Some new features for better privacy and security

[NiKola-UE]

Hello, 

I've been reading about your app and I really like what it offers, so I think you might like my suggestions even though I'm not a developer. 

So here's what I suggest: 

First, as a blind user it is very important to me that the desktop version is fully keyboard friendly so that I can use it with screen readers. 

It is very important to avoid all central servers so that the application is completely decentralized, and all data is stored exclusively on user devices. 

Using Tor nodes is a really good thing and I personally like it a lot, but as you know, Tor's architecture is centralized and can have problems with exit nodes, making it vulnerable to censorship and not resistant to blocking, although there are workarounds various tools. 

That is why, in order to achieve greater anonymity, it is good to implement Lokinet, I2P (also I2PD) and GMUnet that, each in its own way, are good for additional anonymity and encryption.

Yggdrasil, on the other hand, can be good because of its very strong E2E encryption, and it also supports IPV6. 

The implementation of Shadowsocks and Outline VPN(which is not a real VPN) can allow all traffic to pass through their tunnels, which can be useful in order to avoid delays and slowdowns.

The Hyphanet (formerly Freenet)'s code and protocols such as IPFS and SeaweedFS are good for additional decentralization, storage and processing of large amounts of data, while its architectures can help with the storage of saved and sent files. There is also XtreamFS, but I don't know if it is worth implementing something from it because it has not been developed for a long time. 

Also, about ZeroNet and Phantom, I don't know how much they could help, although they are also good for decentralization. 

Workaround DPI tools such as GreenTunnel, PowerTunnel, DPI Tunnel, GoodbyeDPI, etc. can be additionally useful to bypass censorship, while adding functions for supporting Bluetooth and Vi-fi would be good in case there is no internet. The authors of Berty are developing their own Wesh P2P open network, but I don't know how much we should expect from it, considering that this application still lacks a lot. 

Of course, criminals and all those who would use Tox for anything illegal do so solely at their own risk, who must be fully aware, which should be clearly and unambiguously emphasized in the privacy policy and terms of use. 

Another useful function would be the ability to change and color the voice, which some similar applications already have. So, Lyrebird Voice Changer, mda Talkbox, x42-Autotune, TalentedHack or Autotalent are all various open source applications, so maybe some of them can be implemented. 

Likewise, any real and good program should be available in as many languages as possible. To begin with, it would be quite enough to use free and open source translators and dictionaries (incomplete lists are here [alternativeto.net/category/education-and-reference/language-translation/?license=opensource] and here [alternativeto.net/category/education-and-reference/dictionary/?license=opensource] ), so experienced users with technical knowledge will later fix the translations in their own languages. 

Personally, I would like PNG, FLAC and FFV1 to be supported as image, audio and video lossless formats, which of course does not have to be taken for granted. 

The authors of the SimpleXChat boast that they do not use any user IDS, but even that application has many shortcomings. 

Finally, in the end, I hope that Tox will be available for all Apple platforms and enable automatic deletion of messages (self-destruction), because I don't like to keep them for a long time. 

It is clear to me that all of what I have proposed is technically demanding and complicated, but it is still not impossible, and with good will and dedicated work, much more can be achieved. 

I wish you much success in your future work.

Note: I posted this message here, because the e-mail address [dev@list.tox.chat] is invalid.

Thank you in advanced.

[nurupo]

Thanks for the suggestions.

Note: I posted this message here, because the e-mail address [dev@list.tox.chat] is invalid.

That is indeed an invalid address. The correct address is dev@lists.tox.chat.

[NiKola-UE]

Thanks for the correction.

If it absolutely necessary, I can send the same message again, or forward it to the true e-mail address, but I don't think there is any need for that.

The most important thing is that my proposals still got where they should be.

Maybe I'm exaggerating, but let me suggest one more thing: it wouldn't be bad if I could have separate user IDs (or whatever it's called in Tox) for private and business conversations. For example, if I use Tox both for communication with friends and for business meetings, I definitely don't want to have everything on the same list, if you know what I mean.

I would like to mention that SnapChat, probably in an attempt to gain more users, has even included its own chatbot in its application, but the question is how wise it is...

Close this issue when you judge that everything that needs to be said has been said.

[NiKola-UE]

Here, let me refresh this issue a bit.

Although it serves mainly for video conferences and is primarily used for that, I think that Jitsi has many interesting things that can be integrated, but of course exclusively in Tox itself. All their repositories are here, so let's add what is deemed appropriate.

Being able to secretly chat with multiple people at the same time is great, but the grouping that exists on centralized apps (Whatsapp, Viber, Telegram, Revolt, etc.) is something I don't like and should be avoided.

Since Tox will certainly be used by activists, journalists, whistleblowers, dissidents, etc., enabling Wi-Fi and Bluetooth can be sometime useful even when the internet is blocked.

Although it should not be rushed and it is not necessary, creating a chatbot can be an interesting option in communication as well, but it should be based exclusively on FOS chatbots and models and preferably with the also FOS speech synthesizers like ESpeak and RHVoice that would be used for voice responses.

That's all from me for now. Come on, join the dialogue while this issue is still open.

[zoff99]

@NiKola-UE you mentioned that you are a blind person. do you use tox now? if so what tox client are you using? and how does it work for blind persons?

[NiKola-UE]

Thanks for responding.

I will definitely try it when I have more time and report my observations here.

But it will still be a little more difficult because I don't know if anyone here in Serbia, and even more widely, has heard of Toks. My friends first heard about it from me...

[NiKola-UE]

Here, I still set aside some time to test UTox version for Windows.

It's nice that it doesn't need installation and that no anti-malware programs have reacted as something suspicious, but that's all I can say. Simply, the application is not adapted for the keyboard at all, and whatever key I press, nothing happens; except that pressing Alt brings up that basic system menu for moving, resizing and closing. But you have to be careful here too, because when I used Signal's application for Windows earlier, it was of no use, because although it was nicely adapted for the keyboard, it still lacked some key functions, and in addition, it caused me some trouble on the system .

I'm also going to try the Android version of Tox, but that will have to wait until I check out the interface and get my friends to do the same, so we'll see what happens.

I will report when there are results.

Considering how many issues have been opened here in the meantime, it promises a lot, so I have no doubt that Tox will get better and better. Let it be.

[zoff99]

just a quick note, please do not use utox anymore. it has not been updated in many years, and has some memory issues.

[NiKola-UE]

I apologize for not mentioning my experience with Tox earlier, but I couldn't.

I can say that the app is very easy to use and has a lot of promise, but it looks unfinished and still needs a lot of patient work. Downloading it, entering the necessary information and forwarding the ID is really easy, and adding someone into contacts is also simple. However, although the call option is easy to find, it doesn't seem to work. For example, I invited a friend or (s)he invited me. We both get a notification about accepting and receiving calls (mostly voice calls because we couldn't find where the video calls are), but there is no sound and it is not possible to talk at all. Messages arrive without problems (I don't know if there is an option to make them self-destruct), but we couldn't find how to send voice and video messages. So the interface is nice even for those with minimal technical knowledge looking for simplicity and with some better automatic translator you can get good translations in most languages, but it still lacks a lot.

Now I would like to return to the beginning of this issue. Since the Tor and Lokinet can have problems with exit nodes, and the other networks I mentioned are mostly not even intended for anonymity, maybe the Whonix's core could be used for exit nodes even though it is an OS, and possibly N2N, but well...

When I referred to Jitsi, I was primarily thinking about the Jigasi which can be used for making phone calls. The ability to change the voice can be useful, for example, when some human rights, anti-corruption fighters and other activists need to send a secret voice message from Tox in which their natural voice must be protected for reasons that we can easily guess. That's why it can be intuitive to support Bluetooth, use without a SIN card and create temporary IDs. Someone will use it to joke with their friends, but that's their job.

And speaking of that, how to preserveID is very important. Thus, copying and saving the ID in the PDF, EPUB, ODF and some other FOSS cross-platform formats can help if I need to log in on multiple devices and especially if I have changed my mobile phone, phone number or computer. If, in spite of everything, I was clumsy and didn't save anywhere, I'll have to create new ID again and again add friends to my contacts, but that's my own fault because I wasn't responsible, right? The only question that remains is what can be done if someone else tries to log in with my user account, i.e. how to protect my data from theft if it happens. As I already said, the authors of SimpleXChat claim that they do not need any IDs, which supposedly makes their application more secure and private than all the others, but the question is how it really looks in practice.

And the slow development of a Tox does not have to be so bad in itself, among other things, because the more and longer new possibilities are tested, the greater the chances are that they will be more secure and private, and errors and bugs can be more easily discovered and removed, and add additional patches and new protective layers. You just need to work hard and dedicate yourself.

I believe that I can contribute to the further development and improvement of the Tox, which can certainly become much better and stronger, although I am not a programmer.

[NiKola-UE]

Is it possible that there are still no any reactions?

Okay, I thought of some more seemingly unimportant, but still important things that can be implemented.

I want to mention the OnionCat which encrypt traffic across Tor, che client apps VPNHood! and the N3N that appeared recently.

It is also important that Tox has its own sounds for incoming and outgoing messages, calls and all other notifications, like most, predominantly centralized applications that already have that, but if possible some kind of protection against malwares, where I mean Pegasus and Predator, which are increasingly dangerous, so it is easy for them to capture the content of communication applications because they are spyware that is installed without the user's knowledge and serious anti-malware are difficult to deal with, let alone chat applications.

Anyway, I expect an improved versions of Tox, in which everything that is missing will be compensated and corrected, and of course a lot of new things will be added.