[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
Reminder: Tox gives your IP address to anybody...
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 326
Thread images: 19
>During his chat with the public, irungentoo was faced with the question of whether Tox, a client that claims to be "NSA-proof" encrypts IP addresses. irungentoo had to admit that Tox, much like Skype, divulges your IP address to anybody you become friends with.

>This means that everybody on 4chan who has posted their Tox ID publicly in a 4chan thread (which are archived) and has accepted friend requests from strangers has also given their IP to those strangers and vice versa. When pressed for comment on the insecurity of letting people just post their Tox ID's in every Tox thread, irungentoo did not answer.

Here is the thread in question:

https://news.ycombinator.com/item?id=8123152

If the Tox team is unable to encrypt user IP information on the client itself, they should at the very least warn users of what data they are divulging when the Tox team encourages people to post their Tox IDs in threads like this one and those advertising-supported "social" sites they run such as

addmeif.com

toxme.se

These sites are cancerous and encourage people to give their IP addresses to total strangers.
>>
Still want to post that Tox ID in public?
>>
Why do people post their ID in public then?
>>
Reminder to report and hide this thread, you are replying to an autistic spaz who will never back down no matter how many times he's proven wrong.

Do not reply to this thread.

Report and hide.

Do not reply to this thread.

Report and hide.

If you must reply, don't forget your sage.
>>
Fucking piss off shills! Don't you have better things to do?
>>
>>43357732
>>43357736
Notice how these 2 Tox guys keep calling names instead of addressing the issue?
>>
Do not reply to this thread.

Report and hide.

>>43357754
You're breaking the rules trying to troll outside of /b/.
>>
>waaaaa, the other end of a TCP connection knows my IP, waaaa
go back to school you fucking retard
saged
>>
> So whats is deal?
either you can share you IP with the person you're taking to, or you would need a centralized server which stores the your hash and ip address.

also
> not using a VPN in the year 1994 + 20
>>
>>43357646
[email protected]
>>
Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how TCP/IP works.

Report and hide.

If you must reply, please sage.

Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how TCP/IP works.

Report and hide.

If you must reply, please sage.
>>
>>43357901
He's just saying what the devs haven't openly said yet.
>>
Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.

Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.
>>
Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.

Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.
>>
I was under the impression that Tox is anonymous....
>>
Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.

Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.
>>
Well of course the other person has access to your IP. How the fuck did you not know that?
>>
Re-posting what I said in the earlier threads about IP-related issues.
----
It's P2P. There are two ways to hide your IP address, either let's all centralize Tox and wait for the NSA/FBI/local government buttbuddies to seize the server and/or demand we install taps on the hardware, or you use Tor.

Tox is amazing because it's distributed. You can't censor it unless you feel like blocking a metric fuckton of people (and the more popular Tox gets, the harder it gets to censor it). You cannot raid servers, and there's no uptime you have to worry about. If someone is using Tox, then Tox is up. It's secure, and it just works; there's no middle-man you have to worry about.

But the moment you want to start hiding IPs, then you cannot directly speak with the person you want. I'd argue that I care more about my message getting directly to the person I intended it to, rather than my message being handled by various people and servers, just so I can hide who I am. There will be ways to anonymise yourself once you can be a TCP-only client, and if that's what you want, then go ahead and do what makes you happy. But if you do that, I can't guarantee that your experience with Tox will be as pleasant as we want it to be.

tl;Dr: You can hide your IP if you desire, at the cost of video messaging, insanely slow file transfers, and your packets being handled by the US government even more so then they currently are (For is infiltrated by the US government).Tox will not do this by default.
>>
>>43358380
>bumping the thread
You fucking cunt
>>
>>43358380
Why would you bump the thread.

Play some weeb music on audiobotze, fag.
>>
>>43358394
>>43358407
it was saged.
>>
>>43358452
No it definitely got bumped to page 1, fag. Now we're on page 3.
>>
>>43358099

bump faggot HAHA
>>
who cares if someone has your IP?
>>
Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.

Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.
>>
>>43357646
>peers in p2p connections know each other's IP addresses
Stop the fucking presses, this is the security nightmare of the century.
What's next, are you going to tell us that torrent swarms can see all the IPs of the peers in the swarm?
>>
>>43358853
hi guys how do i sage this thread? i want to make sure i don't give it any unneeded bumps
>>
>>43358894
Actually you only get their IP addresses if you add them as a friend. So it's much improved from traditional p2p but OP is still autistic.
>>
Dear OP,

Contrary to that which you have been led to believe, an IP address, by itself, is absolutely useless. There is nothing harmful that can be done with nothing but an IP address. The actual metadata issue is being solved (and has been for the most part).
Please note that TOX's objective is not to keep the user anonymous, but rather to give the user back his/her privacy.

Sincerely,
Anon
>>
Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.

Do not reply to this thread. OP is trying to troll outside of /b/ in an attempt to fill the void in his lonely life and pretend he doesn't know how IP and p2p applications work.

Report and hide.

If you must reply, please sage.
>>
I find it interesting that when OP expesses a legitimate concern about the software, the reaction of the developers and the "community" is, well, what this thread currently is, rather than addressing OP's criticism, which sounds fairly serious.
>>
Bump for more Tox developer buttmad.
>>
>>43358956
It's called concern trolling.

And no, his criticism is not serious. He's complaining that if you add someone as a friend they could possibly get your IP address. Well no shit, that's how PEER TO PEER works. It connects PEER TO PEER. PEER TO FUCKING PEER, you retarded shitcunt. PEER TOOOOOO PEER.

That means to connect to A PEER you're going to have to use protocols that the internet is built on. And with that protocol you connect to a machine which reveals.... your IP address to it!
>>
Why is libel allowed on /g/? Especially libel against free software.
This reeks of /v/.
>>
File: 1393785714251.jpg (37 KB, 1280x720) Image search: [iqdb] [SauceNao] [Google]
1393785714251.jpg
37 KB, 1280x720
>>43359053
because no mods?
>>
>>43359119
>bumping a bait thread
>>
>>43358999
Well you don't make yourself look very good by pointing your finger at him and saying "he's just a troll from /b/", especially when OP's argument is intentionally designed to look to uninformed people like he has a real complaint about the security of your software. This makes you look like you are simply evading the issue. Or worse, that you are a government shill who is intentionally developing bad software.

Maybe instead of countering OP's "trolling" with sage bombs and attacking his motives for pointing out flaws in your software, you would do better for your project if you articulated your counterargument properly and explained why it is exactly that his concerns do not have merit.
>>
http://pastebin.com/KaHzE27Y
Wouldn't the NSA etc. be MORE interested if you're using software like this?
Enjoy being on some list.
>>
>>43359206
It's not my software.

You can't counter his trolling. Because he's fucking autistic. He will literally troll for hours. It depends on how hard he wants to shitpost, but he literally cannot be wrong if he sways the conversation correctly.

