×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Tox, a Skype Replacement Built On 'Privacy First'

Soulskill posted about 4 months ago | from the pet-rock-also-built-on-privacy-first dept.

Communications 174

An anonymous reader writes: Rumors of back door access to Skype have plagued the communication software for the better part of a decade. Even if it's not true, Skype is owned by Microsoft, which is beholden to data requests from law enforcement. Because of these issues, a group of developers started work on Tox, which aims to rebuild the functionality of Skype with an emphasis on privacy. "The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever—not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there's no central hub to snoop on or take down."

Sorry! There are no comments related to the filter you selected.

Oh god why. (-1)

Anonymous Coward | about 4 months ago | (#47803085)

Oh god, Tox still isn't even remotely ready yet, why do this?! Damn it /g/.

Not to mention the fact that most paranoia freaks will shit themselves when they realize your IP gets exposed to people in the same way that BT does.

Re:Oh god why. (4, Insightful)

viperidaenz (2515578) | about 4 months ago | (#47803183)

OH SHIT
My IP gets exposed? Like how I've just sent it to Slashdot and the countless routers and proxies between my PC and the Slashdot servers?

Re:Oh god why. (1)

TrollstonButterbeans (2914995) | about 4 months ago | (#47803395)

It is a legitimate concern. Mocking it doesn't allay the concern.

Re:Oh god why. (0)

Anonymous Coward | about 4 months ago | (#47803451)

If you can come up with a way to initiate a stateful connection between two endpoints without telling each other, or a MITM, your IP, I'm sure we'd be all ears.

Re:Oh god why. (0)

Anonymous Coward | about 4 months ago | (#47803837)

Tor.

Re:Oh god why. (2)

stephenmac7 (2700151) | about 4 months ago | (#47803899)

He said: or a man in the middle.

Re:Oh god why. (0)

Anonymous Coward | about 4 months ago | (#47803929)

Tor

tells your ip to PRISM, which tracks the packet from hop to hop all the way through the onion and back. You think they just stumbled onto tormail's server at random?

Re:Oh god why. (2)

viperidaenz (2515578) | about 4 months ago | (#47803527)

The only way to stop your IP from being broadcast around the internet is to not use the internet.

The only way to receive a packet of data is for someone else to know your IP address. Either the entity initiating the send, or some kind of proxy along the way.

It's how the internet works.

Please explain how it's a legitimate concern and how to alleviate it.

Re:Oh god why. (1, Insightful)

TrollstonButterbeans (2914995) | about 4 months ago | (#47803695)

A server in the middle that acts as a central point.

I get what you are saying, but exposing IP addresses to 3rd parties isn't typically desirable.

Case in point, I don't have your IP address. And you don't have mine.

Sure email works like that (although possibly less so in current era with gmail and such, then again maybe not), but many services don't. Sure, the service provider --- the middleman --- has access to that, but the other users don't.

A solution to a problem isn't necessarily a knee-jerk opposite solution (centralized vs. decentralized) but often some variation of an existing successful model that is slightly flawed, correcting *ONLY* the part that is flawed, not the parts of the service infrastructure that work well.

Re:Oh god why. (1)

viperidaenz (2515578) | about 4 months ago | (#47803777)

I don't have your IP, you don't have mine. The 3rd party in the middle does. There is a single point where all interaction with Slashdot can be intercepted.

I get what you are saying, but exposing IP addresses to 3rd parties isn't typically desirable.

What? That's exactly what you're advocating.

The flaw in the system is the central server.

Email works fine how it is, because of the requirement to store messages when recipients are offline. Yet it still doesn't suffer the problem of all messages going through a single entity. You're free to connect directly to the recipients mail server. You're not forced to go through a particular company or country.

Real time video links don't have that requirement. There is no need for a central server. All you need is some kind of directory. A DHT fills that requirement.

Re:Oh god why. (-1, Troll)

TrollstonButterbeans (2914995) | about 4 months ago | (#47803989)

Today you don't understand, but perhaps given enough time you might accumulate the wisdom to understand my point.

If you think the flaw in the system is the central, good for you.

You will also be ignorant of the history of the internet, but that's ok and with enough time you'll either see my point or not.

But to relate to what you understand today, I would say that doesn't anonymity contribute to a healthy internet --- even semi-anonmymity as you might understand it with what you understand --- and your idea is that this would discarded because of Boogeyman (NSA or Russians or whatever).

We have been down that road before, it didn't work. And it is okay if you don't know enough about the past to know these past attempts failed, that's just part of the learning experience.

Re:Oh god why. (1)

viperidaenz (2515578) | about 4 months ago | (#47804123)

There you go again.

I would say that doesn't anonymity contribute to a healthy internet

That's exactly what you lose when you route all your communications through a single provider. You're left with pseudonymity.

Re:Oh god why. (1)

Infoport (935541) | about 4 months ago | (#47803707)

remailers and nyms can do it for email. Unfortunately you get a lot of latency, sometimes added on purpose for extra security (to prevent tracking by timing) You encrypt reply blocks that have nested instructions to send the also-encrypted message along. Each server can only decrypt their own portion. With two servers between you, neither end point knows the other end point. Servers in different countries may be used in series. You can assemble such a reply block and attach it to anonymously sent emails or posts.

