
Toxic – A distributed, secure, command-line based instant messenging client - Jfreegman
https://github.com/Tox/toxic
======
dang
We've closed this thread to noob accounts (except the submitter) because of
troll activity.

~~~
zaroth
Not a moment too soon. :-/

Looking at some of these [flagkilled] comments... all I can say is... it sure
makes me happy to be a part of the HN community and that we have a place which
is largely free of that "nonsense" (a much too overly nice way to describe it)

------
jbangert
My one experience with the Tox project was that I made a few (I thought)
constructive suggestions. First, I suggested they use some form of static
analysis or perhaps a 'safer' language to implement their core functionality -
such as Rust or Go, instead of rather messy (at the time) C code.

Furthermore, having spent a lot of time researching parsers and how parser
differentials can affect the security of systems, I suggested they use some
tools, such as protocol buffers, to eliminate handwritten parsing code. The
response I got was rather disheartening and downright hostile - it boiled down
to the fact that protocol buffers involves C++ code which they are a priori
against, without actually engaging in a factual argument (I wrote an article
in the current USENIX login/ last years OSDI about parsers for binary
protocols for anyone interested in background:
[https://www.usenix.org/system/files/conference/osdi14/osdi14...](https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-
bangert.pdf) and github.com/jbangert/nail)

~~~
irungentoo
First of all the choice of C is because it was the language I was the most
confidant writing secure code in. I'm not going to learn a new language and
then right away start try to write secure code with it.

Clang has some great tools I use like the various sanitizers. Static analysis
sucks and almost never finds any real issues but we still use it.

If you think toxcore should use protocol buffers, feel free to port it. This
is an open source project and contributions are welcome. If you do a better
job than me then I will merge your contribution. We are at #tox-dev on
freenode.

~~~
nfkd
But why create your own parser instead of using proven-secure ones? Sounds
like NIH Syndrome to me.

------
task_queue
Make it worthwhile for someone to test how 'secure' this system is before
touting that title.

An audit or a bounty with no limitations on rendering the system insecure. An
example of how not to do this would be the Telegram contest sham.

~~~
superuser2
Contests/bounties are not indicative of security because it is very likely
that potential profits from selling or using an exploit are greater than the
bounty offered.

------
benwaffle
core C lib:
[https://github.com/irungentoo/toxcore](https://github.com/irungentoo/toxcore)

Qt client: [https://github.com/tux3/qTox](https://github.com/tux3/qTox)

ncurses client: [https://github.com/Tox/toxic](https://github.com/Tox/toxic)

metro/windows client:
[https://github.com/Reverp/Toxy](https://github.com/Reverp/Toxy)

plain C client (uses xlib/win32 to draw the UI):
[https://github.com/notsecure/uTox](https://github.com/notsecure/uTox)

racket client:
[https://github.com/lehitoskin/blight](https://github.com/lehitoskin/blight)

there's also java bindings:
[https://github.com/sonOfRa/tox4j](https://github.com/sonOfRa/tox4j)

etc...

------
ex-contributor
DISCLAIMER: I am one of the many Tox ex-contributors, who used to work on it
in the past. I don't want to be identified due to harassment other ex-
contributors suffered in the past. The following message is my point of view
on the project as a whole.

Proplex, a long-time member of the Tox-Foundation and in charge of both
infrastructure and marketing, called out tox devs because the 2 people in
charge (irungentoo and stqism) were dealing with money in a shady way and he
got suspicious. This lead him to leaving the Tox Foundation Proof:
[https://gist.github.com/irungentoo/5af26f5edefcdb7eac72](https://gist.github.com/irungentoo/5af26f5edefcdb7eac72)

After he went away and stopped to pay for the website and other servers (he
hosted everything), Tox devs got angry and tracked his online activity by his
browser UA, read his private email sent to his @tox.im address and considered
breaking into his VPS account Proof:
[https://gist.github.com/urras/ba792274f5aaf662a082/5d91d2a78...](https://gist.github.com/urras/ba792274f5aaf662a082/5d91d2a780b38e015cd4dc331eb68038f09f5c2f)
and [https://archive.today/KkSWp](https://archive.today/KkSWp)