How about you just stop replying to the fucking thread and stop giving him attention instead? Anyone with more than five neurons lighting up knew he was a fucking moron just by reading his post anyways.
>>
>>43359206
>stop calling out my trolling and play ball.
no fuck off the ip address argument is retarded, there is no "issue" to avoid.
the internet is designed to communicate between ips
>>
>>43358051
Torchat is anonymous. It was retarded to even make Tox in the first place.
>>
It's not an issue really.
Tox doesn't run over Tor, nor is it likely to in the near future since there's an aversion to high bandwidth services on Tor.

I2P allows UDP packets, theoretically the existing relays could also act as I2P bridges so that clearnet and darknet networks can communicate with each other. I2P is also more suited to high bandwidth applications and you can adjust the number of hops a packet has to travel.
>>
Tox is an NSA honeypot??
>>
>>43359270
Torchat is pseudoanonymous, once you keep a hidden service ID and start adding people you're exposing yourself to social engineering attacks to divulge your identity.
>>
>>43357732
>>43357790
>>43357901
>>43358015
>>43358021
>>43358099
>>43358881
>>43358948
Talk about damage control.
>>
wow thanks for letting me know OP. im going to get me and my friends to use bittorent bleep instead. :^) godbless
>>
>>43357716
They were naive?
>>
>>43359244
>>43359260
All I'm saying, is that your mother fuckers posts look far more autistic and even abusive (derailing the thread, actively trying to avoid any discussion about the topic) than OP's do. It makes you look less credible, and it does a disservice to the Tox project as a whole.
>>
>>43359408
Derailing what thread? OP's blatant concern trolling? There's no discussion to be had here, you fucking retard. OP is trolling. That's the discussion. That's all that's fucking happening here. He has no real concern about the project. He doesn't want to make it better. All he fucking wants is you to reply to his thread, because he's a lonely piece of shit. And you KEEP FUCKING REPLYING because you're totally oblivious.
>>
>>43358956
>>43358999
Way to wail on an innocent poster
>>
>>43359448
He's fucking retarded as well. In fact, so are you.
>>
>>43359440
Maybe if you stopped reacting so mad and falling for bait, people would stop baiting you.
>>
File: pretending.jpg (82 KB, 395x615) Image search: [iqdb] [SauceNao] [Google]
pretending.jpg
82 KB, 395x615
>>43359478
>>
>>43359455
>>43359486
>wants to stop discussion
>starts discussion
Who's the fucking retard here? Moron.
>>
>>43359497
I'm calling you fucking retarded, not starting any discussion. There's no discussion to be had. This is a troll thread and retards like you kept fucking bumping it because you're retarded.
>>
why isnt there a warning about this

the script kiddies that use tox need to know this information

exposing your ip address on the internet is no good
>>
So why has Tox gone with an incomplete cross platform solution that doesn't support native notifications, like qTox or uTox, rather than go full native like Poison for OSX and WinTox for Windows / Metro?
>>
>>43359511
Actually, I notice the only person that would keep replying to posts to keep the thread bumped like a fucking idiot would be OP, very nice ruse m8
Here, have a free bump.
>>
>>43359539
Actually, no, we've been on page 1-2 for quite a while now because you fucking retards keep bumping it. And you're still bumping it.

Learn to sage, dipshit.
>>
someone knowing your ip does not matter
http://www.bvog.com/?post=IDcCfLW4hDPzwASOC
>>
>>43359440
I'm not saying OP's concern is legitimate. I'm saying, and what you're saying as well, is that he wants people to think his concerns are legitimate.

What I'm trying to get across to you is that the tactics you are using to deal his trolling are counterproductive because it makes you look like the autist. It makes you look like the shitposter. It makes him look like the good guy when presumably he is not.
>>
>>43359553
You're not the boss of me, faggot, I'll sage when I fucking want to.
>>
>>43359591
Again, you fucking retard. We just had a 300 page thread. Where he sat there for hours. And then he made a new thread. You don't know what you are talking about. He is literally pure autism. You cannot fucking counter trolling. You can only feed the troll. The troll only dies if you don't respond to it. now lurk more, you piece of shit, I'm out.
>>
>>43359591
OP is the good guy though because the Tox guys are letting people on an anonymous imageboard post a Tox ID that reveals their IP.
>>
>>43359591
No one's going to give a shit about some anon acting autistic on /g/.

Anyway you should both stop responding because there's no reason to have a conversation in this thread.

It'll just attract more attention and someone will end up posting without sage.
>>
>>43359524
a little disclaimer would be nice
>>
ITT: Tox developer gives us another reason why /g/ projects are all doomed to fail: because /g/ autists are horrible at public relations.
>>
>>43359539
Pretty sure OPs can't bump their own threads.
>>
File: 140803015742.png (60 KB, 1181x224) Image search: [iqdb] [SauceNao] [Google]
140803015742.png
60 KB, 1181x224
>>43359569
>>
>>43359747
Pretty easy to get around that.
>>
>>43357716
They never told us it wasn't encrypted. It was sorta assumed to be due to the nature of the application.
>>
>>43359524
>why isnt there a warning about this
>
>the script kiddies that use tox need to know this information
>
>exposing your ip address on the internet is no good

Because the Tox devs want you to think that your "Tox ID" is a completely anonymous string of numbers that you could toss out anywhere and have people communicate with you on without exposing yourself.
>>
How else does a non-centralized client work?

Unless everything goes through a central server whoever you chat with must know your IP.

Retards
>>
>>43359783
>They never told us it wasn't encrypted. It was sorta assumed to be due to the nature of the application.
How are you going to 'encrypt' IP addresses you retarded piece of shit?

You don't get their IP address until you fucking add them as a friend.

Just because someone posted their key in public doesn't mean that you automatically get their IP address.

You know what program actually reveals IP address of though? Fucking Skype. You can get an IP address with just a handle. IP addresses are useless. They're not identities. It's not even guaranteed that a human is behind them if someone clicks on your link in, for example, >>43359771
>>43359569

Again, you are fucking retarded. That's the kindest way I can put this.
>>
>>43359783
>It was sorta assumed to be due to the nature of the application.

And the Tox devs are benefiting from that assumption instead of openly saying on addmeif.com and toxme.se that anybody who you accept a friend request from sees your IP address.
>>
>>43359845
I know you probably think that you're being the rational one in this thread, but every time you post it sounds like the ramblings of a raging sperglord.

Seriously, listen to yourself, then try to communicate your ideas in a way more mature than a pissed off 16 year old.
>>
>>43359875
this, you're making yourself look like the retard.
>>
File: snowdin.jpg (22 KB, 462x462) Image search: [iqdb] [SauceNao] [Google]
snowdin.jpg
22 KB, 462x462
What about address resolution over I2P or obfsproxy?
>>
>>43359855
>NO BUT WE DON'T HAVE TO BECAUSE IT'S SELF EXPLANATORY WE'RE TOTALLY NOT STRATEGICALLY OMITTING THAT INFORMATION RABBLE RABBLE YOU'RE JUST A FUCKING IDIOT RAH RAH RAH

There, I just saved them the trouble of responding to you.
>>
I disagree with the conclusions the OP has drawn from something everyone already knew and is basically a non-issue. However, the responses of people against the OP are really fucking obnoxious and pathetic spam bullshit and makes Tox looking like a fucking joke.
>>
>>43359923
OP may just be a baiting troll, but look at the way Tox devs have reacted, he's done a brilliant job.
>>
Solution: dont friend every fucking stranger you meet. This shouldnt be a challenge for autists like you guys.
>>
Oh no! Not my IP!

