Tox, a Skype Replacement Built On 'Privacy First'

← Back to Stories (view on slashdot.org)

Tox, a Skype Replacement Built On 'Privacy First'

Posted by Soulskill on Monday September 1, 2014 @10:59AM from the pet-rock-also-built-on-privacy-first dept.

An anonymous reader writes: Rumors of back door access to Skype have plagued the communication software for the better part of a decade. Even if it's not true, Skype is owned by Microsoft, which is beholden to data requests from law enforcement. Because of these issues, a group of developers started work on Tox, which aims to rebuild the functionality of Skype with an emphasis on privacy. "The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever—not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there's no central hub to snoop on or take down."

174 comments

Min score:

Reason:

Sort:

Oh god why. by Anonymous Coward · 2014-09-01 11:03 · Score: -1

Oh god, Tox still isn't even remotely ready yet, why do this?! Damn it /g/.
Not to mention the fact that most paranoia freaks will shit themselves when they realize your IP gets exposed to people in the same way that BT does.
1. Re:Oh god why. by viperidaenz · 2014-09-01 11:28 · Score: 4, Insightful
  
  OH SHIT
  My IP gets exposed? Like how I've just sent it to Slashdot and the countless routers and proxies between my PC and the Slashdot servers?
2. Re:Oh god why. by TrollstonButterbeans · 2014-09-01 12:15 · Score: 1
  
  It is a legitimate concern. Mocking it doesn't allay the concern.
  
  --
  Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
3. Re:Oh god why. by Anonymous Coward · 2014-09-01 12:24 · Score: 0
  
  If you can come up with a way to initiate a stateful connection between two endpoints without telling each other, or a MITM, your IP, I'm sure we'd be all ears.
4. Re:Oh god why. by viperidaenz · 2014-09-01 12:44 · Score: 2
  
  The only way to stop your IP from being broadcast around the internet is to not use the internet.
  The only way to receive a packet of data is for someone else to know your IP address. Either the entity initiating the send, or some kind of proxy along the way.
  It's how the internet works.
  Please explain how it's a legitimate concern and how to alleviate it.
5. Re:Oh god why. by Anonymous Coward · 2014-09-01 12:55 · Score: 0
  
  Well garbage in, garbage out... At least the content will be encrypted, leaving only meta-data. Using a VPN can then only show a connection to your VPN and you can talk without metadata linking who your chating with.
  I just hope they truly make it secure from the encryption to the authorization, so man-in-the-middle attacks or a weakness in encryption can compromise the service.
6. Re:Oh god why. by Anonymous Coward · 2014-09-01 13:05 · Score: 0
  
  Oh Hi there, welcome to slashdot, you must be new here.
  Why don't you have a quick look around, might I suggest you start with some introductory reading on issues that are considered common knowledge here. Anything with the word "Snowden" or "NSA" might be a good start.
7. Re:Oh god why. by TrollstonButterbeans · 2014-09-01 13:23 · Score: 1, Insightful
  
  A server in the middle that acts as a central point.
  
  I get what you are saying, but exposing IP addresses to 3rd parties isn't typically desirable.
  
  Case in point, I don't have your IP address. And you don't have mine.
  
  Sure email works like that (although possibly less so in current era with gmail and such, then again maybe not), but many services don't. Sure, the service provider --- the middleman --- has access to that, but the other users don't.
  
  A solution to a problem isn't necessarily a knee-jerk opposite solution (centralized vs. decentralized) but often some variation of an existing successful model that is slightly flawed, correcting *ONLY* the part that is flawed, not the parts of the service infrastructure that work well.
  
  --
  Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
8. Re:Oh god why. by Infoport · 2014-09-01 13:26 · Score: 1
  
  remailers and nyms can do it for email. Unfortunately you get a lot of latency, sometimes added on purpose for extra security (to prevent tracking by timing) You encrypt reply blocks that have nested instructions to send the also-encrypted message along. Each server can only decrypt their own portion. With two servers between you, neither end point knows the other end point. Servers in different countries may be used in series. You can assemble such a reply block and attach it to anonymously sent emails or posts.
  
  Some servers allow you to set up an address, and associate it with a reply block. You then have created a "nym", on a nymserver, and can give out that email address to places rather than a reply block.
  
  An additional part can give the encrypting key to the next server, so the server which decrypts a section encrypts the messages it sends out with the next server's key routinely.
  
  Unfortunately, to have deniability regarding a sent message, you can't send it and have it immediately appear on the other end.
9. Re:Oh god why. by Anonymous Coward · 2014-09-01 13:29 · Score: 3, Insightful
  
  As with nearly everything in life, privacy and security are not all-or-nothing, black-or-white issues - instead it is a set of trade-offs, what do you have to give up in order to get a desired result. It is at least a 2-dimensional spectrum where limiting exposure to the minimum necessary nodes versus any node that takes an interest is preferrable.
  Look at it this way - most people don't have a problem giving their credit card number to a website when they make a purchase but would not find it acceptable to share their credit card number with every website they log in to.
  We know by its existence that onion-routing is one way to minimize IP address exposure. It does not eliminate it, but it drastically reduces the window of exposure. That increased privacy comes at a cost, the question, as it is with all costs, is if the cost is worth it.
10. Re:Oh god why. by ThatsMyNick · 2014-09-01 13:48 · Score: 1
  
  On slashdot, your IP doesnt get exposed to everyone, silly. It only gets exposed to slashdot (and routers in between if you are not using SSL). Finding your IP (and hence your location), by just your name viperidaenz, is a little bit worrying and a valid concern. If you dont find it worrying, you should start signing each of your slashdot posts with your current IP.
11. Re:Oh god why. by viperidaenz · 2014-09-01 13:48 · Score: 1
  
  I don't have your IP, you don't have mine. The 3rd party in the middle does. There is a single point where all interaction with Slashdot can be intercepted.
  
  I get what you are saying, but exposing IP addresses to 3rd parties isn't typically desirable.
  What? That's exactly what you're advocating.
  The flaw in the system is the central server.
  Email works fine how it is, because of the requirement to store messages when recipients are offline. Yet it still doesn't suffer the problem of all messages going through a single entity. You're free to connect directly to the recipients mail server. You're not forced to go through a particular company or country.
  Real time video links don't have that requirement. There is no need for a central server. All you need is some kind of directory. A DHT fills that requirement.
12. Re:Oh god why. by viperidaenz · 2014-09-01 13:51 · Score: 2
  
  aka http://en.wikipedia.org/wiki/O...
13. Re:Oh god why. by viperidaenz · 2014-09-01 13:54 · Score: 1
  
  Finding my IP just by my name viperidaenz requires nothing more than an NSL.
  Regards,
  viperidaenz
  IP: 10.0.102.54
  ps: there may be one or more network address translations and proxy servers in the way.
14. Re:Oh god why. by Anonymous Coward · 2014-09-01 14:08 · Score: 0
  
  Tor.
15. Re:Oh god why. by Anonymous Coward · 2014-09-01 14:10 · Score: 0
  
  You're.
  Moron. Go back to school.
16. Re:Oh god why. by stephenmac7 · 2014-09-01 14:26 · Score: 2
  
  He said: or a man in the middle.
  
  --
  "No man's life, liberty, or property are safe while the legislature is in session." -- Judge Gideon J. Tucker
17. Re:Oh god why. by Anonymous Coward · 2014-09-01 14:33 · Score: 0
  
  Tor
  tells your ip to PRISM, which tracks the packet from hop to hop all the way through the onion and back. You think they just stumbled onto tormail's server at random?
18. Re:Oh god why. by TrollstonButterbeans · 2014-09-01 14:46 · Score: -1, Troll
  
  Today you don't understand, but perhaps given enough time you might accumulate the wisdom to understand my point.
  
  If you think the flaw in the system is the central, good for you.
  
  You will also be ignorant of the history of the internet, but that's ok and with enough time you'll either see my point or not.
  
  But to relate to what you understand today, I would say that doesn't anonymity contribute to a healthy internet --- even semi-anonmymity as you might understand it with what you understand --- and your idea is that this would discarded because of Boogeyman (NSA or Russians or whatever).
  
  We have been down that road before, it didn't work. And it is okay if you don't know enough about the past to know these past attempts failed, that's just part of the learning experience.
  
  --
  Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
19. Re:Oh god why. by viperidaenz · 2014-09-01 15:20 · Score: 1
  
  There you go again.
  
  I would say that doesn't anonymity contribute to a healthy internet
  That's exactly what you lose when you route all your communications through a single provider. You're left with pseudonymity.
20. Re:Oh god why. by Anonymous Coward · 2014-09-01 15:45 · Score: 0
  
  There are multicast protocols, broadcast addresses and "magic packets" used to switch machines on and off. Unfortunately, those methods tend to send messages to a whole range of addresses and not just the one you intended.
21. Re:Oh god why. by TrollstonButterbeans · 2014-09-01 16:05 · Score: 0
  
  And when your communications are routed through your DSL, Cable or Phone provider?
  