Some servers allow you to set up an address, and associate it with a reply block. You then have created a "nym", on a nymserver, and can give out that email address to places rather than a reply block.

An additional part can give the encrypting key to the next server, so the server which decrypts a section encrypts the messages it sends out with the next server's key routinely.

Unfortunately, to have deniability regarding a sent message, you can't send it and have it immediately appear on the other end.

Re:Oh god why. (3, Insightful)

Anonymous Coward | about 4 months ago | (#47803717)

As with nearly everything in life, privacy and security are not all-or-nothing, black-or-white issues - instead it is a set of trade-offs, what do you have to give up in order to get a desired result. It is at least a 2-dimensional spectrum where limiting exposure to the minimum necessary nodes versus any node that takes an interest is preferrable.

Look at it this way - most people don't have a problem giving their credit card number to a website when they make a purchase but would not find it acceptable to share their credit card number with every website they log in to.

We know by its existence that onion-routing is one way to minimize IP address exposure. It does not eliminate it, but it drastically reduces the window of exposure. That increased privacy comes at a cost, the question, as it is with all costs, is if the cost is worth it.

Re:Oh god why. (0)

Anonymous Coward | about 4 months ago | (#47803583)

Well garbage in, garbage out... At least the content will be encrypted, leaving only meta-data. Using a VPN can then only show a connection to your VPN and you can talk without metadata linking who your chating with.

I just hope they truly make it secure from the encryption to the authorization, so man-in-the-middle attacks or a weakness in encryption can compromise the service.

Re:Oh god why. (0)

Anonymous Coward | about 4 months ago | (#47803845)

You're.
Moron. Go back to school.

Re:Oh god why. (0)

Anonymous Coward | about 4 months ago | (#47803629)

Oh Hi there, welcome to slashdot, you must be new here.

Why don't you have a quick look around, might I suggest you start with some introductory reading on issues that are considered common knowledge here. Anything with the word "Snowden" or "NSA" might be a good start.

Re:Oh god why. (1)

ThatsMyNick (2004126) | about 4 months ago | (#47803773)

On slashdot, your IP doesnt get exposed to everyone, silly. It only gets exposed to slashdot (and routers in between if you are not using SSL). Finding your IP (and hence your location), by just your name viperidaenz, is a little bit worrying and a valid concern. If you dont find it worrying, you should start signing each of your slashdot posts with your current IP.

Re:Oh god why. (1)

viperidaenz (2515578) | about 4 months ago | (#47803797)

Finding my IP just by my name viperidaenz requires nothing more than an NSL [wikipedia.org] .

Regards,
viperidaenz
IP: 10.0.102.54

ps: there may be one or more network address translations and proxy servers in the way.

A group of developers started work on Tox .. (0)

Anonymous Coward | about 4 months ago | (#47803209)

Re:Oh god why.

"Oh god, Tox still isn't even remotely ready yet, why do this?! Damn it /g/."

What part of ' A group of developers started work on Tox ' don't you understand?

"Not to mention the fact that most paranoia freaks will shit themselves when they realize your IP gets exposed to people in the same way that BT does."

What?

Back door (2)

WillKemp (1338605) | about 4 months ago | (#47803097)

Even if it's not true [......]

Considering all the revelations that have emerged about surveillance in those ten years, the possibility that it's not true seems barely worth considering.

Re:Back door (1)

Anonymous Coward | about 4 months ago | (#47803179)

The idea of backdoors is just convoluted and pointless, it's often a way of perpetuating some illusion of shady corporate and government collusion. Oddly enough the product is used by many different governments and other corporations across the globe so I've never quite understood who the supposed conspirators are - though it is often Microsoft and the US government while the rest of the world are bumbling fools living in ignorance, but these people who tell us all about these back doors (except what they are, how they work, if they exist and how to access them) are the real informed ones that know the truth.

The more knowledgeable of us know you could easily prove it out with traffic analysis if they *did* exist yet it remains the domain of unsubstantiated and often bizarre conspiracy theorists. The fact is it is unnecessary because trapping the traffic as it goes over the public net is a much more clandestine approach and does not require specific interfaces in every bit of software for it to work.

I enjoy the conspiracy theories to a point but I have always found it odd that while one group of extremists portrays corporations like Microsoft, Apple, Google, HP, IBM, and others as bumbling idiots when it comes to security while the other end of the scale argues that they are incredibly competent criminal masterminds to the point that they have these secret backdoors into every system that nobody knows about and nobody on the inside has ever leaked out. Both groups argue against the more level-headed groups but never against eachother ... strange.

Re:Back door (0)

Anonymous Coward | about 4 months ago | (#47803357)

A back door can remain dormant until you become a target and the US gov't wants into your computer/network. It doesn't matter how competent Microsoft and Google are, they can be subject to national security letters forcing complete secrecy and threat of being shut down if they don't comply. After all the Snowden revelations, I don't understand how one can be so trusting of closed source software and cloud services from American tech companies.

Re:Back door (0)

Anonymous Coward | about 4 months ago | (#47803483)

So what is it you know that the rest of the world doesn't?

