Is Tox really as decentralized as the developers claim?

[hsimons]

I have studied what I could of the Tox protocol (which isn't easy because there is no documentation and the code isn't really readable since it grew without planning) but I believe I got a good enough understanding of it. And it made me worried. My eyebrows are raised.

TCP connection

All mobile clients enforce TCP connections instead of UDP. However, the toxcore implementation of this isn't distributed, it uses supernodes to route the messages.

Offline messaging

DrakeFish has been working on offline messaging that will soon be merged. But his approach doesn't store and route offline messages in a decentralized fashion. Specially chosen nodes are the ones to store the messages. Again, the idea of supernodes just like on the TCP connection problem. This isn't true decentralization. And there is even a problem with metadata collection here, because the supernode storing the messages know the sender and the recipient of the message.

Usernames

Usernames are created through websites like http://toxme.se which uses Domain Name System (DNS) to do it. A huge point of failure. First, people have to trust the owner of the server not be malicious, then they have to trust the security is good enough so the NSA won't tamper with it, then that no information will be sold to third-parties, MiTM, etc. It simply defeats the purpose of a decentralized service if all usernames are held by a server like this.

Bootstrapping

To connect to the Tox network you must bootstrap through a very limited number of nodes, again causing problem with trust. What if malicious nodes sent you to an alternate network? A more decentralized solution is needed, that doesn't rely on half a dozen of nodes (defeating the purpose of true distribution)

I think the main idea here is the following: tox is distributed as a concept, but everything built on top of it isn't actually distributed or decentralized. There are lots of points of failure and Tox is a pseudo-decentralized software. It's a step above full centralization, but a tiny step. I believe the Tox website http://tox.im and all other advertising done by the Tox Foundation should address this issue by stop claiming that Tox is distributed or decentralized, because it's far from it. At most, you can claim it is Federated. This issues have been brought by others in the past, especially @Fuuzetsu called out on many issues of privacy and security of Tox but never was properly addressed by @irungentoo who is the leader of the project.

This is my opinion as an independent researcher and I hope we can have a good discussion over it. Cheers.

[optimumtact]

please note that our offical website is tox.chat

You do raise excellent points however.

If I recall correctly bootstrapping can actually be done through any tox node (including other clients). The bootstrap nodes are merely provided to client developers for ease of joining the primary network. I'm not sure if client devs allow an end users to specify exactly what nodes to bootstrap off but the ability should be there (and used to be on toxic from what I recall)

The usernames situation is a hard one to solve properly in a decentralized system, and only things like namecoin etc have really done it in a proper fashion. The one offered by tox.party and others is merely a stop gap, for users who are not comfortable with only sharing tox id's

supernodes are a tradeoff in design that sidestep some of the harder issues with decentralization. I think it's an okay tradeoff to make personally, but I'm sure others will have their own opinions.

[suhr]

Bootstrapping

You can't build a distributed network without bootstrapping, it is technically impossible. The only thing we can do is to make list of bootstrap nodes changeable in clients and collect new bootstrap nodes you get via bootstrap (a la Kad).

What if malicious nodes sent you to an alternate network?

It won't compromise communication (because of encryption), but your contacts may become unavailable.

TCP connection

Well, it's all about imperfectness of real internet connection. In IPv6 no NAT world we could just use direct UDP connection without kludges like supernodes.

[Fuuzetsu]

should address this issue by stop claiming that Tox is distributed or decentralized

They claim a lot of things, none of them seem to have any backing. Anyway, going to unsubscribe from the issue, I don't want to be seen as involved with the project. I honestly doubt you'll get any kind of real response which is a shame considering that you seem to have put in a fair amount of time into investigating it.

[irungentoo]

Tox is distributed. Bootstrapping is necessary in every distributed network, in Tox you can bootstrap from anyone already in the Tox network, you don't have to use the nodes.

Toxcore has a setting to enable hosting of TCP relays so any client can host them if they want which makes it distributed.

The usernames are actually something on top of toxcore, toxcore uses tox ids. The username thing is just a URL shortener for ids and isn't in toxcore.

Offline messaging is also an optional thing that you won't need to use.

Toxcore is distributed but the username thing and offline messaging is decentralized.

