
Ring: FOSS encrypted P2P voice, video and chat platform - ymse
https://ring.cx
======
aiNohY6g
Are there experts around who can point out the key differences, if any, with
Tox [https://tox.chat/](https://tox.chat/) ?

~~~
Elv13
(I am one of the dev)

The main difference is that Ring.cx is built on top of open standards and only
add the minimal additional infrastructure (the decentralized DHT layer) to
allow it to work without a server. It is SIP compliant and can be used as work
phone or your average VoIP provider, but you lose some the the privacy and
advantages provided by decentralization.

For more info, I wrote this blog post a while back
[https://elv13.wordpress.com/2015/09/05/what-is-ring-and-
how-...](https://elv13.wordpress.com/2015/09/05/what-is-ring-and-how-it-
works/)

~~~
cyphar
Tox isn't anonymous though. Not in the same way Tor is anonymous, at least.
And Tox's "nat punching" isn't fully decentralised.

~~~
Elv13
Ring.cx is also not technically anonymous for mostly the same reasons. A
decentralized hash table leave some metadata in the open, then when you call
someone, there is a UDP stream between them. Ring wont give away your IP and
details to the world, but it is vulnerable to many of the same metatdata
vulnerabilities as Tor or Bitorrent.

You can configure Ring to be "more anonymous" by adding some
proxies/middleman-server and messing with the connection sequence, but it
cannot really be used in the default configuration or it would not "just
work". Adding proxies for voice stream also add audio latency.

Edit: Our NAT punching is IETF compliant STUN/TURN/ICE/UPnP, so you can always
just pick a third party you trust in the rare few cases you need one (we don't
support IPv6 that well yet, so no luck there, it will come at some point).

------
vmp
Why is SDES the default and ZRTP disabled/unavailable in the windows client?
I'm no expert but SDES seems like a bad choice[1] from what I can gather in 5
minutes with google.

[1] [http://zfone.com/faq.html#SDES](http://zfone.com/faq.html#SDES)

~~~
Elv13
ZRTP is disabled because we are looking for a new implementation. The previous
implementation we used depended on CCRTP and it wasn't running very well in
least tested OS, like Windows. This is network facing code, so you have to
have faith in the code, sandboxing help, but is limited. If anyone know a
GPLv3 compatible stand alone C or C++ implementation, let us know.

------
pierre_massat
Ring has some UI problems but I hope it'll get better. It's open source and a
company in Montreal contributes a lot to its development.

The big problem right now is the scope of the app. They want to do too much at
the same time (text, voice and video).

Anyway, I like the effort and I hope it succeeds.

~~~
dTal
It's exactly the same scope as the most successful person-to-person
communications app yet, Skype.

------
RaleyField
> wget -O - "[http://gpl.savoirfairelinux.net/ring-
> download/ring.pub.key"](http://gpl.savoirfairelinux.net/ring-
> download/ring.pub.key") | sudo apt-key add -

Ew.

~~~
anonbanker
Linux is scary, huh?

~~~
RaleyField
To spell it out for you, sending keys unauthenticated is scary. Double scary
because these folks are writing security software so it ought to be in their
motor memory to avoid trivial mitm attacks.

~~~
anonbanker
so, check the key against a public registry. doesn't apt-key already do that
when adding the key?

~~~
RaleyField
> so, check the key against a public registry

The problem with public registries is that anyone can spam them. Checking the
key would involve retrieving it via multiple sources which is tedious.

> doesn't apt-key already do that when adding the key?

Man page doesn't say, nor can I find quickly on Google if apt-key does any
additional verification. It doesn't seem likely though, because if
verification step did occur the entire command would be redundant as the same
mechanism that verified the key could be used to verify source list entry.

------
finid
It'd be nice to have a self-hosted version of something like this.

~~~
pierre_massat
I don't really get that part. You have everything needed to build it yourself
(and so host it) on the wiki [0].

Also, everytime someone builds something now, it seems to be the first comment
out there "it needs to be self-hosted". I get that this is a security oriented
communication app, so it needs to be audited and open sourced so we can trust
it, but now that this part is OK, people are finding something more to ask:
the self-hosting part.

0:
[https://projects.savoirfairelinux.com/projects/ring/wiki/How...](https://projects.savoirfairelinux.com/projects/ring/wiki/How_to_build)

~~~
Freak_NL
I would say that it is a valid question, because the answer sheds some light
on the architecture and goals (or business model) of a project. It also
reflects a (healthy) renewed interest in reducing our dependency on cloud
services; because of privacy concerns or legal implications for example.

It is also not immediately apparent from Ring's website and wiki. The
developers of Ring are quite helpful in replying here on HN though.

------
finchisko
Is it only point 2 point like firefox hello, or also group chats are possible?

~~~
cirosantilli
Group chats are also possible. They've demonstrated it on the FOSDEM
presentation, it should soon be available under:
[https://video.fosdem.org/2016/k1105/](https://video.fosdem.org/2016/k1105/)

------
LeoPanthera
This is confusingly named, since Ring[1] also has a video function.

[1] [https://ring.com](https://ring.com)

~~~
cirosantilli
This is not the same software. This ring is
[https://ring.cx/](https://ring.cx/) But well, before the video you also get a
ring sound just like before the voice. To me the only problem is that it is
too generic: two words would be better.

------
andrewmcwatters
Too technical. Awful name as well.

"Ring is a secure and distributed voice, video and chat communication platform
that requires no centralized server and leaves the power of privacy in the
hands of the user."

I don't think most people actually care about any of this. The app is ugly,
too.

I want a Skype killer, but everyone who writes this type of software panders
to security and tech people, when really these applications should pander to
people people.

Belongs in the same crowd of apps like Tox.

~~~
Freak_NL
If you leave out the secure, distributed, decentralised, free software, and
privacy conscious aspects Ring is touting, you get Skype. Why do you want a
Skype killer if not for those features?

~~~
andrewmcwatters
Because of tact. That's why. It's entirely image. Anyone can make a great
technical replacement for Skype. Multiple solutions have come before this one.

What do they all lack? What's the common pattern? They all pale in comparison
to Skype's invitingness regardless of how horrible Skype has become over the
years.

------
aminorex
Unusable due to draconian Android permissions.

~~~
pierre_massat
I'm curious, what's make the app unusable according to you? Genuine question.

Here is a break down of the permissions:

\- microphone: used to capture your voice to communicate with someone

\- phone: you can send sms throught the app

\- contacts: to associate a ring id with a contact (and have the phone number
to send sms

\- storage: to store your private key

\- location: I admit, that one is weird

~~~
parenthephobia
If I don't want to use voice calls or SMS messaging, these permissions are
excessive.

I also can't distinguish between giving Ring permission to access all my
contacts' details and send them to some third party, and giving Ring
permission to associate ring IDs with contacts without exposing other details
about that contact to Ring.

Also, you don't need storage permission to store app-specific data, only to
access the "external" storage. (In general, this is the storage you see when
you mount the phone over USB.) Presumably, this permission is to support
copying an existing key from a PC.

Note that these problems are not Ring's fault, but caused by Android's
permissions system. Fixing it in Ring would require splitting the app up into
pieces for voice, sms, text, etc. Possible, but a lot of effort.