After all the Snowden revelations, I don't understand how one can be so trusting of closed source software and cloud services from American tech companies.

After all the Snowden revelations, I don't understand how one so concerned with privacy can even use the internet at all. These days communication is much more prevalent on Linux smart phones than on Windows PCs and intercepting communication in transit is what the NSA has been doing as it is much more efficient, clandestine and platform independent. More to the point you do not have to worry about the target's PC being turned on, connected to the internet and that they are behind a firewall configured to allow those outside connections.

Re:Back door (4, Interesting)

AHuxley (892839) | about 4 months ago | (#47803419)

AC the backdoor aspect is both national and international
"FBI Wants Backdoors in Facebook, Skype and Instant Messaging"
http://www.wired.com/2012/05/f... [wired.com]
".... drafted by the FBI, that would require social-networking sites and VoIP, instant messaging and e-mail providers to alter their code to make their products wiretap-friendly."
Then the world was given more details "Encrypted or not, Skype communications prove Ãoevitalà to NSA surveillance" May 14 2014
http://arstechnica.com/securit... [arstechnica.com]
As for the "nobody on the inside has ever leaked out." aspect try http://cryptome.org/2013-info/... [cryptome.org]
The "inside" can now be understood by aspects like "Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.Ã(TM)s"
http://www.nytimes.com/2013/09... [nytimes.com]
..."employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987."
How past "parallel construction" and telco support will respond to any new "peer-to-peer and voice calling" will be interesting.
How did the US and UK get to past bespoke crypto telco hardware in the 1950's and beyond? Plain text always seemed to emerge just in time.

Re:Back door (1)

Mister Liberty (769145) | about 4 months ago | (#47803421)

Leaving the conspiracy theories aside (indeed, who needs them, except strawman erectors) -- tell me, do you think for instance there were some average Janes and Joes that got rather a bad wrap, undeservedly so, during the housing and banking crises the other day?

Re: Back door (0)

Anonymous Coward | about 4 months ago | (#47803443)

Nice try, but you can't know that much and be that dumb all at once. If you send traffic to a central server, and if the traffic is unencrypted OR is encrypted by a key you don't control then monitoring your traffic without you being to prove it is absolutely possible. You could send traffic to a web server and that server could send a copy to anywhere and you'd never see it. I suppose to you that means it doesn't exist.

I've been watching the antics of you corporate apologists and law enforcement worshippers for some time now. You'd almost be funny if your attitudes weren't so poisonous to a free society.

Re: Back door (2, Interesting)

Anonymous Coward | about 4 months ago | (#47803665)

If you send traffic to a central server, and if the traffic is unencrypted OR is encrypted by a key you don't control then monitoring your traffic without you being to prove it is absolutely possible.

You *always* send data to servers you dont control when you transmit data over the public net, everybody already knows that and anybody that assumed any sort of privacy when transmitting data over a public network is a deluded fool, clearly you are in that category.

I suppose to you that means it doesn't exist.

No I am talking about backdoors in client side software (in things like windows and osx, the kind that has been perpetuated for years without any actual proof) because you do not *need* backdoors in server software when you have a dragnet that can capture masses of public traffic. It may make it easier but it is by no means necessary.

I've been watching the antics of you corporate apologists and law enforcement worshippers for some time now. You'd almost be funny if your attitudes weren't so poisonous to a free society.

No I am just not using fear of mass surveillance to push an agenda of free software. The problem with people like you is you are trying to lull people into a false sense of security by advocating privacy and openness while ignoring that software like this is not the answer (didnt work out too well for Tor now did it?). If what you are genuinely after is a free society then you already know that free software and data encryption are a stupid place to start because you're always the next zero day vulnerability or a compromised public server away from malicious parties intercepting your data. I am not entirely sure if your position is through ignorance or malice but either way trying to convince people that software like this will lead to a free society is utter stupidity of the highest order or deviously malicious at the other end.

Free software and private communications are a side-effect of a free society, they are in no way capable of creating a free society because they can be compromized and the networks on which they operate can be compromized.

Re:Back door (-1)

Anonymous Coward | about 4 months ago | (#47803185)

I hear a bunch of faggot junkies know all about your back door. You dirty bird.

Re:Back door (2)

wiredlogic (135348) | about 4 months ago | (#47804151)

Of course it's backdoored. The only reason why eBay bought Skype is to cross-correlate with PayPal accounts in exchange for taking the heat off threats of banking regulation.

It's about time. (0)

Anonymous Coward | about 4 months ago | (#47803111)

Seriously. Wtf nerds?

Oh Great Just What We (Don't) Need (-1)

Anonymous Coward | about 4 months ago | (#47803121)

An even shittier version of a shitty program. Skype in unreliable and barely usable. So now we're proposing something even worse. You have to be seriously insane to even consider trying to do real time video over something akin to Bittorrent.

Re:Oh Great Just What We (Don't) Need (3, Funny)

viperidaenz (2515578) | about 4 months ago | (#47803199)

You mean peer to peer, instead of relaying via a server?

