Revisiting the requirement of TCS compliance

[nurupo]

History

So, some history first.

What is TCS?

Tox Client Standard (TCS), started in 2015, is an attempt to improve interoperability between different Tox clients which also serves as a guide on best security practices. It discusses things like how ToxID should be represented by clients, how avatars should look like, how message text should be formatted/rendered, profile encryption, chat history encryption, common export format for profiles to be able to switch from one client to another, etc.

[GitHub repo] [Git Book]

To quote the Introduction section of it:

• This document is intended to define behaviours that are not enforced by toxcore, but are otherwise required/recommended to ensure proper client interoperability as well as best security practices.

• For a Tox client to be endorsed/supported by the Tox Project, it must, at minimum, comply with every [REQUIRED] point in this document (except where otherwise stated). For this reason, things that are [REQUIRED] should not be needlessly specific.

• Sometimes, it is not immediately obvious why certain points exist in this document. For this purpose, there is a Rationale section, where explanations will be given.

TCS was created as a replacement of the Single Tox Standard (STS). The initial version was made by, if my memory serves right, stal, zero-one and JFreegman, and included a big chunk of STS in it.

Similar to STS's late efforts, TCS was made by getting various client developers together to discuss and vote on things, so it was meant as "by client developers for client developers" standard. If client developers strongly agreed that something needs to be standardized among clients, it would get voted in, and if they didn't strongly agree, it would be left out. Any client developers that wanted to participate in TCS could do so and their opinion would be heard out and considered.

TSC was being worked on by the TCS committee which consisted of iphy (Java reference client maintainer), JXP7 (XwinTox client maintainer), JFreegman (toxic client maintainer), stal (Poison client maintainer), BlameAliens (Antidote client maintainer), grayhatter (uTox client maintainer), tux3 (qTox client maintainer) and Impyy (Toxy client maintainer), with zero-one overseen it. There was also a TCS mailing list made for voting to take place (I think it was initially carried over on IRC/GitHub?).

In 2016 TCS compliance became required for clients that wanted to be listed on tox.chat, with clients that are already listed on it expected to comply with TCS in upcoming versions.

Fast forward a bit into the future -- TCS stayed active for some time but then all activity died out by the middle of 2016. TCS committee was disbanded later in 2016 due to client developers' inactivity on TCS -- no one seemed to want to work on it anymore, and since then it stayed mostly inactive.

Present Time

TSC is still considered to be a good standard by some and there wasn't any discussion on removing or replacing it, so it stayed as a requirement for clients to be added to tox.chat till this day.

Lately many clients listed on tox.chat have became abandoned, specifically Antox, Antidote and Ricin -- they had to be removed from the website (well, Antox is pending removal). With Antidote and Antox removed, we lost our only iOS and Android clients. Fewer and fewer new clients are being developed for Tox and there are no TCS complaint clients that could replace those removed clients. However, there are some Tox clients that don't comply with TCS that could replace them, notably there is TRIfA Android client, which seem to be strongly against complying with TCS, but is currently arguably the most popular Tox client for Android.

There are also concerns that with TCS being inactive it would be hard to modify TCS, and even if it's modified, it would be hard to enforce existing clients to comply with the additions/changes.

Due to these two points, I want us to revisit the requirement of TCS compliance. Should we:

• Keep it as it is?
• Replace it with something else?
• Removed it?
• Do something else?
• (I assume there is no interest in resuming the work on TCS?)

@grayhatter, @IngvarX, @iphydf, @JFreegman, @robinlinden, @sudden6, @zer0-one, @zoff99 - want to hear your opinion on this.

---

p.s.: Actually, when writing this I thought there were more clients that wanted to be listed on tox.chat but refused to comply with TCS, but going through issues it sees like it was just TRIfA.

[JFreegman]

The TCS as it stands is still completely relevant, regardless of whether or not we actively develop it or enforce compliance. So with that said, no I don't think we should remove it.

We definitely need some sort of vetting processes for listing clients on tox.chat, and I think the TCS addresses the most obvious security concerns. At bare minimum, listed clients should comply with the security related points. Listing non-vetted clients would be irresponsible. We would be better off not having a client list at all.

[sudden6]

The TCS as it stands is still completely relevant

I disagree, it is not completely relevant, some points are confusing, some are broken and it's impossible to update.

However, I agree with you, the parts about security are relevant and we should require some minimum standards for listing clients tox.chat.

[Zer0-One]

I think that in a world where Tox was being worked on more actively, it would make sense to revisit the TCS; we should probably rethink how we organized it, and update it where appropriate.

Part of its original purpose was to be a way to decide what clients we should include on tox.chat, since we shouldn't be listing absolute garbage. At this point, there are so few actively developed clients worth using that I don't particularly care for or need a standard to tell me which ones to list on the website. The reason we stopped working on it in the first place was lack of developer interest. So if I don't care and devs don't care, then I'm not sure who that leaves in the set of people who still want to use the TCS for something, but I'm not in it.

tl;dr, do what you need to do man, it doesn't really concern me anymore because the relevance of the TCS died along with all of the developer activity.

[nurupo]

Alright, I guess this can be closed with https://github.com/Tox/tox.chat/pull/227 being merged in.