People who are interested in Tox should already be aware of this. This issue should be addressed, but Tox isn't even beta, let alone completely enough to be bitched about.
>>
>>43359875
I really don't give a fuck what you think I sound like, dipshit. You're stupid as fuck and don't know how p2p works. You think any of those bittorrent swarms you're in are private? You think you're encrypting your IP address or some shit?

It's time that your assumptions were smashed, moron, because you seem to think IP addresses mean jack shit. They're not even worth anything in court nowadays for copyright infringement.

>>43359895
They already do address resolution over onion routing. These fucking morons are complaining that you're DIRECTLY CONNECTING to the person you're talking to. That's what they're angry about. Apparently they think that no one told them that they're directly connecting to other tox clients. I doubt there's a 'they' actually, probably just op.
>>
I admittedly don't know that much about encryption, but I have a question:

Could Tox somehow handle the P2P connections by establishing a link between two addresses and tunneling them to each other anonymously? Basically a built-in bouncing protocol that wouldn't return the actual ip address to the client connect, but rather a proxy within the client itself?

Once again, I don't know that much, but I am curious if this is a possibility or if it isn't.
>>
>>43359956
>I really don't give a fuck what you think I sound like, dipshit. You're stupid as fuck and don't know how p2p works. You think any of those bittorrent swarms you're in are private? You think you're encrypting your IP address or some shit?
I'm actually not the person you were talking to, just an outside observer. But keep crying, it doesn't make you look like any less of a retard.
>>
>>43359569
heres the ips from >>43359569
its fucking nothing

98.226.44.29
162.238.129.59
95.173.233.63
73.32.102.97
78.110.168.83
188.138.2.229
24.124.190.232
204.9.156.142
74.125.22.121
96.250.38.115
77.111.199.222
207.242.226.231
142.69.144.254
>>
>>43359937
I haven't done a brilliant job. I merely pointed out something from the HN thread that irungentoo and the rest of the Tox devs didn't want to make a big deal out of because it doesn't make sense for people on an anonymous imageboard to give out an ID that exposes their IP address, yet you never saw any Tox dev explicitly warn against posting Tox ID's on 4chan.
>>
>>43359956
Ah. So would I2P make it "anonymous" (I know tox isn't supposed to be anonymous)
>>
>>43359956
>I really don't give a fuck what you think I sound like, dipshit. You're stupid as fuck and don't know how p2p works. You think any of those bittorrent swarms you're in are private? You think you're encrypting your IP address or some shit?
>It's time that your assumptions were smashed, moron, because you seem to think IP addresses mean jack shit. They're not even worth anything in court nowadays for copyright infringement.
Just remember, you're marketing this project towards normals, people that OBVIOUSLY HAVE NO IDEA HOW p2p WORKS and WILL BE CONCERNED THAT THEIR IP ADDRESS IS BEING REVEALED TO EVERYONE THEY'RE CHATTING TO EVEN IF THEY SHOULDN'T BE.

Don't talk down the very people you're trying to appeal to.
>>
I thought Tox was p2p, IP leaking is inherent in that case. Otherwise, the Tox devs are shit.

XMPP+Pidgin+OTR+Tor = ftw
>>
>>43359987
>it doesn't make sense for people on an anonymous imageboard to give out an ID that exposes their IP address
it makes less sense to care.
>>
>>43359965
You could dump all messages on a blockchain like buttcoin, but that would only expose every single message sent ever an require long fucking waits. Seriously, if you want to let Alice talk to Bob, that bitch need to have some phone number.
>>
>>43359956
> These fucking morons are complaining that you're DIRECTLY CONNECTING to the person you're talking to. That's what they're angry about.
That's unfortunate. Maybe you should try to make this point clearer on the website, it may help avoid such misunderstandings.
>>
>>43359956
>I doubt there's a 'they' actually, probably just op.

Actually, there's a lot of people that are surprised that everybody they friend on Tox can see their IP, because 4chan is an anonymous imageboard, and people assumed that they were anonymous on Tox as well, which the Tox devs didn't have a problem allowing people to assume when they made Toxme.se and addmeif.com
>>
ITT: shills trying to convince us p2p is a bad thing
i have popcorn and everything.
>>
>>43360017

Well I was thinking of something along the lines of:

client -> Tox -> client accept/reject -> Tox establish connection ToxConnection(client 1, client 2)

client1 -> ToxConnection <- client2

And then the ToxConnection just bounces back encrypted addresses. Something like host scrambling on certain IRCds except it is all routed through localhost and the Tox application handles everything itself. Granted I'd imagine if you really wanted to that you could find a way to get the IP address if you really wanted to, but at least it wouldn't be exchanged completely transparently.

Once again, I'm a layman.
>>
>>43360048
Moot has all our ip addresses. Youre not truly anonymous, you never were. If the nsa want dirt on your ass, the want to know WHAT youre saying, they already have the metadata anyway so trying to hide your ip isnt even that useful.
>>
>>43360082
>if you really wanted to that you could
why bother then. its not like the client displays ips.
determined people gonna determ
>>
>>43359995
>there's a lot of people
Who? Haven't seen anyone bitching in IRC. Nope, someone went full autist yesterday and has been posting these dumb threads.
>4chan is an anonymous imageboard
AHAHAHAHAHAHAHAH
>>
>>43360082
Are you proposing a central server that relays messages, because that defeats the entire purpose of tox. A p2p protocol always needs the ip of the receiver to send stuff to. You could obfuscate this using tor or i2p, but thats just like taking a country road instead of the highway. Endpoints would still be the same.
>>
>>43360128
I never said any of that...?
>>
>>43360147
whoops

>>43360128
meant to reply to
>>43360048
>>
>>43359956
Tox is finished, everyone knows garlic routing is far more secure than onion routing.
>>
>>43359988
answer pls
>>
Is utox finished? I've heard that it doesn't work with screenreaders.
>>
>>43359956
Is there any reason why Tox shouldn't add the OPTION of routing traffic over the DHT, maybe by 2 hops to minimise latency?
>>
File: .webm (174 KB, 332x436) Image search: [iqdb] [SauceNao] [Google]
.webm
174 KB, 332x436
>>43359845
>Fucking Skype
Not any more. There's an option you can enable which makes people unable to get your IP just by adding you.

Which, in turn, makes Skype more secure than Tox.

Stay mad, Tox fanboys.
>>
>>43360082
>at least it wouldn't be exchanged completely transparently.