Re:Oh Great Just What We (Don't) Need (3)

greenwow (3635575) | about 4 months ago | (#47803233)

It's so bad, Microsoft doesn't even make it easy to kill it off. Even Scott Adams made a Dilbert cartoon about how bad it is:

http://dilbert.com/strips/comi... [dilbert.com]

Really? Flamebait? (0)

Anonymous Coward | about 4 months ago | (#47803467)

There are some serious Microsoft fanbois here. In no way can a Dilbert cartoon be considered flamebait.

Re:Oh Great Just What We (Don't) Need (1)

rstanley (758673) | about 4 months ago | (#47803261)

"So now we're proposing something even worse."

Why do you think it will be worse? Give them a chance and let's see the released version.

Re:Oh Great Just What We (Don't) Need (0)

Anonymous Coward | about 4 months ago | (#47803291)

Actually I've found Skype has become much more reliable since Microsoft bought them out. Video call quality is vastly improved and doesn't suffer from the call dropouts of old.

Re:Oh Great Just What We (Don't) Need (-1)

Anonymous Coward | about 4 months ago | (#47803417)

Your check is in the mail.

      MS

Re:Oh Great Just What We (Don't) Need (0)

Anonymous Coward | about 4 months ago | (#47803779)

my experience on linux has been the exact opposite.

Re:Oh Great Just What We (Don't) Need (2)

grcumb (781340) | about 4 months ago | (#47803975)

You have to be seriously insane to even consider trying to do real time video over something akin to Bittorrent.

A few months ago, I would have agreed with you. But I've been using the PopcornTime [time4popcorn.eu] app since then, and it reliably delivers HD streams with few if any stutters. There's no reason to believe a single (video+)voice stream wouldn't be possible using a similar approach....

it's a great idea with one major flaw (5, Insightful)

Anonymous Coward | about 4 months ago | (#47803139)

Decentralized services are a great idea, but there is one big flaw. Not enough people care about it to get a critical mass of users. Virtually everyone outside a handful of tech geeks will keep using the centralized services, so to talk to people out there in the real world, you'll need to use the centralized services too. Or, restrict yourself to these decentralized networks and find they are mostly empty, maybe several thousands of users across the whole of the world.

And good luck trying to explain to Joe/Jane Sixpack how to use them. You have to fight against the centralized data-mined services that came preinstalled on their devices, and that's a non-starter for most people.

It fails not for technical reasons. It fails because of widespread tech illiteracy in the general population.

Re:it's a great idea with one major flaw (4, Insightful)

dcollins117 (1267462) | about 4 months ago | (#47803167)

Decentralized services are a great idea, but there is one big flaw. Not enough people care about it to get a critical mass of users.

There's a group of Hollywood celebrities that have just been made aware of the need for decentralized and more private internet services. I think people will care, albeit only after a problem has occured.

Re:it's a great idea with one major flaw (1)

Anonymous Coward | about 4 months ago | (#47803213)

Do you think a single one of those celebrities will move to such a system?

I wager not one of the ones effected by it will.

Re:it's a great idea with one major flaw (1)

dcollins117 (1267462) | about 4 months ago | (#47803785)

Do you think a single one of those celebrities will move to such a system?

I really think they will if it's the easiest option. It's up to developers to make encrypted, decentralized storage the default and easy to use. Build it and they willl come (pun half-heartedly intended.)

Re:it's a great idea with one major flaw (1)

exomondo (1725132) | about 4 months ago | (#47803231)

There's a group of Hollywood celebrities that have just been made aware of the need for decentralized and more private internet services.

In that context what is the solution? Certainly not to host the services yourself. The security was beaten by a flaw in the server software that allowed a brute force attack to take place, so how does decentralization help you there?

Re:it's a great idea with one major flaw (0)

Anonymous Coward | about 4 months ago | (#47803733)

> In that context what is the solution? Certainly not to host the services yourself.

It sure is.

Where "yourself" is one of a set of firms that specialize in very high security hosting for high-risk clients. Using an iphone locked them in to Apple's lowest-common denominator of secure hosting, and while that's great for the average low-value target, it isn't sufficient for someone with a lot to lose.

Imagine "concierge" services that charge a buttload of money but spend that money on a very high standard of security, maybe even to the point of a dedicated support person to manage all the data and control access on case-by-case basis. Kind of a combination personal assistant and internet body-guard (data-guard?).

Re:it's a great idea with one major flaw (2)

exomondo (1725132) | about 4 months ago | (#47803919)

Where "yourself" is one of a set of firms that specialize in very high security hosting for high-risk clients. Using an iphone locked them in to Apple's lowest-common denominator of secure hosting, and while that's great for the average low-value target, it isn't sufficient for someone with a lot to lose.

That's rubbish, you are not "locked" in to Apple's hosting, stop spreading FUD. You can quite easily turn off iCloud and use whatever service you want or no cloud storage at all, it is already decentralized. You are just swapping one supposedly secure service for another.

Re:it's a great idea with one major flaw (1)

Antique Geekmeister (740220) | about 4 months ago | (#47804009)

> You can quite easily turn off iCloud and use whatever service you want

I'm afraid I must say "good luck with that". The bar to replace services that are built into Iphones or Ipads by Apple, as a supported service and built directly into their operating systems, is quite high.

