DISCLAIMER: I am one of the many Tox ex-contributors, who used to work on it in the past. I don't want to be identified due to harassment other ex-contributors suffered in the past. The following message is my point of view on the project as a whole.
Proplex, a long-time member of the Tox-Foundation and in charge of both infrastructure and marketing, called out tox devs because the 2 people in charge (irungentoo and stqism) were dealing with money in a shady way and he got suspicious. This lead him to leaving the Tox Foundation
Proof: https://gist.github.com/irungentoo/5af26f5edefcdb7eac72
After he went away and stopped to pay for the website and other servers (he hosted everything), Tox devs got angry and tracked his online activity by his browser UA, read his private email sent to his @tox.im address and considered breaking into his VPS account
Proof: https://gist.github.com/urras/ba792274f5aaf662a082/5d91d2a78... and https://archive.today/KkSWp
After the points exposed above, the conclusion is obvious, at least for me.
The Tox Foundation claims Tox is completely secure and nobody can break in, not even the NSA. Still, there's been no security audit and it is highly likely Tox isn't completely secure, given it's alpha software. But their website gives the idea people face no risk by using Tox right now. They are deceiving people to believe it is secure so they gain more users at the expense of putting users privacy at risk.
Proof: https://tox.im itself. See all security claims even though it hasn't been audited. Saying it's "alpha" doesn't mean to anything to non-tech-savvy, they will think it's missing a feature or two, not that their privacy and security is possibly compromised.
I believe it's my moral obligation, and of everyone's else reading this, not to use Tox.
You are contributing to a shady foundation composed of menchildren that don't care about other's privacy, deals with money in a shady way and dox people who go against them. Do not trust the Tox Foundation - this is my personal message.
There is a whole lot of green on this thread. The text is copied [1] and has been posted several other places. Generally the tone here and strong somewhat overreacting stances aren't particularly becoming of the HN community.
Edit: I have no affiliation here, just an outside observer. I think it's relevant because, unlike the screenshot of #1228, the still alive 1229 issue (at least) shows that this happened nearly a month ago.
Whether or not the fact that it happened nearly a month ago matters I don't know, but at least it's a bit of extra context/info.
>Proplex, a long-time member of the Tox-Foundation and in charge of both infrastructure and marketing, called out tox devs because the 2 people in charge (irungentoo and stqism) were dealing with money in a shady way and he got suspicious
We barely get any donations. We barely have money and we are very transparent about it, look at our donations page.
>After he went away and stopped to pay for the website and other servers (he hosted everything)
He disappeared one day, didn't warn us or anything and took everything (including backups) with him.
>Tox devs got angry and tracked his online activity by his browser UA, read his private email sent to his @tox.im address and considered breaking into his VPS account
Yes because I wanted to know if he had done anything weird on the site. We never considered breaking into his account. His tox.im mail was never remade on the new tox.im mail server so all emails sent to it ended up in our catch all email.
>Members of the Tox Foundation such as stqism try constantly to sneak in copyright changes
I'm a member of the Tox foundation and I don't sneak in copyright changes in my repo. He also didn't try to sneak it in. I never merge pull requests before reading everything first.
>After it got out of hand and too many people called out the Tox Foundation, this happened
Yes and I explained exactly what happened. What is the issue?
>irungentoo enforced censorship on his github repo to try to cover everything up
Because kicking trolls is censorship?
>irungentoo claims Tox is secure just because he uses a secure primitive
Scroll down to my next comment in that thread.
Sorry for my previous comment. This one should be better.
>We barely get any donations. We barely have money
That's relative and your wording is slippery here. What is "barely no money"? $50? $100? In any case, donated money should be dealt with in a better way. Even an ex-member of the foundation (Proplex) had a big issue with this. He actually left because of the shady way you dealt with money and, since then, nothing changed.
>we are very transparent about it, look at our donations page.
That page tell barely nothing and is outdated. What's the money being spent on? Who's the financial manager? As a donator, how can I be sure my money is being spent on Tox and not on personal servers, vacations, etc. by the Tox Foundation leaders? There were rumors about that, and although I don't believe them, this is a serious issue anyway.
>He disappeared one day, didn't warn us or anything and took everything (including backups) with him.
And on the same day you started harassing him, without even listening to his side of the story? And what do you mean with backups? You are saying you or other project members didn't keep local backups? That would be an amateur mistake to make.
>Yes because I wanted to know if he had done anything weird on the site
And the NSA just wants to know if we had done anything weird on their country. /sarcasm
Do you think that justifies spying on him?
>We never considered breaking into his account
But you said the following at #tox-secret on January 14th: "urras, if you want to forcefully gain access to his digital ocean account I can reset his pass" SOURCE: https://archive.today/Y6LEw (line 45)
>His tox.im mail was never remade on the new tox.im mail server so all emails sent to it ended up in our catch all email
As soon as he left the project you should have deleted his @tox.im email account or at least temporarily disabled it. It's unethical to keep receiving (and reading) emails that were meant to someone else.
>Because kicking trolls is censorship?
Tell me, how is this a troll? http://i.imgur.com/HNFtcOG.png Keep in mind the title was defaced (and later on the message) by irungentoo.
As soon as dfortner raised up those questions, you locked the issue, edited his messages to say garbage, hurting his image, and banned him from the repository so he couldn't raise the issue again.
>Sorry for my previous comment. This one should be better.
