tox

[coderman]

On 9/26/15, Juan <juan.g71 at gmail.com> wrote:
> ...
> 	I've been playing with tox(thanks rysiek!) and it looks rather
> 	interesting. I noticed however that it's not listed here
>
> 	https://www.eff.org/secure-messaging-scorecard

i am not saying the scorecard is worthless, but rather, it is at best
a signal for subpar projects doing things obviously wrong.

it cannot tell you, honestly, who is doing it all right. (not least
because "right" is relative to risk and threat model, which is
perspective unique to each user...)



things that are good about Tox.chat:
- Opus for media. if you don't know about the Opus Codec, you should!
VP8 i don't care about either way.
- Re-uses onions, rather than trying to build its own anonymity
overlay for friend finding.
- Uses cryptobox for crypto stuffs, rather than rolling own.
- Supports clients of various types, per preference, rather than
monolithic structure.

the bad:
- written in C and passing things around potentially unsafely. see the
address parsing in network.c, the DHT code. needs a good audit.
- poor network performance primitives with UDP - ok, not a problem
because this won't need that scale - beauty of decentralization! :)
- DHT is trivial to DoS. a known issue, but if you need survivability
i'd chose pond over tox.


best regards,