Hacker News new | comments | show | ask | jobs | submit login
Tox: A simple, distributed, free, secure Skype replacement. Now alpha with A/V
345 points by irungentoo on Aug 1, 2014 | hide | past | web | favorite | 139 comments
Tox is now usable and has reached alpha (in other words, it is mostly working, but lacking some features, bugs might be apparent).

uTox is a lightweight (minimal dependencies) Tox client for Windows, Linux and (experimentally) Android. It supports text chat, file transfers, audio and video calling, desktop sharing (both as video and as screenshots). It also supports text-only group chats (with audio/video being worked on).

For more info about Tox and uTox, see the project links below.

Windows updater/downloader:


Linux nightlies:





If you use an operating system other than windows or linux (OSX or android) or want to try other Tox clients, see this page:


Project links:

Official Tox website:


uTox Github:


toxcore Github:


Other links:

qTox Github:


Antox Github:


Note about adding friends in Tox: in the settings area of uTox you can find your Tox ID, and you give that out to your friends so that they can add you. To solve the inconvenience of sharing long IDs, Tox also supports "DNS names", for example "groupbot@toxme.se". You can register your own @toxme.se name on toxme.se

Tox is alpha software, bugs are expected.

Feel free to post any questions or feedback or visit us on IRC: #tox on freenode.

I don't post often on HN, but today couldn't resist. Just tested Utox on Windows as well as Toxy, also on Windows. Both programs are totally inaccessible for people using a screenreader and I'm quite sure as well for people using things like speech recognition.

Utox seems to be C++ and a GUI framework I didn't look into. Toxy is .NET+WPF... two different stacks, but two inaccessible programs. I'm quite sure the developers didn't write inaccessible software deliberately, but this makes me wonder if we need either:

1. Inform developers better about accessibility 2. Fix tooling: warn/error if you don't label your elements etc 3. All of the above...

To give this post some more context, earlier this week I looked at Stellar... their web client is inaccessible. Earlier this week Wunderlist released a version 3... iOS app is nearly inaccessible. Earlier this week I finally wanted to give Foursquare's new Swarm app a shot... inaccessible. Do you see the pattern? I'm sorry for ranting about this, but imagine some random app update did stop the app from working and only displayed a black screen, you would be annoyed at least.

Seems like these would be useful suggestions to add to the respective github pages of those projects. Also, they are open-source, so there's an opportunity there if you have expertise in making UI's accessible.

The software is in alpha, so I imagine screen reader accessibility is lower on their priority list. Once it becomes late stage beta, then accessibility complaints are more reasonable. Until then, core features should take precedence.

>Utox seems to be C++ and a GUI framework I didn't look into.

utox is written in C and uses its own toolkit so that it looks the same everywhere. For that reason it will probably never give you the level of accessibility provided by more mature toolkits.

Are there any good tools/guides for evaluating a websites / apps accessibility?

I'm a developer but do not ever focus on accessibility because nobody has brought it to my attention, not a single bug report or conversation from management.

As far as I can tell, uTox is written in C and uses XLib (on GNU/Linux, at least).

We need 1.

In the spirit of supporting as many individuals as possible, Tox websites are now accessible as a hidden service via Tor.

The hidden service mirror has been stripped of Piwik tracking, and forms of Javascript, and soon we'll label outbound links.

i2p support will also follow soon.

Tox main site: http://kdzzxucnh4fyovxg.onion/

Tox developer documentation: http://kdzzxucnh4fyovxg.onion/docs/

Tox wiki: http://kdzzxucnh4fyovxg.onion/wiki

What about its design makes it secure? Do you guys have a design document or a description of how you've implemented security? Have any security experts audited the code?

Every peer is identified by a curve25519 public key. To add someone as a friend, you add that public key.

Connections between friends are encrypted.


is the crypto used.


describes the protocol used to connect securely to friends after they find themselves.