Re:it's a great idea with one major flaw (2)

exomondo (1725132) | about 4 months ago | (#47804057)

I'm afraid I must say "good luck with that".

Not sure why, I don't need luck because it already works fine with services like DropBox and Skydrive or there's apps from western digital and synology. I could even use the APIs to write my own if I wanted to.

Re:it's a great idea with one major flaw (0)

Anonymous Coward | about 4 months ago | (#47804099)

> I don't need luck because it already works fine with services like DropBox and Skydrive or there's apps from western digital and synology

Good luck with that. Name one system that does keychain backup/restore inside the standard apple interface.

Re:it's a great idea with one major flaw (1)

exomondo (1725132) | about 4 months ago | (#47804159)

Name one system that does keychain backup/restore inside the standard apple interface.

Why would I want to do that? Saving my passwords (encrypted or not) to a cloud service sounds like a fantastically stupid idea. I'll save photos and videos there but passwords? No thank you, I have no need for that.

Re:it's a great idea with one major flaw (5, Insightful)

Bing Tsher E (943915) | about 4 months ago | (#47803237)

They just have to stop storing personal content 'on the cloud'. Don't buy into the idea of no local storage. Say NO to devices that don't have an SD slot ( sorry, Apple and Google...)

32g sd cards are really cheap now.

An oxymoron ... (2)

CaptainDork (3678879) | about 4 months ago | (#47803177)

It fails not for technical reasons. It fails because of widespread tech illiteracy in the general population.

You do see what I mean, right?

it's a great idea with one major flaw (2)

AHuxley (892839) | about 4 months ago | (#47803473)

Not much the average consumer can do about wire tap friendly products built into tame telco approved hardware and software as offered globally.
You can code a software layer into your consumer device that offers really good quality encryption.
The problem is not so much a back door, trap door, just that every letter and number entered on the device is open to hardware logging by default by a gov activated telco layer..
A person is walking around with a gps becon, live mic, camera and plain text capturing device they 'trust' due to a thin top layer of very good code?
A one time pad system, air gapped to get the message out? A user no longer has real time joy but is then only offering location, who made the message, where it went, when and all the details about the device that sent the message.

Re:it's a great idea with one major flaw (0)

Anonymous Coward | about 4 months ago | (#47803781)

The problem is not so much a back door, trap door, just that every letter and number entered on the device is open to hardware logging by default by a gov activated telco layer..

If that exists. Very few (if any) of these handsets are built in USA and often you can get them directly from places like China, many are designed and manufactured overseas and i doubt they are particularly sensitive to what the US governmnet wants. or maybe all the worlds' governments are colluding?!

Re:it's a great idea with one major flaw (1)

AHuxley (892839) | about 4 months ago | (#47803813)

AC the news is full of 'hints' like "FBI, Telecoms Teamed to Breach Wiretap Laws" ( 01.21.10)
http://www.wired.com/2010/01/f... [wired.com]
FBI Seeking to Pay Telecoms to Store Records for Years and Provide Instant Access (07.18.07)
http://www.wired.com/2007/07/f... [wired.com]
FBI pressures Internet providers to install surveillance software (August 2, 2013)
http://www.cnet.com/news/fbi-p... [cnet.com]
Also recall Communications Assistance for Law Enforcement Act http://en.wikipedia.org/wiki/C... [wikipedia.org]
".... requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic."
Its the local laws where the handsets are to be sold that matters. If you want to sell in say the USA, your "designed" aspect will have to be US wiretapping law friendly.

Re:it's a great idea with one major flaw (0)

Anonymous Coward | about 4 months ago | (#47803985)

AC the news is full of 'hints'

The news is full of 'hints' that aliens landed, that there is a secret cure for all types and forms of cancer and that we are actually in the matrix but what you really mean by that is things that can be misinterpreted to mean whatever you twist them to mean. You have just extrapolated ad absurdum to create fear. Show me proof, even something remotely plausible that can show that "every letter and number entered on the device is open to hardware logging by default by a gov activated telco layer", because nothing you posted there substantiates that in any way, shape or form.

Its the local laws where the handsets are to be sold that matters. If you want to sell in say the USA, your "designed" aspect will have to be US wiretapping law friendly.

Tell that to the chinese from whom I bought my cellphone, you really are a joke thinking your US government can police the world. You really think Xiaomi bends to your pathetic US wiretapping laws?

it's a great idea with one major flaw (0)

Anonymous Coward | about 4 months ago | (#47804079)

As with Tor/I2P/GPG/Gnunet/Unix/etc/etc/etc... it is superior communication, operating and privacy technology.
Thus it will only fail if YOU refuse to use it, and because YOU refuse to introduce others to it and show other people how to use it.

The GUI's and package updaters all exist for sixpack and gramps now, so you are NOT fighting them, you are fighting YOURSELF and your own EXCUSES.

xmpp exists today. (1)

nurb432 (527695) | about 4 months ago | (#47803141)

Why reinvent the wheel, again?

