
Tox – An encrypted P2P chat protocol that does not rely on central servers - swebs
https://tox.chat/
======
dang
[https://news.ycombinator.com/item?id=17686516](https://news.ycombinator.com/item?id=17686516)

------
woodruffw
I'll be the downer here and point out that Tox (both the specification and the
c-toxcore implementation) have never undergone a security evaluation, and
there are well-understood weaknesses in its security model _right now_ [1].

If you feel inclined to use Tox at all, you should do so _as a curiosity
only_.

[1]:
[https://github.com/TokTok/c-toxcore/issues/426](https://github.com/TokTok/c-toxcore/issues/426)

~~~
math_and_stuff
What do you recommend instead?

~~~
unicornporn
Matrix/Riot.im is federated and has E2EE. It also has brigdes for IRC,
Telegram etc. Here's a native client for macOS:
[https://neilalexander.eu/seaglass](https://neilalexander.eu/seaglass)

Web client: [https://riot.im/experimental/](https://riot.im/experimental/)

~~~
im3w1l
Matrix is also experimental. About a year ago it kept losing my key meaning I
couldn't decrypt old messages. I still use matrix, but I don't have any
illusions that it's more secure than tox.

~~~
Arathorn
We're not aware of any bugs where Matrix clients lose your e2e keys (other
than one where changing your password may cause clients to log out and remove
keys for safety). If you saw it keep losing keys, i'm going to guess you
configured your browser to delete local storage when you close the tab... in
which case, unless you export the keys, we have nowhere else to store them.

That said, we've also just implemented the optional ability to encrypt and
backup your keys on the server, but obviously comes with other tradeoffs.

In terms of security, the core crypto has been audited, as per
[https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-
en...](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-
security-assessment-released-and-implemented-cross-platform-on-riot-at-last/)

~~~
crtasm
I tested riot.im in a private Firefox window recently, obvious with hindsight
but it didn't occur to me I should export keys and I didn't spot anything in
the interface to make me aware or prompt me to action.

Great to hear you've added the option for server stored keys now.

~~~
Arathorn
yeah, it's a tricky one because by the time you've closed the window, it's too
late to export keys.

The new online key backup stuff landed a few weeks ago on the develop branch,
and will be making it onto the main release over the coming weeks :)

------
marknadal
Nice!

Pretty easy to roll your own, these days, in less than 90 LOC:
[https://gist.github.com/amark/7dceae874a20878fdb9e2a8eed109b...](https://gist.github.com/amark/7dceae874a20878fdb9e2a8eed109bb5)

Here is a quick video demo of it in action:
[https://www.youtube.com/watch?v=gmdXU82vcbE](https://www.youtube.com/watch?v=gmdXU82vcbE)

Warning! Ugly simple. So glad to see a full featured app like tox, use that
instead. But for anyone interested in how they work or building their own...
it is all Diffie-Hellman!!! :)

~~~
evilaubergine
Tox in specific lets libsodium/nacl do all the cryptography and provides
little above the core methods, the more complex parts were the networking

~~~
marknadal
libsodium is great! We're considering supporting it in conjunction with
WebCrypto. Yeah, networking is hard, but is the main thing we've worked on
over the years.

We're using WebRTC and fallback to decentralized WebSocket relays (you can use
multiple / nothing exclusive, run your own, etc.). What are you guys using?

------
rolleiflex
This is great — funnily enough, this is a thing my project
([https://getaether.net](https://getaether.net)) is often mistakenly thought
of as. I'll link to Tox in my FAQ. Mine is more like a decentralised Usenet,
not real time chat.

~~~
nv-vn
Wow totally forgot about Aether. I still have it installed on an old laptop
somewhere. I remember I really enjoyed posting on there but then I'd have
trouble connecting to the network and stopped using it. Will have to check it
out again

------
doctorfoo
people like to point out the weaknesses in this every time it is submitted,
but the fact is: it's the only example in its class, and that makes it
interesting. it would be amazing to see a funding drive and some experts
improve it, but for whatever reason, that is not happening. it seems like any
kind of desktop skype alternative takes a back seat to mobile apps

------
dbg31415
What's this have that Signal doesn't?