  You seem to operate from the idea that communications network is separate from corporate control or government observation. But it isn't.
  
  You can wish it were. It does not make it so.
  
  Hence, your ideas aren't from a position of experience like you wish to believe, but rather inexperience. Which is my point.
  
  I hope you learned something today.
  
  --
  Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
22. Re:Oh god why. by NotSanguine · 2014-09-01 17:21 · Score: 1
  
  It is a legitimate concern. Mocking it doesn't allay the concern.
  A legitimate concern? Man! I want some of what you've been smoking, buddy!
  I'd be really interested to know how one can send and receive data across the Internet without sharing your IP address with each intervening router, as well as the endpoint. I've been doing IP networking (since you're obviously rather thick, I'll explain that IP is the Internet Protocol which is the basis for all communications across the Internet. You can find out more with the TCP/IP Tutorial and the Internet Protocol Specification) for a long time, possibly since before you were born (your comments indicate that it may have been yesterday) and your IP address is critical to routing your data to and from the network node you're using at any given time.
  So please, do enlighten all of us who clearly don't have your intimate knowledge of IP networking as to how we can send and receive data without sharing our IP address. I'd be much obliged.
  
  --
  No, no, you're not thinking; you're just being logical. --Niels Bohr
23. Re:Oh god why. by NotSanguine · 2014-09-01 17:23 · Score: 1
  
  It is a legitimate concern. Mocking it doesn't allay the concern.
  Oh, and I wouldn't dream of mocking your "point." I'll just mock you. You're certainly asking for it.
  
  --
  No, no, you're not thinking; you're just being logical. --Niels Bohr
24. Re: Oh god why. by sandertje · 2014-09-01 18:29 · Score: 1
  
  Pipe it through a VPN
25. Re:Oh god why. by TrollstonButterbeans · 2014-09-01 18:51 · Score: 0
  
  Have at it. Do it from sunrise to sunset.
  
  And my point with be correct the entire time while you do it, regardless of whether or not you think attacking the conveyor of a correct and valid idea has merit.
  
  --
  Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
26. Re:Oh god why. by TrollstonButterbeans · 2014-09-01 18:53 · Score: -1
  
  "So please, do enlighten all of us who clearly don't have your intimate knowledge of IP networking as to how we can send and receive data without sharing our IP address."
  
  A centralized server.
  
  Which is why you have no clue what my IP address is.
  
  --
  Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
27. Re:Oh god why. by Anonymous Coward · 2014-09-01 19:19 · Score: 0
  
  I'll just mock you. You're certainly asking for it.
  Well yes, that's kinda the point.
  Do you really think TrollstonButterbeans will object to being fed the kind of attention it's begging for?
28. Re:Oh god why. by viperidaenz · 2014-09-01 19:47 · Score: 2
  
  That's where encryption comes in to play when routing data anonymously.
29. Re:Oh god why. by Pikoro · 2014-09-01 19:58 · Score: 1
  
  Time to go back to IPX/SPX and NetBIOS
  
  --
  "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
30. Re:Oh god why. by Anonymous Coward · 2014-09-01 20:10 · Score: 0
  
  I think most privacy advocates are much more worried about a central server than exposing their IP address.
  In fact, that's one of the selling points of Tox compared to Skype: the NSA can't simply ask Microsoft for a tap into all of your communications.
  Having my conversations go through a untrusted third party is a concern every reasonable person has, whereas exposing the IP address to someone you're communicating with is less of an issue for most people (assuming well done encryption will stop any MITM attacks).
  For those who care, there are already perfectly good solutions to hiding your IP, and there is no reason to think Tox won't work with it. So there you go - best of both worlds.
31. Re:Oh god why. by ajb673 · 2014-09-01 21:02 · Score: 1
  
  (and routers in between if you are not using SSL)
  No I'm fairly sure SSL still exposes your IP to routers. It's only the content that's encrypted not the source.
32. Re:Oh god why. by DarkTempes · 2014-09-01 21:32 · Score: 1
  
  Skype already leaks your IP anyway (both to active callers and to anyone that requests it as long as they know your username.)
  It's common knowledge in live streaming that you should hide your skype username when streaming to prevent DoS attacks.
  http://krebsonsecurity.com/201...
33. Re:Oh god why. by StripedCow · 2014-09-01 21:49 · Score: 1
  
  We have TOR for that.
  Don't make developers implement stuff that should be handled in different layers of the communication stack. The code will only get more hairy and less secure.
  
  --
  If Pandora's box is destined to be opened, *I* want to be the one to open it.
34. Re:Oh god why. by AmiMoJo · 2014-09-02 00:03 · Score: 1
  
  The only way to stop your IP from being broadcast around the internet is to not use the internet.
  Or just use Tor or a VPN. The point is to hide "your" IP address, i.e. the one that can link information back to your internet connection.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
35. Re:Oh god why. by Saint+Gerbil · 2014-09-02 00:26 · Score: 1
  
  Go ahead I'm not afraid of exposing myself.
36. Re:Oh god why. by Wootery · 2014-09-02 02:21 · Score: 1
  
  Either the entity initiating the send, or some kind of proxy along the way.
  It's how the internet works.
  Please explain how it's a legitimate concern and how to alleviate it.
  Just because it's how the Internet works, doesn't mean it might not be a problem. There's a tin-foil hat brigade who use VPNs, after all.
  Crypto analogy: the Internet works in plain-text. That doesn't mean plain-text is always appropriate.
37. Re:Oh god why. by ThatsMyNick · 2014-09-02 04:01 · Score: 1
  
  Nope, it actually just requires your skype (or Tox) name. If you dont like your IP to be exposed, I am sure you will understand the concerns about tox/skype exposing IPs.
38. Re:Oh god why. by ThatsMyNick · 2014-09-02 04:05 · Score: 1
  
  With SSL, they only have source and destination IP, not your username. So association between username and IP is not possible.
39. Re: Oh god why. by Anonymous Coward · 2014-09-02 06:49 · Score: 0
  
  Not if your traffic was layer 2 and you mac spoofed. If the device you are communicating with is via layer 2 and had it's own IP. Others only see other devices IP.
Back door by WillKemp · 2014-09-01 11:06 · Score: 2

Even if it's not true [......]
Considering all the revelations that have emerged about surveillance in those ten years, the possibility that it's not true seems barely worth considering.
1. Re:Back door by Anonymous Coward · 2014-09-01 11:27 · Score: 1
  
  The idea of backdoors is just convoluted and pointless, it's often a way of perpetuating some illusion of shady corporate and government collusion. Oddly enough the product is used by many different governments and other corporations across the globe so I've never quite understood who the supposed conspirators are - though it is often Microsoft and the US government while the rest of the world are bumbling fools living in ignorance, but these people who tell us all about these back doors (except what they are, how they work, if they exist and how to access them) are the real informed ones that know the truth.
  The more knowledgeable of us know you could easily prove it out with traffic analysis if they *did* exist yet it remains the domain of unsubstantiated and often bizarre conspiracy theorists. The fact is it is unnecessary because trapping the traffic as it goes over the public net is a much more clandestine approach and does not require specific interfaces in every bit of software for it to work.
  I enjoy the conspiracy theories to a point but I have always found it odd that while one group of extremists portrays corporations like Microsoft, Apple, Google, HP, IBM, and others as bumbling idiots when it comes to security while the other end of the scale argues that they are incredibly competent criminal masterminds to the point that they have these secret backdoors into every system that nobody knows about and nobody on the inside has ever leaked out. Both groups argue against the more level-headed groups but never against eachother ... strange.
2. Re:Back door by Anonymous Coward · 2014-09-01 11:28 · Score: -1
  
  I hear a bunch of faggot junkies know all about your back door. You dirty bird.
3. Re:Back door by Anonymous Coward · 2014-09-01 12:08 · Score: 0
  
  A back door can remain dormant until you become a target and the US gov't wants into your computer/network. It doesn't matter how competent Microsoft and Google are, they can be subject to national security letters forcing complete secrecy and threat of being shut down if they don't comply. After all the Snowden revelations, I don't understand how one can be so trusting of closed source software and cloud services from American tech companies.
4. Re:Back door by AHuxley · 2014-09-01 12:19 · Score: 4, Interesting
  
  AC the backdoor aspect is both national and international
  "FBI Wants Backdoors in Facebook, Skype and Instant Messaging"
  http://www.wired.com/2012/05/f...
  ".... drafted by the FBI, that would require social-networking sites and VoIP, instant messaging and e-mail providers to alter their code to make their products wiretap-friendly."
  Then the world was given more details "Encrypted or not, Skype communications prove ÃoevitalÃ to NSA surveillance" May 14 2014
  http://arstechnica.com/securit...
  As for the "nobody on the inside has ever leaked out." aspect try http://cryptome.org/2013-info/...
  The "inside" can now be understood by aspects like "Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.Ã(TM)s"
  http://www.nytimes.com/2013/09...
  ..."employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987."
  How past "parallel construction" and telco support will respond to any new "peer-to-peer and voice calling" will be interesting.
  How did the US and UK get to past bespoke crypto telco hardware in the 1950's and beyond? Plain text always seemed to emerge just in time.
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:Back door by Mister+Liberty · 2014-09-01 12:19 · Score: 1
  