[hsimons]

@irungentoo So bootstrapping can be done using any node you want and an unlimited amount of nodes? That's a start, but currently there's half a dozen nodes only by default, all members of the Tox Foundation. That's not really what I'd call decentralization.

Next you say that anyone can be a TCP relay. Again, that's not true decentralization, because by default not everyone is a relay, so a few nodes are most more powerful, the few that relay TCP messages and may collect metadata.

So the usernames through DNS thing isn't part of toxcore? But I see lots of people promoting it, even tox developers. Do you have no ambition to come with a real decentralized method to deal with usernames? DNS is really insecure and far from being decentralized. It's just a server point of failure.

Offline message will be optional? Good, because they aren't decentralized. But will the users know about this? Will they be aware of the risks of using offline messaging? Or will it be a little checkbox on the clients without any warning? Will it be off by default? This is all very important details.

In the end, the argument from you is basically "the things that aren't decentralized are optional" and that's fine. But the Tox Foundation should then either make all of it disabled by default and provide a message telling users about the risks of enabling those non-fully-decentralized services or stop advertising Tox as something it isn't (fully decentralized / distributed).

[irungentoo]

@hsimons First look up what distributed and decentralized mean. Federated systems (the offline messaging, usernames) are decentralized but not distributed.

The reason not everyone is a TCP relay is that not everyone should and wants to relay traffic.

Yes, if a real distributed solution for usernames/etc... that works and fits well is created we will use it.

The other issues are client issues. I can't control what clients do or how they expose toxcore or other functionality. The only client I have a say in is uTox.

[hsimons]

So don't you agree nobody on a mobile connection is actually using a distributed network? They are sending their messages through a few TCP relays, that isn't even close to being decentralized. These TCP relays are supernodes.

Good to hear you plan to ditch the DNS solution for usernames, a real distributed method is needed. In the meantime, it would be good to at least warn users those website like http://toxme.se and http://tox.party aren't secure.

I understand you can't control what clients do, but you are the leader of the Tox Foundation and owner of the tox website where you distribute binaries of the clients. You have to take responsibility then. Maybe put a warning telling users about how a client uses a third-party functionality that isn't actually distributed, like built-in DNS for usernames, federated, offline messaging, default traffic going through TCP relays like all mobile clients, etc.

Because when people go to http://tox.im or http://tox.chat they read that Tox is completely distributed, but when they download a client, that's not true. What do you propose as a solution? Maybe take out the claim that Tox is completely distributed? Or only offer clients that actually are? Mobile clients like Antox are far from being distributed and some desktop clients too.

[suchipi]

I was surprised to learn reading this that some of the clients I use every day are effectively sidestepping Tox philosophy (TCP relays, etc). If there had been a message on the wiki saying "warning: uses a proxy relay", or "warning: associates your username with your Tox ID out on the internet somewhere" then I wouldn't have downloaded them, but their being promoted on the official wiki of the website that says Tox is decentralized led me to believe they were "safe" to use. Although these are not your projects, your unabashed promotion of them has caused me to feel cheated and lied to.

I would seriously consider implementing warnings at least, and ideally some type of "toxcore verified" badge for clients to apply for that requires them to not use any of these "insecure" practices.

[hsimons]

I believe almost everyone, if not everyone, feels the same as @suchipi When you go to http://tox.im or http://tox.chat you read that Tox is completely distributed without any centralization, so you think "great!", click "download" and start using it. But in reality, most clients aren't actually fully decentralized? That's a huge issue! For a start, all mobile clients use TCP relays, so they effectively not fully decentralized (the supernodes can see who is messaging who, for how long, recipient/sender, etc.) and can also tamper messages without proper authentication. Then there are desktop clients using insecure DNS for usernames, based on a central server like http://toxme.se or http://tox.party, because there is no implementation of a fully decentralized username solution. And the bootstrap nodes? It's just half a dozen of then, that's nowhere enough to claim decentralization.

I bet it wasn't an evil intent of the Tox Foundation, but right now the website is very misleading and users are at risk. Tox must stop advertising itself as fully distributed and start warning users about the points of failures on each client, separately.

Who is in charge of the website? Could you forward the community's concerns to them @irungentoo ? This is a critical issue that should be resolved ASAP. Tell me if I, @suchipi or anyone else can help in any way. Let's just not keep lying to users (even if not on purpose).

