Looking at some of these [flagkilled] comments... all I can say is... it sure makes me happy to be a part of the HN community and that we have a place which is largely free of that "nonsense" (a much too overly nice way to describe it)
My one experience with the Tox project was that I made a few (I thought) constructive suggestions. First, I suggested they use some form of static analysis or perhaps a 'safer' language to implement their core functionality - such as Rust or Go, instead of rather messy (at the time) C code.
Furthermore, having spent a lot of time researching parsers and how parser differentials can affect the security of systems, I suggested they use some tools, such as protocol buffers, to eliminate handwritten parsing code. The response I got was rather disheartening and downright hostile - it boiled down to the fact that protocol buffers involves C++ code which they are a priori against, without actually engaging in a factual argument (I wrote an article in the current USENIX login/ last years OSDI about parsers for binary protocols for anyone interested in background: https://www.usenix.org/system/files/conference/osdi14/osdi14... and github.com/jbangert/nail)
First of all the choice of C is because it was the language I was the most confidant writing secure code in. I'm not going to learn a new language and then right away start try to write secure code with it.
Clang has some great tools I use like the various sanitizers. Static analysis sucks and almost never finds any real issues but we still use it.
If you think toxcore should use protocol buffers, feel free to port it. This is an open source project and contributions are welcome. If you do a better job than me then I will merge your contribution. We are at #tox-dev on freenode.
The response I got was rather disheartening and downright hostile - it boiled down to the fact that protocol buffers involves C++ code which they are a priori against
Being against C++ isn't inherently a bad thing. For example, Tarsnap probably won't ever use C++ code.
I can't read your PDF because of an SSL certificate error.
As has been pointed out below, there are many C bindings for Protobuf (and my argument was that using something like protobuf allows reimplementing the protocol).
(EDIT: Note that everyone was proceeding under the assumption that silentbits was a Tox dev, but that's apparently not true, as was corrected below. I wonder it that calls into question the original comment...)
From the github conversation:
silentbits said: "Nobody is going to risk using an external parser in such critical code."
jbangert replied: "What do you mean? not invented here? Google's core engineers are better (and their code gets more review, attention, etc). than anything we can produce."
silentbits said: "You have few exchange protocols: ITCH, OUTCH (NASDAQ), UTP MD, XDP (NYSE), PITCH (BATS). These protocols are in binary form and very easy to convert from/to C/C++ struct. If you produce critical software you want to have a code that you can be verified and tested. You can of course find external parsers for this, but all serious players do their own parsers. The only exception might be FPGAs implementation where whole is written in HDL (VHDL, verilog)."
Am I correct in assessing that the reason this is troubling is because the tox devs are saying "Everyone else is writing their own parsers, so we should write our own parsers too"?
I don't know. If you want to criticize a software project for writing their own parser, you'll also need to criticize Tarsnap, since they write their own too. Yet Tarsnap is basically the gold standard in native security software. So either Tarsnap is being equally crazy, or it's not so crazy after all. I wonder which one is the case?
Contests/bounties are not indicative of security because it is very likely that potential profits from selling or using an exploit are greater than the bounty offered.
DISCLAIMER: I am one of the many Tox ex-contributors, who used to work on it in the past. I don't want to be identified due to harassment other ex-contributors suffered in the past. The following message is my point of view on the project as a whole.
Proplex, a long-time member of the Tox-Foundation and in charge of both infrastructure and marketing, called out tox devs because the 2 people in charge (irungentoo and stqism) were dealing with money in a shady way and he got suspicious. This lead him to leaving the Tox Foundation
Proof: https://gist.github.com/irungentoo/5af26f5edefcdb7eac72
After he went away and stopped to pay for the website and other servers (he hosted everything), Tox devs got angry and tracked his online activity by his browser UA, read his private email sent to his @tox.im address and considered breaking into his VPS account
Proof: https://gist.github.com/urras/ba792274f5aaf662a082/5d91d2a78... and https://archive.today/KkSWp
After the points exposed above, the conclusion is obvious, at least for me.
The Tox Foundation claims Tox is completely secure and nobody can break in, not even the NSA. Still, there's been no security audit and it is highly likely Tox isn't completely secure, given it's alpha software. But their website gives the idea people face no risk by using Tox right now. They are deceiving people to believe it is secure so they gain more users at the expense of putting users privacy at risk.