This protocol has PFS, message padding to prevent length based leaking and should be immune against replay attacks.

What makes it secure is that you know the long term public key of your friends making it really easy for the software to establish secure connections to them.

Are IP addresses encrypted in the DHT?

Instead of doing things like encrypting ips, peers have temporary DHT public keys.

The only way to get the ip of someone from their Tox id is by knowing their public DHT key which they will only send you if they are your friend.

How this works is described in detail: https://github.com/irungentoo/toxcore/blob/master/docs/Preve...

this sounds insane. but im not familiar with all the concepts. it seems that now instead of alice and bob exposing their real keys, you have node a, b, c and d exposing theirs during bob handshake... which will lead to sociopath nodes that wont be part of this, but rely on nodes that accepts it for them.

also, if the message is encrypted, why not use a "torrent" of all the messages being shared and discarded after a while (no need for offline messages anyway) and each node decrypts its own as they please but relay all of them in the same stream? no way to know who could decode it. and it was delivered to everyone. much like a bitcoin transaction, but without the metadata.

it would probably be vulnerable to a dos by flooding it with bogus, expensive to try to read, requests... but will be the most reliable and private you can get

So basically, everybody who gives out their Tox ID on 4chan is also giving out their IP address. Great.


They have to be friends with you.

But you don't have to actually know them. If they posted their Tox ID on 4chan, which happens all the time, and they accept my friend request, I would have their IP address, correct?

How else would you connect to them in decentralized fashion? Your IP address isn't really useful information anyway.

Note that being friends in this context means the users have added each other.

You could implement onion routing. But yes, you are right the IP address is usually a useless piece of information.

True, but for VOIP that is guaranteed to be terribly slow.

Ip addresses change. Sometimes they don't even work for P2P. Without ICE or something its hard to even know your public IP address programmatically. So often some kind of proxy or server is necessary for most people. True decentralized connections are a sketchy proposition.

This is a good question. What makes it secure ? "encryption" is not enough. Do you have central servers or is it protocol using P2P ? how do you connect one client to another ? What kind of encryption ? How are the key generated, can we change them etc...

"Secure" is a lot of things.

"Secure against bulk surveillance" is a big push in a lot of areas, it's a button Bruce Schneier and Eben Moglen have been pushing hard for the past year or so. See especially their joint lecture at Columbia Law School in December, 2013, and Schneier's presentation to Stanford Law School in April, 2014 (both are on http://FixYT.com).

Anonymized persistent IDs associated with physical / persistent IP addresses represents a different level of threat, particularly for those who are engaged in activities for which concern from a APT (advanced persistent threat) such as a state actor, with either legal impunity or significant resources, or both, is a concern. In that case, I'd want to see a system with repudiable identifiers and Onion routing such that endpoints aren't clearly determinable.

That said, yours is a crucial question.

Related: what are the threat models against which Tox is a response?

Our threat model is an attacker that wants to read and record the contents of conversations between everyone, they have the ability to modify/add/remove and log any packets. We assume they do not have any access to the actual machines Tox is running on.

The main goal of Tox is to make it hard for a global threat to conduct mass surveillance on everyone at the same time without sacrificing performance.

If the majority of the people using Tox have "nothing to hide" and use it because it works better than skype, the minority that does need the crypto will be able to use it without being discriminated against.

Thanks, that's a nice and concise statement.

NB, a comment by Peter da Silva, who's been doing networking / communications / security stuff for quite a while:

"Don't like the callback model in the API, they need a version of tox_wait() that takes a select() fd mask."


The whole protocol is decentralized and peer to peer. Each person in the network has a public and private key. The NaCl library is used to do all of the encryption.

Do you have exact crypto spec somewhere?

"NaCl library" is not a spec and it's still easy to use/apply it incorrectly.

Cool. Is this direct connection from peer to peer or does the communication bounce from one node to another as a TOR communication would do ? (I'm guessing direct for obvious latency reasons when using audio / video)

Direct connection when possible.