Re: xmpp exists today. (0)

Anonymous Coward | about 4 months ago | (#47803201)

XMPP uses centralized servers

Re: xmpp exists today. (1)

Jorgensen (313325) | about 4 months ago | (#47803281)

Not entirely true. They are no more centralised than email servers. Each domain gets to nominate their own XMPP servers via DNS - which can be shared across cooperating domains.

Not what Skype is for me. (1)

Bing Tsher E (943915) | about 4 months ago | (#47803219)

I don't use skype for a 'chat box.' Really, I hardly 'chat' at all anymore. Did enough of that in the late 80's to early 90's. I use skype as my long distance phone carrier. As long as I'm at home or have a wifi connection, I can call any phone in the continental US at no extra cost. This costs me about $4 a month. It's a nomadic sort of thing, I used to do it with an iPod touch, but now use an unsubscribed Android phone (the iPod touch 'for the rest of us', which even has an SD slot!). When home I make long distance calls on my desktop. We have DSL and a local landline, no long distance carrier.

So this would never replace skype for me.

Re:Not what Skype is for me. (1)

mellon (7048) | about 4 months ago | (#47803347)

I use SIP for my PoTS gateway. It's pretty seamless. Something like Tox, if it works, would be an incremental improvement.

Re:Not what Skype is for me. (0)

Anonymous Coward | about 4 months ago | (#47803411)

Why not just use Jitsi for both?

http://jitsi.org/ [jitsi.org]

Tox? What happened to BitTorrent Chat? (1)

DiSKiLLeR (17651) | about 4 months ago | (#47803223)

Tox? What happened to BitTorrent Chat? I though the bittorrent folks themselves were making a secure decentralised chat client, it even made news on slashdot once.

Re: Tox? What happened to BitTorrent Chat? (0)

Anonymous Coward | about 4 months ago | (#47803251)

Too lazy to look it up, but I image they're taking the same route with btSync and not releasing it FOSS. Which is part of what made bittorrent so popular to begin with, so I doubt btChat will take off.

Re:Tox? What happened to BitTorrent Chat? (2, Informative)

Anonymous Coward | about 4 months ago | (#47803441)

It's been renamed to Bleep and is in closed pre-alpha testing:
http://blog.bittorrent.com [bittorrent.com]

Re: Tox? What happened to BitTorrent Chat? (0)

Anonymous Coward | about 4 months ago | (#47803667)

BT chat is closed source, no,?

Microsoft Gave the NSA Backdoor access to Skype .. (4, Informative)

Anonymous Coward | about 4 months ago | (#47803243)

'A lengthy new Guardian report claims Microsoft worked directly with the NSA by giving complete back door access to Outlook (and Hotmail), Skype and SkyDrive. The report basically says each service was easily circumvented in order to make the NSA’s job of sleuthing data incredibly easy, as if your private info was selling at a weekend garage sale. One NSA document even described the collaboration with Microsoft as a “team sport.”' ref [technobuffalo.com]

Diaspora (1)

Anonymous Coward | about 4 months ago | (#47803263)

Who wants to meet up on Diaspora and chat about Tox?

government requires access (0)

Anonymous Coward | about 4 months ago | (#47803287)

as much good as it would serve, governments around the world, besides nefarious control-of-the-peons approach, have a legitimate need to access communications of all types their is a need to stop people who want to harm others. A centralized source allows this. A decentralized source, even taken to court under Federal judiciary orders to comply with monitoring, could not grant behind-the-scenes court-demanded snooping and could easiily be taken down (no longer developed) as the law is used to company-cave-in to security letters

Key exchange (2)

manu0601 (2221348) | about 4 months ago | (#47803325)

And how do you exchange key? Do they plan a web of trust à la GPG?

Re:Key exchange (3, Interesting)

Anonymous Coward | about 4 months ago | (#47803389)

I discussed it with one of the admins on their IRC.
"it's up to the users to give their public key to their friends in a way that it won't be intercepted in transit and replaced"

Re:Key exchange (2)

MtHuurne (602934) | about 4 months ago | (#47803425)

It could be handled like SSH: when you get an invite to connect to someone, their key fingerprint is displayed. If you are paranoid, you can verify the fingerprint via alternative channels. Otherwise, you blindly accept it. In either case, you are protected against man in the middle attacks after that first connection is made. Also, if you did accept a fake key, any time you try to talk to that person over a network where the man in the middle is not present will trigger a key mismatch, revealing that an attack took place on the initial connect.

Re:Key exchange (4, Interesting)

BitterOak (537666) | about 4 months ago | (#47803533)

And how do you exchange key? Do they plan a web of trust à la GPG?

A better approach would be to generate a random session key and each user's client would display some sort of hash (it doesn't need to be really long: 6 or 8 digits would suffice) of that key. Assuming the two parties know each other and recognize each other's voice and/or face, one of them can read the hash to the other. If there's a MITM attack, they won't match. As I said, the hash doesn't need to be long, since one mismatch would indicate trouble.

Re:Key exchange (1)

MtHuurne (602934) | about 4 months ago | (#47803595)

That's a good idea. You could even present the hash in a more accessible way, like picking two words from a dictionary or showing three icons from a fixed set.

Re:Key exchange (1)

manu0601 (2221348) | about 4 months ago | (#47803681)

Hi, my key hash is "anonymous coward".

