Personally, I hope it succeeds in the longer term. We need good, decentralized protocols and software. Decentralization comes with its own costs, and it may never overtake the centralized web. But, protocols like Bittorrent have proven to be super powerful even with their flaws and limitations. To me, it is a no brainer that we need end-to-end encrypted chat, and it would be ideal if it could be peer-to-peer.
The project started with a ton of momentum but never really got picked up in the mainstream. Iirc the founder and most of the core code came from one guy.
Not to mention there has been a ton of internal drama: iirc one of the devs stole a bunch of tox donation money to pay off part of his tuition. Then there was a split in the devs and one of the devs stole all the credentials for the website and they switched? Then there was the accusations that some of the devs where child molesters and where doxed.
They also his a brick wall at one point on mobile due to the protocol being very heavy on battery usage so for a while it was only realistic to use on the desktop.
I wish the project nothing but the best and hope they succeed, but I feel like they have reached a point where they have lost interest. I hope I'm wrong.
Now it isn't a hacked together piece of shit anymore, but proper. As a result, it works reliably. The user experience is very good.
Definitely made by some memesters
I couldn't find any evidence of an audit.
There is an actively developed Rust implementation of the core library here:
Of course, any flaw in the specification (for example with respect to key exchange) will still apply if they've faithfully implemented it.
https://github.com/irungentoo/toxcore/issues/1398 - discussion on homepage claims
https://news.ycombinator.com/item?id=12657891 - past
"Neither the Tox protocol nor the implementation have undergone peer review, and its exact security properties and network behaviour are not well-understood, yet. We are actively working on improving that situation. Until said peer review, Tox is not recommended for use cases that require proven, high-assurance security."
Launch a client (qtox suggested), add a few friends by copying their tox address (=pubkey) and start talking. It just works, is completely decentralised, and the only way to talk is end-to-end encryption with forward secrecy.
It literally solved the IM problem for most use cases.
Not that I understand IM on mobile. I'd rather use email.
XMPP is federated. Having servers make things easier.
Tox is full p2p, there's no servers.
- Centralized: Centralized networks have one central point which controls the network. That doesn't have to be a single server sometimes it is just that there is just one company controlling the network (e.g. WhatsApp).
- Decentralized: Is the opposite of 'centralized' meaning there is more than one central point. So all following types are 'decentralized'.
- Distributed: In general terms, it means that the network is (more or less evenly) distributed upon all participants. All participants have the same role and responsibility. There are various kinds of distributed networks. Git for example stores a full copy of all information in every node. Distributed Hash Tables use a different approach where every node is responsible for one explicit part of the information to store.
- Peer-to-peer (p2p): Is one form of a distributed network, which works (in general) without servers. So all the participants connect directly to each another (Tox).
- Federated: Is sometimes called a 'distributed network of centralized networks'. Two popular examples are e-mail and XMPP. All participant use their own centralized server, but that server cooperates with other servers to transfer messages across the network. Sometimes their implementations make a distinction between client-to-server and server-to-server protocols.
In general, the more centralized a network is, the easier it is to control. This can be good when it comes to spam, but also bad when it comes to censorship.
Distributed means there seriously aren't any servers. Addresses in tox are just public keys, and they're in a global namespace. The network is a distributed hash table formed by peers (the "clients"). There's no central point of failure.
that's the hardest part to achieve! My friends are always on whatsapp or some other convenient chat app.
Briar already has a stable release but I consider it not very viable for most communications because it doesn't yet have the ability to remotely add contacts (you need to scan the peer's QR code from their phone). But they're working on implementing that.
Cwtch isn't out yet, but it is going to implement many of the same features as Briar, with the added perks of having desktop and mobile clients with syncing between the two. It accomplishes this through an untrusted federation of Cwtch servers running over tor to store offline content (when a peer is down) and group chats.
As someone else mentioned Matrix is also a thing. It's not P2P and E2E is still in beta, but it also accomplishes different things compared to Tox et. al. like federating different chat protocols like IRC.
May still be functioning well; did not try it.
There are more recent commits on master they just haven't release in a while.
I think they are waiting for the Tor team to provide an API for v3 hidden services before resuming work on the project.
The command line client toxic seems to work even when unable to write to the filesystem at all.
Solution: comment the part out where it got stuck, and sideload.
Imagine this situation. Instead of tox, someone decided to named the tox project "Python". Tox is very famous in the Python community. This shows how unfortunate people doesn't care about naming.
I'll stop belabouring the point.
avoid tox its full of bugs
How did they manage to do video chat? What is the underlying library or algorithm or did they somehow come up with a novel video chat system that performs? Did they use WebRTC or something?