>lets try to obfuscate data in a client, in a server-less network, thats open source
>what is a waste of time?
>>
>>43360190
Show me the option. In fact, give me your skype handle and I'll have your IP address in five minutes, guaranteed.

They still haven't fixed this years old bug. The forums are still complaining about it. Get fucked or give me your skype handle. Be sure to run your client, as well.
>>
>twitch streamer gives out toxid thinking it's secure
>gets ddos

even skype is more secure since it masks ips from people you're not friends with lmao
>>
>>43359999
>quads
The only problems I see with that setup are Pidgin, libpurple is horribly insecure (use Instantbird in the TIMB, it uses JS instead), and reliance on a centralised XMPP instance. If XMPP was P2P then that wouldn't be an issue.
>>
>>43360174
It would only obfuscate which clients talks to another, there are several feasible attacks on it too. Again, Eve does not care about who is talking (Alice and Bob), but about what they are saying. Tox uses good encryption, making it cryptographically secure.
>>
>>43360209
So Toxtards don't even know year old news?
>>
Why is this thread still alive?
>>
>>43360212
Uhh, actually skype is the one that allows you to get their IP address even if you're not friends.

You can't correlate an IP address with a public key until you add them.
>>
>>43360228
What about obfsproxy?
>>
>>43360233
>years old
The skype forums are still complaining about it. They centralized some things, but you can still get an IP address.

What are you afraid of, just give me your handle. If I can't get your IP address, something you cherish so much, what's the problem?
>>
>>43360228
Not necessarily. If Bob was part of an investigation then Alice might be investigated just due to her communication with Bob. The NSA already does this by their '3 hops' investigative strategy.

It's an issue that people are concerned with, it should be looked into rather than ignored and written off as 'not policy'.
>>
I've never used Tox, but do they support SOCKS proxies?
>>
>>43360252
I don't use Skype. Why are you so desperate? Do you think that by getting my IP somehow, you will redeem Tox's reputation?

Everyone knows it's a piece of shit.
>>
>>43360245
Only obfuscates the protocol. Sure, it would make it harder to get someones ip, but given an adversary with enough power (realistically the nsa at the moment) it would still be traceable to individuals.
>>
>>43357668
You're saying not to post your tox ID on 4chan because NSA might friend you and see your IP, because the NSA monitors 4chan. And the people who post anything on it. And their IPs.
fucking retard
>>
>>43360274
So you admit you don't know what the fuck you are talking about and were wrong then?

Fact: You can still resolve Skype handles to IP addresses without them adding you.
Fact: You CAN'T resolve public keys to IP addresses without them adding you on Tox.

So in fact, Tox is more "secure" in this respect (I think you don't know what secure actually means, but whatever) and you were wrong.
>>
>>43360266
Dont get me wrong, Im all for obfuscating the nodes, its just that it is still no guarantee for anonimity.
>>
How is Tox approaching offline messaging?

Is it possible to do something that just works like I2P rather than relying on friend nodes that might not be online?
>>
>>43360236
Because some autists tried hard to kill it, naturally it did the opposite.
>>
>>43360236
This must be the work of sti! Gosh darn it, Micheal! We'll get you next time!
>>
>>43360327
It would have been find had proplex not bumped the piece of shit like a retard.
>>
>>43357646

>p2p gives your ip to another person


isn't that how p2p is supposed to work?
>>
>>43360356
NAH BRAH UR SUPPOSED TO ENCRYPT THE IP ADDRESSES
YOU DONT EVEN KNOW HOW TO MAKE "SECURE" SOFTWARE, LEL KEK XDDDD
>>
>>43360317
It would make the discovery much more difficult, IIRC UDP packets can be forwarded over I2P and the number of nodes (hops) the packet bounces through can be configured so the user can balance anonimity with latency for RT communication.
>>
>>43360266
they can hop as much as they like right now but they can't read any of the content. that's much more important right now.
>>
>>43360432
I understand that encryption of the message is important, but in an age where probable cause has much less of an impact and proving correspondence, no matter how circumstantial, can bring down the authorities, it's something that needs to be considered at least for a future release.
>>
>>43358938
Fucks sake so much this.
>>
>>43360482
tox will work over tor eventually, boom.
in the mean time either don't use it, only add friends, or use a vpn. just don't say tox is broken or compromised in some way.
>>
>>43360546
Rather it can just do address resolution over Tor. I2P would be needed if you wanted to do AV stuffs. In fact, it will probably work now.
>>
Friendly reminder if you're suggesting that toxcore pulls in tor and/or i2p as a dependency that you're retarded. They have better things to work on than some autist upset that his friends can see his IP address.
>>
>>43360308
>the NSA monitors 4chan. And the people who post anything on it. And their IPs.

Prove it.
>>
>>43360693
address resolution is onion routed anyway
an option to route all but a/v could be fine to, but not necessary.
>>
>>43360735
no proof needed we know they can get this info thanks to snowden.
>>
>>43360735
He said that, as a reason not to post your tox IDs here
>>
>>43360737
So just by simply running everything except A/V over tor would get he job done?
>>
>>43360773
So what? They can't get your IP address from a tox id anyways.
Further, do you think they actually NEED to fucking resolve your public key to get 'who posts on 4chan/g/' you fucking moron?

https://en.wikipedia.org/wiki/XKeyscore

This board is filled with total dumbshits.
>>
>>43358938
>Dear OP,
>
>Contrary to that which you have been led to believe, an IP address, by itself, is absolutely useless.

Dear anon,

Please post a screenshot of your router config page showing your IP address and put your money where your mouth is.
>>
>>43360777
there is no "job" to be done but i imagine that feature will be implemented one day.
>>
>>43360800
that's what I was saying to him fuckface
>>
>>43357646
But it's P2P you dumb retarded nigger. That's how P2P operates.
>>
>>43360802
see
>>43359975
and shut up
>>
>>43357646
Is this info 100% viable? Can i believe it blindly? Please confirm this first. If so, i'll have to stop using Tox
>>
>>43360546
Why not I2P? It already supports UDP.
>>
File: 1406996292600.png (51 KB, 1000x1000) Image search: [iqdb] [SauceNao] [Google]
1406996292600.png
51 KB, 1000x1000
>>43360861
>>
>>43360861
No shit sherlock how the fuck do you think P2P works?
Should I post a thread saying RED ALERT 4CHAN CAN SEE YOUR IP!! VISITING 4CHAN GIVES YOUR IP STRAIGHT TO M00T!!!
>>
>>43360731
>>43360693
>>43360737
Tor is broken due to its bridge relay design. I2P clients are also relays, and it employs far more efficient and secure garlic routing.
>>
>>43360861
think of your accepted friends as torrent peers

if you accept a frind request from somebody, they will be able to figure out your IP