Proof: https://tox.im itself. See all security claims even though it hasn't been audited. Saying it's "alpha" doesn't mean to anything to non-tech-savvy, they will think it's missing a feature or two, not that their privacy and security is possibly compromised.
I believe it's my moral obligation, and of everyone's else reading this, not to use Tox.
You are contributing to a shady foundation composed of menchildren that don't care about other's privacy, deals with money in a shady way and dox people who go against them. Do not trust the Tox Foundation - this is my personal message.
There is a whole lot of green on this thread. The text is copied [1] and has been posted several other places. Generally the tone here and strong somewhat overreacting stances aren't particularly becoming of the HN community.
Edit: I have no affiliation here, just an outside observer. I think it's relevant because, unlike the screenshot of #1228, the still alive 1229 issue (at least) shows that this happened nearly a month ago.
Whether or not the fact that it happened nearly a month ago matters I don't know, but at least it's a bit of extra context/info.
>Proplex, a long-time member of the Tox-Foundation and in charge of both infrastructure and marketing, called out tox devs because the 2 people in charge (irungentoo and stqism) were dealing with money in a shady way and he got suspicious
We barely get any donations. We barely have money and we are very transparent about it, look at our donations page.
>After he went away and stopped to pay for the website and other servers (he hosted everything)
He disappeared one day, didn't warn us or anything and took everything (including backups) with him.
>Tox devs got angry and tracked his online activity by his browser UA, read his private email sent to his @tox.im address and considered breaking into his VPS account
Yes because I wanted to know if he had done anything weird on the site. We never considered breaking into his account. His tox.im mail was never remade on the new tox.im mail server so all emails sent to it ended up in our catch all email.
>Members of the Tox Foundation such as stqism try constantly to sneak in copyright changes
I'm a member of the Tox foundation and I don't sneak in copyright changes in my repo. He also didn't try to sneak it in. I never merge pull requests before reading everything first.
>After it got out of hand and too many people called out the Tox Foundation, this happened
Yes and I explained exactly what happened. What is the issue?
>irungentoo enforced censorship on his github repo to try to cover everything up
Because kicking trolls is censorship?
>irungentoo claims Tox is secure just because he uses a secure primitive
Scroll down to my next comment in that thread.
Sorry for my previous comment. This one should be better.
>We barely get any donations. We barely have money
That's relative and your wording is slippery here. What is "barely no money"? $50? $100? In any case, donated money should be dealt with in a better way. Even an ex-member of the foundation (Proplex) had a big issue with this. He actually left because of the shady way you dealt with money and, since then, nothing changed.
>we are very transparent about it, look at our donations page.
That page tell barely nothing and is outdated. What's the money being spent on? Who's the financial manager? As a donator, how can I be sure my money is being spent on Tox and not on personal servers, vacations, etc. by the Tox Foundation leaders? There were rumors about that, and although I don't believe them, this is a serious issue anyway.
>He disappeared one day, didn't warn us or anything and took everything (including backups) with him.
And on the same day you started harassing him, without even listening to his side of the story? And what do you mean with backups? You are saying you or other project members didn't keep local backups? That would be an amateur mistake to make.
>Yes because I wanted to know if he had done anything weird on the site
And the NSA just wants to know if we had done anything weird on their country. /sarcasm
Do you think that justifies spying on him?
>We never considered breaking into his account
But you said the following at #tox-secret on January 14th: "urras, if you want to forcefully gain access to his digital ocean account I can reset his pass" SOURCE: https://archive.today/Y6LEw (line 45)
>His tox.im mail was never remade on the new tox.im mail server so all emails sent to it ended up in our catch all email
As soon as he left the project you should have deleted his @tox.im email account or at least temporarily disabled it. It's unethical to keep receiving (and reading) emails that were meant to someone else.
>Because kicking trolls is censorship?
Tell me, how is this a troll? http://i.imgur.com/HNFtcOG.png Keep in mind the title was defaced (and later on the message) by irungentoo.
As soon as dfortner raised up those questions, you locked the issue, edited his messages to say garbage, hurting his image, and banned him from the repository so he couldn't raise the issue again.
>Sorry for my previous comment. This one should be better.
This one isn't a blatant rant without content like the other one, it's just some damage control. I honestly don't know what is worse, but I guess you are right on saying this is a little better.
Unfortunately, being affiliated with 4chan means we attract a lot of trolls pretending to be "ex-devs" or "concerned members of the community" who have nothing better to do with their time than to spread FUD (https://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt). We certainly aren't perfect, and have made our fair share of mistakes, but at the end of the day this is just personal drama that serves to distract from the software.