This one isn't a blatant rant without content like the other one, it's just some damage control. I honestly don't know what is worse, but I guess you are right on saying this is a little better.
Unfortunately, being affiliated with 4chan means we attract a lot of trolls pretending to be "ex-devs" or "concerned members of the community" who have nothing better to do with their time than to spread FUD (https://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt). We certainly aren't perfect, and have made our fair share of mistakes, but at the end of the day this is just personal drama that serves to distract from the software.
One of the "proof"s given here is that a pull request changed a 2013 copyright to a 2013-2015 copyright, as though that's sinister somehow. I stopped reading after that.
Yeah I read all that and it's really the main dev trying to track down the guy who maintained all the servers because he dropped everything. Maybe he acted awkwardly, I don't know, I don't care; the point is, there isn't some sort of "Tox Foundation conspiracy" trying to deceive everyone (as if the tox community was large enough to be worth deceiving) and given your tendency to shitpost on 4chan I would be more inclined this is another epic troll attempt to sabotage a project that actually went off.
We should drop that "proof" argument because it's just an argument that impossibru, a completely fresh account, mindlessly threw out.
What we have in this forum are achive.org links. Those links contain conversations about breaking into Proplex's accounts and tracking Proplex's behavior. We should not have to filter past this argument of yours.
Your other argument just accuses someone of being a forum troll.
Sounds like an extremely one-sided version of an argument. Why should we care about the devs? If the source is open and the software is good, I can tolerate Linus-tier rants if need be.
The issue is that if you use Tox you support their foundation, the Tox Foundation™ which deals with money in a shady way and deceive their users just in order to grow.
I, for moral and ethical principles, don't want to have anything to do with such a thing and believe it's necessary to let people know about the situation.
If they couldn't even respect an ex-developer privacy[0] how can we expect them to run a foundation and create a supposedly secure instant messaging?
> The issue is that if you use Tox you support their foundation
No, you really don't.
Your argument would have a lot more ground if you didn't sound like an off-the-street conspiracy theorist.
I guess that's what differenciates "conspiracy theorists" from the people who want you to believe vaccines causes autism and aspartame cancer. It's easy to dismiss something as crazy when the messenger sounds batshit insane, regardless of what the message is.
The tech community should know, what with Snowden and all.
Open source developers with attitude problems? Surely this has never occurred before.
To be less sarcastic: Does it matter who the developers are and how they behave? If the source is open then it can be reviewed by anyone. If it works, there is no reason not to use it.
If the project is toxic (no pun intended) that's good enough reason to have nothing to do with it, period. If the above is true, a fork with a less-hostile community/development-environment would be a Good Thing.
You are just some troll trying to kill our project with fabrications and lies. You twist the truth to fit your own agenda.
The guy in question tried to damage the project on his way out so yes I grepped our server logs for his ips because I wanted to know if he had tried anything weird.
This guy posting this comment here is someone who decided to start this war against the project after I refused to kick someone who actually did something from our project. He posts this bullshit everywhere.
It doesn't help that you have zero clue how to answer professionally to actual trolls.
Hint: it involves replying to actual concerns rather than ad hominems. I mean, it's not like GP doesn't have any material on you, there's some pretty shitty stuff going on there.
Proplex, a long-time member of the Tox-Foundation and in charge of both infrastructure and marketing, called out tox devs because the 2 people in charge (irungentoo and stqism) were dealing with money in a shady way and he got suspicious. This lead him to leaving the Tox Foundation Proof: https://gist.github.com/irungentoo/5af26f5edefcdb7eac72
After he went away and stopped to pay for the website and other servers (he hosted everything), Tox devs got angry and tracked his online activity by his browser UA, read his private email sent to his @tox.im address and considered breaking into his VPS account Proof: https://gist.github.com/urras/ba792274f5aaf662a082/5d91d2a78... and https://archive.today/KkSWp
Members of the Tox Foundation such as stqism try constantly to sneak in copyright changes in unrelated fixes: Proof: https://github.com/irungentoo/toxcore/pull/1219 and https://github.com/irungentoo/toxcore/pull/1224
irungentoo enforced censorship on his github repo to try to cover everything up Proof: https://github.com/irungentoo/toxcore/issues/1227
After it got out of hand and too many people called out the Tox Foundation, this happened: Proof: http://a.pomf.se/kqwgsg.png
irungentoo claims Tox is secure just because he uses a secure primitive, which is really arrogant and something only a pretentious deceiver would say. This is a crypto 101 mistake. Proof: https://github.com/irungentoo/toxcore/issues/121#issuecommen...
After the points exposed above, the conclusion is obvious, at least for me.
The Tox Foundation claims Tox is completely secure and nobody can break in, not even the NSA. Still, there's been no security audit and it is highly likely Tox isn't completely secure, given it's alpha software. But their website gives the idea people face no risk by using Tox right now. They are deceiving people to believe it is secure so they gain more users at the expense of putting users privacy at risk. Proof: https://tox.im itself. See all security claims even though it hasn't been audited. Saying it's "alpha" doesn't mean to anything to non-tech-savvy, they will think it's missing a feature or two, not that their privacy and security is possibly compromised.
I believe it's my moral obligation, and of everyone's else reading this, not to use Tox. You are contributing to a shady foundation composed of menchildren that don't care about other's privacy, deals with money in a shady way and dox people who go against them. Do not trust the Tox Foundation - this is my personal message.