-
-
Notifications
You must be signed in to change notification settings - Fork 385
🆕 Software Suggestion | Tox Chat #736
Comments
You might find the other Tox threads interesting. |
Yes but that does come at the cost of certain features, such as offline messages, push notifications, (which impacts on mobile battery life).
Signal has been audited and is easy to use, as well as secure. It does not claim to provide anonymity.
Data still leaves the Tor network and is exposed to the exit nodes which increases surface area. Tox is still very experimental, and it will be interesting to see how it progresses with the new core and documentation - https://toktok.ltd.
Matrix is audited, and can do things Tox cannot, bridges etc. Matrix continues each year to so show significant progress. Matrix, the current status and year to date 2018-12-29. A part from the fact that Tox is already mentioned. https://www.privacytools.io/#voip @Shifterovich might as well close this ticket as OP didn't use the search feature or look very closely at the privacytools.io website. Each messenger has it's strengths and it's about choosing what is right for you. |
For offline messages this is optional to user and he can fix that if the user wants so: https://wiki.tox.chat/users/offline_messaging Push notification? whats wrong with it?
im sorry what? also read: https://wiki.tox.chat/users/tox_over_tor_tot
qTox now added to debian buster repos , so lets say experimental but its reliable.
Matrix its horrible design because its not really decentralized , its federated (means requires servers to operate). and guess what is the main client of matrix ? Riot which full of JS garbage and insecurity. so comparing the designs + the main clients = Tox way more secure to use than Matrix. only some features which matrix add but it has no relation to make it more secure or reliable to privacy like talk to irc,xmpp..etc. which is rubbish in security comparison. |
yes i know but i hope to be added to instant messages. because its worth more than matrix/riot or open whisper/signal. and its active not dead as ricochet. |
Not a part of the official client. Queuing messages until the contact comes online isn't true offline messaging. Imagine if email worked like that? What you'd keep your computer on until your contact came back online? lol. As for the other options:
Using Tox over Tor, puts all of the trust in Tox's crypto. Considering it isn't well documented (purpose of toktok) and hasn't been audited by someone like NCC that's not something I would do outside of experimental situations.
It is decentralized and federated by definition. A user can connect to any home server which can connect to any other home server. If you really wanted you could connect to your own home server there are multiple implementations (synapse, dendrite) which have made huge progress.
I'm not sure what that's supposed to mean. C/C++ can also be an insecure language. I think at this point it's rather obvious you do not know what you're talking about.
Link to audit please, that is the only way you can make that claim.
Opinion. |
Thats the only TRUE way to handle really your data and connection = privacy. and no one said Emails are encrypted or safe unless use some extra extensions like enigmail,gpg..etc , so i dont consider the convenient behind unsafely measurements to look at over less convenient but higher security.
everything mentioned in tox website. and for ratox check here: https://git.2f30.org/ratox-nuggets/
Whats the problem with Tox crypto? audited or not , vulnerabilities doesnt know audited software or no , audited software doesnt become automagicallly bugproof. Thats only safe design from ground zero worth taking it.
you are missing the point, Peer <-> Peer decentralization differ from federated decentralization Peer<-Server->Peer or Peer<-Server<->Server->Peer. Also Matrix doesnt encrypt anything by default. makes it even worse.
ah so you dont know what is electron based app and how they are security fucked? i ask you to search more before you propose things.
We dont disagree its a good thing to have , but i disagree considering it as a holy action that the software have or not using it.
?? porting IRC , XMPP ... to matrix doesnt automagically makes it/them secure. |
Yes and emails aren't real-time and don't have PFS. GPG and S/MIME also do not protect the metadata in the email's header, so that is a sacrifice you have to make.
If we suggested unusable and difficult products people would just use centralized and proprietary products. So it is something that we must consider.
I see a commit log, no documentation though and it's unmaintained (2014). Looks very experimental to me.
That is the library they are using for their cryptographic primitives. Tox's protocol however is completely custom (not something established like TLS). Their protocol has not been formally audited or vetted to check acts as intended. That specification is for the next-generation implementation of toxcore and not what is currently in the Tox clients.
Yes and you clearly suggest we should blindly accept everything we read on the internet. You're trying to argue with me about things which you clearly do not posess the necessary background to argue about (evident by your replies). A code audit would increase the trustworthyness of the code as it means it has undergone a formal verification process. Bugs will still exist, but hopefully not any particularly serious ones. The implementation in current Tox clients is unlikely to get any research (or funded auditing) considering the change to c-toxcore. As @Shifterovich says, have a look at the other Tox threads and associated discussions.
At this point in time peer decentralization is unlikely to ever take off, particularly with it's current implementations. Tox uses a lot of battery power running the DHT bootstrapping process and lacks multi device support as well as push notification. It's not going to be popular until those things are solved.
That is about to change in the riot redesign which includes the E2E UX redesign (used for keysigning).
There's nothing inherently insecure about Electron. The only criticism I have seen of it is related to performance. As you're clearly not a programmer nor do you understand anything about the framework you're criticizing I am just going to treat your remarks as ignorance. You've provided me with no evidence of the contrary.
We don't consider recommending software that has not been formally audited as top-pick software. In any case Tox is still mentioned on the website.
More evidence you don't know what you're talking about. If you're talking about bridges then I think that's rather obvious. Anyway as I told you in the other issue https://github.com/privacytoolsIO/privacytools.io/issues/474#issuecomment-457252313 I am not wasting any more time on you. |
Clearly as there's been a lack of understanding here, I suggest https://github.com/privacytoolsIO/privacytools.io/issues/746 |
I see no compelling arguments to add tox to privacytools.io here. As we try to stay conservative about how many things we recommend to prevent the site for getting cluttered, I dont see why tox would be worth adding next to the messengers in its current state, so i will be closing this issue, if anyone disagrees, then they can comment to reopen the issue, and make a case for tox inclusion into privacytools.io |
Basic Information
Name:
Tox Chat
Category:
Encrypted Instant Messenger
URL:
https://tox.chat/
Description
Tox Chat is the real meaning of decentralization chat , There are no servers between users at all , End2End encryption, VOIP , Works with Torification, Doesnt require Email or Mobile Number for registration , only Username and Password.
Better than Singal because it requires Mobile number for registration , No server control available only client.
Better than Matrix because its federated decentralization meaning it needs servers + clients.
Better than Wire because it doesnt need servers to operate. also doesnt require email for verified registration.
The text was updated successfully, but these errors were encountered: