TokTok / c-toxcore

The future of online communications.
https://tox.chat
GNU General Public License v3.0
2.29k stars 287 forks source link

Tox direction? #645

Closed ghost closed 2 years ago

ghost commented 6 years ago

I wrote this elsewhere but I feel it is worth repeating in its own space. Not all of this applies to the tox core as such but the standards for all to follow does. The feature set on the mobile platforms is quite basic yet it still lacks in stability esp on Android. Laugh as you might but it is the computer you have in your pocket 99% of the time you need to communicate with someone. That is the case with most people...and hence if tox isn"t a solid messanger on that platform people will go elsewhere.....signal?

Personally, I would love to see Tox go to the other area of important to the area of email. Why should solid privacy end with skype replacement? Why should it be mainly on the desktops? Why should non im conversations be left out? We need and can take on this larger as yet unsolved communications space. This is where privacy is seriously lacking right now, monitoring aka spying is now main stream be it gov or corporate and spam is rife.. But this is the space really important info is hsndled by most of computer literate humans. Think about it, how would you rather send your medical reports via? Email? Text/im? Please! None of these really cut it at present.

The other thing is for more evolved comms is Toxes present lack of formatting. Imagine for a start Markdown suppport on all clients. Beautiful messages that are minimalist in usage ie no screen clogging fonts dropdowns and text options buttons bold etc etc. Markdown is elegant and very minimalistic yet effective.

Imagine a separation of contacts and conversations in the sense that if I delete a conversation I should not have to scan your pub key to start another one with you.

Then there are the conversations, I click on your contact and see our conversations, I further drill down to the one I want and add what I want to add. It will be at te top as the list s sorted my the most active or more recent. Simple but logical to use. Then conversations could also be grouped in any way you like say on a topic, newest or subject line across all the conversations in case you are looking for all the conversation on a topic or last whatever...so we could have a conversation on Tox and a separate (visually not have it mixed up with) conversation about the weather and a separate one about plans for tomorrow....with full support for attachments.....why? Because it is far more constructive to focus conversations down to single subject so that it can stay on topic and then once a topic/project is done with , it can be deleted or archived to recover storage space etc. just look at GitHub is everything just jumbled up in a single messages window? No it would loose all effectiveness that way.

Zero SPAM and advertising ... Imagine how many people would jump on it when they find out it (tox) has zero spam.. And it will always be so as one has to be invited before sending.....

Unlimited attachments think videographers working on a film... high need for privacy and huge data transfer needs but usually mail servers have various pathetic attachment data limits, the need for mail servers and their other policies and logging.. Editors and authors of books films, stories same. Imagine human rights reporters in hostile environs needing to send footage quickly and securely and SAFELY off. Imagine documenting police brutality...in real time....SNOWDEN etc and sending the footage off within seconds encrypted. I'm sure you know that just 10 mins of footage can easily hit 50meg. Various other scenarios where email and pgp leave much to be desired but IM is almost irrelevant. But mostly because we need to upgrade away from the monitored world of email for all our bigger projects beyond asking where coffee is to be had, be they schoolwork or business discussions that we dont want the isp's mail administrator reading etc.

Let's make this TOX baby fly instead of just texting...which is also important. What do you mean it has no outbound queing, it should have been there from day one....how else does one compose a reply offline? Even laptops have large periods offline. It would go a long way to solving being online at same time issues? And of course the more you and your contact use Tox then the likeliness of you being online at the same time increase dramatically which is even more crucial on the mobile platforms without unrestricted background runtimes. Perhaps this could be enhanced with push notifications but that should be optional at the client and just wake up the client to check peers for updates.

There is just soooo much potential but let's just get the mobile clients to a solid start first. Then add Markdown across the board followed by outbound queuing and conversations grouping and full attachment support (not just photos).

This would see huge rise in usage and attract lots of developers because tox would be solving real issues for millions of people. It would relegate Signal to something that was good for a while but we still had to put up with the isp email peruliarities for no particular reason. It would render Tox unstopable and a force to be reckoned with way beyond WhatsApp and so on because everyone would want to use it making them and email obsolete. Yep ambitious but really this Tox needs to breathe and I am sure you all want a serious potential to be on an awesome project. Right?