  Leaving the conspiracy theories aside (indeed, who needs them, except strawman erectors) -- tell me, do you think for instance there were some average Janes and Joes that got rather a bad wrap, undeservedly so, during the housing and banking crises the other day?
6. Re: Back door by Anonymous Coward · 2014-09-01 12:23 · Score: 0
  
  Nice try, but you can't know that much and be that dumb all at once. If you send traffic to a central server, and if the traffic is unencrypted OR is encrypted by a key you don't control then monitoring your traffic without you being to prove it is absolutely possible. You could send traffic to a web server and that server could send a copy to anywhere and you'd never see it. I suppose to you that means it doesn't exist.
  I've been watching the antics of you corporate apologists and law enforcement worshippers for some time now. You'd almost be funny if your attitudes weren't so poisonous to a free society.
7. Re:Back door by Anonymous Coward · 2014-09-01 12:33 · Score: 0
  
  So what is it you know that the rest of the world doesn't?
  
  After all the Snowden revelations, I don't understand how one can be so trusting of closed source software and cloud services from American tech companies.
  After all the Snowden revelations, I don't understand how one so concerned with privacy can even use the internet at all. These days communication is much more prevalent on Linux smart phones than on Windows PCs and intercepting communication in transit is what the NSA has been doing as it is much more efficient, clandestine and platform independent. More to the point you do not have to worry about the target's PC being turned on, connected to the internet and that they are behind a firewall configured to allow those outside connections.
8. Re: Back door by Anonymous Coward · 2014-09-01 13:13 · Score: 2, Interesting
  
  If you send traffic to a central server, and if the traffic is unencrypted OR is encrypted by a key you don't control then monitoring your traffic without you being to prove it is absolutely possible.
  You *always* send data to servers you dont control when you transmit data over the public net, everybody already knows that and anybody that assumed any sort of privacy when transmitting data over a public network is a deluded fool, clearly you are in that category.
  I suppose to you that means it doesn't exist.
  No I am talking about backdoors in client side software (in things like windows and osx, the kind that has been perpetuated for years without any actual proof) because you do not *need* backdoors in server software when you have a dragnet that can capture masses of public traffic. It may make it easier but it is by no means necessary.
  I've been watching the antics of you corporate apologists and law enforcement worshippers for some time now. You'd almost be funny if your attitudes weren't so poisonous to a free society.
  No I am just not using fear of mass surveillance to push an agenda of free software. The problem with people like you is you are trying to lull people into a false sense of security by advocating privacy and openness while ignoring that software like this is not the answer (didnt work out too well for Tor now did it?). If what you are genuinely after is a free society then you already know that free software and data encryption are a stupid place to start because you're always the next zero day vulnerability or a compromised public server away from malicious parties intercepting your data. I am not entirely sure if your position is through ignorance or malice but either way trying to convince people that software like this will lead to a free society is utter stupidity of the highest order or deviously malicious at the other end.
  Free software and private communications are a side-effect of a free society, they are in no way capable of creating a free society because they can be compromized and the networks on which they operate can be compromized.
9. Re:Back door by wiredlogic · 2014-09-01 15:29 · Score: 2
  
  Of course it's backdoored. The only reason why eBay bought Skype is to cross-correlate with PayPal accounts in exchange for taking the heat off threats of banking regulation.
  
  --
  I am becoming gerund, destroyer of verbs.
10. Re: Back door by magamiako1 · 2014-09-01 16:05 · Score: 1
  
  I wish you'd post as a logged-in user, your comments are some of the only intelligent ones in this thread.
11. Re: Back door by Anonymous Coward · 2014-09-01 17:39 · Score: 0
  
  You *always* send data to servers you dont control when you transmit data over the public net, everybody already knows that and anybody that assumed any sort of privacy when transmitting data over a public network is a deluded fool, clearly you are in that category.
  
  The idea is to mitigate the number of things that are out of your control, not necessarily completely eliminate them. And I certainly think we should have privacy from mass government surveillance.
  
  No I am just not using fear of mass surveillance to push an agenda of free software. The problem with people like you is you are trying to lull people into a false sense of security by advocating privacy and openness while ignoring that software like this is not the answer (didnt work out too well for Tor now did it?).
  While using free software won't eliminate all the problems, having a better idea of whether or not there are backdoors certainly does help. The perfect solution fallacy isn't logically valid, just so you know.
  As for whether it worked for Tor, well, it did. There are problems with Tor, but it hasn't been completely defeated by any means.
  
  Free software and private communications are a side-effect of a free society
  Society is not either completely unfree or completely free. There are in-betweens, and being in-between makes a lot of difference. Right now, the government may only be selectively harassing certain people, not oppressing the entire populace. So "free society" is a false dichotomy.
12. Re: Back door by Anonymous Coward · 2014-09-01 18:11 · Score: 0
  
  your comments are some of the only intelligent ones in this thread.
  Then why does it remind me so much of the "Nail-polish that can detect date-rape drugs is a bad idea since rapists shouldn't exists in the first place!" arguments?
  Yes, the best option would be to have a free society. To disregard everything that helps until that happens doesn't seem very intelligent to me.
13. Re:Back door by Anonymous Coward · 2014-09-01 18:48 · Score: 0
  
  After all the Snowden revelations, I don't understand how one so concerned with privacy can even use the internet at all.
  So why aren't you logged in, then?
  What's your name, address, occupation? Your phone numbers, both mobile and land line? Who do you bank with? Can we have a copy of your bank account number? E-mail addresses? Vehicle registration and licencing, as well as your own licences to operate said vehicles, as well as details on any infringements you may have committed, plus the number of demerit points you have. Provide lists of your Facebook accounts, and your present IP as well. Also, please include these details for your partner, any children and grandchildren, and your parents, too.
  We'll also be wanting a list of all of your friends, and their contact information.
  Please direct us to a genuine image of yourself, plus children, grandchildren, partner, and parents, and make your chat logs available. Also, please provide us with a listing of all files on your hard drives and backup locations and, while you're at it, thumbnails of all the images. Make all of your images available for us to peruse at will.
  What software do you presently use, and have you properly licenced those packages?
  No, I can't have these details? Well, I certainly don't understand how someone so concerned with privacy can use the internet at all.
14. Re:Back door by Anonymous Coward · 2014-09-01 18:50 · Score: 0
  
  Check your facts before spouting nonsense:
  And use your brains (if you've got such): compromising end-user devices is a handy way for the spooks to do an end-run (literally) around end-to-end encryption (see what I did there?). If we assume today's encryption to be (practically) unbreakable (remember: we have no proof for that!) , then end-user device compromise would be the *only* way for the spooks around well-done encryption.
  Why should they renounce to this tool?
15. Re: Back door by unrtst · 2014-09-01 23:57 · Score: 1
  
  Wish I had mod points for ya (or that you had logged in)
16. Re:Back door by LordLimecat · 2014-09-01 23:58 · Score: 1
  
  Hows this.
  We know-- for a fact-- that Skype has worked with the Chinese government to provide bugged versions of skype (TOM Skype). We know-- for a fact-- that Microsoft has access to provide call logs for law enforcement, on demand.
  Call it what you like, but both of those are well documented and can be found in a 5 minute google search.
17. Re: Back door by Anonymous Coward · 2014-09-02 02:04 · Score: 0
  
  Maybe he or she has mod points and already modded some post(s) here, but couldn't stand not commenting on the thread. I modded him/her up.
18. Re: Back door by Anonymous Coward · 2014-09-02 10:51 · Score: 0
  
  To disregard everything that helps until that happens doesn't seem very intelligent to me.
  The point is that it doesnt help, it lulls people into a false sense of security. Even the best and most widely used free software has exploitable security holes and ultimately you are sending your traffic over the public net. Yes, use free software because it is great but *do not* argue that it is going to be any more secure or free of backdoors and exploitation because that is either naive or malicious.
It's about time. by Anonymous Coward · 2014-09-01 11:09 · Score: 0

Seriously. Wtf nerds?
Oh Great Just What We (Don't) Need by Anonymous Coward · 2014-09-01 11:11 · Score: -1

An even shittier version of a shitty program. Skype in unreliable and barely usable. So now we're proposing something even worse. You have to be seriously insane to even consider trying to do real time video over something akin to Bittorrent.
1. Re:Oh Great Just What We (Don't) Need by viperidaenz · 2014-09-01 11:30 · Score: 3, Funny
  
