uTox is a lightweight (minimal dependencies) Tox client for Windows, Linux and (experimentally) Android. It supports text chat, file transfers, audio and video calling, desktop sharing (both as video and as screenshots). It also supports text-only group chats (with audio/video being worked on).
For more info about Tox and uTox, see the project links below.
Windows updater/downloader:
https://jenkins.libtoxcore.so/job/utox_update_win32/lastSuccessfulBuild/artifact/utox-updater.zip
Linux nightlies:
64-bit:
https://jenkins.libtoxcore.so/job/uTox_linux_amd64/lastSuccessfulBuild/artifact/utox/utox_linux_amd64.tar.xz
32-bit:
https://jenkins.libtoxcore.so/job/uTox_linux_i686/lastSuccessfulBuild/artifact/utox/utox_linux_i686.tar.xz
If you use an operating system other than windows or linux (OSX or android) or want to try other Tox clients, see this page:
https://wiki.tox.im/Binaries
Project links:
Official Tox website:
https://tox.im
uTox Github:
https://github.com/notsecure/uTox
toxcore Github:
https://github.com/irungentoo/toxcore
Other links:
qTox Github:
https://github.com/tux3/qTox
Antox Github:
https://github.com/Astonex/Antox
Note about adding friends in Tox: in the settings area of uTox you can find your Tox ID, and you give that out to your friends so that they can add you. To solve the inconvenience of sharing long IDs, Tox also supports "DNS names", for example "groupbot@toxme.se". You can register your own @toxme.se name on toxme.se
Tox is alpha software, bugs are expected.
Feel free to post any questions or feedback or visit us on IRC: #tox on freenode.
Utox seems to be C++ and a GUI framework I didn't look into. Toxy is .NET+WPF... two different stacks, but two inaccessible programs. I'm quite sure the developers didn't write inaccessible software deliberately, but this makes me wonder if we need either:
1. Inform developers better about accessibility 2. Fix tooling: warn/error if you don't label your elements etc 3. All of the above...
To give this post some more context, earlier this week I looked at Stellar... their web client is inaccessible. Earlier this week Wunderlist released a version 3... iOS app is nearly inaccessible. Earlier this week I finally wanted to give Foursquare's new Swarm app a shot... inaccessible. Do you see the pattern? I'm sorry for ranting about this, but imagine some random app update did stop the app from working and only displayed a black screen, you would be annoyed at least.
utox is written in C and uses its own toolkit so that it looks the same everywhere. For that reason it will probably never give you the level of accessibility provided by more mature toolkits.
I'm a developer but do not ever focus on accessibility because nobody has brought it to my attention, not a single bug report or conversation from management.
The hidden service mirror has been stripped of Piwik tracking, and forms of Javascript, and soon we'll label outbound links.
i2p support will also follow soon.
Tox main site: http://kdzzxucnh4fyovxg.onion/
Tox developer documentation: http://kdzzxucnh4fyovxg.onion/docs/
Tox wiki: http://kdzzxucnh4fyovxg.onion/wiki
Connections between friends are encrypted.
is the crypto used.
https://github.com/irungentoo/toxcore/blob/master/docs/Tox_m...
describes the protocol used to connect securely to friends after they find themselves.
This protocol has PFS, message padding to prevent length based leaking and should be immune against replay attacks.
What makes it secure is that you know the long term public key of your friends making it really easy for the software to establish secure connections to them.
"Secure against bulk surveillance" is a big push in a lot of areas, it's a button Bruce Schneier and Eben Moglen have been pushing hard for the past year or so. See especially their joint lecture at Columbia Law School in December, 2013, and Schneier's presentation to Stanford Law School in April, 2014 (both are on http://FixYT.com).
Anonymized persistent IDs associated with physical / persistent IP addresses represents a different level of threat, particularly for those who are engaged in activities for which concern from a APT (advanced persistent threat) such as a state actor, with either legal impunity or significant resources, or both, is a concern. In that case, I'd want to see a system with repudiable identifiers and Onion routing such that endpoints aren't clearly determinable.
That said, yours is a crucial question.
Related: what are the threat models against which Tox is a response?
While we're at it, the rest of the suggestions may be useful: http://www.reddit.com/r/dredmorbius/comments/27d5xr/please_f...
From the FAQ, this I like:
"The goal of this project is to create a configuration-free P2P Skype replacement. Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her's friends list and start conversing with them. There are many so-called Skype replacements and all of them are either hard to configure for the normal user or suffer from being way too centralized."
A lot.
(Emphasis added).
Note: I'm not in charge of the tox.im website, if it were up to me there would be no javascript at all.
Here is a breakdown of the different ways they are considering on how to implement it: https://github.com/Quoturnix/ProjectTox-Core/wiki/Multiple-d...
I think it will have a chicken and an egg problem unless there's some kind of tool that let's you talk with other older apps and protocols like gchat/hangouts, or maybe this is planned.
Bot example here: https://github.com/aitjcize/tox-irc-sync More info on the protocol here: https://github.com/irungentoo/toxcore/blob/master/docs/updat...
Please do! It's all free and open source.
Rather than ricers with -Ofast kernels and overclocked CPUs it would be nice if a mature team focused on security and correctness first.