Connection routed over one TCP node when direct connections are impossible due to NAT issues.

Does only the one-time signalling handshake go to a TCP node (NAT hole punching) or does all traffic? Are these TCP nodes similar to Skype "super-peers" - how are they selected?

Virtually all consumers are behind NAT devices.

The majority of NATs can be hole punched.

If you can't hole punch then you will connect to your friend through a couple TCP nodes. They act like relays.

TCP nodes are pretty much randomly selected by peers and anyone can host them.

Everything is encrypted and TCP nodes are regarded as being possibly hostile so there should not be any security issues.

What if I don't want a direct connection for security/anon reasons?

An audit is currently planned when the core stabilizes.

FAQ says it's using the NaCl crypto library, so I guess its protocol is as strong as the encryption. The audit would be less ambiguous, because so many other factors could come into play for all parts of an app, not just the communications part.

Yeah, it's more about the implementation and the design of the network/dht itself.

Do you sync messages across various clients? So that I can start chatting on one and move to second or third client.

Not yet. This is a planned feature but the implementation has not been decided yet because this feature is not exactly compatible with how Tox works and it could cause a lot security issues.

can someone please explain in easy to understand how alice and bob find each other with temporary public keys in the DHT? I read this (https://github.com/irungentoo/toxcore/blob/master/docs/Preve...) but I still can't picture it (the wording isn't the greatest either). Thanks!!

NB: the tox project website is unusable w/o JS enabled. Please fix that.


While we're at it, the rest of the suggestions may be useful: http://www.reddit.com/r/dredmorbius/comments/27d5xr/please_f...

From the FAQ, this I like:

"The goal of this project is to create a configuration-free P2P Skype replacement. Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her's friends list and start conversing with them. There are many so-called Skype replacements and all of them are either hard to configure for the normal user or suffer from being way too centralized."

A lot.

(Emphasis added).

The website should be completely functional with JS disabled (and it is for me), what issues do you get?

Note: I'm not in charge of the tox.im website, if it were up to me there would be no javascript at all.

Chromium w/ ScriptSafe installed: no text until I allow the primary domain's JS:



You should probably submit a bug report to ScriptSafe.

So, This is pretty cool, however, one thing that I noticed: Addresses are per device. Skype lets you have one name and messages and calls come to all your devices, but as far as I see, Tox is one address per device.

I remember reading discussion how to address this problem. I can't for the life of me find it, though.

This is where the original (fairly old) idea is on the wiki: https://wiki.tox.im/Multiple_Devices

Here is a breakdown of the different ways they are considering on how to implement it: https://github.com/Quoturnix/ProjectTox-Core/wiki/Multiple-d...

Can you compare this to Jabber+Jingle?

Tox is distributed meaning it doesn't rely on any central servers.

This would be good to note in the post, since right now it's easy to decide not to click anything because there are so many links and the salient feature is never mentioned prior to visiting them!


Thank you.

As is XMPP. Does Tox actually offer any advantages?

From what I understand, XMPP is decentralized, whereas Tox is distributed.


Depends. Just like SMTP, XMPP can be centralized (if everyone's on the same server, say gmail.com), as much as it can be distributed (if everyone's on his own server) and anywhere in between. Tox can only be distributed.

If it's fully distributed and doesn't use any central servers then user has to bootstrap to network by giving known node information. It's classic annoyance, so having a bunch of bootstrap servers is a good idea. Is that defined as centralized or not, is another question.

So, what is the difference between utox_linux_amd64.tar.xz and Venom from https://repo.tox.im/rpm/ ?

Is toxcore the name of the protocol? Would it be somewhat compatible with XMPP or something like that? I like that it's between FB messenger, gchat/hangouts, viber, what's app, Skype and hosted xmpp.

I think it will have a chicken and an egg problem unless there's some kind of tool that let's you talk with other older apps and protocols like gchat/hangouts, or maybe this is planned.