  You mean peer to peer, instead of relaying via a server?
2. Re:Oh Great Just What We (Don't) Need by greenwow · 2014-09-01 11:36 · Score: 1
  
  It's so bad, Microsoft doesn't even make it easy to kill it off. Even Scott Adams made a Dilbert cartoon about how bad it is:
  http://dilbert.com/strips/comi...
3. Re:Oh Great Just What We (Don't) Need by rstanley · 2014-09-01 11:44 · Score: 1
  
  "So now we're proposing something even worse."
  Why do you think it will be worse? Give them a chance and let's see the released version.
4. Re:Oh Great Just What We (Don't) Need by Anonymous Coward · 2014-09-01 11:55 · Score: 0
  
  Actually I've found Skype has become much more reliable since Microsoft bought them out. Video call quality is vastly improved and doesn't suffer from the call dropouts of old.
5. Re:Oh Great Just What We (Don't) Need by Anonymous Coward · 2014-09-01 12:18 · Score: -1
  
  Your check is in the mail.
  MS
6. Re:Oh Great Just What We (Don't) Need by Anonymous Coward · 2014-09-01 13:49 · Score: 0
  
  my experience on linux has been the exact opposite.
7. Re:Oh Great Just What We (Don't) Need by grcumb · 2014-09-01 14:44 · Score: 2
  
  You have to be seriously insane to even consider trying to do real time video over something akin to Bittorrent.
  A few months ago, I would have agreed with you. But I've been using the PopcornTime app since then, and it reliably delivers HD streams with few if any stutters. There's no reason to believe a single (video+)voice stream wouldn't be possible using a similar approach....
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
8. Re:Oh Great Just What We (Don't) Need by Anonymous Coward · 2014-09-01 17:08 · Score: 0
  
  I have had the opposite experience. I have had more calls drop out for no obvious reason (network at both ends was still operational) in the last few weeks than ever before. Yay anecdotes!
9. Re:Oh Great Just What We (Don't) Need by LordLimecat · 2014-09-02 00:00 · Score: 1
  
  It is in fact the exact approach used by Skype in many circumstances. Peer-to-peer voip is neither novel nor difficult.
10. Re:Oh Great Just What We (Don't) Need by PRMan · 2014-09-02 02:36 · Score: 1
  
  While funny, Right-click the tray icon and select "Quit Skype" and then "OK" when it tells you that nobody can call or text you on it.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 11:16 · Score: 5, Insightful

Decentralized services are a great idea, but there is one big flaw. Not enough people care about it to get a critical mass of users. Virtually everyone outside a handful of tech geeks will keep using the centralized services, so to talk to people out there in the real world, you'll need to use the centralized services too. Or, restrict yourself to these decentralized networks and find they are mostly empty, maybe several thousands of users across the whole of the world.
And good luck trying to explain to Joe/Jane Sixpack how to use them. You have to fight against the centralized data-mined services that came preinstalled on their devices, and that's a non-starter for most people.
It fails not for technical reasons. It fails because of widespread tech illiteracy in the general population.
1. Re:it's a great idea with one major flaw by dcollins117 · 2014-09-01 11:24 · Score: 4, Insightful
  
  Decentralized services are a great idea, but there is one big flaw. Not enough people care about it to get a critical mass of users.
  There's a group of Hollywood celebrities that have just been made aware of the need for decentralized and more private internet services. I think people will care, albeit only after a problem has occured.
2. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 11:32 · Score: 1
  
  Do you think a single one of those celebrities will move to such a system?
  I wager not one of the ones effected by it will.
3. Re:it's a great idea with one major flaw by exomondo · 2014-09-01 11:36 · Score: 1
  
  There's a group of Hollywood celebrities that have just been made aware of the need for decentralized and more private internet services.
  In that context what is the solution? Certainly not to host the services yourself. The security was beaten by a flaw in the server software that allowed a brute force attack to take place, so how does decentralization help you there?
4. Re:it's a great idea with one major flaw by Bing+Tsher+E · 2014-09-01 11:37 · Score: 5, Insightful
  
  They just have to stop storing personal content 'on the cloud'. Don't buy into the idea of no local storage. Say NO to devices that don't have an SD slot ( sorry, Apple and Google...)
  32g sd cards are really cheap now.
5. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 13:36 · Score: 0
  
  > In that context what is the solution? Certainly not to host the services yourself.
  It sure is.
  Where "yourself" is one of a set of firms that specialize in very high security hosting for high-risk clients. Using an iphone locked them in to Apple's lowest-common denominator of secure hosting, and while that's great for the average low-value target, it isn't sufficient for someone with a lot to lose.
  Imagine "concierge" services that charge a buttload of money but spend that money on a very high standard of security, maybe even to the point of a dedicated support person to manage all the data and control access on case-by-case basis. Kind of a combination personal assistant and internet body-guard (data-guard?).
6. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 13:49 · Score: 0
  
  The problem is not so much a back door, trap door, just that every letter and number entered on the device is open to hardware logging by default by a gov activated telco layer..
  If that exists. Very few (if any) of these handsets are built in USA and often you can get them directly from places like China, many are designed and manufactured overseas and i doubt they are particularly sensitive to what the US governmnet wants. or maybe all the worlds' governments are colluding?!
7. Re:it's a great idea with one major flaw by dcollins117 · 2014-09-01 13:49 · Score: 1
  
  Do you think a single one of those celebrities will move to such a system?
  I really think they will if it's the easiest option. It's up to developers to make encrypted, decentralized storage the default and easy to use. Build it and they willl come (pun half-heartedly intended.)
8. Re:it's a great idea with one major flaw by AHuxley · 2014-09-01 13:58 · Score: 1
  
  AC the news is full of 'hints' like "FBI, Telecoms Teamed to Breach Wiretap Laws" ( 01.21.10)
  http://www.wired.com/2010/01/f...
  FBI Seeking to Pay Telecoms to Store Records for Years and Provide Instant Access (07.18.07)
  http://www.wired.com/2007/07/f...
  FBI pressures Internet providers to install surveillance software (August 2, 2013)
  http://www.cnet.com/news/fbi-p...
  Also recall Communications Assistance for Law Enforcement Act http://en.wikipedia.org/wiki/C...
  ".... requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic."
  Its the local laws where the handsets are to be sold that matters. If you want to sell in say the USA, your "designed" aspect will have to be US wiretapping law friendly.
  
  --
  Domestic spying is now "Benign Information Gathering"
9. Re:it's a great idea with one major flaw by exomondo · 2014-09-01 14:29 · Score: 2
  
  Where "yourself" is one of a set of firms that specialize in very high security hosting for high-risk clients. Using an iphone locked them in to Apple's lowest-common denominator of secure hosting, and while that's great for the average low-value target, it isn't sufficient for someone with a lot to lose.
  That's rubbish, you are not "locked" in to Apple's hosting, stop spreading FUD. You can quite easily turn off iCloud and use whatever service you want or no cloud storage at all, it is already decentralized. You are just swapping one supposedly secure service for another.
10. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 14:45 · Score: 0
  
  AC the news is full of 'hints'
  The news is full of 'hints' that aliens landed, that there is a secret cure for all types and forms of cancer and that we are actually in the matrix but what you really mean by that is things that can be misinterpreted to mean whatever you twist them to mean. You have just extrapolated ad absurdum to create fear. Show me proof, even something remotely plausible that can show that "every letter and number entered on the device is open to hardware logging by default by a gov activated telco layer", because nothing you posted there substantiates that in any way, shape or form.
  