The article comapres it to skype, which is popular, but, techonologically, one of the worst protocols around.
Also, encryption is mandatory.
More technically-capable people are always welcome to help drown out the inanity. :)
Don't take the troll bait. ;)
Edit: this one seems to be doing fine.
Pretty cool name actually.
I take the opposite perspective though. In nature toxins and poisons are used as protection against predators.
1. The people behind Tox don't seem to be the copyright holders of their logo as admitted by one of the main developers[1]. The logo is the one also used on their website.
2. Tox project is now attempting to (falsely) claim to be the copyright holders of the logo.[2] Wikimedia Commons deleted the project logo for legal concerns, and to date it remains deleted.[3] There is no concrete proof for Tox's copyright claims on the logos, while there's pretty concrete proof that the project indeed does not hold the copyright on the logos. For those unaware of how our legal system works, "works without license" are considered copyrighted work of the author (e.g. anonymous user on linked /gd/ board).
3. Creative Commons licenses are also incompatible with their choice of software licensing, GPLv3+,[4] which means they cannot legally redistribute current logos under the current licenses with Tox software even if they were copyright holders to those logos.[5] As far as I know, the logos are already being redistributed with the software.
4. The documentation also cannot be legally redistributed with the software, and in theory nobody outside the project has practical freedoms to modify the documentation.[6] "I'm le troll! :-)" was most likely added by the developers.
5. Because of the above mentioned issues, Tox cannot be accepted to Debian GNU/Linux repositories because of DSFG guidelines.
6. The above mentioned issues also create false advertising; "Tox is both free for you to use, and free for you to change. You are completely free to both use and modify Tox."[7]
7. A developer quit the project because of other serious issues in the project.[8][9] The developer criticized the design of DHT (distributed hash table) used to find users, which leaked a lot of data about users. There's a large reddit thread about these DHT issues somewhere too, but I seem to be unable to find it myself right now. Fortunately, the leak was patched a long time ago. Unfortunately, the patch was a large hack which the Tox developers solved by reinventing the wheel and reimplementing Tor onion routing.
8. I haven't verified this (so don't count on me), but the Tox core (or core + clients?) is now ~100k lines of code. It's not entirely lightweight per se, which was one of the initial goals as far as I remember.
9. Another minor thing that upset me was that during Tox's conference talk (forgot which conference, but it was related to YouBrokeTheInternet), the speaker forgot to introduce himself and what he was doing. This probably led to some confusion.
10. Possibly controversial too, but the first radio talk show Tox was introduced in was... could I say, maybe slightly cringeworthy. Or something. See it for yourself.[10]
Sorry if I went a little bit too political, knowing the rules. I wanted to point out these issues to let you know how everyone involved in the project can be a help.
[1]: https://rbt.asia/g/thread/40445107#p40449131 - you can scroll down and read the replies too [2]: https://commons.wikimedia.org/wiki/Commons:Deletion_requests... [3]: https://commons.wikimedia.org/wiki/Commons:Undeletion_reques... [4]: https://github.com/irungentoo/toxcore/blob/master/COPYING [5]: https://www.gnu.org/licenses/license-list.html#ccbysa [6]: https://github.com/Tox/Docs/issues/7 [7]: https://tox.im/ [8]: http://www.tox-chat.com/2013/08/tox-developer-fed-up-quits.h... [9]: https://github.com/irungentoo/toxcore/issues/493 [10]: https://www.youtube.com/watch?v=IdR3SVcBbq0
Disclaimer: I'm not the author of any of the links above. It's what I have gathered from numerous discussion threads Tox has had on 4chan.
1. The logo was made, over many threads, by members of 4chan's /gd/ board for Project Tox to Do Whatever The Fuck You Want(tm)
7. A developer quit the project because she was harassed into quitting by another notorious troll, SaveTheInternet (the creator of an australian imageboard 4chon) and friends in the 4chon IRC. Basically, the arranagement at the time seemed to be quit and I take your dox down.
As you can see, we have many problems with trolls, they're quite interesting creatures to harass a FOSS project like this for months on end but I suppose they redeem themselves in the entertainment value of how they bend over backwards for replies.
Although there was doxing, the issues slvr highlighted were entirely valid. IIRC, slvr had raised these in a private mailing list and they were then leaked to the public, at which point doxing occurred.
There's no telling how many people on 4chan have given out their IP addresses without knowing it."
clearly purposely misleading. most of the points made above will be sorted, are exaggerated non-issues, false or very bias/misleading.
This is the coding style
https://github.com/irungentoo/toxcore/commit/84c28337d248bad...
this is openssl all over again
https://github.com/irungentoo/toxcore/commit/1d6c3934736c369...
> memcpy(packet + 1, &con->ping_request_id, sizeof(uint64_t));
Copying multi-byte values into a network packet is a typical error made by novice developers - this will bite you hard as soon as somebody compiles the code on a Big Endian machine. Even if you might get away with this on opaque elements like a ping ID, the general approach should not be followed.
I'm not sure what you're trying to point out with those links. How is this related to openssl?
It's quite readable and has yet to tangle itself in the ifdef mess that is openssl.
If not, I don't see how it can be a replacement for Skype.
