We don't have a defined threat model, yet. The protocol is vulnerable in various ways and we have no immediate plans to fix those. We should be explicit about the fact that the security properties of the protocol and implementation are unknown and that Tox should not be used if one needs to rely on strong security. We could recommend ricochet for that, instead.
We don't have a defined threat model, yet. The protocol is vulnerable in various ways and we have no immediate plans to fix those. We should be explicit about the fact that the security properties of the protocol and implementation are unknown and that Tox should not be used if one needs to rely on strong security. We could recommend ricochet for that, instead.