SkyzohKey commented 6 years ago

I agree with all of what you said in that "post" and that's why I started working on The Universal Tox Client, so feel free to contribute :)

ghost commented 6 years ago

@SkyzohKey whilst I applaud your efforts I feel you have missed the huge point(s) I am making. I feel and I am sure millions would agree Tox can/could benefit from the space beyond IM, it needs to solve the wider communication space that is currently used by a whole raft of people for anything from personal, humanatarian, environmental, scientific, medical, educational, work and business reasons. This space is currently occupied by the unencrypted and heavily monitored email technology. One that is not easily made private. In any case it relies on infrastructure that is not only easily monitored by the gov but also people from the numerous service providers. It is heavily regulated and controlled arbitarily by administrators that are not reachable by the users (to negotiate with). It is also a pay for service and service can easily be denied for various reasons. Tox expansion into this space I feel could benefit it with renewed sense of purpose. Solving this dilemma via Tox would not only make it very unique in an arena filled with me too IM clients who by large do not care about message sizes, privacy nor anything beyond short messages. Whilst these short messages are by no means unimportant they are not even a small fraction of the electronic communications volume out there. I might mention that certainly a large proportion of these do know about privacy and confidenciality take steps to run private infrastructures to obtain some aspects of confidenciality. Just aspects. And then they still expose their users to their own surveilance/logging.

This needs to be solved by the people for them selves. Tox, given a new expanded vision can benefit from this in a big way. There is a huge need for these issues and the satisfaction, respect and cudos for doing it would be suitably large.

For once anyone could invite anyone and have any number of private tox based conversations from a simple coffee invite, a birthday wish or revise drafts of books, letters, documents, works of art be they music, painting images or film footage and collaborate freely. Free of monitoring, free from attachment limits and message sizes etc. Now you are talking.

Currently Tox falls quite short of this vision but with work could enter enter there. It isn't far imho, the groundwork is very much there but could be improved (on the mob clients). Most of these added functions need to be agreed to and incorporated into the client ends.

I mean why can't we have this dialogue over Tox? Threads and all?

My intention is not to alianate developers and devalue the enormous work done to date. Not at all, It's fantastic but IM is done, well almost (mobiles need polishing and more features). What's next? What is needed? What is the vision? Let's start this conversation.

SlugFiller commented 6 years ago

Matrix already tries to offer a more secure form of what eMail offers. Mind you, in the older days, eMail didn't have "threads". You'd just have one big disorganized inbox. So, aside from offline messaging, it didn't offer anything Tox didn't. The main thing that has changed since then is better categorization of messages. Often done either by the user, or some preset filters, or even AI. Tox's way of categorizing messages - by sender, is reasonable enough. I suppose you could feature request additional message tagging and filtering, but besides being primarily a UI thing, it'd hardly qualify as a vital feature.

Also, on mobile, work eMail has all but died in favor of Whatsapp. So that should be used as the model, not something as archaic as eMail. eMail, nowadays, is primarily used for archiving purposes. That is, the fact that it doubles as cloud storage for the messages is the primary feature.

agrecascino commented 6 years ago

All programs will eventually expand to the point of reading mail. This one, hopefully will not.

ghost commented 6 years ago

@SlugFiller, I disagree, with all due respect no real work documents are sent using Whatsapp, legal contracts no, music recordings nope, video footage no. Sorry whats app is just an messanger with attachments which are mainly used for voice messages. Nice but secure? Nah metadata leakage on servers to facebook. Pfff Has your manager ever sent you something workwise perhaps with a spreadsheet or a document attached using WhatsApp?

Most companies use the MS outlook/exchange but a similar interface is also on Thunderbird and other email clients....

No I am talking about being able to use tox instead of email for work type purposes. Not just short texts as is the current space. For this we will need richly formatted messages first nothing overly complex Markdown would be great, then allow longer messages so that 5-8 medium sized paragraphs are possible. Then have larger message screen area and sorting by contact and then subject would be ideal.

ghost commented 6 years ago

@agrecascino sorry you misunderstand me, I am not suggesting tox reads emails or connects to email servers at all, merely the user interface experience of a good email client is adopted to tox clients with the underneath specifications being agreed to so that cross functionality is assured between clients but with security and serverless functionality provided by the tox core. So that no admins or govs are reading your correspondance nor imposing limits to your attachments etc and it isn't clogged by spam.

agrecascino commented 6 years ago

@dingosan i'm saying it's scope creep and a detriment to a project that doesn't exactly function perfectly already

tox-user commented 6 years ago

You want to create a new email. One that is serverless and secure. It's a great idea. I would really love for something like that to be created and to replace current email. But it doesn't fit within this project. Tox is supposed to be a messenger. When offline messaging is added I don't see why you couldn't use Tox for work instead of email. It's not great for very long messages, but you can easily send documents with it. Of course you would have to convince everyone you work with to switch first. But the same would be if Tox became a secure email client.