if you don't want them to know your IP, you can probably run tox over TCP through Tor or something, but video and audio will probably be laggy as fuck
>>
>>43360546
Why route over Tor when I2P can handle the extra bandwidth required by A/V?
>>
>>43360897
Yes anon i know how P2P works. But the thing is, can anyone actually do anything even if they know your IP? I mean, you have a firewall, and whatnot to prevent that from happening?
>>
>>43360943
then route it over i2p instead
nobody cares
>>
>>43360933
Tor is too slow for A/V, route over I2P instead
>>
Someone try to route Tox over I2P and share the results
>>
>>43360951
nobody can do shit with your IP unless you're some idiot who's running insecure servers or some shit
>>43360961
you will be able to do either
>>
>>43360957
It doesn't work at the moment because there aren't any Tox relays on I2P or Tor for that matter.
>>
>>43360920
Actually it's i2p that has more problems with protocol flaws. i2p inherently is more vulnerable to sybil attacks and statistical analysis through the network of clients.
>>
>>43360989
m8 just torify that shit
>>
MUH IP ADDRESS
MUH IP ADDRESS
MUH IP ADDRESSS
FR(ENDS CAN SEE MUH IP ADDRESS OH NO

>>43361002
>torifying UDP
fuck off
>>
>>43360980
Then i dont really see any reason to stop using tox.
>>
MUH IP ADDRESS
>>
>>43361022
tox should work over tcp as well m8
>>
File: 140803032403.png (107 KB, 1293x441) Image search: [iqdb] [SauceNao] [Google]
140803032403.png
107 KB, 1293x441
this sums up why the ip problem isnt a problem at all. plus most peoples ips change frequently.
>>
MUH IP ADDRESS
>>
>>43360991
Proof?
Bote hasn't been broken yet and the only I2P vulnerability so far exploits the plugin architecture rather than the protocol.
>>
>>43360980
But it would be more efficient over I2P than Tor
>>
>>43361270
https://www.cs.ucsb.edu/~chris/research/doc/raid13_i2p.pdf
>>
>>43361281
if you made a i2p only network then sure

but if you wanted to communicate with existing tox network, you could use tor
>>
Why are the mods on /g/ so shit?
>>
>>43361270
Also
http://www.researchgate.net/publication/221609803_Information_leaks_in_structured_peer-to-peer_anonymous_communication_systems/file/e0b495242b744d1499.pdf
http://www-users.cs.umn.edu/~hopper/hashing_it_out.pdf

You claiming that it's never been broken is totally disingenuous. Do be sure not to drink too much of the i2p dev kool-aid.
>>
>>43361302
It wouldn't be an issue if relays also bridged connections over I2P and the clearnet, then Tor isn't needed.
>>
>>43361331
>>43361298
Well I guess Tor and I2P are on the same level vulnerability wise.

That doesn't stop I2P being the better network due to better bandwidth handling
>>
File: 1398991574395.png (147 KB, 405x327) Image search: [iqdb] [SauceNao] [Google]
1398991574395.png
147 KB, 405x327
>>43357646
So does BitTorrent, HTTPS, and everything else that uses the Internet.

This is a fundamental flaw in the IPv4 protocol that was fixed with IPv6. IT IS NOT AN ISSUE WITH TOX.

Many Linux distributions enable the IPv6 privacy extensions and use the temporary addresses by default.

https://wiki.archlinux.org/index.php/IPv6#Privacy_extensions

Picture related:
>mfw when 99% of people use IPv4.
>>
>>43361327
maybe because they're asleep at this time or something?
>>
>>43361790
IPv6 has been in operating systems since, what, the late 90's? And now we're scrambling for IP addresses and ISPs are putting NATs in every damn neighborhood.

Wouldn't it be cheaper in the long run to just fucking turn on IPv6?
>>
>>43362130
>Wouldn't it be cheaper in the long run to just fucking turn on IPv6?
No, it would not.It is rather simple for an ISP to set up NAT at their level, as everyone already supports IPv4.

It does not matter that operating systems support IPv6, it is the embedded devices that matter. Routers and modems are the big issue currently.

While most ISPs have upgraded the hardware and firmware on their end, most consumers haven't.

Not only do you need at least a DOCSIS 3.0 complaint modem, you need the firmware on the router to support IPv6 as well. This would require the vast majority of people to buy a new modem and router. Router companies are scum that will never provide an updated firmware that supports new features and even if they did just about no one would update it.
>>
>>43362432
The key words were
>in the long run

They can't fucking bungle about with their NATs for the rest of eternity. At some point they're going to have to do it.
>>
>>43362495
In the long run it is still cheaper to use IPv4 with NAT.

>At some point they're going to have to do it.
It is not the ISPs fault, it is the need to update old hardware and firmware to support IPv6.
Like I said, most consumer American-tier internet providers support native IPv6.

>Performing site maintenance. Try again in ~10 minutes.
Great job, moot.
>>
>>43361022
>>43361044
>>43361246
What's wrong with worrying about your IP address being revealed?
Also, nice dubs
>>
>>43357732
Nice ad hominem.
Now where's the argument?
You know, the one you're lying about being given "many times"?
>>
File: sip.jpg (168 KB, 540x936) Image search: [iqdb] [SauceNao] [Google]
sip.jpg
168 KB, 540x936
You know, you can also just run a portscan to find out who is using any P2P software. It's kind of how any network connection works.

The point of Tox is that even if someone knows you use it, they don't know what you use it for.
>>
File: tfc.png (416 KB, 1736x1496) Image search: [iqdb] [SauceNao] [Google]
tfc.png
416 KB, 1736x1496
>>43359999
>>43360216

github.com/maqp/tfc
>>
>this fucking thread
I guess people will soon start to complain about websites knowing the IP addresses of their visitors.
>>
>>43364510
Don't they?
Shouldn't they?
>>
>>43364510
That's why you can still use Tor.

Does Tox support Tor? It fucking doesn't.
>>
>>43364458
>Hardware random number generator provides truly random and properly whitened entropy for OTP encryption keys.
>Hardware
>truly random
..
?
>>
>>43364510
I'm pretty people already are.
>>
>>43360735
Well, we're all assuming the worst case scenario here, right? Either the NSA goes out of their way to create Tox accounts and attempt to "friend" random people on 4chan (Tox users only, a small subset of the total 4chan population), or they can easily and quickly exert their influence on moot and get collect complete logs of everything everyone has ever posted on 4chan along with their associated IPs. Get your head out of your fucking ass retard.
>>
Waa! waa! I can't believe people online have my IP! Here's a tip fuckwits, it doesn't matter.
>>
>>43364552
Truly random = non-deterministic. It means there's no algorithm from which bits can easily be derived. the ? is so negligible (+ entropy passes dieharder) you might as well call it truly random.
>>
>>43364602
The point is people who share their ToxID over internet are extremely easy to get MITM attacked. Unless you share it with PGP and a strong keyring can connect you to the other person, you can't securely verify you have the correct ToxID.
>>
What are you going to do with my IP anyway? Ping me?
You also share your IP with every site you visit or every peer on a bittorrent swarm.
>>
>>43360190
Tox has a backdoor and is also run by a company that allows full access to all of your communications as plaintext? interesting, i better switch to fucking skype then!
>>
>>43364531
It soon will with the addition of TCP-only traffic.
>>
>>43364718
>What are you going to do with my IP anyway? Ping me?

