Tox: A secure Chat Voice and Video program

[Snorkasaurus]

I am totally not sold on Tox... here's why:

1. My understanding of the "Run A Node" page is that all clients are connected to some DHT Node, and that all nodes are connected to each other (though not necessarily in a mesh). That means all DHT nodes have a list of all Tox ID's and IP addresses of all currently connected clients. It also means that any time a client connects, disconnects or times out, the hosting DHT Node must send an update to other DHT Nodes. Anyone could run their own DHT Node and collect a database of every ID, along with dates, times, and IP's connected from.

2. There is no mention of the words "firewall" or "port forwarding" anywhere on the Tox wiki. Without port forwarding, direct client to client connections can't be made. Can they? The closest I could find on their wiki was this note about symmetric NAT which makes me believe that client communication is done through the DHT Nodes by default.

3. Unless the client application got you to create your own encryption key(s) then I would have to expect that the encryption is likely SSL/TLS and is only between you and the DHT Node rather than between you and some other client. The Tox Disclaimer and Explanation page has some answers, but does not make it clear... I don't see anything to lead me to believe that DHT Nodes can't trap data.

It sounds like it could maybe be possible to run your own node, run it on a nonstandard port (or setup firewall rules to allow only authorized clients to connect), not have it listed as one of the public DHT Nodes, and only give the IP address of your node to people you know/trust... though I would be concerned that it may still have the ability to update other [public] DHT Nodes every time someone uses your node. It might be easier to just setup a private (and of course encrypted) jabber/XMPP server and allow people to use any client application they like.

S.

[viking60]

It is to early to be "sold".
This software is in development, so it is not finished. The focus is the security and privacy of your conversations. This is worthy of support.
I think you can do without the Node list.

Skype started as a peer to peer system but Microsoft put them on centralized servers that made the spying easy.

The structure of Tox resembles the Tor network - and that is good enough to make the NSA angry with everyone that uses it.

It is absolutely clear and certain that Tox is way more secure than Skype already - and people do use Skype, and get their voices and faces stored in NSA databases (might come in handy for the case that you will do something wrong in the future).

I don't think you have to register anywhere to use Tox and those hash ID's will only be known to you and me.

Here is another article about Tox:

http://www.pcworld.com/article/2600419/ ... ement.html

I do agree that we cannot conclude that it is watertight -yet. But helping them get there or as close as possible is a noble cause.

[Snorkasaurus]

It is to early to be "sold".

When I say "sold", all I mean is that I don't think it offers more privacy than any other "non-plain text" communications solution including Skype.

I think you can do without the Node list.

I don't. Without using the publicly available DHT Nodes you can't connect to anyone, there is no other way you could resolve a Tox ID to an IP address.

The structure of Tox resembles the Tor network - and that is good enough to make the NSA angry with everyone that uses it.

I think the NSA would consider Tox to be a great metadata gathering tool.

It is absolutely clear and certain that Tox is way more secure than Skype already - and people do use Skype, and get their voices and faces stored in NSA databases (might come in handy for the case that you will do something wrong in the future).

Skype is a proprietary protocol, I don't think that anyone can decode it in stream. The fact that Microsoft shares data with the NSA makes Skype a loser. The fact that the NSA is running a Tox DHT Node under the name "Tracking Node" makes Tox a loser.

I don't think you have to register anywhere to use Tox and those hash ID's will only be known to you and me.

You may not have to use a sign up form like a free email account, but Tox generates a unique ID for you and the DHT Nodes can track unique ID's.

I do agree that we cannot conclude that it is watertight -yet. But helping them get there or as close as possible is a noble cause.

I'm not saying it has minor bugs, I am saying it is inherently flawed because it allows anyone to run a DHT Node and collect metadata about every Tox user.

S.

[viking60]

When I say "sold", all I mean is that I don't think it offers more privacy than any other "non-plain text" communications solution including Skype.

Even if the metadata are accessible the content will not be due to the encryption. There is no server with a decrypt function.

I think the NSA would consider Tox to be a great metadata gathering tool.

Could be. There are unanswered questions here. The Tor network has a "weakness" on the entering and exit node where the data are not encrypted. Finding them is hard though.
Once the data are in the network they bounce around randomly while they are encrypted.

In fact you can use the Tor network with Tox

https://wiki.tox.im/Tox_over_Tor_(ToT)

[Snorkasaurus]

When I say "sold", all I mean is that I don't think it offers more privacy than any other "non-plain text" communications solution including Skype.

Even if the metadata are accessible the content will not be due to the encryption. There is no server with a decrypt function.

So your client application does in fact create it own keys? Can you manage your keys within the client application? If your client does not create and manage its own keys then how is key management performed such that the servers (DHT Nodes) are not able to decrypt content? Is data encrypted from endpoint to endpoint or is it encrypted between the DHT Nodes and their clients?

Could be. There are unanswered questions here. The Tor network has a "weakness" on the entering and exit node where the data are not encrypted. Finding them is hard though.
Once the data are in the network they bounce around randomly while they are encrypted.

The list of Tor Exit Nodes is published, query the database here.

[viking60]

Yes I edited above - Tox can run over the Tor network.
But I have to admit that I am unsure if it would be safe after the developers got the national security letter .

[R_Head]

I wonder, there is any good VoIP software? I might still (somewhere in the house) have a software that all it need was an IP to make a call. On my case; I get the IP from my Router given by the ISP. My friend "dialed" that number, my router was set on port forwarding to a PC in specific with the software. Just worked wonders, no logins, no passwords, just plain and simple straight through. If we shared files, our FTP serves took care of that.

If is straight though that way, is it more secure that way? In the way I see it, in order to record you need to intercept and the way I would do it is at a Server/Service (like Skype) level. I think a packet sniffer will have a tough time intercepting the data.

[Snorkasaurus]

I wonder, there is any good VoIP software?

There is...
I have a Mumble server setup behind a firewall that does not allow direct access to the Mumble service but does allow SSH access for port redirection. If anyone wishes to connect to the Mumble server they simply need to SSH to the server with a redirection rule in their SSH client, and then connect to the Mumble service through the tunnel. All voice traffic runs through SSH tunnels, and configuration/logging is entirely controlled by me. Mumble allows for different "chat rooms" to be created, access control lists, passworded chat rooms, text messages, etc. In the past I have also done this with TeamSpeak and I understand that Ventrilo functions in a similar way (but I have never tried it).

If you wanted to setup your own PBX you could design a similar system using Asterisk and SSH but it would get complicated quickly because each SIP/AIX enabled device would need to be able to make an SSH tunnel or be directed through a pre-existing one. You would also have a hell of a time setting up the port forwarding on all routers for RTP sessions. You would be better off with setting up TLS for your SIP and RTP connections rather than trying to hide behind an SSH tunnel. The nice thing about a solution like this is that you could setup each person with their own extension number, you could use any SIP or AIX capable client, and you could even use an ATA with a regular telephone if you wanted to.

If is straight though that way, is it more secure that way? In the way I see it, in order to record you need to intercept and the way I would do it is at a Server/Service (like Skype) level. I think a packet sniffer will have a tough time intercepting the data.

Sort of... if you use a direct connection it could still be recorded by your ISP, or any other node between you and the remote caller. If the connection is encrypted they'll of course have a harder time getting at the actual content.

On a side note... even though voip communications are often UDP rather than TCP, they can still be trapped very efficiently. Popular packet sniffer Wireshark can not only trap voip calls, but can actually play them back for you from within the application.

S.

[viking60]

On a side note... even though voip communications are often UDP rather than TCP, they can still be trapped very efficiently. Popular packet sniffer Wireshark can not only trap voip calls, but can actually play them back for you from within the application.

S.

Dnscrypt can take care of that. Wireshark will not be able to identify the traffic then - If you do not encrypt your DNS traffic then your ISP can see everything you see in your browser.

It is an old post so remember to do it the systemd way

[Snorkasaurus]

Dnscrypt can take care of that. Wireshark will not be able to identify the traffic then - If you do not encrypt your DNS traffic then your ISP can see everything you see in your browser.

It is an old post so remember to do it the systemd way

I'm not sure I get how encrypting your DNS traffic will stop Wireshark from being able to collect your SIP/RTP traffic. I don't get how encrypted DNS hides anything other than DNS queries.
S.

[viking60]

True It will only encrypt the Dns traffic. I haven't tried it with SiP/RTP traffic. So this means that the ISP can listen in as he wants or is forced to.

[Snorkasaurus]

True It will only encrypt the Dns traffic. I haven't tried it with SiP/RTP traffic. So this means that the ISP can listen in as he wants

It is possible to setup TLS for both SIP and RTP... however it is a bit of a pain and your devices have to support encryption for both protocols. I think a lot of SIP based softphones would be okay, but some ATA devices may not support encryption on either protocol. Alternatively it would also be possible to setup VPN's for your SIP/RTP clients but that comes with it's own set of challenges. That is why I like using a solution like Mumble behind an SSH only server - the bad news is that you have to use the Mumble client application but the good news is that it is much more straightforward to design with encryption.

Hmmm, I have not worked with encrypted Asterisk in a while... I might have to take another look!

or is forced to.

I must say that unfortunately I think this one is the more likely scenario.

S.