secure communication needs to be anonymous

[hmeyer]

As long as the network is observable by third parties (which the internet is) encryption might obfuscate the content of communication. But as we all know by now it's just the metadata of the who and when you communicate with that is sufficient to get a good picture of your communication behaviour and peers. If Tox wanted to be secure it needs to implement anonymous communications. Basically Tox + Tor. You already stated this won't be possible and actually that is ok. I'd like to propose to add an onion routing layer to the Tox message protocol. As well as standardized message lengths (filled up with random bytes). Maybe even add sending useless packets in order to obfuscate real traffic from void traffic. Delay packets. And yes - give up realtime functionality like audio and video. This way Tox might become a secure instant messenger. Anyone in for a Para(noid)Tox - Fork?

[Nominate]

I'd be interested

[Nominate]

Not for video/audio but it'd work fine for text

[Nominate]

Is Tox meant for 1000 people groups? I thought it was to replace Skype

[lukechampine]

I think a lot of people would be interested in having this extra layer of security, but it's not something that will be incorporated in the mainline. So by all means, create a fork; that's the beauty of open source software, right?

[ghost]

Tox isn't meant to replace IRC. I don't see an issue limiting group chat to even just say 20 people if it means increased security.

On Tuesday, August 6, 2013 at 13:51, Luke Champine wrote:

I think a lot of people would be interested in having this extra layer of security, but it's not something that will be incorporated in the mainline. So by all means, create a fork; that's the beauty of open source software, right?

— Reply to this email directly or view it on GitHub (https://github.com/irungentoo/ProjectTox-Core/issues/356#issuecomment-22201844).

[Nominate]

Let's fork it and see how it goes, it can always dissolve into Vapourware if it's rubbish

[Nominate]

Thanks for the information. If we did pipe things through tor as secure text messages what are we really doing that torchat doesn't already?

[fcore117]

Main goal is to be easy and same robust as Skype, if everything is encrypted then noone do not know what we talked about and i suggest developers to turn off message logging BY DEFAULT and if someone wants then he can enable it. Best is that Tox do not use some server to store contacts, only downside is that i have to move settings if i migrate from computer to computer but i am fine with this because no-one knows my contacts.

If you want anonymous/nameless/darknet style then there is Retroshare but this is very hard to casual people and cannot penetrate firewalls easily.

I am waiting this day when i can remove Skype forever... thank you Tox devs.

[hmeyer]

created an empty repo and will start writing protocol drafts soon. Cooperation very welcome. https://github.com/hmeyer/paratalk

[Nominate]

I think ParaTox is a better name to show the affiliation to the Tox project.

[aviau]

Yes. This way we advertise one another

[hmeyer]

After thinking more about a possible protocol it seems Tox and paratalk (or paratox) might not share to much of a codebase. And while Tox will be a realtime service with video, audio and instant messaging, paratalk will be a delayed text messenger only. But if it helps to get community support I'm open for a name change. Btw: Did you guys figure out how to implement ECMQV using NaCl?

2013/8/21 Alexandre Viau notifications@github.com

Yes. This way we advertise one another

— Reply to this email directly or view it on GitHubhttps://github.com/irungentoo/ProjectTox-Core/issues/356#issuecomment-23046994 .

[hmeyer]

I'm proud to introduce https://github.com/hmeyer/paratox

2013/8/23 Henning Meyer tutmann@gmail.com

After thinking more about a possible protocol it seems Tox and paratalk (or paratox) might not share to much of a codebase. And while Tox will be a realtime service with video, audio and instant messaging, paratalk will be a delayed text messenger only. But if it helps to get community support I'm open for a name change. Btw: Did you guys figure out how to implement ECMQV using NaCl?

2013/8/21 Alexandre Viau notifications@github.com

Yes. This way we advertise one another

— Reply to this email directly or view it on GitHubhttps://github.com/irungentoo/ProjectTox-Core/issues/356#issuecomment-23046994 .

[Nominate]

Wait we're planning on using UDP for onion routing? Why don't we use the Tor network through SOCKS? I think the gold standard of privacy would be having observers unable to tell whether anyone is using ParaTox at all.

[Nominate]

Also let's assume ParaTox get built and shows promise. It would be very easy to own a vast proportion of the routing nodes with very modest resources. This would mean that the attacker could very easily tell that Alice & Bob are communicating.

[manuel-arguelles]

How do you plan to store messages when user is offline and still have perfect forward secrecy?

[hmeyer]

thanx. fixed a typo. of course there is no perfect forward secrecy if one of the peers is offline.

2013/8/23 Pakĉjo notifications@github.com

How do you plan to store messages when user is offline and still have perfect forward secrecy?

— Reply to this email directly or view it on GitHubhttps://github.com/irungentoo/ProjectTox-Core/issues/356#issuecomment-23158479 .

[hmeyer]

@Nominate I added a "Why" section the readme. It explains, why Tor might not be the perfect choice. Actually there is TorChat which is a quite clever take on IM based on Tor, but it has it's drawbacks which I'd like to circumvent.

[v6]

// , I'm interested. Does anyone know the best forums to inquire about how to do this?

I think MAIDSafe, Ethereum, or IPFS technology could be worthwhile avenues to explore.

[LittleVulpix]

Wow this necro is real :p this thread is from 2013.

Either way, tox now supports tcp-only mode. At this point, you can simply use your tor as a proxy server for tox and run tox that way.

[v6]

Googlebot, lord of the Necroposts, cares little for your silly human concept of time. Seriously it came up on google.

Cool. Would you be willing to add that response to the stackoverflow post? Will upvote.

On Wed, Jun 10, 2015, 05:32 LittleVulpix notifications@github.com wrote:

Wow this necro is real :p this thread is from 2013.

Either way, tox now works in tcp-only mode. At this point, you can simply use your tor as a proxy server for tox and run tox that way.

— Reply to this email directly or view it on GitHub https://github.com/irungentoo/toxcore/issues/356#issuecomment-110731708.

[suhr]

What Tox actually needs is an i2p support. We don't need yet another handmade broken anonymization. See https://github.com/irungentoo/toxcore/issues/942

[v6]

// , Just as long as it doesn't get baked into the tox protocol. Tox needs to deal with that like it needs a hole in the head.

[fcore117]

someone who so needs a hide their ip then use torchat or https://www.onioncat.org/about-onioncat/ use something like this with Tox.

[GrayHatter]

@irungentoo close as wontfix, tox works over tor,