How about track you down?
>>
>>43364718
>what are denial of service attacks
>>
Everyone who genuinely thinks this is a problem should be banned from /g/ for lack of knowledge of technology and the Internet
>>
>>43364641
>you might as well call it truly random
no you may not
>>
>>43364771

>>>/b/
>>
>Peer-to-peer chat program
>People are surprised that you need someone's IP to talk to them
Fucking really? What are you even doing on /g/?
>>
>>43364867
apparently talking to people who've never heard of onion routing
>>
>>43364837
Untrue. There are many instances in where you'd want to keep your IP address private. I'm not saying you're getting port scanned or anything, but OTHER web pages have crappy methods. Our local social media site with 80% of youth uses crappy PHP session ID generation that uses IP as part of hash content. By knowing the user IP you only need to brute-force the crappy LCG values.

By knowing someone's IP you can also stage them for CYBERATTACK™ with a simple UDP flood attack.
>>
>>43364771
>Run their IP through a geoip database
>You now have the name of a city that may or may not be the city they live in, but is probably a city they live within an hour's drive from
>u hav ben haked by anonamus
>>
>>43364848
I hope we're not arguing semantics. Explain your concern over the security and something will be done about it. Greentexting isn't giving you virtual points.
>>
>IP addresses are known to be used to monitor and spy on user's online habits and activites
>"HURR DURR YOU DON'T NEED TO HIDE YOUR IP UR ALL IDIOTS XDD"
What was the point of Edward Snowden and Tor?
I thought /g/ stood for freedom.
>>
>>43364898
Welcome to /g/, where trolls troll shills and shills get paid for the shittiest job on earth.
>>
>>43364908
Sometimes I really wish /g/ wasn't so completely full of shit.
>>
>>43364888
i'm not greentexting, i'm quoting
"truly random" has a well-defined formal meaning, and is being misused in the description you linked to
unless the famed hardware is a quantum device
>>
>>43364875
There is no reason why a fork of Tox that uses onion routing can't be made. I can't speak on behalf of the devs, but the reason why it's not included in the core is because filesharing, video, and audio are expected features in a modern chat program, and that would be slow as fuck over something like Tor.

It doesn't matter how great the security of Tox is - if no one uses it, it's useless.
>>
>>43364947
>the reason
my guess is that the reason*
>>
>>43364947
>and that would be slow as fuck over something like Tor.
i get atleast 500kb/s when downloading something through tor, it isn't so slow as it was years ago
>>
>>43364919
Quoting WIkipedia:
Physical phenomena with quantum-random properties
"Amplification of the signal produced on the base of a reverse-biased transistor. The emitter is saturated with electrons and occasionally they will tunnel through the band gap and exit via the base. This signal is then amplified through a few more transistors and the result fed into a Schmitt trigger."
>>
>use onion routing
>your IP is now given away to random nodes
>because you're afraid of giving your friends your IP
>>
>>43364947
Anyone can use it if they so prefer. It's not the job of software creator to affect people's choices. The issue isn't "something is easy to use", it's "OMG this will make me look like a tinfoilhat / non-patriotic / terrorist / unpopular". People value their imago over their privacy and think they can hide from the sea by blending in crowd on a sinking ship. People are stupid.
>>
>>43364898
The NSA already knows your IP

Tox protects you from the NSA, not your friends.
>>
>>43364969
I don't know what you're trying to imply with that quote (perhaps that's the process used by the "HW"?), but I've been too
https://en.wikipedia.org/wiki/Hardware_random_number_generator
and it appears (someone) calls those TRNGs.
I didn't know that.
>>
>>43357646
How is this even a problem? And what the hell does it mean to "encrypt" an IP address?

If Alice and Bob use Tox they know each other's IP addresses, fine. How else would they be able to route packets to each other?

If Eve has infected either user with a trojan, she can obviously get both users' IPs, but this seems irrelevant, since is already listening in on the conversation, and would be able to do so just as well with an onion routed system.
>>
>>43365012
>>Tox protects you from the NSA, not your friends.

Then its not good enough.
>>
>>43364969
So no, it might not be based on quantum fluctuation but if you're willing to provide circuit diagrams for device that creates higher quality randomness for matching price, shoot me an email and get your name in the whitepaper.
>>
>>43365012
>The NSA already knows your IP
Isn't that a bit defeatist?
>>
>>43365037
It's reality
>>
>>43365019
Yes, the process of Vazzana's HWRNG is based on avalanche noise of reverse-biased transistor.

Generally true random number generators measure an unpredictable phenomenon and non-random (pseudo random) use a seed and PRBG algorithm with very long period, such as Mersenne twister.
>>
>>43364876
You should not be able to brute-force sessions just by knowing someone's IP address. That is some shitty security you have going on
>>
>>43365037
Your ISP knows your IP
Random sites you visit know your IP

The whole internet knows your IP, your IP is meant to be public.

Use a VPN.
>>
>>43365037
Let's extrapolate. NSA knows your IP, what then?
>>
>>43364989
Yes, but with onion routing the random nodes won't get the payload, and won't be able to correlate it with a particular message (with the usual traffic analysis caveat).

But good luck onion routing voice or video.
>>
>>43365064
My words exactly. I've shot the developers email, I've even created zero knowledge PoC attacks on video and devs don't seem to give a fuck. Privacy is not their concern, they thought it was easier to add the line "Privacy can not be quaranteed" to ToS.
>>
>>43364876
That is irrelevant. IPs shouldn't be kept private just because of some retards
>>
>>43365090
They know all the websites you've been browsing, when you were browsing them, and what pages you browsed.
>>
>>43365118
I agree. Messages shouldn't be kept private just because retard web-criminals and intelligence agencies.

You either have security. Or you don't.
>>
NSA doesn't need to get your IPs through TOX or similar software, they just intercept all your traffic through your ISP providers, as any other worldwide country does.
>>
>>43365130
Indeed, but you can do better than that.
>>
>>43365131
I think you're missing the point. The retards here are the web developers using the IP for security
>>
>>43365132
NSA wants your IP, they get it from the database ISP shares with them. The two main issues are

NSA intercepts your private data on it's way
NSA steals your private data from your computer.
>>
>>43365159
Please write technical description so I can have clear understanding about the issue.
>>
>>43365148
That's enough, with just that you're already fucked.
>>
>>43365030
>Then its not good enough.
Why not? If you build an anechoic chamber and only talk to your associates face to face inside of it, it's technically perfect, you still can't know for sure if they are going to wear a wire or otherwise reveal your secrets to a third party afterwards.

The only thing you might be able to do is a mutually assured destruction scheme. Perhaps to talk to Alice, you might escrow a message between Alice and Bob, that will be revealed if Alice discloses the message between you and her. But I can't think of a practical way to implement it.
>>
>>43365173

by the way, you could be behind every most hacking-proof OS, as Linux or *BSD, and you're protected, yes. But your internet traffic, it's not covert, and neither some shitty extension that tells you that you're using an AES-256 encrypt could protect your infos from ANY government.
>>
>>43357646
daily reminder that OP is a fucking retard who has no idea how networks work
>>
what a thread
>>
>>43364960
>500kb/s
That's faster than I thought, but for audio and video, even just between TWO people, that's going to be a slideshow. Also, can we even use the tor network itself? I assumed we would have to make our own network.
>>
>>43365037
You literally get put on a watchlist just for being interested in Linux. What do you think they think of people who want to communicate securely?

I don't think these people are bad guys. They're probably a typical American, maybe a bit quirky, and certainly above average intelligence. They justify it to themselves with "sure, this would be too much power in the wrong hands, but I'm a good guy, and I know when to stop", and they probably think they're telling the truth.

The problem is that the bad guys rarely are like in the movies. They're not some guy who dresses darkly and shaves his head bald and never smiles. They're basically just horribly naive and/or misled people, and that's what makes them dangerous.
>>
>>43365243
Not necessarily. Snowden has appeared on video over Tor. Connection was crappy but Tor's getting only faster.

So far text has ruled as the main platform since people like having multiple discussions at the same time and VoIP is crappy for that purpose.
>>
>>43365286
They've made their choices. Egocentric society, valuing money over what's right. No one can be so mislead they can't open a book to see things from other point of view.
>>
Question:

Why do you guys just mention the NSA? Lots of other people can get your IP and use it to DDOS you, track you, and even a local law enforcement can use it to find you and get your ISP to divulge your customer info.
>>
>>43365414
Assuming you accept a friend request from them. Or go to their website.

In both cases I'd call that a user error rather than a design flaw
>>
>>43365414
NSA is a good scapegoat. It leaves you most headroom when discussing security: It's the current high-end threat with latest and furthest reaching technology that has it's own political goal.

NSA is the one who knows who you are and if you're a threat. It's unlikely you've pissed any other entity for trying hard you're not bothered by them. The more you try to opt out the stronger grip they take of you.
>>
>>43365012
>The NSA already knows your IP
All the more reason to whore your IP out in Tox threads. Pollute the logs with as much nonsense as possible.

If you're worried you're speaking to some kind of Lame-o you shouldn't be using video chat in the first place, you should use OTR, onion routing and other precautions, and write as little as possible, because any quirks in your writing style or any personal trivia you might happen to reveal might help reveal your identity.

Captcha: very ebinede
>>
>>43364458
its good but its not Tox.
>>
>>43365030
>Then its not good enough.
declares the NSA
>>
File: card_crusher.webm (2 MB, 320x240) Image search: [iqdb] [SauceNao] [Google]
card_crusher.webm
2 MB, 320x240
>>43360892
When reading the OP I imagined something like a 1-on-1 talk. Not answering to one of the million subthreads on reddit is nothing.
You know, in addition to this IP thing being a minor issue.
>>
>>43364837
>Everyone who genuinely thinks this is a problem should be banned from /g/

Hello irungentoo
>>
>>43365414
If you have a dynamic IP, a regular citizen can't track you. The only people who could is your ISP who keeps logs of what IP was leased to which customer
>>
I'm beginning to feel like there's actually some shilling going on. Who cares? The project is open source and maintained by /g/entoomen. I know where my loyalties are

Sure I may not use it, but I'll support the project to its completion
>>
Is syncbot dead?
>>
Tox is P2P you stupid shits. This it fucking made clear, how the fuck would you not know this? Peer to fucking peer dumbass.

It is not torchat, it is a low latency private(encrypted) line with chat/audio/video between a verified individual. It is not for trading CP with strangers on the internet. It is for securely talking to a verified individual. And if you use torrents, you've done much worse.


Not to fucking mention, you can scan the entire IPv4, all of it, can be port scanned in 45 minutes with a 10Gbit connection. If you've vulnerable, you've already been hacked.
>>
File: Facepalm.jpg (35 KB, 517x373) Image search: [iqdb] [SauceNao] [Google]
Facepalm.jpg
35 KB, 517x373
I have a domain registered to my IP on my name, so everyone that has my Tox ID can get my real name and adress by doing a simple reverse DNS lookup? And the tox devs don't consider this an issue?
I mean i knew thy didn't care about security, but this really puts the cherry on top.
I mean what's the use of tox besides a glorified rot13 substitution?
>>
>>43367807

>his domain doesnt have whois protection

opinion invalidated
>>
>>43367807
Tox is not torchat. It is P2P. It is not for trading CP with strangers. It's a private line between friends. It is not possible to fix in a meaningful way without adding significant latency. If you think you have a solution, you're probably wrong and it wouldn't add a meaningful amount of anonymity.
>>
>itt
>people mad that Tox isn't useful for trading CP with random people
Cry more and go back to tor faggots
>>
File: neonGenesisJew.jpg (20 KB, 500x450) Image search: [iqdb] [SauceNao] [Google]
neonGenesisJew.jpg
20 KB, 500x450
>>43367840
Sure, I'll trust some 3rd party with my domain
>>
>>43367878
So tox does the same OTR or PGP does?
>>
>>43367905
I'm not sure you understand what a domain is
>>
>>43367925
Yeah, think decentralized xmpp with federated usernames and video chat
>>
>>43367941
but xmpp HAS federated usernames. So the only use case for tox is videochat?
>>
>>43367807
Every website you've ever visited, every online service you've ever used, also has this information
>>
>>43365757
I agree it serves slightly different purpose but Tox is lacking clearly specified threatmodel. Tox could provide a backend support for VoIP / video stream -data over UDP using COTS Ethernet-to-Optical data converters as data diodes. Using OTP is not absolute must either. I'm confident about high-entropy PSK's, but the security-over-obesity factor is lost if key can quickly sneak through covert channel.
>>
>>43367967
There's a difference between leaking industrial grade intel and looking for cat pictures on 9gege
>>
>>43367955
Everything is federated in xmpp. Tor only federates usernames. Usernames are also optional, and you can just give your friends a public key if you wish to avoid any actual servers
>>
So why is this better than Skype ?
>>
File: 1374379785872.jpg (10 KB, 126x122) Image search: [iqdb] [SauceNao] [Google]
1374379785872.jpg
10 KB, 126x122
>>43357646
Of course it does you retard it's P2P. I don't even use Tox or participate in the threads but I know you're retarded. That's like complaining that BitTorrent reveals your IP. Tox is not Tor. The Tox devs have enough to do without also reinventing Tor.

