I can't comprehend why this isn't widely used.
I wish this was a thing _before_ crap like WhatsApp, Skype or Discord got so popular.
Maintaining the DHT connection is "expensive", expensive meaning a few packets a minute. That means mobile clients can't enter sleep and stay connected, (without corp backed push notification services. Which we can't use/trust) So it'll kill expected battery life on mobile. Add to that, multidevice isn't supported, (I implemented the feature, but it didn't get merged before my will to work was killed by trolls) and Tox can be a bit frustrating to use. :(
Could power be saved by batching messages?
For example, in Bluetooth Low Energy, much power is saved by the radio waking up infrequently, and only staying on for a brief duration. That's how one makes sensors that run for a year off of coin cells.
I wonder if it would improve the power situation on mobile if the DHT was maintained by far less frequent but larger bursts of network traffic.
It was a hobby project originally started by a bunch of anons in 4chan, and every time it gets attention, people point out it hasn't been audited, and no one has their reputation at stake. And it doesn't have any desktop/mobile sync.
Not intended as snark. Genuinely interested.
Does it have some features there that are superior to other systems? (Outside of the obvious features that are not guaranteed via audit.)
Also, there will only be real incentive to audit it if it becomes more popular.
It doesn't have an iOS client.
It's hard to tell your employees to standardize on Tox when a good portion of them don't have a working client to install.
I'm no Apple fan but the world does not run on Android alone.
I agree up until you mention Discord. It works really well across all platforms (including the browser) and provides a very generous suite of features for free, some of which would be difficult to implement without centralization.
It also doesn't make money off selling user data; there is no actual evidence this has ever or will ever occur. Back when it was still floating on venture capital funds, it didn't need to make money. When it realized it needed to become profitable, instead of introducing invasive tracking and ads like other chat apps, it took a different approach: introducing the "Nitro" subscription which offers a slightly upgraded Discord experience (animated emoji, extra profile customization, etc) for $9.99/mo while keeping the core features free. It would be more comforting if they published the sales numbers so we could verify that Nitro is profitable, but I have no reason to doubt this approach is successful -- Nitro may not seem valuable to the average HN reader, but many users (including friends of mine) do find a lot of value in the features it offers.
By the way, I'm all for decentralized/encrypted chat apps and wish Tox success. It definitely irks me that all my Discord messages are stored on a corporate server outside my control, where Discord employees, the government, or any hacker who manages to break in to either my individual account or Discord's servers can freely read over them. However, I think the approach Discord is taking is different than the one taken by most chat apps and it's probably the best among the proprietary ones.
Just wondered if it's just me for some reason (no big deal as I wasn't using the program). Will reinstall older .exe and see what happens, same with earlier Android version (it uses the same old passwords).
Surely, there must be someone out there in user-land who's actually done the legwork.
The reason I want more input on this has to do with my past experience of Tox's poor connection reliability and I want to know what to do about it—or find out whether it's actually fixable or not, or whether I should settle on another P2P program such as Jami which works in a similar way, etc.
For me, connection reliability is more important than security and I'd like to settle on the program with the most reliable connection service (I'd prefer the NSA didn't listen to what I've to say but it's the Googles and Facebooks of this world that I'm really trying to avoid).
The last time I used Tox in a serious way was several years ago when I had relatives visiting from overseas and I refused to use Facebook, Google etc. When I really needed it, Tox didn't work or dropped out too often to the point where it was unusable much to others and my annoyance — and only to be told 'why the hell don't you use what everyone else uses, social media, Facebook etc. — then there'd be no problem?'
It's hard to argue with that when one has others breathing down one's neck to organize things locally.
It seems to me we need to sort this out with some decent real-world testing/runoffs. And for this we need the input of many users/many setups to get good comparative data.
As I said elsewhere, I thought the Tox project was dead as updates were so few and far between, so support and the user-base size is also important. If we can't get to the bottom of the P2P problem then it seems that I may have fall back to Jitsi (so far that always seems to work but I'd prefer not to use it for obvious reasons).
Edit: also, “it's secure, we use Nacl”: https://github.com/irungentoo/toxcore/issues/121
Apply here: https://apply.opentech.fund/red-team-lab/
If I were in any way involved in the project I would set up the campaign myself, but sadly I don't know enough C to be useful to a project like this (unless there was a plan to rewrite it in some esoteric functional language for some reason).
Then you can build the client yourself and check the sha sum against any downloaded distribution.
Programming languages exist, so you can make your own decentralized encrypted instant messaging app.
There is democracy, so you can be the president.
Everyone in the family has legs, so we won't need a car.
Intuit, also audited.
Twitch? They have had audits done.
So, you can continue to sit here on hacker news and bitch that it "hasn't been audited" and therefor you aren't "free", or some shit. But either way, you sound like jackass that knows nothing about technology or freedom.
Freedom is not synonymous with "free", as in not having a cost.
So, yes, you can audit it and then you will have an audited message platform.
Edit: here's the discussion, from seven years ago. The authors aren't particularly opposed to an audit, but keep saying “Tox is secure, we use Nacl”.
Every dev wanted a full audit, we just simply couldn't afford it.
Separately, why do I get the impression you're trying to spread FUD about tox? All your comments seem to be negative and misstated :(
I find that worrying.
Saying I don't understand the security properties is an interesting take. My intended comments meant I misunderstood the issue. I was only half paying attention at the time; I assumed it was another troll reposting the same issue "if someone steals your private keys they can steal your identity". Which is true, but an annoying complaint, because that's how crypto has to work. To be sure, I didn't write base the protocol itself, nor the crypto primitives. So while I don't agree with the assertion, even if it was true. It wouldn't matter because I didn't design the original system :)
I know that a lot of people have opposite preference, but nothing is free, and tokens allow projects to create their own value, which I think is a very cool innovation.
Afterall, it seems lack of funding is a main issue with Tox (can’t afford audit etc). So how else do you avoid being beholden to investors while also having resources?
Institutions are important for sustainability