It will most likely not be compatible with anything but Tox itself unless someone makes a bot to bridge between the two. For example there is currently a bot in the groupchat (Syncbot) which is a bridge between Tox and IRC.

Bot example here: https://github.com/aitjcize/tox-irc-sync More info on the protocol here: https://github.com/irungentoo/toxcore/blob/master/docs/updat...

This is great! Is there an Android version, and if so, are you OK with me writing a telepresence bot control API for it? (It's just a couple of hooks to a control app, if you're not releaseing source, I can just give you them).

Antox, the android client: https://github.com/Astonex/Antox

Please do! It's all free and open source.

How does it differ from Retroshare? http://retroshare.sourceforge.net/

Can you explain why tox is written in C over languages?

Knowing the typical Arch/Gentoo tiling WM 8px console font anime wallpaper mindset on /g/, "bloat".

Also for interoperability and portability. Pretty much every language has a way to bind to C code, and pretty much all hardware can run C.

I just did an analysis of the people involved in this project. Tox even more than cryptocat, is a very dangerous product to use. Even Tor has flaws while having many very capable cryptographers behind it. Tox appears to be swiss cheese both in code and protocol.

Rather than ricers with -Ofast kernels and overclocked CPUs it would be nice if a mature team focused on security and correctness first.

What was your "analysis" and how is it "very dangerous"?

This is a start, http://www.tox-chat.com/

Like cryptocat, tox claims things that are not proven to be true by developers that aren't qualified to be writing or designing the protocols for a secure encrypted chat.

Having the intent to do something isn't the same thing as actually being able to do it. People will use tox and get p3wnd with very dire consequences.

You say it like it's not a sign of a good developer who minds all the details. Though I'll admit I use a 16px font.

It's not a reliable sign of a good developer at all, although you'd be hard-pressed to realize that if you're hip deep in the culture.

My experience from interviewing other devs begs to differ. But why have a discussion when you can just ad homiem people?

In my experience this shows that people actually care about the tech they work with. Which is a good sign.

Caring about tooling doesn't mean you can necessarily use them well, especially when rhetoric becomes codified.

i've been keeping an eye on this project for a while, it looks really promising. I'm spreading the word about it where i can.

How is it superior to existing IM protocols (eg: XMPP)?

The article comapres it to skype, which is popular, but, techonologically, one of the worst protocols around.

Tox is distributed meaning there are no central servers.

Also, encryption is mandatory.

Any chance of an iOS client any time soon?

Not any time soon, as iOS isn't very FLOSS friendly (in fact, the GPL is not compatible with the Apple app store). There have been talks of making a licensing exception, but the iOS client with the most progress (https://github.com/Jman012/Toxicity) isn't functional at the moment.

I believe there's someone working on a completely different iOS client that looks pretty snazzy, but they haven't got any public code in their repo yet.

MPLv2 is compatible with both the GPL and the App Store.

Oh, that's a shame. Hopefully in the future there will be an iOS client.

Ask Apple to change their policy to allow copyleft software.

It has nothing to do with Apple's policy. The GPL is what's getting in the way: it says you can't impose restrictions on the redistribution of a GPLed application, and the App Store doesn't have any means to even permit redistribution of apps once they're installed.

Seems like the App Store's problem.

Google play store doesn't have that problem.

Apple sells products which they have decided to retain control over after sale.

That is Apple's choice, Apple's policy, Apple's decision. It also conflict with a lot of things, including the GPL.

Are group chats also encrypted? (The problem with jabber right now)

Yes, everything is encrypted from what I can tell.

why is it distributed in binary format?

they have links to their git hub repos, so it's also distributed in source format. Unless I don't understand what you're saying.

For those that don't already know, this project comes from 4chan's technology board. While there's a lot of inane trash, there are also some real gems if you're patient enough. I find lots of really cool stuff there that doesn't seem to be anywhere else.

