I’ve seen a lot of talk about privacy minded chat clients on here but a search did not bring up Tox. I have been delving into the Gemini protocol ( https://gemini.circumlunar.space/) and a few folks there have listed Tox for contact. Anyone have thoughts on this?

It’s encrypted, peer to peer, FOSS, and requires no signup.

  • Joe BidetA
    link
    fedilink
    arrow-up
    6
    ·
    3 years ago

    I cannot find that page again as it as obviously been fixed since, but i remember looking at Tox a long while ago and running away scared and laughing at the same time.

    On some installation page (on a wiki!!) it used to recommend (from memory) something like “wget --ignore-certificate https://blah.blah/blah.sh | sudo sh”

    My immediate reaction was that i wouldn’t take seriously anything related to security from ppl recommending such insanely sloppy and insecure methods…

    • federico3
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      3 years ago

      The whole approach to security of Tox was very questionable since the beginning. Tox even hinted at being able to withstand attacks from nation-states (see below), while at the same time it was not audited by 3rd parties and had no clear description of their threat model. A number of question and bug reports around security where quickly dismissed.

      “Whether it’s corporations or governments, digital surveillance today is widespread. Tox is easy-to-use software that connects you with friends and family without anyone else listening in.”.

    • GrittyOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      Thanks for the insight! No offline messages is a big drawback, however aTox from Fdroid seems to have the service running all the time unless you kill it. Battery drain aside I think this could help. No multi device support is a big one though.

      Yeah Gemini is cool. Big gopher hole right now for me.

    • jackalope
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      By “doesn’t support multi-device” you mean it doesn’t have syncing between devices?

      That’s kind of a big deal for me.

        • jackalope
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          right yeah I figured as much. I don’t know if there really is a way to do multi device with p2p.

  • CHEF-KOCH
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    edit-2
    3 years ago

    Maintainer stole money from the project ever since then it died with it + no audit. Main reason why I unlisted it from my privacy project.

    Lots of baseless claims and whatnot, more hype around it which is not worth it. I would use it but not under the incompetent management.

    • GrittyOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      So besides the management you’re saying the software itself could be viable?

      • CHEF-KOCH
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        3 years ago

        Sure, as said I would use it myself instead of Element. The project always had potential and was underestimated since day one. People donated in the hope to improve the known issues + get an audit, sadly that day never came and after the shit-show that happened people lost trust.

        It is not perfect, same like Element it has flaws but they are fixable with some help and effort.

  • unnecessarily
    link
    fedilink
    arrow-up
    4
    ·
    3 years ago

    If you’re interested in the concept behind Tox, I’d recommend taking a look at Jami. Tox’s development has been sporadic at best and I wouldn’t trust it to be a viable solution long-term. Jami runs with the same concept but has multi-device support and is backed by/part of the GNU project so it probably has more staying power. That being said, it’s still (like Tox) not very user friendly at this point.

  • drone621
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    3 years ago

    I tried using this, admittedly a while ago, for two months. It flat out could not deliver messages reliably to someone in the same household. Sometimes messages would arrive weeks after being sent, and sometimes nothing would arrive at all. Maybe it’s changed since, but I doubt it.

  • Lynda
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 years ago

    Many of the top tier messaging platforms are trying to solve today’s problems and vulnerabilities. I like that Tox does not require a huge centralized infrastructure (only DHT) and is P2P. Tox is very fast and works well over Tor too. However, P2P, DHT, and limited infrastructure has it’s own challenges.

    I think Session and Status.im are better positioned.