  Its the local laws where the handsets are to be sold that matters. If you want to sell in say the USA, your "designed" aspect will have to be US wiretapping law friendly.
  Tell that to the chinese from whom I bought my cellphone, you really are a joke thinking your US government can police the world. You really think Xiaomi bends to your pathetic US wiretapping laws?
11. Re:it's a great idea with one major flaw by Antique+Geekmeister · 2014-09-01 14:53 · Score: 1
  
  > You can quite easily turn off iCloud and use whatever service you want
  I'm afraid I must say "good luck with that". The bar to replace services that are built into Iphones or Ipads by Apple, as a supported service and built directly into their operating systems, is quite high.
12. Re:it's a great idea with one major flaw by exomondo · 2014-09-01 15:02 · Score: 2
  
  I'm afraid I must say "good luck with that".
  Not sure why, I don't need luck because it already works fine with services like DropBox and Skydrive or there's apps from western digital and synology. I could even use the APIs to write my own if I wanted to.
13. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 15:13 · Score: 0
  
  > I don't need luck because it already works fine with services like DropBox and Skydrive or there's apps from western digital and synology
  Good luck with that. Name one system that does keychain backup/restore inside the standard apple interface.
14. Re:it's a great idea with one major flaw by exomondo · 2014-09-01 15:33 · Score: 1
  
  Name one system that does keychain backup/restore inside the standard apple interface.
  Why would I want to do that? Saving my passwords (encrypted or not) to a cloud service sounds like a fantastically stupid idea. I'll save photos and videos there but passwords? No thank you, I have no need for that.
15. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 16:05 · Score: 0
  
  And good luck trying to explain to Joe/Jane Sixpack how to use them.
  You install a client, open it, it works. Then you add whoever you want, either through the fingerprint or by using a central server that gives you a readable name, and chat away. The interface is no different from other IM clients, although it is much more clean. It has Android, GNU/Linux, and Windows clients too, although video support is only available on GNU/Linux at the moment, I think.
16. Re:it's a great idea with one major flaw by Tom · 2014-09-01 16:18 · Score: 2
  
  It fails not for technical reasons. It fails because of widespread tech illiteracy in the general population.
  We've largely solved the issue with things like magnet links and decentralized databases.
  The issue we still haven't solved is in our mind: We believe everyone needs to have "tech literacy", completely forgetting that every invention in history became successful only after someone made it easy to use for people without learning all the mechanical details about it. When only car mechanics could drive a car, the total number of cars in the world was less than that in your local shopping malls parking lot today. Is that change because cars became more easy to use, or because more people became car mechanics? Take a guess.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
17. Re:it's a great idea with one major flaw by Antique+Geekmeister · 2014-09-01 16:42 · Score: 1
  
  > I don't need luck because it already works fine with services like DropBox and Skydrive
  Neither of these are focused on end-to-end user security. The centralized password management for both systems, and presence of most deposited contents unencrypted, are profound price savings and software simplifications for those companies. But it puts both systems at risk of precisely the sort of overseas, strong-arm warrant or subpoena that Microsoft is facing right now from US courts for email stored in Ireland.
18. Re:it's a great idea with one major flaw by exomondo · 2014-09-01 16:51 · Score: 1
  
  Neither of these are focused on end-to-end user security.
  So? The original question posed was about being "locked" into Apple's offering, which is not the case. Can you provide an alternative service that is "focused on end-to-end user security"?
19. Re:it's a great idea with one major flaw by TheRaven64 · 2014-09-01 20:19 · Score: 2
  
  Step one is to have the big high-profile stories in the press about the problems. Step two is to have the big high-profile stories in the press about the alternatives. The important thing now is for anyone who is contacted by the press as an expert to ask about the iCloud hack to make it very clear that this isn't an Apple-specific problem, it's a problem inherent in the entire design of centralised services and to list alternatives.
  
  --
  I am TheRaven on Soylent News
20. Re:it's a great idea with one major flaw by TheRaven64 · 2014-09-01 20:23 · Score: 1
  
  The BBC news article about the hack had a quote from one of the celebrities saying that the pictures had already been deleted before they were stolen. That is the problem with these services: they don't securely (or, at all) delete things. Google's deletion mechanism, for example, relies on simply not actively copying the files to newer disks so that when the old disks eventually die the files are gone. I wouldn't be surprised if Apple's works in a similar way. Even if you decide you don't trust Apple/Google/Facebook today, you've got a long wait before all of the files that you've uploaded to them are gone.
  
  --
  I am TheRaven on Soylent News
21. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 20:34 · Score: 0
  
  None of these companies delete anything. It's the (US) law. They merely flag each object as `deleted` and filter that out when you look. Law enforcement still has access to every single thing you post, upload or people do against your account.
  If you don't disable all sync functionality on new purchases, your data will automatically be uploaded whether you want it to or not. Don't forget that defaults are set for maximum data collection, not the customers' interests. Heck, even disabling these options, how many are actually honoured and not sneakily fed back to the mothership in secret?
  Even TVs today are reporting home and will disable LAN functionality if they can't talk to the manufacturer. Samsung and LG, the biggest players, are super guilty of this spying. You get a little PR backlash, some whitewashing and it's all forgotten the next time a celebrity farts.
22. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 23:43 · Score: 0
  
  The hack probably had nothing to do with centralized servers. If it is indeed the iCloud hack that happened, they just brute forced a password for a given email. Decentralized servers would have no benefit here. As it says in the summary, it's probably more for evading data requests from law enforcement.
23. Re:it's a great idea with one major flaw by Antique+Geekmeister · 2014-09-02 00:24 · Score: 1
  
  > Can you provide an alternative service that is "focused on end-to-end user security"?
  No. That's partly because the barrier to entry is so high, which I did mention. So services like a Skype replacement, or full blown custmer-privacy-centered services, are quite difficult to get started. And services like Dropbox admit, themselves, that they are not immune from subpoenas. (See https://www.dropbox.com/transp... for what little they're permitted to publish about search warrants or subpoenas.)
  I may have been unclear. "Good luck with that" getting a good quality, genuinely effective customer privacy ensuring technology and service off the ground.
24. Re:it's a great idea with one major flaw by shdowhawk · 2014-09-02 03:36 · Score: 1
  
  I agree with your idea of not buying into "no local storage", but ...
  The device doesn't matter, it's the software. My 16gig iPhone has plenty of storage for my to do what I need/want without using cloud/off-device solutions. I don't need a device with sd cards. Software is the issue. The software I use IS going to send some information to a server SOMEWHERE for storage or re-routing - that is the problem. Having software that does proper peer-to-peer, fully encrypted with proper up-to-date encryption methods, with no centralized nodes, is what is needed for security
  ... But marketing people, of course, know best. We all know that customers want their data "backed up" or "temporarily held" in case of "temporary outages" ... so magical clouds can automatically re-send your information. Think of the chil... err... end users! No one wants to see that "message not delivered" message. It's a feature, not a bug! (*Insert big name company / government agency here*) is just trying to make your device experiences more simple, better, and easier to understand, just like grandma wants/needs it! ... and all joking aside, those features really are kinda nice when it's not abused - which of course means they will be abused.
25. Re:it's a great idea with one major flaw by rbrandis · 2014-09-02 04:53 · Score: 1
  
  Only problem with that is the phones as always connected (unless off or in airplane mode), and ready to be hacked themselves.
26. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-02 06:07 · Score: 1
  
  Or, if you're going to have one of these devices (sorry, but being able to turn a Nexus 7 into a Kali Pwn Pad outweighs the lack of SD slot to me), then at least grab a wireless SD reader ($50-70), or, hell, use sshfs or some other method of storing the data off of the physical device.
  Not having a card reader is absolutely a bit obnoxious, but it doesn't actually lock you into cloud storage. That's just the hope of the marketing crowd.
27. Re:it's a great idea with one major flaw by exomondo · 2014-09-02 10:59 · Score: 1
  
  The BBC news article about the hack had a quote from one of the celebrities saying that the pictures had already been deleted before they were stolen.
  Deleted from the phone, not from iCloud. The hacker(s) gained access to the users' iCloud account where the files are accessible, they were not deleted.
28. Re:it's a great idea with one major flaw by exomondo · 2014-09-02 11:01 · Score: 1
  
  Well firstly I was debunking the idea that with Apple you're locked to iCloud, which is false. Then I was asking what the alternative is and your response is that there isn't one and that some fantasy one with everything you want is likely not viable.
29. Re:it's a great idea with one major flaw by Anonymous Coward · 2014-09-03 11:59 · Score: 0
  
  Or don't built it and the hackers will cum.
xmpp exists today. by nurb432 · 2014-09-01 11:16 · Score: 1

Why reinvent the wheel, again?

--
---- Booth was a patriot ----
1. Re: xmpp exists today. by Anonymous Coward · 2014-09-01 11:30 · Score: 0
  
  XMPP uses centralized servers
2. Re: xmpp exists today. by Jorgensen · 2014-09-01 11:51 · Score: 1
  
  Not entirely true. They are no more centralised than email servers. Each domain gets to nominate their own XMPP servers via DNS - which can be shared across cooperating domains.
3. Re: xmpp exists today. by Anonymous Coward · 2014-09-01 16:07 · Score: 0
  
  That's still a central server. The goal of Tox is to not allow anything to be blocked if it becomes popular, or a MITM targeting a specific service.
4. Re:xmpp exists today. by Anonymous Coward · 2014-09-01 20:32 · Score: 0
  
  Show me at least one Android xmpp client that supports audio calls.
5. Re:xmpp exists today. by unrtst · 2014-09-02 00:20 · Score: 1
  
  Does this count? https://play.google.com/store/...
  Or maybe this (Jitsi)? https://download.jitsi.org/jit...
  Or this (Talkonaut)? http://talkonaut.android.infor...
An oxymoron ... by CaptainDork · 2014-09-01 11:27 · Score: 2

It fails not for technical reasons. It fails because of widespread tech illiteracy in the general population.
You do see what I mean, right?

--
It little behooves the best of us to comment on the rest of us.
A group of developers started work on Tox .. by Anonymous Coward · 2014-09-01 11:31 · Score: 0

Re:Oh god why.