More technically-capable people are always welcome to help drown out the inanity. :)


Ignore all bait threads. Sage all bait threads. Report all bait threads. Hide all bait threads.

Don't take the troll bait. ;)

those "trolls" have a very sane point about having to be an idiot to trust bittorrent, the company.

Yes they sure do.

I was referring to the OP's "deprecated" meme.

Posts without URLs are penalized. You might want to repost this using the most appropriate URL, then add your text as a comment to the post. If you like, email us at hn@ycombinator.com with a link to the new post and we'll look it over for you.

Edit: this one seems to be doing fine.

Reading HN full time as a job must be extremely enjoyable. :)

It's like being paid to eat cheesecake.

Livin the dream, Dang

I guess you've settled on a name, pretty completely, but tox evokes all sorts of bad feelings like "Toxin", "Detox" - generally feelings associated with the idea of poison or of poisoning yourself. From a marketing perspective this might not be the least sinister name you could have chosen. I realize this comes out of 4chan and we make a point of not giving a shit about marketing but...

I disagree, it sounds like "talks" to me.

Pretty cool name actually.

Whether "tox" sounds like "talks" will depend on whether or not your dialect exhibits the cot/caught merger. To those of us without, it sounds very different!

They intended "Talks" but most people will just associate it with toxicity or toxins. They really need to come up with a better name if they want to succeed.

Also disagree, to me it sounds like Torx the screwdriver bit. It makes me think of a very utilitarian program.

I like the name, sounds like something that would give certain government agencies heartburn.

It seems to be intentional, or at least acknowledged...the name of one of the Mac clients is 'Poison'.

Detox would actually be a pretty good choice: cleanse yourself of the poison of mass surveillance.

Also, Tox is taken as the name of an established test runner in the Python world.

It's marketed to people, not corporations. If the name bothers you, it's not for you. Enjoy being tracked by everybody because you were too much of a baby to run something called "tox" out of fear of being poisoned.

The first thing I thought of was toxic.

Toxic is the name of the CLI client. https://github.com/tox/toxic

I take the opposite perspective though. In nature toxins and poisons are used as protection against predators.

That's for you personally. There's a reason companies spend millions of dollars on branding (for the masses) though... any marketing 101 person can tell you you don't want your company associated with negative images like toxins :p

This project has largely disappointed me in many ways. I know HN doesn't care much about software licensing and that kind of stuff, but there are many legal issues behind the project that remain unsolved and have remained unsolved for majority of the project's lifetime.

1. The people behind Tox don't seem to be the copyright holders of their logo as admitted by one of the main developers[1]. The logo is the one also used on their website.

2. Tox project is now attempting to (falsely) claim to be the copyright holders of the logo.[2] Wikimedia Commons deleted the project logo for legal concerns, and to date it remains deleted.[3] There is no concrete proof for Tox's copyright claims on the logos, while there's pretty concrete proof that the project indeed does not hold the copyright on the logos. For those unaware of how our legal system works, "works without license" are considered copyrighted work of the author (e.g. anonymous user on linked /gd/ board).

3. Creative Commons licenses are also incompatible with their choice of software licensing, GPLv3+,[4] which means they cannot legally redistribute current logos under the current licenses with Tox software even if they were copyright holders to those logos.[5] As far as I know, the logos are already being redistributed with the software.

4. The documentation also cannot be legally redistributed with the software, and in theory nobody outside the project has practical freedoms to modify the documentation.[6] "I'm le troll! :-)" was most likely added by the developers.

5. Because of the above mentioned issues, Tox cannot be accepted to Debian GNU/Linux repositories because of DSFG guidelines.

6. The above mentioned issues also create false advertising; "Tox is both free for you to use, and free for you to change. You are completely free to both use and modify Tox."[7]

7. A developer quit the project because of other serious issues in the project.[8][9] The developer criticized the design of DHT (distributed hash table) used to find users, which leaked a lot of data about users. There's a large reddit thread about these DHT issues somewhere too, but I seem to be unable to find it myself right now. Fortunately, the leak was patched a long time ago. Unfortunately, the patch was a large hack which the Tox developers solved by reinventing the wheel and reimplementing Tor onion routing.

