to go and fix those trivial issues one by one, and once I'm a bit happier with the code, I'll have two other people do the formal audit.
List of security risks and Tox-ic (BDUM-KSSH) community are worrying, as is the lack of security audits.
As for the fact that it's written in C, GPG, Tor, Psyc, and many other pieces of security software that you trust are written in C. It's dangerous, but writing secure apps isn't impossible.
Yuk! I see this flaw so many products like this, just about anything p2p, blockchain addresses, commit ids, etc. I think there is zero chance of getting anyone who is not technology elite to adopt a product with UX that rotates around these untypeable/unpronounceable/immemorable identifiers. Why aren't Identicons(https://en.wikipedia.org/wiki/Identicon) or QR codes used more?
Human-meaningful: Meaningful and memorable (low-entropy) names are provided to the users.
Secure: Any entity in the system can act maliciously, including the majority of the entities or the available computational power.
Decentralized: There is still only one, unique and specific entity to which a name resolves.
ToxMe[1] seems to attempt to solve this issue by creating a public databases of emails and Tox IDs, though this defeats the object of the service being anonymous.
a common usage, if you're able to do in person meetings, is to produce and scan them with your smartphone. much better than spelling the whole fingerprint. this makes, for instance, gpg key exchange a nice thing finally.
This isn't a flaw, it's a feature. Whoever controls the phone book controls the keys to the kingdom. If the names are numbers generated by some cryptographic system, it is harder to subvert the system.
The difference is that there _is_ meaning to be found in that URL once you learn which standard boilerplate is ignorable. And once you know how to parse them, most web addresses are easy enough to remember. Random alphanumeric strings contain no human-parseable meaning and have no patterns to aid in memorization.
Right now I'm not really bothered about end-to-end encryption. If a government wants to track me, they will find a way. I'm more concerned about Facebook/Google/Microsoft/Apple tracking me, reading my private conversations, and selling my data to the highest bidder. I'd like an open source, decentralised messaging platform, that has good mobile apps.
"If a government wants to track me, they will find a way."
So just hand the data right to them?
"I'm more concerned about Facebook/Google/Microsoft/Apple tracking me, reading my private conversations, and selling my data to the highest bidder."
End-to-end encryption is the only solution to that problem. Open source software and decentralization is nice and all but to become a mobile app it'll have to be compiled and run on a closed platform and will almost certainly use APIs of that platform.
That's potentially a valid concern, but this attitude is why most people just use Messenger, iMessage, and WhatsApp etc.
I don't want something that is perfectly secure, I want something I can run on servers I control, so that every message I send doesn't go through, and be stored on, servers controlled by the big four.
TOX is a great example, as all the services like this try too hard to be perfectly secure, rather than trying to be user friendly. Most people just want something that lets them easily message their friends, and are willing to sacrifice privacy (quite possibly because they are oblivious to it) to have that.
Even OTR + ICQ/AOL/MSN Messenger were better than what we have now in terms of security and privacy, but people gave those up for simplicity.
-- "Open source software and decentralization is nice and all but to become a mobile app it'll have to be compiled and run on a closed platform and will almost certainly use APIs of that platform." --
That's not necessarily true. End to end encryption doesn't need to be a compiled mobile app or send messages over a closed platform.
We built a decentralized, open source, freely distributable, browser-based Twitter client utilizing end-to-end encryption at www.seecret.io specifically to address that.
riot.im [1] (which is based on matrix.org) seems a good, decentralized, open messaging app. They have relatively nice mobile apps and they promise to soon release end-to-end encryption based on the OLM [2] ratchet which is similar to the Signal encryption. In contrast to Tox, Matrix relies on federated servers. Tox is pure P2P which, in my experience, never works very well on mobile devices.
> Tox is pure P2P which, in my experience, never works very well on mobile devices.
That's (UX) my biggest concern, honestly. UX is just too important, and it's becoming an increasingly fast moving bar. Simple things like hitting up arrow to edit your message, to more complex things like stickers and gifs, these are (unfortunately) requirements for me in my peer circles.