"Oh god, Tox still isn't even remotely ready yet, why do this?! Damn it /g/."

What part of ' A group of developers started work on Tox ' don't you understand?

"Not to mention the fact that most paranoia freaks will shit themselves when they realize your IP gets exposed to people in the same way that BT does."

What?
1. Re:A group of developers started work on Tox .. by Anonymous Coward · 2014-09-01 20:11 · Score: 0
  
  Because "started work on" really means started work on it ages ago.
  This isn't just some new client that came out last week, it is ages old.
  All the clients are a mess and so much basic stuff is missing.
  This is alpha at best. Not even beta.
Not what Skype is for me. by Bing+Tsher+E · 2014-09-01 11:34 · Score: 1

I don't use skype for a 'chat box.' Really, I hardly 'chat' at all anymore. Did enough of that in the late 80's to early 90's. I use skype as my long distance phone carrier. As long as I'm at home or have a wifi connection, I can call any phone in the continental US at no extra cost. This costs me about $4 a month. It's a nomadic sort of thing, I used to do it with an iPod touch, but now use an unsubscribed Android phone (the iPod touch 'for the rest of us', which even has an SD slot!). When home I make long distance calls on my desktop. We have DSL and a local landline, no long distance carrier.
So this would never replace skype for me.
1. Re:Not what Skype is for me. by mellon · 2014-09-01 12:06 · Score: 1
  
  I use SIP for my PoTS gateway. It's pretty seamless. Something like Tox, if it works, would be an incremental improvement.
2. Re:Not what Skype is for me. by Anonymous Coward · 2014-09-01 12:17 · Score: 0
  
  Why not just use Jitsi for both?
  http://jitsi.org/
Tox? What happened to BitTorrent Chat? by DiSKiLLeR · 2014-09-01 11:35 · Score: 1

Tox? What happened to BitTorrent Chat? I though the bittorrent folks themselves were making a secure decentralised chat client, it even made news on slashdot once.

--
You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
1. Re: Tox? What happened to BitTorrent Chat? by Anonymous Coward · 2014-09-01 11:42 · Score: 0
  
  Too lazy to look it up, but I image they're taking the same route with btSync and not releasing it FOSS. Which is part of what made bittorrent so popular to begin with, so I doubt btChat will take off.
2. Re:Tox? What happened to BitTorrent Chat? by Anonymous Coward · 2014-09-01 12:23 · Score: 2, Informative
  
  It's been renamed to Bleep and is in closed pre-alpha testing:
  http://blog.bittorrent.com
3. Re: Tox? What happened to BitTorrent Chat? by Anonymous Coward · 2014-09-01 13:13 · Score: 0
  
  BT chat is closed source, no,?
Microsoft Gave the NSA Backdoor access to Skype .. by Anonymous Coward · 2014-09-01 11:39 · Score: 4, Informative

'A lengthy new Guardian report claims Microsoft worked directly with the NSA by giving complete back door access to Outlook (and Hotmail), Skype and SkyDrive. The report basically says each service was easily circumvented in order to make the NSA’s job of sleuthing data incredibly easy, as if your private info was selling at a weekend garage sale. One NSA document even described the collaboration with Microsoft as a “team sport.”' ref
Diaspora by Anonymous Coward · 2014-09-01 11:46 · Score: 1

Who wants to meet up on Diaspora and chat about Tox?
government requires access by Anonymous Coward · 2014-09-01 11:53 · Score: 0

as much good as it would serve, governments around the world, besides nefarious control-of-the-peons approach, have a legitimate need to access communications of all types their is a need to stop people who want to harm others. A centralized source allows this. A decentralized source, even taken to court under Federal judiciary orders to comply with monitoring, could not grant behind-the-scenes court-demanded snooping and could easiily be taken down (no longer developed) as the law is used to company-cave-in to security letters
Key exchange by manu0601 · 2014-09-01 12:04 · Score: 2

And how do you exchange key? Do they plan a web of trust à la GPG?
1. Re:Key exchange by Anonymous Coward · 2014-09-01 12:14 · Score: 3, Interesting
  
  I discussed it with one of the admins on their IRC.
  "it's up to the users to give their public key to their friends in a way that it won't be intercepted in transit and replaced"
2. Re:Key exchange by MtHuurne · 2014-09-01 12:20 · Score: 2
  
  It could be handled like SSH: when you get an invite to connect to someone, their key fingerprint is displayed. If you are paranoid, you can verify the fingerprint via alternative channels. Otherwise, you blindly accept it. In either case, you are protected against man in the middle attacks after that first connection is made. Also, if you did accept a fake key, any time you try to talk to that person over a network where the man in the middle is not present will trigger a key mismatch, revealing that an attack took place on the initial connect.
3. Re:Key exchange by BitterOak · 2014-09-01 12:45 · Score: 4, Interesting
  
  And how do you exchange key? Do they plan a web of trust à la GPG?
  A better approach would be to generate a random session key and each user's client would display some sort of hash (it doesn't need to be really long: 6 or 8 digits would suffice) of that key. Assuming the two parties know each other and recognize each other's voice and/or face, one of them can read the hash to the other. If there's a MITM attack, they won't match. As I said, the hash doesn't need to be long, since one mismatch would indicate trouble.
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
4. Re:Key exchange by MtHuurne · 2014-09-01 12:58 · Score: 1
  
  That's a good idea. You could even present the hash in a more accessible way, like picking two words from a dictionary or showing three icons from a fixed set.
5. Re:Key exchange by manu0601 · 2014-09-01 13:19 · Score: 1
  
  Hi, my key hash is "anonymous coward".
6. Re:Key exchange by nadaou · 2014-09-01 13:54 · Score: 3, Informative
  
  Phil Zimmermann has already done all this. It's called ZRTP.
  https://en.wikipedia.org/wiki/...
  https://www.youtube.com/watch?...
  
  --
  ~.~
  I'm a peripheral visionary.
7. Re:Key exchange by Bob9113 · 2014-09-01 14:20 · Score: 1
  
  And how do you exchange key? Do they plan a web of trust Ã la GPG?
  That was one of my first questions. The answer is; however you want. They provide an "easy" (hence vulnerable) method for doing so, but you can check the public key hash against your securely transferred value before approving a key if you want.
  Or, slightly differently; this is not a key exchange system, just a comm system you can use once you have authenticated a key to your level of security requirement.
  
  --
  Stop-Prism.org: Opt Out of Surveillance
8. Re:Key exchange by Anonymous Coward · 2014-09-01 15:34 · Score: 0
  
  yeah, but the problem is the client uses java, which makes it nearly unusable unless you've got a core i7.
9. Re:Key exchange by magamiako1 · 2014-09-01 16:06 · Score: 1
  
  You assume that people actually pay attention to these key mismatches and don't automatically click "yes" to them.
  
  Would be worth a social experiment just to prove you idiots wrong ;)
10. Re:Key exchange by Anonymous Coward · 2014-09-01 18:13 · Score: 0
  
  Java isn't nearly as bad as it was in the early days.
  You will probably get along fine with a old P4.
  Java was running on cell phones long before the smartphones took over.
11. Re:Key exchange by Anonymous Coward · 2014-09-02 00:26 · Score: 0
  
  Doesn't JITSI already do that? Encrypted videochat, desktop sharing, the whole deal.
12. Re:Key exchange by siliconeyes · 2014-09-02 02:28 · Score: 1
  
  That is actually exactly what my app, Zip Phone (link) does.
  
  All voice traffic is encrypted using a randomly generated 256-bit AES key, which is exchanged using 2048-bit RSA. Both phones display a hash of the public key, so the callers can exchange it vocally to confirm that there is no MITM.
  
  The REALLY neat thing about my app, if you ask me, is the fact that it automatically makes VoIP calls to any of your contacts that also have the app installed, without you even needing to open up the app.
Kazaa by gringer · 2014-09-01 12:04 · Score: 2

Hmm, interesting. It might be worth pointing out that Skype was originally based on a decentralized service pushed through the Kazaa network:
http://arxiv.org/abs/cs/041201...

Like its file sharing predecessor KaZaa, Skype is an overlay peer-to-peer network. There are two types of nodes in this overlay network, ordinary hosts and super nodes (SN). An ordinary host is a Skype application that can be used to place voice calls and send text messages. A super node is an ordinary host’s end-point on the Skype network
Of course, the problem with the Skype system (as it was when that paper was written) is that the decentralised nature of the network means that your video call could be routed through any number of Skype network nodes (i.e. computers) before it arrives at its destination. I think now Microsoft has replaced most of the supernodes with microsoft servers, so replace "any number of Skype network nodes" with "any number of Microsoft servers".
Presumably Tox is doing something similar to going back to the roots of Skype, with maybe a bit more encryption thrown in.