One of the "proof"s given here is that a pull request changed a 2013 copyright to a 2013-2015 copyright, as though that's sinister somehow. I stopped reading after that.
Yeah I read all that and it's really the main dev trying to track down the guy who maintained all the servers because he dropped everything. Maybe he acted awkwardly, I don't know, I don't care; the point is, there isn't some sort of "Tox Foundation conspiracy" trying to deceive everyone (as if the tox community was large enough to be worth deceiving) and given your tendency to shitpost on 4chan I would be more inclined this is another epic troll attempt to sabotage a project that actually went off.
We should drop that "proof" argument because it's just an argument that impossibru, a completely fresh account, mindlessly threw out.
What we have in this forum are achive.org links. Those links contain conversations about breaking into Proplex's accounts and tracking Proplex's behavior. We should not have to filter past this argument of yours.
Your other argument just accuses someone of being a forum troll.
Sounds like an extremely one-sided version of an argument. Why should we care about the devs? If the source is open and the software is good, I can tolerate Linus-tier rants if need be.
The issue is that if you use Tox you support their foundation, the Tox Foundation™ which deals with money in a shady way and deceive their users just in order to grow.
I, for moral and ethical principles, don't want to have anything to do with such a thing and believe it's necessary to let people know about the situation.
If they couldn't even respect an ex-developer privacy[0] how can we expect them to run a foundation and create a supposedly secure instant messaging?
> The issue is that if you use Tox you support their foundation
No, you really don't.
Your argument would have a lot more ground if you didn't sound like an off-the-street conspiracy theorist.
I guess that's what differenciates "conspiracy theorists" from the people who want you to believe vaccines causes autism and aspartame cancer. It's easy to dismiss something as crazy when the messenger sounds batshit insane, regardless of what the message is.
The tech community should know, what with Snowden and all.
Open source developers with attitude problems? Surely this has never occurred before.
To be less sarcastic: Does it matter who the developers are and how they behave? If the source is open then it can be reviewed by anyone. If it works, there is no reason not to use it.
If the project is toxic (no pun intended) that's good enough reason to have nothing to do with it, period. If the above is true, a fork with a less-hostile community/development-environment would be a Good Thing.
You are just some troll trying to kill our project with fabrications and lies. You twist the truth to fit your own agenda.
The guy in question tried to damage the project on his way out so yes I grepped our server logs for his ips because I wanted to know if he had tried anything weird.
This guy posting this comment here is someone who decided to start this war against the project after I refused to kick someone who actually did something from our project. He posts this bullshit everywhere.
It doesn't help that you have zero clue how to answer professionally to actual trolls.
Hint: it involves replying to actual concerns rather than ad hominems. I mean, it's not like GP doesn't have any material on you, there's some pretty shitty stuff going on there.
One of the links I posted above "mysteriously" disappeared.
I have an archived version though.
It's one of the key-points of the situation I exposed, so it's worth a read.
Yeah, I deleted that Gist because you're using it out of context.
I've talked with you one-on-one, and I've asked you to stop pasting it wherever someone mentions Tox.
irungentoo: tox main developer, head of the Tox Foundation
NikolaiToryzin (stqism): second in command, run the Tox Foundation's monetary operation
The rest are other developers on the #tox-secret channel.
TRACKING PROPLEX, AN EX-MEMBER OF THE TOX FOUNDATION, ONLINE ACTIVITY THROUGH HIS UA:
irungentoo prolapses phone seems to have a unique user agent
NikolaiToryzin If you tell me it I can make tox.im return stuff to him only
irungentoo 'Mozilla/5.0 (Linux; Android 4.4.2; SM-N900V Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/40.0.2214.69 Mobile Safari/537.36'
NikolaiToryzin That'll be fun
READING HIS PRIVATE EMAIL:
irungentoo basically proplex did an email request change on his digital ocean account which means an email containing his ip got sent to david@tox.im which ended up in the catch all email
urras irungentoo: Any interesting emails?
irungentoo urras, if you want to forcefully gain access to his digital ocean account I can reset his pass
[...]