A messenger doesn't need long, formatted messages or sorting by subject. You would have to start a new project. And chances of Tox succeeding are already very small in my opinion. There are still a lot of features missing.

SkyzohKey commented 6 years ago

Just as a side note, Tox already handles email replacement. => https://github.com/toxmail/toxmail

zoff99 commented 6 years ago

@nurupo if only there was a listing of all tox related clients and apps on tox.chat main page ... :-( :-(

ghost commented 6 years ago

Ok you can call it scope creep but I see it as vision. Yes tox mail is out there but ladt comit 2014 says something to me.... also it is by the looks of it a tox based mail service that you front end with your email client. Way too crazy, it needs to run on many platforms mobiles included.

Yes the current tox im can handle attachments but not formatted long messages and it needs to. Formatting is needed when discusding anything beyond quick messages for headings, sub headings, dot points etc. it should be able to handle anything todays email gets thrown at it. Then we have given people secure communications. Anything short of that inmho is short. No business uses im for its communications. No matter how small the venture email is used. Hell when you want to write a document to you im it to the recipient? No you email it....and right there, where has privacy gone? Out the window. Basically any admin even your isp can read it. It's pathetic to say the least.

Yes tox needs to mature with the current feature set (mobiles need to mirror desktop features on tablets etc) and then go towards the new vision.

Let's face it there are dosens of secure im clients and other than pgp no secure email services that are also server less, admin free, unrestricted, isp independant, privacy focussed, encrypted by default......

SlugFiller commented 6 years ago

@dingosan There are three reason why eMail is used for contracts and documents.

The first is because it's INsecure. There is a level of transparency allowed by eMail which makes them more legally binding. eMail could be used as evidence. But Tox, by design, tries to avoid even source provability in its protocol. As shown in a different issue, a person with a private key can "fake" messages being sent to them from any source, meaning even if you were to log message signatures in the chat log, it still wouldn't be admissible as evidence of communication.

The second is archiving. If you get sent a document or a spread sheet, you want it to be saved long term, accessible to all recipients, and the sender as well, even if it's needed 3 years down the line. Message history does count it. eMails nowadays double as cloud storage. Often times, you outright USE cloud storage. Last time I got a spreadsheet from work, it was on Google Drive, the eMail was just an invite to view (Which Google send automatically when you receive permissions).

The third is one way messaging. Best example is support/contact eMails, for organizations and institutions. By publishing their eMail, they can receive messages from anyone. Again, this goes against Tox's basic design, because you can't message a Tox user, even if you have their public ID, without them approving you first. It cannot act as a publicly open inbox. Although, why would it need to? If you want a public inbox that's as secure as it can get (given that it's public, and you can't REALLY know anything about the ones sending you messages), just run your own eMail server. Done. If you want privacy for the senders, you can add SSL. They can connect to you directly via SMTP over TLS, and it'd be just as secure and private as any complex decentralized system would possibly be for this use case.

In other words, Tox is simply a very poor fit for these use cases. While eMail is a pretty good fit. The idea of "securing eMail" barely applies to the use cases it has today, because the places where it is used is precisely the places where low security is preferred. Heck, it barely only just replaced fax in some places (and in some places, not even that yet) due to being slightly faster and cheaper to set up.

ghost commented 6 years ago

Getting people to use it would be easy as pie. Just wait till someone has a document they cant let others see, just wait till some one grizzels that their email is bouncing because the attachments exceed whatever pathetic limit is imposed...typically 2 to 10 meg. Want to send your wedding videos to the editing house...no problem.

Company board members often run their own email servers because of security requirements.... tox no problem. No admins needed.

It will fly but not so much as im.

agrecascino commented 6 years ago

@dingosan tox is for people, 'ya dingo

jokes aside, how do you incentivize people to carry large files over tox? you'd only be able to share things when people are online. also, clients need to implement this stuff, not toxcore.

tox-user commented 6 years ago

@zoff99 many of those apps might be not usable. It might be better to add them to tox wiki instead.

Getting people to use it would be easy as pie. Just wait till someone has a document they cant let others see, just wait till some one grizzels that their email is bouncing because the attachments exceed whatever pathetic limit is imposed...typically 2 to 10 meg.

