tox
Juan
juan.g71 at gmail.com
Sun Sep 27 19:50:32 PDT 2015
On Sat, 26 Sep 2015 20:52:01 -0700
coderman <coderman at gmail.com> wrote:
> On 9/26/15, Juan <juan.g71 at gmail.com> wrote:
> > ...
> > I've been playing with tox(thanks rysiek!) and it looks
> > rather interesting. I noticed however that it's not listed here
> >
> > https://www.eff.org/secure-messaging-scorecard
>
> i am not saying the scorecard is worthless, but rather, it is at best
> a signal for subpar projects doing things obviously wrong.
Oh, I wasn't commenting on the security of the software listed
or tox in particular.
What I meant is that tox is an interesting project and maybe
more publicity from eff would help.
>
> it cannot tell you, honestly, who is doing it all right. (not least
> because "right" is relative to risk and threat model, which is
> perspective unique to each user...)
>
>
> things that are good about Tox.chat:
> - Opus for media. if you don't know about the Opus Codec, you should!
> VP8 i don't care about either way.
> - Re-uses onions, rather than trying to build its own anonymity
> overlay for friend finding.
> - Uses cryptobox for crypto stuffs, rather than rolling own.
> - Supports clients of various types, per preference, rather than
> monolithic structure.
>
> the bad:
> - written in C and passing things around potentially unsafely. see the
> address parsing in network.c, the DHT code. needs a good audit.
> - poor network performance primitives with UDP - ok, not a problem
> because this won't need that scale - beauty of decentralization! :)
> - DHT is trivial to DoS. a known issue, but if you need survivability
> i'd chose pond over tox.
>
>
> best regards,
More information about the cypherpunks
mailing list