OHAI, So, I assessed it vis-a-vis stef's rules already, otherwise I would not dive into it at all. ;) But yeah, let's have a look. Dnia wtorek, 3 lutego 2015 19:28:01 Markus Ottela pisze:
From the PoW of Stef's seven rules of thumb to detect snake oil:
*1. Not free software * https://github.com/irungentoo/toxcore/commit/dcc3921682c8bededfac7d76f4976fd 56b051c72 "/Licenced the code under the GPL for now./" (Free software? Good. But, "for now" ? Is it going to change?)
So, that's not going to change, IMHO. There are several developers and I don't think there was any ascribing of copyrights to any legal or physical person, so changin a license *from* GPL is not entirely straightforward. I ticked this one as "AOK".
*2. Runs in a browser * No.
AOK.
*3. Runs on a smartphone * https://wiki.tox.im/index.php/Multiple_Devices Has been suggested but not yet implemented.
https://wiki.tox.im/Antox Still, you don't have to use it. As in, I use a desktop client, not going to be using it on my mobile anyway. It doesn't *require* smartphone use, just like e-mail does not *require* a smartphone e-mail app (if you use one, well, that's your choice). inb4 "e-mail is not safe" -- puh-lease, that was just a way to illustrate a point. "AOK" for here too.
*4. The user doesn't generate, or exclusively own the private encryption keys* The user is in control,
ACK.
yet the source of randomness and crypto implementation are not explained properly. The wiki talks about public keys and PFS without explaining the relation between the two. https://github.com/irungentoo/toxcore/blob/master/docs/updates/Crypto.md
ACK. So, the PDF I linked to goes a *bit* further (just a wee bit). Go have a look at the "Crypto" section: https://jenkins.libtoxcore.so/job/Technical_Report/lastSuccessfulBuild/artif... So, at least not a "we hold your keys -- FOR SAFETY!!1!" kind of snakeooil. Half of an "AOK" from me here.
*5. There is no threat model* "/With the rise of government monitoring programs/" implies it's designed to be secure against state surveillance. "Tox does not cloak IP addresses when communicating with other users" In disclaimer it is also just stated that "/Tox prevents message contents from being read or altered by third parties, or anyone else other than the intended recipient/", yet it doesn't even bother to evaluate the system against HSAs or MSAs.
True. One has to consider their own threat model and assess if Tox is the answer. Tox does *not* provide anonymity, it at least *tries* to provide OTR- like features (encryption, integrity, etc.).
Instead, the threat model seems to revolve around developer anonymity (https://wiki.tox.im/DevAnonymity). "/Potential harassment by the government and trolls/" seems to include people pointing out issues with the software as well.
Indeed. So again, half an "AOK".
*6. Uses marketing-terminology like "cyber", "military-grade"* It doesn't, although it does say "/leading-class encryption/", and the logo is yet another unnecessary lock.
I like the logo. "AOK" from me, especially taken into account they're not reimplementing the wheel but using NaCL instead.
*7. Neglects general sad state of host security * This. The developers think it is obvious for every user, that if the endpoint device is compromised, there is no security. This is horrible since average computer user is still mainly occupied with thoughts "I need a firewall" or "I might get a virus" -- not "The government might exploit unpatched OS or exploit a 0-day" or "The company behind my proprietary OS might be issued a subpoena to include a backdoor". It's not the job of Tox developers to patch OS, but it's their job to warn users there are attack vectors the developers are not in control of. They have refused to do so, which limits the users ability to make informed choices depending on their threat model.
Well, yes, and my beef with Tox is also that the private keys do not require a passpharse to unlock. So that's a no-no in my book. Still, this doesn't look like snakeoil; rather like a good idea with not-so- stellar execution, which *might* get better. Am I missing anything?
----
For some time I've wanted to evaluate TFC from these perspectives as well:
Could we have a *separate* thread for it? I'm really interested in having a more in-depth discussion of Tox and this could potentially hi-jack this thread. Much obliged. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147