It's that easy? Many people send their private documents via email in clear text. They just don't care. Email is for that kind of people. The rest will either use encryption or find other ways of communication. Email could probably be made more secure, but not enough people want it. Privacy is not difficult because it's very hard to do, but mostly because too many people don't care. See how many people use Telegram, WhatsApp and Skype even though secure alternatives exist. If you want email to be secure PGP is the only way that I know of at the time, but most likely you won't be able to convince everyone you talk with to use it. Convincing people to use your new, secure email will be just as difficult. Of course it doesn't mean you shouldn't try.

Perhaps you could change your approach. Instead of using email try to convince people you work with to use Tox. Show them how easy it is to use and how easily you can exchange files. Instead of them sending you one long email make them message you or call you and spend a few minutes talking about whatever they want to discuss. They will get a faster response from you that way and they can send you as many attachments as they want. Many companies use some kind of messenger internally.

ghost commented 6 years ago

@agrecascino Hmmm, any muso sending a message to the recording studio .... "hey Frank I have finished the vocals for the xyz song. See the attached file. What do you think? PS how do you like Tox? I's private as in my vocals wont get ripped off before I even finish the song........ Photographer to client..... " Ok I've had an idea for the Save the forests campaign... see the attached rough shots. I'm thinking we could put the key words over the sky area .....blah blah. It should catch that minister with his pants down. Keep this on tox so it does not blow up in our face..... Lawyer to the NGO activist... " Hey Joe, in this case you are better pleading not guilty as I think we can prove that your actions were in self defence.... I will think about it so more so make sure you do not mention anything to anyone about this so keep it in tox. BTW attached is the precedent wrt 2013 case in Alberta see the similarities in my dot points especially the first 5. Please consider my advice and get back to me"..... and so on. There are numerous numerous possibilities but they hinge on having more than 3 or so lines visible in compose and reading panes as is the case in email clients.... because when typing a decent sized message that much is needed to formulate one's thoughts and to refer to other aspects of the typed text. The other aspect is obviously about the need for very good privacy and no metadata leakage as is the case with pgp over email or indeed text as well as Whats app and so on. This would be a unique feature sett distinguishing tox from essentially any other messaging and email platform. At the moment the point of difference is just being serverless and no metadata..... crypto messaging is everywhere so the need to change to tox for people is not that great. What I am proposing would make it much more compelling imho.

ghost commented 6 years ago

@SlugFiller Yes indeed you are correct but also not, contracts by large in the end end up being printed and signed....for all those reasons you listed BUT when in negotiation they are typically commercial in confidence if not secret..... BUt I was more thinking about story development, strategy discussions and such. Perhaps someone wants to discuss their divorce with a mate, perhaps and activist wants to get details of an action or an editor wants stuff on that corrupt poliotician or business person and so on. Lots of info, high need for privacy, needs to be timely and it needs to be simple. There may be big attachments of perhaps documents, footage, recordings etc. Email so does not pass muster here. PGP over email leaves tooo many tracks that may be recovered by revengeful pollies with money to spend on perhaps admins .... Nobody want this stuff leaked and typically any records of such are just printed/saved at the other end if needed. Current tox has such a restrictive editing visual space that anything from a short message is difficult to say the least. No provision for any formatting and no conversation hierarchy makes it difficult to manage multiple conversations with same parties. Why do we not just flow all the received messages together now? Because that would be very unworkable so they are separated on a per contact basis. Yes that makes sense, all I am saying is that it would be beneficial to add another level of hierarchy based on subject or even better #keywords so that multiple subjects could be easily worked on. But as usual my 2c worth.

KeinPfusch commented 6 years ago

Ihad the same idea, btw, some days ago.

this is why I started this: https://github.com/KeinPfusch/venom-Mail

It is basically a proxy which makes you able to use a normal email client to send and receive mail, converting to tox, reach the destination tox nodes, and then converting it back to pop3 protocol.

I think also a http proxy should be possible with the same concept, but I need to get familiar with tox, so I start with something simple.

agrecascino commented 6 years ago

@dingosan, you can already send files through tox, but how do you incentivize people to carry them when you're offline?

tox boils down to a system of incentives that looks like: you have a run a tox node to use the network, these nodes relay messages, therefore the system is self-perpetuating and people are able to message each other. in the case of offline attachments, messaging, etc. you add a storage load to running a tox node, which may not be worth it to people who don't use the feature. therefore, these people may elect to use clients not supporting these features, and it becomes useless. tl;dr tox is a functioning system of incentives, please don't break it