[ProMcTagonist]

I have voiced my concerns about supernodes being used for TCP relaying before and was told that it's just not desirable for most normal clients to participate in that because of their poor average connections. However, like @irungentoo said, it's up to the client developer to enable TCP relaying in their client, perhaps with some sort of automatic connection rating system. We have to talk to client developers like @tux3 about that.

I also agree that the perils of toxdns should be mentioned in clients and on the sites themselves. This is harmless and would make the community feel acknowledged and involved.

Bootstrap nodes are a requirement for first-time joining, but after that your client bootstraps off of saved normal peers if it's at all possible.

Thanks for researching independently and calmly voicing your opinions, @hsimons.

[Mecvak]

About the usernames There has been some discussion on how to best find other users without resorting to using toxids.

[im-grey]

Here's the biggest thing you're missing about Tox.

• It's not done yet.

When it's done it should be at least decentralized, if not distributed.

[ameenross]

@hsimons

I believe almost everyone, if not everyone, feels the same as @suchipi

I'm sorry, you lost me at I believe.

[subliun]

@hsimons

can also tamper messages without proper authentication.

Please don't lie. TCP relays cannot impersonate/tamper/do anything with your messages.

Mobile clients will continue to use TCP relays by default (note that Antox allows you to disable the use of these relays in the settings), as p2p is not viable due to battery life/data usage issues. Until these issues are solved mobile clients will not be "fully decentralised". If this is a major concern for you then I encourage you to turn on UDP mode, or if this is not acceptable cease using Tox on mobile entirely as I doubt this behaviour is going to change any time soon.

[hsimons]

@im-grey

When it's done it should be at least decentralized, if not distributed.

That's fine, no problem at all. But it isn't finished yet and not fully decentralized. But the website claims it is and users are made to believe it is. And this isn't fine. There should be a warning on the website telling users that Tox is still not finished and many features are semi-centralized workarounds for the moment, until they are properly implemented. But right now the website says Tox is completely distributed, but give download links to clients that are only partially decentralized, due to usernames using DNS, mobile clients using TCP relays (supernodes), offline messages being federated and using supernodes too, etc etc

@subliun Yes, it is a concern for me that when an unaware user reads that Tox is completely decentralized but when he downloads, for example, the mobile client Antox it uses exclusively TCP relays by default, which are basically supernodes. And the only way to disable this is going to the configurations menu and turning on "UDP mode". How many users will really know about this? There is no warning anywhere. Most don't even know how Tox implements TCP relays vs. UDP connections. It's simply unethical to advertise Tox as completely decentralized and offer clients that are semi-decentralized. Maybe this happens because Tox isn't finished? Fine, but at least warn users. This is their security and privacy being put to risk, don't just ignore it. I'm sure you also understand how this is a big concern of the community.

[ameenross]

@hsimons I just happened to come across this: https://github.com/hsimons/fasttt/commits/master

ghdecoy Billy authored 24 days ago

https://github.com/tickelton/ghdecoy

ghdecoy allows you to create a git repository containing commits crafted in way so that when it is pushed to github periods in the contribution calendar containing no commits will be filled with a random pattern so your account looks sufficiently active.

[hsimons]

@ameenross First, that was an old repository I had, if you check it out it doesn't even exist anymore. And what are you even implying? What is ghdecoy? If you doubt my account, just see when it was created: Oct 7, 2010. Now get lost.

This ad hominem you are doing doesn't help any anyone. How about we stop pointing fingers and discuss the real issues with Tox claiming to be fully decentralized/distributed when it isn't? I ask you to delete your off-topic message and I will delete mine, let's not pollute the issue tracker, but keep only relevant comments here.

[ameenross]

I'm calling out a troll. The fact that you're asking me to remove my comment just proves it. You instantly removed the repo after I posted my comment!

What is ghdecoy?

Whatever. I actually wrote that in my comment, plus a link. So you pretending not to know what it is just fails completely.

let's not pollute the issue tracker

I asked you first!

[hsimons]

The fact that you're asking me to remove my comment just proves it

How does it prove anything? We all know this is emailed to everyone, the message is out there. But at least removing from the issue tracker would help make it less polluted for those that don't read github through emails but use this web interface. Whatever, it's no use talking to you.