8. I haven't verified this (so don't count on me), but the Tox core (or core + clients?) is now ~100k lines of code. It's not entirely lightweight per se, which was one of the initial goals as far as I remember.

9. Another minor thing that upset me was that during Tox's conference talk (forgot which conference, but it was related to YouBrokeTheInternet), the speaker forgot to introduce himself and what he was doing. This probably led to some confusion.

10. Possibly controversial too, but the first radio talk show Tox was introduced in was... could I say, maybe slightly cringeworthy. Or something. See it for yourself.[10]

Sorry if I went a little bit too political, knowing the rules. I wanted to point out these issues to let you know how everyone involved in the project can be a help.

[1]: https://rbt.asia/g/thread/40445107#p40449131 - you can scroll down and read the replies too [2]: https://commons.wikimedia.org/wiki/Commons:Deletion_requests... [3]: https://commons.wikimedia.org/wiki/Commons:Undeletion_reques... [4]: https://github.com/irungentoo/toxcore/blob/master/COPYING [5]: https://www.gnu.org/licenses/license-list.html#ccbysa [6]: https://github.com/Tox/Docs/issues/7 [7]: https://tox.im/ [8]: http://www.tox-chat.com/2013/08/tox-developer-fed-up-quits.h... [9]: https://github.com/irungentoo/toxcore/issues/493 [10]: https://www.youtube.com/watch?v=IdR3SVcBbq0

Disclaimer: I'm not the author of any of the links above. It's what I have gathered from numerous discussion threads Tox has had on 4chan.

First, I suspect this is a concern troll named WubTheCaptain (http://wubthecaptain.eu/), or a copycat of the concern trolling he originally did, that has hung around the tox threads because he craves attention and replies. But I'll reply to some of these even though I'm not a tox dev.

1. The logo was made, over many threads, by members of 4chan's /gd/ board for Project Tox to Do Whatever The Fuck You Want(tm)

7. A developer quit the project because she was harassed into quitting by another notorious troll, SaveTheInternet (the creator of an australian imageboard 4chon) and friends in the 4chon IRC. Basically, the arranagement at the time seemed to be quit and I take your dox down.

As you can see, we have many problems with trolls, they're quite interesting creatures to harass a FOSS project like this for months on end but I suppose they redeem themselves in the entertainment value of how they bend over backwards for replies.

> 7. A developer quit the project because she was harassed into quitting by another notorious troll, SaveTheInternet (the creator of an australian imageboard 4chon) and friends in the 4chon IRC. Basically, the arranagement at the time seemed to be quit and I take your dox down.

Although there was doxing, the issues slvr highlighted were entirely valid. IIRC, slvr had raised these in a private mailing list and they were then leaked to the public, at which point doxing occurred.

The concerns were public in IRC, github discussions and on the wiki, with a proposal to fix it: https://wiki.tox.im/Proposal:Slvr_Protocol_Rewrite

I did not imply that the issue raised was not valid, only that the pressure to quit was with troll(s) wielding dox and wub is being disingenuous like always with his concern trolling.

Yeah, the proposed rewrite was public. A lot of slvr's more vocal criticism wasn't, though -- some private emails were leaked. But yeah, it was the doxing that made him quit. And that sucks.

as you can see there are also people dedicated to spreading misinformation about the project. like some guy who designed a similar logo to the Tox logo and made it his mission to complain and spread as many lies about it as possible. 4chan is being swarmed right now with people claiming your ip address must be kept secret and therefor Tox (P2P) is insecure. endless variations off "This thread should have been deleted just for being a security risk to 4chan users, as Tox will give your IP address to anybody you add as a friend, even if you posted your public key on 4chan.

