Jump to content

Opinions about Tox(IM)


Lixtrii

Recommended Posts

Hi everyone.

For a long time i have been using skype for day to day communication with friends and colleagues, but there comes a time in ones life when there is a need for something more secure.

Recently i came across Tox which promises these features. Maybe some of you have tried this software and can share your thoughts? or maybe make some suggestions for other secure IM clients?

Link to comment
Share on other sites

Been looking for a replacement Skype, but the problem is that any alternative lacks critical mass. I can't ask co-workers in Neverland to switch from Skype to Tox just because.

Link to comment
Share on other sites

Based on the amount of "TODO" labels I'm seeing, the poor quality of the documentation, and a stark lack of technical discussion about their security model, I don't have a lot of confidence in this project. It may eventually develop into something cool, but for now I'd stay away.

I think this effort shows more promise, especially considering the names behind it: http://invisible.im/#

Link to comment
Share on other sites

Based on the amount of "TODO" labels I'm seeing, the poor quality of the documentation, and a stark lack of technical discussion about their security model, I don't have a lot of confidence in this project. It may eventually develop into something cool, but for now I'd stay away.

I think this effort shows more promise, especially considering the names behind it: http://invisible.im/#

Had a look at your suggestion. Ricochet seems more promisisng, because they are using thor network (at least that's what they say) to send messages, so it would be harder to track your communications.

Will have to test them both, when i`ll have some spare time.

Link to comment
Share on other sites

I guess it kinda boils down to your usecase.

Do you want 'just' secure communications, or do you want it to be impossible for people with really big pockets to see something on your machine is communicating with something on another machine? For 99% of the populace the former is quite sufficient which would make the ability to use TOR a moot point. It's a nice feature to include, though, for those that want to communicate at the speed of morse code on their blazing system (yup, not a big fan of TOR for general use).

Link to comment
Share on other sites

Ricochet was designed to solve the problem of communications metadata. It's all well and good to encrypt the content, but often the metadata alone is enough to be damning in an investigation or court room. It doesn't actually matter what's in the message, the fact that you sent or received it is evidence in and of itself.

Comparing TOR to Morse Code makes me think you haven't touched it in many many years. I'm not gonna say it's "blazing" fast, but it's not nearly as bad as it once was. And for the security it affords you... well there's no free lunch. You're not going to get that kind of mitigation of plain-view metadata without making some kind of compromise.

If you're satisfied with encrypted contents, there are plenty of established options on the table, including Pidgin's OTR plugin.

Link to comment
Share on other sites

Okay, so basically the IM protocol itself, as designed/used by the current crop of offerings, is crap. No wonder I still like IRC a lot. Pity you can't do voice or video over it.

My issue (if you can really call it that) is that they're actually working to solve 2 problems rather than 1:

1. The protocol divulges too much information about you.

2. Nobody is allowed to know who it is you're communicating with, and preferably even know IF you're using it.

Do you really care so much about #2? Maybe you do and I won't say you're wrong in doing so. But for 99.999% of the populace that bit is complete overkill.

The problems I have with TOR is that exit nodes are publicized and quite a number of sites choose to block access to these machines and that by design TOR adds a few hops that each needs to do a chunk of crypto on your data which slows things down and impacts reliability somewhat. It affords you a certain level of security, but for me personally, it's not worth it.

I don't believe I've piqued the interest of the powers that be to the point where they might want to see who I'm talking to.

But let's not delve into the virtues of TOR in this topic. I understand it has its uses and it's a good thing to have it around.

My argument is that I'd prefer them to fix #1 and leave #2 as a feature for you to employ. But by the look of it, that option isn't going to be provided.

Link to comment
Share on other sites

I'm not sure I understand what you're saying.

1. If what you mean is that you're trying to protect the contents of your message, than this is a solved problem. For example, If Alice and Bob want to have a conversation, and they don't care that anyone knows that they're talking to each other (just so long as nobody knows what they're saying) then there are many many options out there. This is basically the OpenPGP model, where everyone can see who you are exchanging emails with, and all of the metadata of your emails, but the contents themselves are encrypted. (Though, they can still estimate the size of the message and make inferences from there about the contents.) Tools like Pidgin OTR or TextSecure do the same thing as OpenPGP, just over transport channel.

This may be sufficient security if you're exchanging messages with people who you already have very strong connections to, for example family members, friends, or coworkers. There are plenty of other ways to tell that you have a relationship with these people, and there are plausible explanations for why you are exchanging messages with them.

2. This is the real problem that is not addressed by the current tools. How do you communicate with someone securely without
a) revealing who you are to them, and
b) revealing to an observer that you are communicating with them?

This is a problem that a lot of people actually have when they try to communicate anonymously or pseudonymously on the Internet. Metadata is the real killer (as described in detail by the Snowden leaks.) With near-real-time communication you will always be giving away some amount of metadata (such as when you are talking to them) but by using Tor you can prevent an outside observer from discovering that you are having the conversation at all, and you prevent the person you are conversing with from discovering your identity.

There are very few tools out there that try to address this much more challenging problem of metadata, but metadata is currently the Achilles Heel of security. It's not just the three-letter agencies, but also commercial advertisers and service providers who collect and analyze your metadata in order to profile you. Companies like Google and Amazon can almost know more about you from your metadata than from your actual content.

If you like Anime, and you're familiar with Death Note, this article is a light introduction to how Information Theory can be applied to identify a unique individual from their metadata. http://www.gwern.net/Death%20Note%20Anonymity

Link to comment
Share on other sites

This is off-track from the current topic, but I do have a question:

But how do you know who the person on the other end is, aside from meeting in person or using some alternative, unsecure way of identifying yourself? From what I've read thus far all I can be certain of is that it's the same person I keep talking to.

Link to comment
Share on other sites

1) you have previously exchanged contact information through some other secure method, or

2) you rely on a web of trust to establish their identity as the person you intend to communicate with (which does not necessarily leak a legal identity, just that the pseudonym is trusted by others whom you may have independently verified.)

Or possibly:
3) If you are mutually pseudonymous you may not actually care to have any guarantees of their identity other than it's the same person (or entity) each time. Their real world identity might not be relevant to your conversations with them. For example, many agents of Telecomix are pseudonymous. They may not actually care about the real-world identities of their collaborators so long as they can make the reasonable assumption that they are always talking to the same person or entity. To the extent that their operations might be compromised by a MITM attack... if the adversary takes direct action based on information they obtain then both parties will know that the communications channel has been compromised and will abandon it. So even with active surveillance they can still be at least marginally effective at achieving their goals, because the adversary can't effectively respond without giving up their ability to tap the comms.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...