Re:Key exchange (3, Informative)

nadaou (535365) | about 4 months ago | (#47803795)

Phil Zimmermann has already done all this. It's called ZRTP.

https://en.wikipedia.org/wiki/... [wikipedia.org]
https://www.youtube.com/watch?... [youtube.com]

Re:Key exchange (0)

Anonymous Coward | about 4 months ago | (#47804163)

yeah, but the problem is the client uses java, which makes it nearly unusable unless you've got a core i7.

Re:Key exchange (1)

Bob9113 (14996) | about 4 months ago | (#47803873)

And how do you exchange key? Do they plan a web of trust à la GPG?

That was one of my first questions. The answer is; however you want. They provide an "easy" (hence vulnerable) method for doing so, but you can check the public key hash against your securely transferred value before approving a key if you want.

Or, slightly differently; this is not a key exchange system, just a comm system you can use once you have authenticated a key to your level of security requirement.

Kazaa (2)

gringer (252588) | about 4 months ago | (#47803333)

Hmm, interesting. It might be worth pointing out that Skype was originally based on a decentralized service pushed through the Kazaa network:

http://arxiv.org/abs/cs/041201... [arxiv.org]

Like its file sharing predecessor KaZaa, Skype is an overlay peer-to-peer network. There are two types of nodes in this overlay network, ordinary hosts and super nodes (SN). An ordinary host is a Skype application that can be used to place voice calls and send text messages. A super node is an ordinary host’s end-point on the Skype network

Of course, the problem with the Skype system (as it was when that paper was written) is that the decentralised nature of the network means that your video call could be routed through any number of Skype network nodes (i.e. computers) before it arrives at its destination. I think now Microsoft has replaced most of the supernodes with microsoft servers, so replace "any number of Skype network nodes" with "any number of Microsoft servers".

Presumably Tox is doing something similar to going back to the roots of Skype, with maybe a bit more encryption thrown in.

Re:Kazaa (5, Insightful)

WoodburyMan (1288090) | about 4 months ago | (#47803413)

I can attest to Skype doing this. A friend away moved away for graduate school and we would communicate using Skype, so I started just leaving the desktop application open. My computer is located in my bedroom, with a switch next to it. I woke up like 3am, see the lights FLASHING going all sorts of nuts on my switch, which was weird as I had nothing on my pc open at the time. I check net stat... i see a inbound and outbound connection, one to some SBC DSL user in Atlanta, another to a Comcast user somewhere else, forgot where, but some other state. I kill Skype. BAM, connections close, traffic resumes normal operation. Skype was using my computer as relay service, since I have active UNPN, and the other two client presumably had some sort of firewall blocking direct communication. To this day i tell *EVERYONE* who uses the Desktop app to close it as soon as they're done to prevent this as most home connections now have meters. (Charter's is 250gb/mo for 30mbit, which I hit 150gb+ some months when I was toying around with AOSP and downloading the entire repo a few times after screwing up a VM or something).

Re:Kazaa (1)

AndrewBuck (1120597) | about 4 months ago | (#47803727)

I have noiced the same thing on my skype in the past. I am fine with contributing some p2p bandwidth but wish the program was a bit more upfront about telling you about it.

On a separate but related issue, I used to use netstat for the same kind of thing you did, but now I run a program called nethogs, which is a command line tool a lot like top, but shows bandwidth usage by process in real time in more sane units like kb/s instead of the ugly packet buffer counts netstat uses which are kind of hard to read. It also sorts by bandwidth similar to how top shows the high cpu users on top by default so it is easy to see what the "random process eating your network" is.

-AndrewBuck

Re:Kazaa (1)

Anonymous Coward | about 4 months ago | (#47804097)

Skype CAN and DOES read your messages, and quite probably your voice and video too.
Send a text chat message with a unique one time URL to your own box in it over Skype, such as:
http://yourbox.com/laks2312kjceie
You will see a bot fetch you. Skype scraped the link out of your so called privately encrypted chat.
Google it if you don't believe me.
SKYPE CANNOT BE TRUSTED, EVER!!
NO CLOSED SOURCE CAN BE TRUSTED!!!!!
Quit freaking using closed source, there's no reason to anymore.

Privacy Last (2, Informative)

westlake (615356) | about 4 months ago | (#47803351)

Readers of this story will have noticed the links to four of the major social media sites, including Facebook.

Since the earliest days of USENET and IRC Chat, the geek has a flawless record of making one-on-one communication over the Internet as painful a process as possible for the non-technical user.

It took the commercial services like Sype to break the spell.

Re:Privacy Last (1)

Anonymous Coward | about 4 months ago | (#47803457)

Even just downloading and running it is a PITA. Click the flashy download button on the front page and you get to a crappy wiki page listing several "proof of concept clients" - pick one! Of course, if you look further in the Wiki you'll find that there's about a dozen other clients as well, and none with the complete feature set. So now we have gone from downloading and installing to reading, studying, pondering and failing... great way to make people use your software!

Oh, about the failing part: why isn't the Windows package with the updater a proper installer? Idiosyncrasies like this do turn away users.