There's no telling how many people on 4chan have given out their IP addresses without knowing it."

clearly purposely misleading. most of the points made above will be sorted, are exaggerated non-issues, false or very bias/misleading.

So why this when there's Hangouts?

Cause it binds you to a particular company, protocol, etc. This is open source, and does not create a single point of monitoring.

What makes the main developer, irungentoo, qualified to write the Tox core?

Starting a new, blue water distributed encryption system in a non-safe language is odd at this point. The protocol is being _noodled_ through and the code is in C.

This is the coding style


this is openssl all over again


From a short look, I tend to agree with you.

> memcpy(packet + 1, &con->ping_request_id, sizeof(uint64_t));

Copying multi-byte values into a network packet is a typical error made by novice developers - this will bite you hard as soon as somebody compiles the code on a Big Endian machine. Even if you might get away with this on opaque elements like a ping ID, the general approach should not be followed.

endianess doesn't matter when you all you do with it is store it and check if it's equal to another.

In all cases where it does matter, the values are converted.

Tox has been confirmed working on big endian machines by many people.

C is far from a non-safe language; it's the language of choice for NASA systems that lives depend on after all.

I'm not sure what you're trying to point out with those links. How is this related to openssl?

Because NASA has used C means this guy writes code for the shuttle?

Read the code. Dig through the commit logs. This is the wrong choice on about every level. The best encryption won't save you when you have code like this.

What did we not learn about OpenSSL?

You're talking complete nonsense. Constructive criticism please.

the only thing I'm seeing from your posts is "I'm a fucking idiot who doesn't understand that C is safer than any interpreted pretend-you're-safe language"

When have you heard of a JavaScript dangling pointer problem? Buffer overrun? Segfault?

The only hope to make Tox less insecure would be to run it under emscripten or http://zerovm.org/

Comparing C to Javascript makes no sense, and Javascript is NOT a safe language. Those issues you mentioned are due to programmer incompetence. Bad programmers will make bad code no matter what language they program in. Security should not rely on a language hand-holding bad programmers.

The classes of problems that one encounters in Ada, Haskell, OCaml, Rust, D or Go are vastly different than in languages w/o memory safety.

Writing secure network code in an non-safe language is something that shouldn't be taken lightly. Given the nature of the commits it is hard to comprehend that this product will ever achieve its stated aims.

It is secure by side effect, not proof.

No one is taking this project lightly and I don't know why you would suggest otherwise. You keep vaguely alluding to "the nature of the commits" but still have yet to give a single concrete example of what you have issue with. I take it that you don't actually know any C and are just repeating what you've read somewhere else.

I have extensive C experience, and I have looked through the code. While there have been plenty of bug fixes in the commit log - as is to be expected for a project of this scope in its pre-alpha/alpha stages - I have not seen anything that resembles a security threat, much less something as serious as the heartbleed bug that you keep bringing up for some reason.

At this point I have to conclude that you're either a troll with too much time on your hands, or being paid to spread FUD.

I don't know what cargo cult coding style you want adhere to, but there is nothing wrong with the linked diff's.

It's quite readable and has yet to tangle itself in the ifdef mess that is openssl.

He has the time to do it.

We don't want the guy with the most "free time" doing the work.

You're right. Make a better program. I'll be anticipating it, I really want a Skype replacement I can get behind.

So do I, but Tox isn't it.

They should have made the protocol, vetted the protocol and made a PoC implementation in a safe language.

Cryptographers and secure protocol designers can't help out if they are noodling along banging out the implementation while designing it.

Does Tox have plans to offer telephone numbers so that POTS subscribers can call Tox users?

If not, I don't see how it can be a replacement for Skype.

PSTN connectivity requires centralization

Warning: shameless plug. Sococo has a free replacement for Skype, including doc sharing, chat etc. Been around for years now.

Sococo doesn't seem to be open source

Free though. And lots of features.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact