I’ve seen a lot of talk about privacy minded chat clients on here but a search did not bring up Tox. I have been delving into the Gemini protocol ( https://gemini.circumlunar.space/) and a few folks there have listed Tox for contact. Anyone have thoughts on this?
It’s encrypted, peer to peer, FOSS, and requires no signup.
I cannot find that page again as it as obviously been fixed since, but i remember looking at Tox a long while ago and running away scared and laughing at the same time.
On some installation page (on a wiki!!) it used to recommend (from memory) something like “wget --ignore-certificate https://blah.blah/blah.sh | sudo sh”
My immediate reaction was that i wouldn’t take seriously anything related to security from ppl recommending such insanely sloppy and insecure methods…
The whole approach to security of Tox was very questionable since the beginning. Tox even hinted at being able to withstand attacks from nation-states (see below), while at the same time it was not audited by 3rd parties and had no clear description of their threat model. A number of question and bug reports around security where quickly dismissed.
“Whether it’s corporations or governments, digital surveillance today is widespread. Tox is easy-to-use software that connects you with friends and family without anyone else listening in.”.