Tox, a Skype Replacement Built On 'Privacy First'

An anonymous reader writes: Rumors of back door access to Skype have plagued the communication software for the better part of a decade. Even if it's not true, Skype is owned by Microsoft, which is beholden to data requests from law enforcement. Because of these issues, a group of developers started work on Tox, which aims to rebuild the functionality of Skype with an emphasis on privacy. "The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever—not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there's no central hub to snoop on or take down."

Re:Key exchange

[Anonymous Coward]

I discussed it with one of the admins on their IRC.
"it's up to the users to give their public key to their friends in a way that it won't be intercepted in transit and replaced"

Re:Back door

[AHuxley]

AC the backdoor aspect is both national and international
"FBI Wants Backdoors in Facebook, Skype and Instant Messaging"
http://www.wired.com/2012/05/f... [wired.com]
".... drafted by the FBI, that would require social-networking sites and VoIP, instant messaging and e-mail providers to alter their code to make their products wiretap-friendly."
Then the world was given more details "Encrypted or not, Skype communications prove Ãoevitalà to NSA surveillance" May 14 2014
http://arstechnica.com/securit... [arstechnica.com]
As for the "nobody on the inside has ever leaked out." aspect try http://cryptome.org/2013-info/... [cryptome.org]
The "inside" can now be understood by aspects like "Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.Ã(TM)s"
http://www.nytimes.com/2013/09... [nytimes.com]
..."employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987."
How past "parallel construction" and telco support will respond to any new "peer-to-peer and voice calling" will be interesting.
How did the US and UK get to past bespoke crypto telco hardware in the 1950's and beyond? Plain text always seemed to emerge just in time.

Re:Key exchange

[BitterOak]

And how do you exchange key? Do they plan a web of trust à la GPG?

A better approach would be to generate a random session key and each user's client would display some sort of hash (it doesn't need to be really long: 6 or 8 digits would suffice) of that key. Assuming the two parties know each other and recognize each other's voice and/or face, one of them can read the hash to the other. If there's a MITM attack, they won't match. As I said, the hash doesn't need to be long, since one mismatch would indicate trouble.

Re: Back door

[Anonymous Coward]

If you send traffic to a central server, and if the traffic is unencrypted OR is encrypted by a key you don't control then monitoring your traffic without you being to prove it is absolutely possible.

You *always* send data to servers you dont control when you transmit data over the public net, everybody already knows that and anybody that assumed any sort of privacy when transmitting data over a public network is a deluded fool, clearly you are in that category.

I suppose to you that means it doesn't exist.

No I am talking about backdoors in client side software (in things like windows and osx, the kind that has been perpetuated for years without any actual proof) because you do not *need* backdoors in server software when you have a dragnet that can capture masses of public traffic. It may make it easier but it is by no means necessary.

I've been watching the antics of you corporate apologists and law enforcement worshippers for some time now. You'd almost be funny if your attitudes weren't so poisonous to a free society.

No I am just not using fear of mass surveillance to push an agenda of free software. The problem with people like you is you are trying to lull people into a false sense of security by advocating privacy and openness while ignoring that software like this is not the answer (didnt work out too well for Tor now did it?). If what you are genuinely after is a free society then you already know that free software and data encryption are a stupid place to start because you're always the next zero day vulnerability or a compromised public server away from malicious parties intercepting your data. I am not entirely sure if your position is through ignorance or malice but either way trying to convince people that software like this will lead to a free society is utter stupidity of the highest order or deviously malicious at the other end.

Free software and private communications are a side-effect of a free society, they are in no way capable of creating a free society because they can be compromized and the networks on which they operate can be compromized.

Toxic?

[profi]

Tox is licensed under GPL v3 which is incompatible with iOS. Brilliant idea to exclude one of the most popular mobile platforms, this will surely replace Skype.