They sound silly, i know, but Telegram has (mostly) a great UX, and for such an important tool i can't currently give up features.. let alone convince my friends to likewise give up features.
I totally agree. My hope is that because Matrix has an open protocol, there will be more competition in the client space which will lead (eventually) to good UX.
We (ZeroTier) do P2P on mobile just fine. I just randomly pinged my phone over a virtual network to check.
Granted it depends on how chatty a P2P system is and how much it depends on intermediate nodes for network assist. Ours is pretty idle when nothing is happening, so it doesn't impact battery life or bandwidth quotas very much.
The best design for a P2P network with more involved nodes would probably be to allow nodes to elect their level of availability to perform network assistance roles. Another alternative would be to build a network with two kinds of nodes: 'large' and 'small.' Large nodes could assist small ones.
It's a solvable problem. To some extent "you can't do P2P on mobile" is a dated idea that came from the era when phones were pretty tiny CPU and RAM wise, networks were slower, mobile OSes were more restrictive to background processes, and the battery cost of things like CPU and network I/O was higher. All these things have improved dramatically in recent (past 1-2 years) phone models. The iPhone 7 and the latest Samsung phones have near-desktop-class processors and radios have become more power efficient.
You do have to do a few things differently. One thing we do is to temporally group / quantize background I/O. Instead of sending packets whenever we feel like it, we do it in longer spaced batches when the network is otherwise idle. This saves a lot of battery power by causing the radio to only wake from sleep once for a batch of routine network traffic instead of waking constantly.
Thanks, that looks like it is what I'm after! I saw Matrix a few months ago but didn't realise there were mobile apps. Now time to get my friends on board...
> If a government wants to track me, they will find a way
Things like OTR: https://en.wikipedia.org/wiki/Off-the-Record_Messaging Actually stops these people though, and is even labelled in some of the Snowden Files as being "Catastrophic" to their efforts. But you are right, if they can't get chat on you they can just target you inside the Internet and send a malware payload disguised as an update to your browser.
Do you (or does anyone) know if the wire protocol is open source as well? I see from their website that some of the apps are...but not sure of the protocol...? Because if so, then "someone" could technically retrofit it to "allow decentralization someday".
That is a fundamentally broken design. There is literally no excuse for a simple messenger app to suck up a gigabyte daily. How do you expect people to adopt this when they have broadband and wireless plans with data caps?
I know nothing about TOX design, but it makes (to me, at least) some privacy sense to saturate the network with noise that is in message length, their interarrival time and recipient characteristics similar to the actual communication. No idea if TOX does that.
It seems robust, but I do worry about the client. Has the client been audited properly? I hope the track record's not like Pidgin's https://pidgin.im/news/security/
I tried an earlier version of a tox client. At that time, there were at least two competing clients that looked the same and did the same things. Is the tox civil war over yet?
But you realize that's like saying "Well, I tried IRC but there are dozens of competing clients that all do the same thing."
The Tox protocol is really the core tool. As long as the protocol is well-defined and maintained, I think developers should be free to make whichever clients that they want.
I used tox ages ago, and I used the Blight client or whatever it was called, and I liked it pretty well.
I think a bigger issue is convincing people to use it in small groups. My whole team is just fine using Mattermost/Hipchat/IRC and the majority of them don't see the need for something like this.
In this case, it's not like saying anything about IRC chat clients or Hipchat or whatever your team uses or develops. The clients really did look and behave the same. There was so much overlap between them. Not exaggerating this point.
I had a similar experience and it seemed like they were both being developed by the same core group(s) dividing their time between both (again, my perception) which was confusing as they were very similar.
The preliminary plan is to deliver a high quality implementation of the Tox protocol and then deliver a high quality client. I personally don't have time to do both, and the team has very limited resources. The most actively developed client is currently qTox.
I've been a private beta tester for an iOS client for Tox called 'Antidote', and I can speak for its quality. I will not pretend to be an encryption or security specialist of any form however.
I was mad disappointed by signal. Not only does it require google play services, it also asks for about two dozen privileges on your phone. Not a great look for a privacy oriented app.