Members of the Tox Foundation such as stqism try constantly to sneak in
copyright changes in unrelated fixes: Proof:
[https://github.com/irungentoo/toxcore/pull/1219](https://github.com/irungentoo/toxcore/pull/1219)
and
[https://github.com/irungentoo/toxcore/pull/1224](https://github.com/irungentoo/toxcore/pull/1224)

irungentoo enforced censorship on his github repo to try to cover everything
up Proof:
[https://github.com/irungentoo/toxcore/issues/1227](https://github.com/irungentoo/toxcore/issues/1227)

After it got out of hand and too many people called out the Tox Foundation,
this happened: Proof:
[http://a.pomf.se/kqwgsg.png](http://a.pomf.se/kqwgsg.png)

irungentoo claims Tox is secure just because he uses a secure primitive, which
is really arrogant and something only a pretentious deceiver would say. This
is a crypto 101 mistake. Proof:
[https://github.com/irungentoo/toxcore/issues/121#issuecommen...](https://github.com/irungentoo/toxcore/issues/121#issuecomment-35750212)

After the points exposed above, the conclusion is obvious, at least for me.

The Tox Foundation claims Tox is completely secure and nobody can break in,
not even the NSA. Still, there's been no security audit and it is highly
likely Tox isn't completely secure, given it's alpha software. But their
website gives the idea people face no risk by using Tox right now. They are
deceiving people to believe it is secure so they gain more users at the
expense of putting users privacy at risk. Proof:
[https://tox.im](https://tox.im) itself. See all security claims even though
it hasn't been audited. Saying it's "alpha" doesn't mean to anything to non-
tech-savvy, they will think it's missing a feature or two, not that their
privacy and security is possibly compromised.

I believe it's my moral obligation, and of everyone's else reading this, not
to use Tox. You are contributing to a shady foundation composed of menchildren
that don't care about other's privacy, deals with money in a shady way and dox
people who go against them. Do not trust the Tox Foundation - this is my
personal message.

~~~
cynicalkane
One of the "proof"s given here is that a pull request changed a 2013 copyright
to a 2013-2015 copyright, as though that's sinister somehow. I stopped reading
after that.

~~~
exposing
Read it again.
[https://github.com/stqism/ToxCore/commit/bed425598f26938bd54...](https://github.com/stqism/ToxCore/commit/bed425598f26938bd54829ac64f98af8e406093c#diff-72e71364bf21b367b2a52418fbb2f862L2)
He tried to get copyright away from people and assign it to the "Tox
Foundation", all during a supposedly unrelated minor bug fix.

------
ex-contributor
One of the links I posted above "mysteriously" disappeared. I have an archived
version though. It's one of the key-points of the situation I exposed, so it's
worth a read.

[https://archive.today/Y6LEw](https://archive.today/Y6LEw)

~~~
urras
Yeah, I deleted that Gist because you're using it out of context. I've talked
with you one-on-one, and I've asked you to stop pasting it wherever someone
mentions Tox.

------
ssalenik
The home page[0] seems to suggest that there are also audio and video capable
clients... are they still in development, or is there something functional
already?

[0] - [https://tox.im/](https://tox.im/)

~~~
Jfreegman
Toxic has 1 on 1 audio chats, and GUI clients such as uTox and qTox
additionally have group audio, as well as 1 on 1 video. Both clients are
usable, though I would personally recommend qTox.

------
plutooo
tox does not attempt to hide your ip. Every single friend you have added has
your ip. This is by design.

~~~
Jfreegman
That's partially true. However if you force TCP connections (in Toxic this is
done with the -t flag) your IP is effectively hidden from your contacts
because all your traffic gets relayed by TCP nodes in the network. The
downside is that forced TCP connections are slower and less reliable.

Though to be properly anonymous you would need to run it through Tor:
[https://wiki.tox.im/Tox_over_Tor_(ToT)](https://wiki.tox.im/Tox_over_Tor_\(ToT\))

The reason Tox doesn't have built in anonymity is because strong anonymity has
a massive impact on quality (especially streaming data like audio/video). Our
goal is to steal normal (non-paranoid) users from Skype and get everyone and
their mother using strong encryption. In order to achieve that we need to have
comparable quality rather than something that feels like you're using a 28.8k
modem.

And again, anyone who actually wants anonymity still has that option.