~~~
rjf72
Many people that are interested in privacy and security consider server based
software to be problematic. Even when server based software is open source, as
Signal is, you are required to trust that what is being run on a server is the
same code that they have released. And you are also required to trust that it
is the _only_ software they are running as it relates to your usage. This
requires substantial trust which in modern times has, time and again, been
shown to be something that should not be given.

Signal is server based. Tox is serverless.

In the case of Signal they also had unusual peculiarities. They have framed
themselves as a privacy and security oriented company yet the first thing they
require when signing up is a mobile number. And for years they required Google
Play Services and were dependent upon Google Cloud Messaging. These sort of
things send quite mixed signals, though to Signal's benefit they no longer
require Google Play Services.

Finally there is one practical issue with centralized services. They need to
make money. Servers cost money. And as the popularity of a platform grows, the
amount of money they need to earn also continues to grow. And that's just to
exist - not to make a profit. For free services their most valuable resource
that can be spun into money is user information. Signal for now has managed to
get by on donations and grants. The vast majority of their funding coming from
the "Open Technology Fund" [1], which is a US government program. If their
funding dries up you risk seeing their ideological views change as a means of
self preservation, or the entire service become unusable. This is not a
problem with decentralized services.

Ultimately it all comes down to what you'd prefer - centralized or
decentralized. Signal is centralized, Tox is decentralized. Ideologically I
believe the future of all digital technology ought and eventually will be
decentralized, though the time scale of "future" there is quite immense.
Nonetheless, I like to do my small bit today and support decentralized tech
whenever possible.

[1] -
[https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding](https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding)

~~~
crtasm
The linked page says their funding from OTF was between 2013-16. You've
managed to omit the fact that in Feb 2018 the Signal Foundation was formed - a
non profit with $50m initial funding. I see that its nonprofit status is still
pending however.

~~~
rjf72
And here we could get into all sorts of back and forth. For instance while it
says OTF was from 2013-2016, there is also nothing listed after 2016. Does
this mean that OTF cut funding for some reason, that future donations were not
listed, that Signal was able to coast just based upon the relatively large OTF
donations, or something altogether different? Who knows.

And similarly the problem with funding is not one that's paradoxically not
solved by money alone because it then raises new questions. In particular
_why_ would you put $50 million into a project like this? Is it simple good
will and benevolence expecting that money to simply be gone but in exchange
society gains a great centralized communication medium? Well, maybe - but it's
also possible that there are different motivations. And when this money runs
out what happens next?

Ultimately I'm not trying to convince _you_ not to use Signal, I'm explaining
where _I_ see problems with Signal. And with all centralized services it's
going to come down to trust. If you trust Signal then you might answer the
above questions in one way. If you don't trust them, then your answers would
probably be quite different. In my _opinion_ no tech company deserves the
benefit of the doubt when it comes to trust anymore.

------
StreamBright
What is the definition of central server? What happens when an adversary
eavesdrops on a router in a tier 1 network provider?

~~~
freehunter
A central server forces all traffic to route through hardware and software
owned by the maker of the technology and the attack vector there is usually
logging. A router at an ISP is not a central server. The attack you’re
speaking of is a real possibility which is why end to end encryption exists.
But p2p is meant to solve a different privacy threat than e2ee.

~~~
StreamBright
So the central server definition is a server located in a datacenter?

------
jaimex2
Surely they could have come up with a name that isn't so close to toxic. I
think it will be an uptake barrier.

~~~
jake_the_third
> I think it will be an uptake barrier.

If someone is silly enough to let this be a factor when adopting a new
technology, then I'd say that person has more important things to worry about
than some encrypted messenger. Fortunately for Tox, the amount of people like
this seems very small.

------
jdc
Seems like a decent Skype substitute, at least.

------
p0la
anyone knows how peer discovery works without any central servers ?

~~~
evilaubergine
it has core bootstrap
nodes[https://wiki.tox.chat/users/nodes](https://wiki.tox.chat/users/nodes) ,
and a pretty bad DHT formation, so by distributing a few nasty clients with
bad bootstrap URLs you could easily cause multiple splits in the network

~~~
p0la
Thx for the link.

Do you know if there is some sort of routing taking place ? Or all client are
trying to consolidate a full Hash Table ?