Moxie doesn’t consider that kind of privacy important. Governments listening to you is irrelevant, and third party clients are something he actively tries to prohibit.
His position is that it’s better if everyone gets a little safety, than if a few people get full safety.
Those "compromises" has caused me not to trust him/Signal. Seeing the collaboration for E2E encryption being used at Facebook and Google chat solutions as "opt-in" as a marketing tool doesn't break that distrust either.
> and third party clients are something he actively tries to prohibit.
It's a solution that probably makes sense if you try to solve the problem from within the gilded cages of Google/Facebook/Apple, but it is a kind of exclusionary thinking that to me goes against the spirit of open standards and user freedom on the internet.
"that kind of privacy".
So which 'kind' of privacy does it try to improve on? I've been thinking of switching to a different application for messaging and Signal came by a few times but I don't know a lot about it. Would you care to elaborate?
Moxie tries to provide privacy that protects everyone against the normal police, or hackers, or other adversaries – but it does and can not provide any protection against the NSA, or the FBI, and is not intended to do so.
GrayHatter has implemented a prototype and will deliver a design document for the full implementation likely by the end of Q4. It includes profile and contact sync as well as message history sync. If we follow the intended timeline, that feature would likely land somewhere in 2017Q1. uTox and qTox have preliminary support for the prototype.
You and everybody else are invited to review the proposal when it comes out. Be sure to follow the issues on https://github.com/TokTok/c-toxcore/issues. You are also invited to join #toktok on Freenode to bounce ideas around.
Offline messaging will be partially solved by message log sync, as mentioned in milestone 4. The idea is that if you have a desktop computer at home, you could sync the message from your phone to it, and the desktop computer will deliver the message to your friend when they come online. It could be that your desktop syncs with their desktop at some point, and later their desktop syncs with their phone which is the actual delivery. In any case, this solution requires at least one of your and their devices to be online at one point. So far, we have shied away from storing large amounts of data in the network itself. I think the described solutions are sufficient for a large group of users. Federated (email-like) server-based (still distributed, just not p2p) solutions could be used for the remainder.
What makes you think that parent has the knowledge, ability, and time to do this task?
I see this "it's open source, make pull request" type of comment quite a lot but don't understand how you'd know if the person you're saying it to could do it. If not, it's kind of a dick move, isn't it?
> What makes you think that parent has the knowledge, ability, and time to do this task?
Okay, what about money? They also take donations.
> I see this "it's open source, make pull request" type of comment quite a lot but don't understand how you'd know if the person you're saying it to could do it. If not, it's kind of a dick move, isn't it?
No. Trying to make people feel bad for not wanting to work for free, is what I call a dick move.
The way the feature was requested, come across as a dick move and very self entitled. The least the parent could have done is added some niceties or some reasoning in more than 4 words when asking something for free.
I know, people make the "I'd use it but for this feature" comment all the time. But I believe they do it without thinking rather than with the intent of being unkind. The "... pull request" is almost certainly knowingly mean spirited. (Even if true.)
Edit: here's a possibly better response than the "do it yourself" response:
XXX is a free and open source project. That means the developers put in the majority of their time on the issues that they want and enjoy coding the most, even if other good features are left out. If you're unable to help out with coding yourself, you could look through the open and closed issues and see of others have thought about your feature request too. If an open issue exists, a short "while I don't have the ability to code this, I'd like this feature too," added to the list would let the developers gauge interest and may sway someone into giving it a try. Thanks.
Edit 2: It's a bit long. This sentiment but shorter.
I'll admit I'm not a networking guru here, and I'm absolutely in favor of decentralized communications ...so my question above is not at all to knock on Tox; its me really wanting to know how the above scenario would play out...because I often need to bounce between a few different computers. Anyone know how this would work?
Side note: I am currently using matrix protocol via a synapse/matrix.org home server (using the chat client from https://riot.im/), so for any computer that I use/jump to, I'm represented by my home server (up in the cloud)...so that makes sense to me. I just don't get how jumping computers would work on Tox. Anyone know?