~~~
platz
If broad adoption is truly your goal you have a branding problem. Normal
people will not use a tool called 'toxic' which prints crazy ASCII letters in
the command line. You might as well ask soccer moms to hold the line at occupy
wall street.

~~~
Jfreegman
Toxic is just one of many clients that are built ontop of Tox. Some clients
fill a niche, others (like qTox) are meant for widespread adoption.

------
rasengan
It's not really command-line since it relies on ncurses. I thought it was
something different like where you're literally sitting at the command-line
within some short of shell like:

toxuser@toxbox:~$ tox send pg "Hi, YC looks cool!"

Or maybe even crazier like that Zero project thing (I forget what it is
called).

That said, good stuff. :)

~~~
Jfreegman
True, but I figure it's close enough. There is a true CLI client for Tox
called Ratox. It's pretty neat.
[https://wiki.tox.im/Ratox](https://wiki.tox.im/Ratox)

~~~
SeanQ
raTox is a actually really fun to use, but it's less of a client and more of a
command line tool in a bash script.

------
PhearTheCeal
Also relevant, and containing video and audio chat support, is uTox[0] and
qTox[1]. Looks like they are currently working on getting group video chat
working.

[0] [http://utox.org/](http://utox.org/) [1]
[http://utoxisfinished.info/](http://utoxisfinished.info/)

------
nkantar
Is anyone actually using this (or something like it)?

If so, I'm curious about the details like context and experience.

------
AgentME
Can Tox do persistent group text chats with offline message delivery to people
when they sign in again? It's the one killer feature of Skype that keeps me on
it. No open messaging programs ever support this it seems like.

~~~
Jfreegman
Currently no, but there is a groupchat rewrite underway and that is one of the
planned improvements.

~~~
hammerandtongs
I look forward to this.

I have to echo the parent though, getting history from the period you were
disconnected is a killer feature of skype that seems to get little or no
attention.

It is one of the major things that keeps some of my group chats on skype.

~~~
colechristensen
You might be interested in trying Slack, then.

------
juliangoldsmith
I hadn't looked much into Tox, but after seeing a few mentions on cyberpunk
boards, and seeing how hard people are shilling against it, I think I'm going
to take a closer look.

------
Pxtl
Is this at all related to Nullsoft Waste? That was quite a scandal when it
launched with a "whoops we didn't mean to open-source that" thing. It was a
crypto-IM too.

------
exposing
If you use a secure crypto primitive, is it correct to say your program is
secure?

I mean, can you be sure something is secure just because of the crypto lib?

I thought there had something to do with the implementation too?

I ask this because of Tox. The main developer claims Tox is secure because of
the crypto library.

It sounds weird to me, so I decided to ask... After all, if it was this easy
all programs would be secure, right? Just import a secure crypto lib and it's
done? Sounds weird.

[https://github.com/irungentoo/toxcore/issues/121#issuecommen...](https://github.com/irungentoo/toxcore/issues/121#issuecomment-35750212)

~~~
jimktrains2
Having a sound library removes a whole host of issues; however, it doesn't
remove all of them. First and second among many are key management and
concatenating values before hashing or signing.

------
synchronise
So how does this differ to Retroshare or Ricochet?

------
EGreg
Why'd they call it by such a negative moniker?

------
simlevesque
Is Tox secure ? Compared to tinfoil chat

~~~
ex-contributor
Tox still hasn't solved the serious metadata leakage issue.

They tried to cover it up by adding onion-routing for friend requests, but
ACTUAL MESSAGES are still done directly.

Strong adversaries such as your ISP and agencies like the NSA, the GCHQ, etc.
can still collect metadata about your conversations.

The "Tox Foundation" tries to cover this up and pretend that "tox was never
meant to be anonymous", but the truth is harsh.

Now, this wouldn't be a problem if the Tox Foundation made this issue clear to
its users. This is how P2P works, after all, direct connections, and that's
fine.

But the problem is that Tox doesn't make that obvious for non-tech-savvy
users.

When they read on the website that they are completely safe from the NSA and
whatnot, they won't expect to be in any way exposed.

Still, unless these non-tech-savvy users "route all incoming and outgoing
traffic through Tor" they won't be completely safe and should be worried about
metadata leakage and adding people they don't actually know. But such a thing
isn't made clear and Tox deceives users this way, only to get more people
using it. It's unethical and outright wrong, in my personal opinion.

~~~
urras
Again, don't listen to this guy. He just copies and pastes this stuff from
4chan.

~~~
veeti
So what? It's a completely valid point.