You instantly removed the repo after I posted my comment What repo? fasttt? I removed it some time ago. Why are you even talking about my repository? What does that have to do with anything? Are you purposefully trying to cause a flamewar and take our attention away from the real issues concerning centralization of tox? Or just trolling?

Please, stop posting off-topic messages on a serious technical discussion.

[subliun]

@hsimons if you consider 5 minutes ago when you got called out "some time ago", then yes, you did delete it some time ago. If you want to have a serious technical discussion I'd start by telling the truth.

[ameenross]

Troll trying to make me out to be a troll.

What repo? fasttt?

Lol, yup. It says that in the linky right there.

I removed it some time ago.

Yeah, less than 20 minutes before this comment. It was accessible when I posted my comment. Stop pretending to be ignorant.

[hsimons]

@subliun

Let's get back on the technical discussion then. Stop investigating people's Github and start paying attention to the actual issues they raise.

Yes, it is a concern for me that when an unaware user reads that Tox is completely decentralized but when he downloads, for example, the mobile client Antox it uses exclusively TCP relays by default, which are basically supernodes. And the only way to disable this is going to the configurations menu and turning on "UDP mode". How many users will really know about this? There is no warning anywhere. Most don't even know how Tox implements TCP relays vs. UDP connections. It's simply unethical to advertise Tox as completely decentralized and offer clients that are semi-decentralized. Maybe this happens because Tox isn't finished? Fine, but at least warn users. This is their security and privacy being put to risk, don't just ignore it. I'm sure you also understand how this is a big concern of the community.

[ameenross]

Get lost @hsimons

For the record, I have got absolutely nothing to do with the Tox project at large, as evidenced by my account. I'm just seriously sick and tired of seeing trolls like you in my GH notification center, wasting my time and mental space.

You, OTOH, have NO track record to speak of at all on GH, except that you tried faking it with ghdecoy. You have the guts to call yourself an "independent researcher" but have nothing to show for.

You also claim this to be a technical discussion, while a mere 10 minutes after creating this issue you posted over at https://github.com/irungentoo/toxcore/issues/1397, proving that it's not really a technical discussion in the least bit. You're trolling, period.

[Mecvak]

"How many users will really know about this? There is no warning anywhere." Besides this warning? _Note: Tox is still under heavy development — expect to run into some bugs. _

This "technical discussion" is not going to go anywhere.

[hsimons]

@Mecvak

Note: Tox is still under heavy development — expect to run into some bugs.

some bugs != tox actually not being decentralized as advertised

Users need to know using mobile clients isn't a distributed solution (TCP relays - supernodes) and DNS usernames. And the same goes for most desktop clients.

Also, irungentoo said offline messaging will be optional since it isn't distributed, but federated. "Offline messaging is also an optional thing that you won't need to use." irungentoo. That's nice, but the big questions remain. Will it be off by default? Will the Tox warn you if when you turn it on that it isn't a distributed service? This is all very important, the user must know turning on a certain feature make him less secure. Otherwise Tox is blatantly unethical and falsely advertising itself as distributed when it isn't. Of course, maybe irungentoo will take the responsible choice and add all the necessary warnings, plus making all non-decentralized services off by default. Let's see his stand on this.

[suhr]

@ameenross Have you forgotten the main rule about trolls? Either don't feed or do feed carefully. In both cases you shouldn't be hostile.

I'm just seriously sick and tired of seeing trolls like you in my GH notification center, wasting my time and mental space.

Just press the “Unsubscribe” button.

---

@hsimons

tox being actually not being decentralized as the Tox Foundation claims

Don't play with words please: even with supernodes Tox is decentralized. It may be not completely distributed in some cases, but even then it preserves pretty high level of decentralization.

This is all very important, the user must know turning on a certain feature make him less secure.

Decentralized vs distributed doesn't affect security at all, it actually affects reliability.

[ameenross]

@suhr I'd have to press the unsubscribe button on dozens of issues. Not a hobby I'd be very fond of. But thanks for the advice.

[ghost]

Guys guys, you can just go to their profile and click the exclamation mark button at the top right, then 'Report abuse'.