--
Ask me about repetitive DNA
1. Re:Kazaa by WoodburyMan · 2014-09-01 12:18 · Score: 5, Insightful
  
  I can attest to Skype doing this. A friend away moved away for graduate school and we would communicate using Skype, so I started just leaving the desktop application open. My computer is located in my bedroom, with a switch next to it. I woke up like 3am, see the lights FLASHING going all sorts of nuts on my switch, which was weird as I had nothing on my pc open at the time. I check net stat... i see a inbound and outbound connection, one to some SBC DSL user in Atlanta, another to a Comcast user somewhere else, forgot where, but some other state. I kill Skype. BAM, connections close, traffic resumes normal operation. Skype was using my computer as relay service, since I have active UNPN, and the other two client presumably had some sort of firewall blocking direct communication. To this day i tell *EVERYONE* who uses the Desktop app to close it as soon as they're done to prevent this as most home connections now have meters. (Charter's is 250gb/mo for 30mbit, which I hit 150gb+ some months when I was toying around with AOSP and downloading the entire repo a few times after screwing up a VM or something).
2. Re:Kazaa by AndrewBuck · 2014-09-01 13:34 · Score: 1
  
  I have noiced the same thing on my skype in the past. I am fine with contributing some p2p bandwidth but wish the program was a bit more upfront about telling you about it.
  On a separate but related issue, I used to use netstat for the same kind of thing you did, but now I run a program called nethogs, which is a command line tool a lot like top, but shows bandwidth usage by process in real time in more sane units like kb/s instead of the ugly packet buffer counts netstat uses which are kind of hard to read. It also sorts by bandwidth similar to how top shows the high cpu users on top by default so it is easy to see what the "random process eating your network" is.
  -AndrewBuck
3. Re:Kazaa by Anonymous Coward · 2014-09-01 15:12 · Score: 1
  
  Skype CAN and DOES read your messages, and quite probably your voice and video too.
  Send a text chat message with a unique one time URL to your own box in it over Skype, such as:
  http://yourbox.com/laks2312kjceie
  You will see a bot fetch you. Skype scraped the link out of your so called privately encrypted chat.
  Google it if you don't believe me.
  SKYPE CANNOT BE TRUSTED, EVER!!
  NO CLOSED SOURCE CAN BE TRUSTED!!!!!
  Quit freaking using closed source, there's no reason to anymore.
4. Re:Kazaa by Anonymous Coward · 2014-09-01 19:35 · Score: 0
  
  And sometimes it made Skype less than entirely reliable as the call would get suddenly increased latency or decreased quality for a while as a node it was using was less than optimal and so it was not good for anything business critical.
5. Re:Kazaa by Anonymous Coward · 2014-09-01 21:17 · Score: 0
  
  On a separate but related issue, I used to use netstat for the same kind of thing you did, but now I run a program called nethogs, which is a command line tool a lot like top, but shows bandwidth usage by process in real time in more sane units like kb/s instead of the ugly packet buffer counts netstat uses which are kind of hard to read. It also sorts by bandwidth similar to how top shows the high cpu users on top by default so it is easy to see what the "random process eating your network" is.
  Thanks for the suggestion. It's a bit hard to believe how difficult it still is to monitor what your network is doing without going too deep technically.
Privacy Last by westlake · 2014-09-01 12:07 · Score: 2, Informative

Readers of this story will have noticed the links to four of the major social media sites, including Facebook.
Since the earliest days of USENET and IRC Chat, the geek has a flawless record of making one-on-one communication over the Internet as painful a process as possible for the non-technical user.
It took the commercial services like Sype to break the spell.
1. Re:Privacy Last by Anonymous Coward · 2014-09-01 12:26 · Score: 1
  
  Even just downloading and running it is a PITA. Click the flashy download button on the front page and you get to a crappy wiki page listing several "proof of concept clients" - pick one! Of course, if you look further in the Wiki you'll find that there's about a dozen other clients as well, and none with the complete feature set. So now we have gone from downloading and installing to reading, studying, pondering and failing... great way to make people use your software!
  Oh, about the failing part: why isn't the Windows package with the updater a proper installer? Idiosyncrasies like this do turn away users.
2. Re:Privacy Last by Anonymous Coward · 2014-09-01 12:44 · Score: 0
  
  Readers of this story will have noticed the links to four of the major social media sites, including Facebook.
  Since the earliest days of USENET and IRC Chat, the geek has a flawless record of making one-on-one communication over the Internet as painful a process as possible for the non-technical user.
  It took the commercial services like Sype to break the spell.
  What a bunch of fucking bullshit. You sir get troll of the year award. Without "geeks" you wouldn't have an Internet. And Skype is quite painful to use with forced upgrades, advertising etc.
3. Re:Privacy Last by Bob9113 · 2014-09-01 14:27 · Score: 2
  
  Since the earliest days of USENET and IRC Chat, the geek has a flawless record of making one-on-one communication over the Internet as painful a process as possible for the non-technical user.
  Don't be facetious. One-on-one communication could be much more painful. In the specific case of secure (ie: end-to-end encrypted) communication, Tox is approaching the theoretical limit of simplicity. Key exchange has a mathematically bound minimum complexity in order to be secure. The reason Skype is not secure is precisely because it is easier to use than Tox.
  Or, slightly differently: Tox is an example of geeks making one-to-one comm as easy as it possibly can be, for the given requirements.
  
  --
  Stop-Prism.org: Opt Out of Surveillance
4. Re: Privacy Last by Anonymous Coward · 2014-09-01 20:40 · Score: 0
  
  The Internet was built by talented engineers and developed by smart entrepreneurs, not by a bunch of smelly neckbeards. Sorry to kick your puppy.
5. Re:Privacy Last by rastos1 · 2014-09-01 21:00 · Score: 2
  
  Where did you get the idea that USENET or IRC is supposed to facilitate one-to-one communication?
6. Re: Privacy Last by cyborg_monkey · 2014-09-02 00:13 · Score: -1
  
  Please mod this up. I too, hate smelly neckbeards.
7. Re:Privacy Last by Anonymous Coward · 2014-09-02 04:18 · Score: 0
  
  I'm wondering where they got the idea that IRC is hard to use
info by Anonymous Coward · 2014-09-01 12:08 · Score: 0

"it's up to the users to give their public key to their friends in a way that it won't be intercepted in transit and replaced"
Lol. There is no security here unless you KNOW what you are doing. Not even minimal security... MITM attack can happen without issue.
1. Re:info by nadaou · 2014-09-01 12:33 · Score: 1
  
  It's really not that hard at all.
  http://en.wikipedia.org/wiki/Off-the-Record_Messaging#Authentication
  and it comes with a very good implementation and pedigree,
  https://en.wikipedia.org/wiki/ZRTP
  Here's a video demo of ZRTP in use:
  https://www.youtube.com/watch?v=udBBDHT-_UA
  So as far as the user is concerned, there's not reason it can't be dead simple.
  
  --
  ~.~
  I'm a peripheral visionary.
The future.... by Anonymous Coward · 2014-09-01 12:17 · Score: 0

It will get popular. Get bought out by some big company who will gut it.
And then the next 'privacy first' thing will come along.
1. Re:The future.... by Anonymous Coward · 2014-09-01 12:38 · Score: 0
  
  It will get popular. Get bought out by some big company who will gut it.
  And then the next 'privacy first' thing will come along.
  except it is gpl3, which means it will be bought then forked community moves on to open fork life moves on.
Really? Flamebait? by Anonymous Coward · 2014-09-01 12:30 · Score: 0

There are some serious Microsoft fanbois here. In no way can a Dilbert cartoon be considered flamebait.
it's a great idea with one major flaw by AHuxley · 2014-09-01 12:31 · Score: 2

Not much the average consumer can do about wire tap friendly products built into tame telco approved hardware and software as offered globally.
You can code a software layer into your consumer device that offers really good quality encryption.
The problem is not so much a back door, trap door, just that every letter and number entered on the device is open to hardware logging by default by a gov activated telco layer..
A person is walking around with a gps becon, live mic, camera and plain text capturing device they 'trust' due to a thin top layer of very good code?
A one time pad system, air gapped to get the message out? A user no longer has real time joy but is then only offering location, who made the message, where it went, when and all the details about the device that sent the message.