Re:Privacy Last (0)

Anonymous Coward | about 4 months ago | (#47803523)

Readers of this story will have noticed the links to four of the major social media sites, including Facebook.

Since the earliest days of USENET and IRC Chat, the geek has a flawless record of making one-on-one communication over the Internet as painful a process as possible for the non-technical user.

It took the commercial services like Sype to break the spell.

What a bunch of fucking bullshit. You sir get troll of the year award. Without "geeks" you wouldn't have an Internet. And Skype is quite painful to use with forced upgrades, advertising etc.

Re:Privacy Last (2)

Bob9113 (14996) | about 4 months ago | (#47803907)

Since the earliest days of USENET and IRC Chat, the geek has a flawless record of making one-on-one communication over the Internet as painful a process as possible for the non-technical user.

Don't be facetious. One-on-one communication could be much more painful. In the specific case of secure (ie: end-to-end encrypted) communication, Tox is approaching the theoretical limit of simplicity. Key exchange has a mathematically bound minimum complexity in order to be secure. The reason Skype is not secure is precisely because it is easier to use than Tox.

Or, slightly differently: Tox is an example of geeks making one-to-one comm as easy as it possibly can be, for the given requirements.

info (0)

Anonymous Coward | about 4 months ago | (#47803359)

"it's up to the users to give their public key to their friends in a way that it won't be intercepted in transit and replaced"

Lol. There is no security here unless you KNOW what you are doing. Not even minimal security... MITM attack can happen without issue.

Re:info (1)

nadaou (535365) | about 4 months ago | (#47803485)

It's really not that hard at all.

http://en.wikipedia.org/wiki/Off-the-Record_Messaging#Authentication [wikipedia.org]

and it comes with a very good implementation and pedigree,

https://en.wikipedia.org/wiki/ZRTP [wikipedia.org]

Here's a video demo of ZRTP in use:

https://www.youtube.com/watch?v=udBBDHT-_UA [youtube.com]

So as far as the user is concerned, there's not reason it can't be dead simple.

The future.... (0)

Anonymous Coward | about 4 months ago | (#47803409)

It will get popular. Get bought out by some big company who will gut it.

And then the next 'privacy first' thing will come along.

Re:The future.... (0)

Anonymous Coward | about 4 months ago | (#47803501)

It will get popular. Get bought out by some big company who will gut it.

And then the next 'privacy first' thing will come along.

except it is gpl3, which means it will be bought then forked community moves on to open fork life moves on.

Hypocrisy (0)

Anonymous Coward | about 4 months ago | (#47803509)

I do love the hypocrisy on Tox's web site. So they promote an alternative to Skype because of the concern of Microsoft owning it and what it could mean for privacy concerns... and yet the screenshot on display is clearly running under Windows 7.

If you're truly concerned about privacy and don't trust Skype, then by extension you don't trust Microsoft. If this is the case, how can you then trust the fucking OPERATING SYSTEM if it's made by the same people you don't trust? It's hypocritical and shows a lack of consistency in their message.

I understand that Linux doesn't suit everyone's needs, but surely they could be promoting Tox via a Linux screenshot rather than a Windows one. But what am I saying... I'm sure these folks will topple Skype anytime now.

Mandatory linux 4.3 upgrade (1)

smchris (464899) | about 4 months ago | (#47803675)

It always seemed we could at least sandbox Skype as a limited unique user, but 4.3 requires Pulse and pulse is increasingly the de facto sound system over alsa. Correct me if I'm wrong but doesn't pulse running at the user level only allow ONE user and system-wide utilization is vehemently discouraged by the developers for SECURITY reasons? If so, it seems like Microsoft and the NSA have worked out a way to p0wn any linux box where a person has installed a working 4.3 Skype.

I guess you could still use it for chat as a unique user.

BBM (0)

Anonymous Coward | about 4 months ago | (#47803685)

There is already a much more secure Skype Alternate. BBM. Get BBM Protected when it goes live and have military grade security. Can't believe all the Skype vulnerabilities and the icloud hack and people still love to bash the only secure platform out. BB10 and BBM.

Fucking 'Dependencies" (1)

Anonymous Coward | about 4 months ago | (#47803767)

Just tried to install it after adding the PPA and it's missing mysterious dependencies, thus cannot be installed. Rubbish. Promotion should offer an incentive, not a host of obstructions! Back to Jitsi, cunts.

Still USA-based, so open to govt^H^H^H^H..... (0)

Anonymous Coward | about 4 months ago | (#47803803)

Website: tox.im
IP location: NY, NYC, Verizon Online LLC
Domain reseller: Gandi SAS, xxxxxxxxxx, Paris, France
Owner / registrant: Sean Qureshi, xxxxxxxxxxxx, Los Angeles, CA

I did a who-is lookup because what the ^shift-numbers^ does .IM stand for?

Toxic? (1, Interesting)

profi (29705) | about 4 months ago | (#47803937)

Tox is licensed under GPL v3 which is incompatible with iOS. Brilliant idea to exclude one of the most popular mobile platforms, this will surely replace Skype.

vline (0)

Anonymous Coward | about 4 months ago | (#47804117)

vline.com

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?