[ameenross]

Already did

[hsimons]

@suhr Everyone using a mobile client has their messages relayed through a few TCP relays (supernodes). This supernodes know who is sending a message and who is receiving, the amount of messages sent, their length, etc. This is a true issue, because people using Tox are made believe their messages go straight to the recipient, but they actually are not on mobile clients. The supernodes act basically as servers and it's even worse that there are only a few of them.

And that's only about TCP relays, there's still issues with DNS usernames, offline messaging, bootstrap, etc. But let's do one thing at a time. So, for a start, could we get a warning on the Tox website that mobile clients are partially centralized?

[ghost]

👍

[hsimons]

@ameenross

I'd have to press the unsubscribe button on dozens of issues

Could you please press the button at least on this one or at least stop derailing the thread? The community would be really thanked. Again, I urge everyone keep this focused on technical comments, no off-posting. Now, back to what matters:

I believe almost everyone, if not everyone, feels the same as @suchipi When you go to http://tox.im or http://tox.chat you read that Tox is completely distributed without any centralization, so you think "great!", click "download" and start using it. But in reality, most clients aren't actually fully decentralized? That's a huge issue! For a start, all mobile clients use TCP relays, so they effectively not fully decentralized (the supernodes can see who is messaging who, for how long, recipient/sender, etc.) and can also tamper messages without proper authentication. Then there are desktop clients using insecure DNS for usernames, based on a central server like http://toxme.se or http://tox.party, because there is no implementation of a fully decentralized username solution. And the bootstrap nodes? It's just half a dozen of then, that's nowhere enough to claim decentralization.

I bet it wasn't an evil intent of the Tox Foundation, but right now the website is very misleading and users are at risk. Tox must stop advertising itself as fully distributed and start warning users about the points of failures on each client, separately.

Who is in charge of the website? Could you forward the community's concerns to them @irungentoo ? This is a critical issue that should be resolved ASAP. Tell me if I, @suchipi or anyone else can help in any way. Let's just not keep lying to users (even if not on purpose).

[ghost]

👍

[suhr]

@hsimons

This supernodes know who is sending a message and who is receiving, the amount of messages sent, their length, etc.

The problem is your web provider knows the same. Tox is not anonymous and never claimed to be so.

And that's only about TCP relays, there's still issues with DNS usernames, offline messaging, bootstrap, etc. But let's do one thing at a time.

I don't enjoy DNS usernames solution, but it is fully optional, actually clients don't even mention about existence of it. And bootstrap is a thing any distributed network has.

[hsimons]

The problem is your web provider knows the same. Tox is not anonymous and never claimed to be so.

Wait, my ISP knows all this stuff? Who are my friends on Tox, who I send messages to, for how long we are connected, etc.?

I wasn't aware of this and I'm sure many other people also weren't! This also needs to be addressed. Maybe a little warning saying that Tox isn't anonymous?

I don't enjoy DNS usernames solution, but it is fully optional

And it's awesome that it's optional. But those giving the option to use it should let users know about the risks.

And bootstrap is a thing any distributed network has.

But the issue is that clients only bootstrap to half a dozen nodes that all are held by the Tox Foundation. It needs many more nodes by default.

[alexbakker]

@hsimons

Everyone using a mobile client has their messages relayed through a few TCP relays (supernodes)

No, nice fallacy though.

When you go to http://tox.im or http://tox.chat you read that Tox is completely distributed without any centralization, so you think "great!", click "download" and start using it. But in reality, most clients aren't actually fully decentralized?

Please stop linking to tox.im, it has nothing to do with the Tox Project. Also, can you point me to the place on the tox.chat homepage that says that Tox is 'completely distributed without any centralization'? I can't find it.

[hsimons]

@Impyy

No

Could you please explain why? I understood by my investigation that mobile clients use TCP relays (supernodes) instead of UDP connections. Is this not true?

Please stop linking to tox.im, it has nothing to do with the Tox Project.

I wasn't aware http://tox.im wasn't affiliated to the Tox project. I thought that was the website advertised on the first time I read about Tox on HackerNews. Am I mistaken?

[JasonLocklin]

Wait, my ISP knows all this stuff? Who are my friends on Tox, who I send messages to, for how long we are connected, etc.?

If you don't know the answer to this, your comments do not belong on the issue tracker. Either do the research or ask those basic questions in a more appropriate forum.

