Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tox, a Skype Replacement Built On 'Privacy First'

Posted by Soulskill on from the pet-rock-also-built-on-privacy-first dept.

An anonymous reader writes: Rumors of back door access to Skype have plagued the communication software for the better part of a decade. Even if it's not true, Skype is owned by Microsoft, which is beholden to data requests from law enforcement. Because of these issues, a group of developers started work on Tox, which aims to rebuild the functionality of Skype with an emphasis on privacy. "The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever—not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there's no central hub to snoop on or take down."

12 of 174 comments (clear)

  1. it's a great idea with one major flaw by Anonymous Coward · · Score: 5, Insightful

    Decentralized services are a great idea, but there is one big flaw. Not enough people care about it to get a critical mass of users. Virtually everyone outside a handful of tech geeks will keep using the centralized services, so to talk to people out there in the real world, you'll need to use the centralized services too. Or, restrict yourself to these decentralized networks and find they are mostly empty, maybe several thousands of users across the whole of the world.

    And good luck trying to explain to Joe/Jane Sixpack how to use them. You have to fight against the centralized data-mined services that came preinstalled on their devices, and that's a non-starter for most people.

    It fails not for technical reasons. It fails because of widespread tech illiteracy in the general population.

    1. Re:it's a great idea with one major flaw by dcollins117 · · Score: 4, Insightful

      Decentralized services are a great idea, but there is one big flaw. Not enough people care about it to get a critical mass of users.

      There's a group of Hollywood celebrities that have just been made aware of the need for decentralized and more private internet services. I think people will care, albeit only after a problem has occured.

    2. Re:it's a great idea with one major flaw by Bing+Tsher+E · · Score: 5, Insightful

      They just have to stop storing personal content 'on the cloud'. Don't buy into the idea of no local storage. Say NO to devices that don't have an SD slot ( sorry, Apple and Google...)

      32g sd cards are really cheap now.

  2. Re:Oh god why. by viperidaenz · · Score: 4, Insightful

    OH SHIT
    My IP gets exposed? Like how I've just sent it to Slashdot and the countless routers and proxies between my PC and the Slashdot servers?

  3. Re:Oh Great Just What We (Don't) Need by viperidaenz · · Score: 3, Funny

    You mean peer to peer, instead of relaying via a server?

  4. Microsoft Gave the NSA Backdoor access to Skype .. by Anonymous Coward · · Score: 4, Informative

    'A lengthy new Guardian report claims Microsoft worked directly with the NSA by giving complete back door access to Outlook (and Hotmail), Skype and SkyDrive. The report basically says each service was easily circumvented in order to make the NSA’s job of sleuthing data incredibly easy, as if your private info was selling at a weekend garage sale. One NSA document even described the collaboration with Microsoft as a “team sport.”' ref

  5. Re:Key exchange by Anonymous Coward · · Score: 3, Interesting

    I discussed it with one of the admins on their IRC.
    "it's up to the users to give their public key to their friends in a way that it won't be intercepted in transit and replaced"

  6. Re:Kazaa by WoodburyMan · · Score: 5, Insightful

    I can attest to Skype doing this. A friend away moved away for graduate school and we would communicate using Skype, so I started just leaving the desktop application open. My computer is located in my bedroom, with a switch next to it. I woke up like 3am, see the lights FLASHING going all sorts of nuts on my switch, which was weird as I had nothing on my pc open at the time. I check net stat... i see a inbound and outbound connection, one to some SBC DSL user in Atlanta, another to a Comcast user somewhere else, forgot where, but some other state. I kill Skype. BAM, connections close, traffic resumes normal operation. Skype was using my computer as relay service, since I have active UNPN, and the other two client presumably had some sort of firewall blocking direct communication. To this day i tell *EVERYONE* who uses the Desktop app to close it as soon as they're done to prevent this as most home connections now have meters. (Charter's is 250gb/mo for 30mbit, which I hit 150gb+ some months when I was toying around with AOSP and downloading the entire repo a few times after screwing up a VM or something).

  7. Re:Back door by AHuxley · · Score: 4, Interesting

    AC the backdoor aspect is both national and international
    "FBI Wants Backdoors in Facebook, Skype and Instant Messaging"
    http://www.wired.com/2012/05/f...
    ".... drafted by the FBI, that would require social-networking sites and VoIP, instant messaging and e-mail providers to alter their code to make their products wiretap-friendly."
    Then the world was given more details "Encrypted or not, Skype communications prove Ãoevitalà to NSA surveillance" May 14 2014
    http://arstechnica.com/securit...
    As for the "nobody on the inside has ever leaked out." aspect try http://cryptome.org/2013-info/...
    The "inside" can now be understood by aspects like "Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.Ã(TM)s"
    http://www.nytimes.com/2013/09...
    ..."employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987."
    How past "parallel construction" and telco support will respond to any new "peer-to-peer and voice calling" will be interesting.
    How did the US and UK get to past bespoke crypto telco hardware in the 1950's and beyond? Plain text always seemed to emerge just in time.

    --
    Domestic spying is now "Benign Information Gathering"
  8. Re:Key exchange by BitterOak · · Score: 4, Interesting

    And how do you exchange key? Do they plan a web of trust à la GPG?

    A better approach would be to generate a random session key and each user's client would display some sort of hash (it doesn't need to be really long: 6 or 8 digits would suffice) of that key. Assuming the two parties know each other and recognize each other's voice and/or face, one of them can read the hash to the other. If there's a MITM attack, they won't match. As I said, the hash doesn't need to be long, since one mismatch would indicate trouble.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  9. Re:Oh god why. by Anonymous Coward · · Score: 3, Insightful

    As with nearly everything in life, privacy and security are not all-or-nothing, black-or-white issues - instead it is a set of trade-offs, what do you have to give up in order to get a desired result. It is at least a 2-dimensional spectrum where limiting exposure to the minimum necessary nodes versus any node that takes an interest is preferrable.

    Look at it this way - most people don't have a problem giving their credit card number to a website when they make a purchase but would not find it acceptable to share their credit card number with every website they log in to.

    We know by its existence that onion-routing is one way to minimize IP address exposure. It does not eliminate it, but it drastically reduces the window of exposure. That increased privacy comes at a cost, the question, as it is with all costs, is if the cost is worth it.

  10. Re:Key exchange by nadaou · · Score: 3, Informative

    Phil Zimmermann has already done all this. It's called ZRTP.

    https://en.wikipedia.org/wiki/...
    https://www.youtube.com/watch?...

    --
    ~.~
    I'm a peripheral visionary.