--
Domestic spying is now "Benign Information Gathering"
Hypocrisy by Anonymous Coward · 2014-09-01 12:40 · Score: 0

I do love the hypocrisy on Tox's web site. So they promote an alternative to Skype because of the concern of Microsoft owning it and what it could mean for privacy concerns... and yet the screenshot on display is clearly running under Windows 7.
If you're truly concerned about privacy and don't trust Skype, then by extension you don't trust Microsoft. If this is the case, how can you then trust the fucking OPERATING SYSTEM if it's made by the same people you don't trust? It's hypocritical and shows a lack of consistency in their message.
I understand that Linux doesn't suit everyone's needs, but surely they could be promoting Tox via a Linux screenshot rather than a Windows one. But what am I saying... I'm sure these folks will topple Skype anytime now.
Mandatory linux 4.3 upgrade by smchris · 2014-09-01 13:18 · Score: 1

It always seemed we could at least sandbox Skype as a limited unique user, but 4.3 requires Pulse and pulse is increasingly the de facto sound system over alsa. Correct me if I'm wrong but doesn't pulse running at the user level only allow ONE user and system-wide utilization is vehemently discouraged by the developers for SECURITY reasons? If so, it seems like Microsoft and the NSA have worked out a way to p0wn any linux box where a person has installed a working 4.3 Skype.
I guess you could still use it for chat as a unique user.
1. Re:Mandatory linux 4.3 upgrade by hweimer · 2014-09-01 20:59 · Score: 1
  
  Correct me if I'm wrong but doesn't pulse running at the user level only allow ONE user and system-wide utilization is vehemently discouraged by the developers for SECURITY reasons?
  No, it's the other way round: Running PulseAudio as a system daemon (as opposed to the default way of per-user sessions) has security implications.
  
  --
  OS Reviews: Free and Open Source Software
BBM by Anonymous Coward · 2014-09-01 13:20 · Score: 0

There is already a much more secure Skype Alternate. BBM. Get BBM Protected when it goes live and have military grade security. Can't believe all the Skype vulnerabilities and the icloud hack and people still love to bash the only secure platform out. BB10 and BBM.
Fucking 'Dependencies" by Anonymous Coward · 2014-09-01 13:46 · Score: 1

Just tried to install it after adding the PPA and it's missing mysterious dependencies, thus cannot be installed. Rubbish. Promotion should offer an incentive, not a host of obstructions! Back to Jitsi, cunts.
Still USA-based, so open to govt^H^H^H^H..... by Anonymous Coward · 2014-09-01 13:56 · Score: 0

Website: tox.im
IP location: NY, NYC, Verizon Online LLC
Domain reseller: Gandi SAS, xxxxxxxxxx, Paris, France
Owner / registrant: Sean Qureshi, xxxxxxxxxxxx, Los Angeles, CA
I did a who-is lookup because what the ^shift-numbers^ does .IM stand for?
1. Re:Still USA-based, so open to govt^H^H^H^H..... by stderr_dk · 2014-09-02 15:23 · Score: 1
  
  I did a who-is lookup because what the ^shift-numbers^ does .IM stand for?
  Isle of Man
  
  --
  alias sudo="echo make it yourself #" ; # https://pipedot.org/~stderr & http://soylentnews.org/~stderr
Toxic? by profi · 2014-09-01 14:34 · Score: 1, Interesting

Tox is licensed under GPL v3 which is incompatible with iOS. Brilliant idea to exclude one of the most popular mobile platforms, this will surely replace Skype.
it's a great idea with one major flaw by Anonymous Coward · 2014-09-01 15:07 · Score: 0

As with Tor/I2P/GPG/Gnunet/Unix/etc/etc/etc... it is superior communication, operating and privacy technology.
Thus it will only fail if YOU refuse to use it, and because YOU refuse to introduce others to it and show other people how to use it.
The GUI's and package updaters all exist for sixpack and gramps now, so you are NOT fighting them, you are fighting YOURSELF and your own EXCUSES.
vline by Anonymous Coward · 2014-09-01 15:20 · Score: 0

vline.com
Trust agility by savuporo · 2014-09-01 16:04 · Score: 1

Easy way to make this much more useable is to keep the current user rendezvous infrastructure, but use a layer on top for key exchange that goes through user-elected central servers.
The entire Moxie Marlinspike's trust agility thesis. Let the users choose the central entity that they trust for making the rendezvous via a plugin or a high level protocol layer - something as simple as a REST api over https. Every trust provider just has to provide an API endpoint for signing and exchanging keys.
App to user : Here is Bob's key - signed by Slashdot's server. User: screw you, slashdot got hacked twice and their web looks funnay. I trust no one that comes that way. Does Bob exist on BookFace instead ? And so on. You could also have a distributed database of trust provider endpoints along with their current , recent and overall trustworthiness rankings.

--
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
The people by WeeBit · 2014-09-01 17:00 · Score: 1

I discuss similar stuff with people. You have a few that don't care but you also have many that are getting wrong advice. Many were told that legally they can't highly secure their cell phones, computers, tablets, etc. Plus a few even said that to be as secure as possible will have them put under suspicion of illegal activities and they don't want that kind of attention.

I believe security is good if it accomplishes what it is intended for. But many that are not secure because for a decade they were told they were fine; "don't worry about it, you have all that you need". Now everything is turned upside down. Security is only good if it is used. Unless someone has a magic plan to get the public to use the new secure software that seems to be invented regularly for the past six to eight months, many of it may go obsolete before the first anniversary of the software arrives.
The public key... by Aethedor · 2014-09-01 19:24 · Score: 1

... consists of 64 hex characters. This gives a 256 bit public key. Not very strong or am I missing something?

--
It doesn't have to be like this. All we need to do is make sure we keep talking.
1. Re:The public key... by Aethedor · 2014-09-01 19:25 · Score: 1
  
  Oh, wait. Elliptic curve cryptography, never mind my previous post.
  
  --
  It doesn't have to be like this. All we need to do is make sure we keep talking.
Nice try, NSA... by Anonymous Coward · 2014-09-01 19:42 · Score: 0

I will be using it for sure.
This is a 4chan project by Anonymous Coward · 2014-09-01 19:59 · Score: 0

I'd just like to point that out. Also, the various clients are a mess currently.
Bring back the well connected internet by dbIII · 2014-09-01 21:23 · Score: 1

Instead of some man in the middle proxy bullshit such as Skype we can take advantage of getting away from NAT and have point to point communications over IPv6 just like ringing a phone number.
Possibly a performance related change by PPalmgren · 2014-09-02 00:08 · Score: 1

I'm curious whether Skype changed to a more centralized service primarily because of the mobile world. Skype used to be a huge connection and battery hog on phones primarily because of the decentralized nature. Skype used to send messages through that were 'pending' to a contact even when your phone was in standby, because it was constantly trying to push the message to the user.
After microsoft acquired Skype, one of the first changes was this was removed, but it made it difficult to send messages sometimes because you had to pop your phone out of standby and switch to the app for it to send messages to people who were offline at the time you sent it. It made for some strange broken conversations. Now it just goes to pending and seems to go through right away, and the drag on phone performance is minimal.
Of course, microsoft has also made some really shitty and annoying changes. I can live with and understand the whole 3-way video chat becoming a premium feature to monetize the service if they're gonna use central servers, but I can't understand the awful UI choices doing their best to remove any possibility of signing out of skype on mobile devices.
Microsoft Tax Inversion, NSA and Court Evasion by Anonymous Coward · 2014-09-02 01:05 · Score: 0

With All the Corporate Tax Inversions, perhaps Microsoft could be "bought out" by a Chinese or Middle East "Company" to avoid US Corporate Tax rates.. and Evade the Court Orders and NSA Inspection progrtams.
Balmer and Gates mentioned something like this when demanding HB-1's be raised or they would move Microsocft Headquarters to Canada less than Ten years ago.
With the recent defiance at turning over Customer Emails held in Machines on Foreign soil.. I strongly wonder if they aren't about to announce "Billions and Billions" saved by moving across the border or over seas. Although Canada might be a bit too close to avoid pressures from the US Government. Microsoft Mexico or Latin America might be more likely.
It wouild be a very popular move with Investors, who could reap massive Dividends on payouts as they Exit the US Economy and in effect repatriot their profits in a Foreign market.. and Evade the whole HB-1 issue altogether.
As a Cloud company about the only thing they could do Domestically to make things worse would be to strategically partner with say EC2 to store "some" data in the US for US Customers only.
China would certainly like to have a larger say so in Microsoft Development.. even to the Tune of developing their Countries propreitary In-house Operating Sysetm. China is in the middle of the 1990's as far as Desktop software development and "discovery" and prosecution of Microsoft for Monopolistic practices. There.. Microsoft is still in the Windows 98 soon to be Windows XP landrush. And Netscape never happened there. Its like History is playing out all over again in lock stgep with US History.
What we need is... by Anonymous Coward · 2014-09-02 05:39 · Score: 0

We need an open source solution, that can't be tracted back to a specific person.
Pier to Pier, encrypted, with no DNS dependency.
Only part of Skype functionality by stub667 · 2014-09-02 20:19 · Score: 1

There are many services that tackle parts of Skype's functionality, but I have yet to see one that tackles them all. Not only does Skype to chat and client-to-client video conferencing, but it also gives you access to a global POTS gateway both outgoing and inbound, and is available to customers outside of the USA. Viber, Line, WeChat, Google and tox don't have the functionality to take away Skype's business. So we remain stuck with Skype, despite their ever worsening service and dubious allegence.