[hsimons]

@JasonLocklin Sorry for the noob question, as I said I didn't fully investigate the source code of Tox because lack of readability and documentation, but I assumed it protected all my information, because that's what it lead me to believe on the website and other advertisement threads over HackerNews and Reddit.

So, my ISP knows all this stuff? Who are my friends on Tox, who I send messages to, for how long we are connected, etc.? I think many users don't know about this and should be warned.

[JasonLocklin]

Reddit and IRC are excellent places to ask basic questions like that. The wiki does explain it, but it's understandable if it's not clear enough yet.

[alexbakker]

Could you please explain why? I understood by my investigation that mobile clients use TCP relays (supernodes) instead of UDP connections. Is this not true?

You were saying that 'everyone' using a mobile client has their messages relayed through a few TCP relays. This is clearly not true as there is an option to disable TCP only mode, which makes toxcore prefer UDP connections. I, for one, have that option enabled.

I wasn't aware http://tox.im wasn't affiliated to the Tox project. I thought that was the website advertised on the first time I read about Tox on HackerNews. Am I mistaken?

Yes, it was the official website initially but you're well aware of what happened with the whole stqism situation, tox.im is not affiliated with the Tox Project anymore so there is no reason to link to it.

I'd still like you to point me to the place where you found that 'Tox is completely distributed without any centralization' on the tox.chat homepage though :)

[Mecvak]

@hsimons You can only claim what you personally, you cannot assume to claim what "many users" know. The best warning is that this is very early software. It is not finished. So use at your own risk. (They say this anyways) I don't see the need to place all these warnings in clear sight. You've been told the answers to your questions several times but repeat the questions regardless. Take some time and read up on how tox works further but this is not the place to be walked through the workings of tox.

[hsimons]

@Impyy

an option to disable TCP only mode

I'm sorry, but barely anyone (save for very tech-savvy people) will be aware of this. They won't know TCP relays aren't fully decentralized and that UDP connection isn't. A fine solution for this is a message when starting the mobile client:

---- Choose your communication mode ---- 1) Better Performance | Less Privacy 2) Better Privacy | Less Performance

About tox.chat and tox.im, I didn't know stqism was involved and tox.im was his. I knew he was the leader of the Tox Foundation, but not that he owned the website too. Sorry for the confusion. Simple and would let users aware of the 2 modes. Currently it's all obfuscated in TCP, UDP and whatnot. Most users won't know what that means.

[suhr]

Maybe a little warning saying that Tox isn't anonymous?

Yes there should be a note Tox is not anonymous. Though you can run Tox over Tor. Integration with I2P is an open issue.

But those giving the option to use it should let users know about the risks.

Yes, this is the registration site job.

But the issue is that clients only bootstrap to half a dozen nodes that all are held by the Tox Foundation. It needs many more nodes by default.

Volunteers are welcome.

[hsimons]

@suhr But isn't Tox aimed to average joes? I don't think they will know how to use Tor (or even what Tor is). This should all be done by default. Again, the same message could apply.

---- Choose your communication mode ---- 1) Better Performance | Less Privacy 2) Better Privacy | Less Performance

And then Tox takes care of enabling Tor or not depending on the user choice. It shouldn't just be partially centralized and not anonymous by default, with the user needing to enable UDP (and know what it is) on the config menu and to also set-up Tor. Because by default Tox is choosing the Less Privacy for everything.

[alexbakker]

@hsimons Granted, it's a little obfuscated and should be more clear for the average user. Please create a separate issue at the repository of said mobile client, toxcore has nothing to do with this. I'm sure its maintainer would also appreciate a pull request if you're into that ;)

However, this proves that the point you're trying to make in the OP is completely invalid. This is also the case with your 'Bootstrapping' claim. As other people have probably already told you by now, you can use any node to bootstrap into the Tox network, there is no need to use a bootstrap node for that.

Also, the fact that you keep avoiding my question tells me you didn't start this discussion in the best interest of our users at all. Instead, you're scaring potential contributors away by making invalid claims and spamming their inboxes.

