this post was submitted on 26 Jan 2022

8 points (100.0% liked)

Privacy

31918 readers

918 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Tox Chat (tox.chat)

submitted 2 years ago by Gritty@lemmy.ml to c/privacy@lemmy.ml

17 comments fedilink hide all child comments

I've seen a lot of talk about privacy minded chat clients on here but a search did not bring up Tox. I have been delving into the Gemini protocol ( https://gemini.circumlunar.space/) and a few folks there have listed Tox for contact. Anyone have thoughts on this?

It's encrypted, peer to peer, FOSS, and requires no signup.

top 17 comments

sorted by: hot top controversial new old

[–] Yujiri@lemmy.ml 4 points 2 years ago (2 children)

I saw this a while ago when I was searching high and low for a messenger to switch to from Element (didn't end up switching to anything). I like a lot of things about it, but don't like that it can't support offline delivery or multi-device. I think no messenger without those features will ever take off because too many people demand them. In fact I remember that in group chats, it won't even do the faux offline messaging that it does for 1-to-1 chats! I don't know why but that was the biggest deal breaker for my own use case. I hope they eventually fix that, there's no reason they can't.

I also don't like that it has moderation features, which feel really out of place to me in a peer to peer system. I don't want that kind of social hierarchy in a context that more or less inherently assumes all participants are trusted. Moderation only makes sense in public forums IMO.

There's also at least one security cocern: https://github.com/TokTok/c-toxcore/issues/426 Though the people pointing it out were pretty toxic and really exaggerated its severity :(

Despite all this, if offline messaging and multi-device aren't requirements for you, I'd say Tox is a great option, maybe the best option.

I'm proud to hear you're getting into Gemini, by the way :) I first heard of it a while ago but recently got really onboard and I'm working on converting my own website to Gemini.

[–] jackalope@lemmy.ml 2 points 2 years ago (1 children)

By "doesn't support multi-device" you mean it doesn't have syncing between devices?

That's kind of a big deal for me.

[–] Yujiri@lemmy.ml 1 points 2 years ago (1 children)

Yeah, I mean that. The design of the protocol makes it basically impossible to implement. This is one of the core drawbacks of peer to peer compared to federation.

[–] jackalope@lemmy.ml 2 points 2 years ago

right yeah I figured as much. I don't know if there really is a way to do multi device with p2p.

[–] Gritty@lemmy.ml 1 points 2 years ago

Thanks for the insight! No offline messages is a big drawback, however aTox from Fdroid seems to have the service running all the time unless you kill it. Battery drain aside I think this could help. No multi device support is a big one though.

Yeah Gemini is cool. Big gopher hole right now for me.

[–] Lynda@lemmy.ml 3 points 2 years ago

Many of the top tier messaging platforms are trying to solve today's problems and vulnerabilities. I like that Tox does not require a huge centralized infrastructure (only DHT) and is P2P. Tox is very fast and works well over Tor too. However, P2P, DHT, and limited infrastructure has it's own challenges.

I think Session and Status.im are better positioned.

[–] CHEFKOCH@lemmy.ml 2 points 2 years ago* (last edited 2 years ago) (1 children)

Maintainer stole money from the project ever since then it died with it + no audit. Main reason why I unlisted it from my privacy project.

Lots of baseless clams and whatnot, more hype around it which is not worth it. I would use it but not under the incompetent management.

[–] Gritty@lemmy.ml 1 points 2 years ago (1 children)

So besides the management you're saying the software itself could be viable?

[–] CHEFKOCH@lemmy.ml 1 points 2 years ago* (last edited 2 years ago)

Sure, as said I would use it myself instead of Element. The project always had potential and was underestimated since day one. People donated in the hope to improve the known issues + get an audit, sadly that day never came and after the shit-show that happened people lost trust.

It is not perfect, same like Element it has flaws but they are fixable with some help and effort.

[–] unnecessarily@lemmy.ml 2 points 2 years ago (1 children)

If you’re interested in the concept behind Tox, I’d recommend taking a look at Jami. Tox’s development has been sporadic at best and I wouldn’t trust it to be a viable solution long-term. Jami runs with the same concept but has multi-device support and is backed by/part of the GNU project so it probably has more staying power. That being said, it’s still (like Tox) not very user friendly at this point.

[–] Yujiri@lemmy.ml 1 points 2 years ago (1 children)

Whoa, I had no idea Jami had multi-device support! I wonder how they pulled that off in a P2P setting. Last I checked they didn't even have offline messaging (not even in the way Tox does).

Do you happen to know where the Jami protocol spec is? I couldn't find it on their website...

[–] unnecessarily@lemmy.ml 2 points 2 years ago

Looks like it's still a work-in-progress.

[–] JoeBidet@lemmy.ml 2 points 2 years ago

Anyone here remembers Pond?

[–] JoeBidet@lemmy.ml 2 points 2 years ago (1 children)

I cannot find that page again as it as obviously been fixed since, but i remember looking at Tox a long while ago and running away scared and laughing at the same time.

On some installation page (on a wiki!!) it used to recommend (from memory) something like "wget --ignore-certificate https://blah.blah/blah.sh | sudo sh"

My immediate reaction was that i wouldn't take seriously anything related to security from ppl recommending such insanely sloppy and insecure methods....

[–] Gritty@lemmy.ml 1 points 2 years ago

Oh wow

[–] drone621@lemmy.ml 1 points 2 years ago

I tried using this, admittedly a while ago, for two months. It flat out could not deliver messages reliably to someone in the same household. Sometimes messages would arrive weeks after being sent, and sometimes nothing would arrive at all. Maybe it's changed since, but I doubt it.