NikolaiToryzin But they want his personal info
urras How do you guys know
NikolaiToryzin Emails.
irungentoo comparing himself to the NSA:
irungentoo I feel like the NSA
irungentoo tracking people across ips even without cookies is so easy
irungentoo why would I want to go after terrorists?
irungentoo blackmailing people with power is much more lucrative
TRACKING AN EX-DEVELOPER AGAIN:
irungentoo 173.52.122.131 - - [13/Jan/2015:00:33:01 -0500] "GET /User:Proplex HTTP/1.1" 404 3656 "https://github.com/Tox/Tox-Website" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
irungentoo interesting
irungentoo I like how he checked if the wiki was up: 96.250.8.105 - - [20/Dec/2014:02:12:30 -0500] "GET / HTTP/1.1" 301 5 "https://tox.im/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
irungentoo you really don't need cookies to track people online.
The home page[0] seems to suggest that there are also audio and video capable clients... are they still in development, or is there something functional already?
Toxic has 1 on 1 audio chats, and GUI clients such as uTox and qTox additionally have group audio, as well as 1 on 1 video. Both clients are usable, though I would personally recommend qTox.
That's partially true. However if you force TCP connections (in Toxic this is done with the -t flag) your IP is effectively hidden from your contacts because all your traffic gets relayed by TCP nodes in the network. The downside is that forced TCP connections are slower and less reliable.
The reason Tox doesn't have built in anonymity is because strong anonymity has a massive impact on quality (especially streaming data like audio/video). Our goal is to steal normal (non-paranoid) users from Skype and get everyone and their mother using strong encryption. In order to achieve that we need to have comparable quality rather than something that feels like you're using a 28.8k modem.
And again, anyone who actually wants anonymity still has that option.
If broad adoption is truly your goal you have a branding problem. Normal people will not use a tool called 'toxic' which prints crazy ASCII letters in the command line. You might as well ask soccer moms to hold the line at occupy wall street.
It's not really command-line since it relies on ncurses. I thought it was something different like where you're literally sitting at the command-line within some short of shell like:
Also relevant, and containing video and audio chat support, is uTox[0] and qTox[1]. Looks like they are currently working on getting group video chat working.
Can Tox do persistent group text chats with offline message delivery to people when they sign in again? It's the one killer feature of Skype that keeps me on it. No open messaging programs ever support this it seems like.
I have to echo the parent though, getting history from the period you were disconnected is a killer feature of skype that seems to get little or no attention.
It is one of the major things that keeps some of my group chats on skype.
I hadn't looked much into Tox, but after seeing a few mentions on cyberpunk boards, and seeing how hard people are shilling against it, I think I'm going to take a closer look.
Is this at all related to Nullsoft Waste? That was quite a scandal when it launched with a "whoops we didn't mean to open-source that" thing. It was a crypto-IM too.
If you use a secure crypto primitive, is it correct to say your program is secure?
I mean, can you be sure something is secure just because of the crypto lib?
I thought there had something to do with the implementation too?
I ask this because of Tox. The main developer claims Tox is secure because of the crypto library.
It sounds weird to me, so I decided to ask... After all, if it was this easy all programs would be secure, right? Just import a secure crypto lib and it's done? Sounds weird.
Having a sound library removes a whole host of issues; however, it doesn't remove all of them. First and second among many are key management and concatenating values before hashing or signing.
No, you didn't decide to ask, you take a lot of redirections and bullshitting to point out your link. Which is an interesting contribution, but the way you deliver it is really bad style and annoying.
Tox still hasn't solved the serious metadata leakage issue.
They tried to cover it up by adding onion-routing for friend requests, but ACTUAL MESSAGES are still done directly.
Strong adversaries such as your ISP and agencies like the NSA, the GCHQ, etc. can still collect metadata about your conversations.
The "Tox Foundation" tries to cover this up and pretend that "tox was never meant to be anonymous", but the truth is harsh.
Now, this wouldn't be a problem if the Tox Foundation made this issue clear to its users. This is how P2P works, after all, direct connections, and that's fine.
But the problem is that Tox doesn't make that obvious for non-tech-savvy users.
When they read on the website that they are completely safe from the NSA and whatnot, they won't expect to be in any way exposed.
Still, unless these non-tech-savvy users "route all incoming and outgoing traffic through Tor" they won't be completely safe and should be worried about metadata leakage and adding people they don't actually know.
But such a thing isn't made clear and Tox deceives users this way, only to get more people using it. It's unethical and outright wrong, in my personal opinion.
Tox is DHT/P2P based which means it does not rely on any type of centralized authority, and all traffic is encrypted using the sodium crypto library (https://github.com/jedisct1/libsodium).
Full disclosure: Tox has not yet been professionally audited.
