I’ve seen a lot of talk about privacy minded chat clients on here but a search did not bring up Tox. I have been delving into the Gemini protocol ( https://gemini.circumlunar.space/) and a few folks there have listed Tox for contact. Anyone have thoughts on this?

It’s encrypted, peer to peer, FOSS, and requires no signup.

  • Joe BidetA
    link
    fedilink
    arrow-up
    6
    ·
    3 years ago

    I cannot find that page again as it as obviously been fixed since, but i remember looking at Tox a long while ago and running away scared and laughing at the same time.

    On some installation page (on a wiki!!) it used to recommend (from memory) something like “wget --ignore-certificate https://blah.blah/blah.sh | sudo sh”

    My immediate reaction was that i wouldn’t take seriously anything related to security from ppl recommending such insanely sloppy and insecure methods…

    • federico3
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      3 years ago

      The whole approach to security of Tox was very questionable since the beginning. Tox even hinted at being able to withstand attacks from nation-states (see below), while at the same time it was not audited by 3rd parties and had no clear description of their threat model. A number of question and bug reports around security where quickly dismissed.

      “Whether it’s corporations or governments, digital surveillance today is widespread. Tox is easy-to-use software that connects you with friends and family without anyone else listening in.”.