[hsimons]

@Impyy

toxcore has nothing to do with this

But offline messaging is a toxcore feature, TCP relays too, etc. toxcore has many features that aren't fully distributed.

you can use any node to bootstrap into the Tox network

Yes, but it isn't user friendly. The average joe won't think: "there are so few bootstrap nodes, better use some other ones". No, they will just download and use Tox. It needs to be more clear.

the fact that you keep avoiding my question

What question? Ask it again and I'll give an answer, I probably missed it. Sorry for the misunderstanding.

making invalid claims

I made the claims as I understood them from the source code, that's not really well documented and readable, so there can be some confusions. But besides the bootstraping, all my other points remain valid, no? I mean, TCP relays aren't fully distributed, offline messaging being implemented by DrakeFish also isn't, DNS usernames aren't either, etc. It all remains valid as far as I understand.

[alexbakker]

But offline messaging is a toxcore feature, TCP relays too, etc. toxcore has many features that aren't fully distributed.

Nice cherry picking. Bringing pieces of sentences out of context is not going to help you. Toxcore has nothing to do with the fact that a mobile client doesn't make a user friendly distinction between tcp-only mode and prefer-udp mode.

Yes, but it isn't user friendly. The average joe won't think: "there are so few bootstrap nodes, better use some other ones". No, they will just download and use Tox. It needs to be more clear.

Also not a toxcore issue.

What question? Ask it again and I'll give an answer, I probably missed it. Sorry for the misunderstanding.

"Also, can you point me to the place on the tox.chat homepage that says that Tox is 'completely distributed without any centralization'? I can't find it."

I made the claims as I understood them from the source code, that's not really well documented and readable, so there can be some confusions. But besides the bootstraping, all my other points remain valid, no? I mean, TCP relays aren't fully distributed, offline messaging being implemented by DrakeFish also isn't, DNS usernames aren't either, etc. It all remains valid as far as I understand.

Yes, you raise some valid concerns but that doesn't take away the fact that some of your claims are invalid and appear to be meant to scare people away instead of trying to help the community.

[hsimons]

Nice cherry picking

Not cherry picking at all, those are main features of Tox. Offline messaging for example has been awaited for months and TCP relaying is the core of tox communications together with UDP.

Toxcore has nothing to do with the fact that a mobile client doesn't make a user friendly distinction between tcp-only mode and prefer-udp mode

Good point, this is an issue with the clients. But in the end the clients are approved by the Tox Foundation (irungentoo and others) and pushed into the websites, so they are kind of in agreement with those clients. Here is a list of the clients developers I could find, let's hope they read this issue and propose solutions to the current situation. @tux3 @krepa098 @dubslow @dvor @mahkoh @subliun @stal888 @FRIGN @sonOfRa @lehitoskin @4DA @ioerror @GrayHatter @notsecure @nurupo @albel727 @tsudoko

My proposal, as soon as the user opens a Tox client, he is prompted with the following option: ---- Choose your communication mode ---- 1) Better Performance | Less Privacy 2) Better Privacy | Less Performance

If he chooses privacy, Tox uses only UDP without resorting to super-nodes (TCP relays), disable the offline (messaging which isn't distributed) and route all traffic through Tor. All this is currently obfuscated to the end-user and Tox by default use the "better performance - less privacy" mode.

"Also, can you point me to the place on the tox.chat homepage that says that Tox is 'completely distributed without any centralization'? I can't find it."

I already answered that, maybe you missed it? I'll quote myself: "About tox.chat and tox.im, I didn't know stqism was involved and tox.im was his. I knew he was the leader of the Tox Foundation, but not that he owned the website too. Sorry for the confusion." Now I know that tox.im isn't official.

Yes, you raise some valid concerns

Thank you. Let's hope we can further discuss all this and get to a good solution.

doesn't take away the fact that some of your claims are invalid

The only (partially) invalid claim I had so far was about bootstrap. But it doesn't help that toxcore source code has no documentation and is barely readable. Maybe it should be refactored to be less of a mess, but I know time is limited and irungentoo can't do it.

appear to be meant to scare people away

That's absolutely not my intention, sorry if that's how you are facing this. I'm simply worried about the end-users who aren't tech-savvy and use default Tox clients thinking they are completely protected, when in fact they aren't. I just called most client developers, so let's see their ideas to fix this issue.

[stal888]

@hsimons Here's your reply.