I am replying to a 17 hour old thread.
>>
File: stqism.jpg (19 KB, 459x114) Image search: [iqdb] [SauceNao] [Google]
stqism.jpg
19 KB, 459x114
>>43368002
>Tor only federates usernames.
I'm going to assume you meant tox. So to use usernames you have to use servers? This shit gets better by the minute. But again, what is the actual usecase for tox, like what does it that other software doesn't. So far it's narrowed down to videochatting with trusted people. That's hardly a much.
>>
>>43364718
What are NAT exploits?
>>
>>43358380
Nice explanation.

Now let us all sage internally and ponder who is behind OP's post.


Why do people care about your IP being associated with a Tox ID? The point of Tox is to have a direct, encrypted connection to your friend.

I already know the answer so don't respond
>>
>>43368050
Let's go over this again. Tox is fully decentralized chat/VoIP/video chat. Usernames are really just a key lookup servers(after much thought, it was determined that there was no meaningful way to disservice usernames beyond what's similar to a GPG key server). It is extremely low latency because it's peer to peer, and to achieve P2P in a meaningful way, it employs basically every hole punching method in existence, the ports never need be forwarded for a P2P connection.


That's it take it or leave it. Actually, right now, leave it if you're not a developer. We will let you guys know when it's user testing time

That's it, that's what it
>>
>>43368153
So I'm right, the only use case for tox IS video chatting with trusted people.
>>
>>43368053
You can scan all of IPv4 in 45 minutes with a 10Gbit connection.

If you are vulnerable, you have already been exploited, reformat all your computers and get a real fucking firewall
>>
>>43368169
Or chatting or screen sharing or audio calls. Think Skype.
>>
>implying you can do something with a fucking ip adress
>>
>>43368192
So if I neither videochat nor call I'm better off with XMPP + OTR/torchat/SILC/whatever?
>>
>>43368213
Well, file sending is faster here, and personally I prefer P2P, but sure
>>
>>43368235
So why don't you use torrents for files? It's even faster than tox.
>>
>>43368300
Because people usually share unique things and there's already torrent networks?
>>
>>43368300
That's kind of a PITA, but if you made a program that used bittorrent for one-time one-to-one filesharing, with hole punching as good as Tox, I probably would
>>
My IP is not a secret. I'm fine with this.
>>
>>43368390
Generally it isn't. But now NSA knows your IP and sees you're protecting your conversation with Tox. Their automated software enters your computer by exploiting a vulnerability, steals your private key and starts decrypting traffic as it exits your computer. Tox is again, not secure by nature.
>>
with my dynamic adress which reaches from 90~.0.0.0 to 210~.0.0.0 I don't fucking care. LOL
>>
>>43368424
>Their automated software enters your computer by exploiting a vulnerability
What vulnerability?
>>
>>43368471
One of the 2.34e+12 ones in the tox client of your choice.
>>
>open source software
>no one on /g/ even checks the source before using it

This is why FOSS is a meme and literally means nothing.
>>
>>43368424
Tox is secure, and I don't know where to start with how due what you just said is.

Let's start with the basics I guess: that attack is always possible with any software. You can always identify traffic, and if your computer is hackable, get hacked. Yore basically saying that networking is insecure by design
>>
>>43368488
Specifically? Give at least an example.
>>
>>43368488
[citation needed] [dubious - discuss]
>>
>>43368511
Any unpatched software. Any 0-day Vupen sells NSA. Any 0-day NSA finds itself. Any backdoor NSA orders apple/microsoft/google to put into their proprietary code.
>>
All this Tox FUD

>ITT OP and his army of trolls are buttmad Tox is a successful project
>>
>>43368492
Only idiots don't know how Tox works. Those who have worked on the source and know how networking works, already know this shit about IPs.
It's not a backdoor; the people who were clever enough to check the source were clever enough not to complain about something as stupid as this.

Your conclusion is fallacious.
>>
>>43368654
>implying it hasn't long been undermined by the NSA.
All it offers is end to end encryption like millions of other protocols with the only difference that this one is being developed by a bunch of 15 year old 4channers and ledditors
>>
>>43368687
How old is irungentoo?
>>
>>43368687
>all it offers
It also offers the four software freedoms, which most of its alternatives do not.

>undermined by the NSA
What do you mean? Can you give an example? Elaborate?

>15 year old 4channers and ledditors
Nice unfounded nonsense.
>>
>>43368687
>calls developers 15 yr olds
>sits around trolling tox fanboys all day

cool story bro
>>
>>43368493
Maybe just read the TFC whitepaper.
>>
>>43368718
irungentoo is 19
>>
>>43368718
19, last time I checked. I suppose that makes him some sort of wise guru amongst the tox devs
>>43368721
>>all it offers
>It also offers the four software freedoms, which most of its alternatives do not.
Actually most do

>>undermined by the NSA
>What do you mean? Can you give an example? Elaborate?
Because everytime the NSA undermines a project they put it on a great list which they publish on nsa.gov

>>15 year old 4channers and ledditors
>Nice unfounded nonsense.
>implying tox didn't start as a /g/ pet project but had to move to leddit because /g/ figured out it was a bunch of bullshit
>>
>>43368832
>Actually most do
Please name some programs which are free, do the same things Tox does and has the same goals and development plan.
I'm sure they exist, but what's wrong with making another alternative?

>NSA
I think the NSA is a bit like the Gestapo, where everyone overestimates their power and all live in fear. The NSA wishes it could "undermine" Tox or other projects. It's wise to look at the diff for each version and see exactly what's put in and taken out.

>figured out it was a bunch of bullshit
I haven't; can you please explain?
And please don't say the IP thing, anyone with an understanding of the way Tox and networking operates already knows this, and if you used Tox and you didn't then you clearly don't know how software works.
IP addresses don't mean jack shit, either. 4chan has all the IP of all the posters in this thread anyway.
>>
>>43368904
>I think the NSA is a bit like the Gestapo, where everyone overestimates their power and all live in fear. The NSA wishes it could "undermine" Tox or other projects. It's wise to look at the diff for each version and see exactly what's put in and taken out.
good goy
>4chan has all the IP of all the posters in this thread anyway.
There's the thing, I'm well aware that 4chan has my IP adress, but that's ok, I don't expect secure and anonymous conversations from 4chan.
But an IM program that promotes "security" should at least provide anonymity. So the problem isn't that our private data is leaked everywhere, but that tox suggests it doesn't while it does.
>>
>>43368904
Jitsi. Redphone. Nothing's wrong with making an alternative. Just don't market it as NSA proof.

Just as with every snake product world has been floating ever since Snowden leaks started, until you address end point security, you don't have anything that's even remotely NSA proof.
Just because you think NSA is overestimated doesn't stop system such as Quantum/FoxAcid from choosing whoever it wants, and in quickly growing fashion.

Tox Isn't being undermined since it's open source, Tox is not secure enough to begin with.

Just make Tox work through Tor and forget about the people nagging about IP's. And again, let everyone know it's NOT secure against NSA.
>>
>>43368989
IPs are anonymous, they don't identify one person or group of people, just computers.

>>43369000
What was wrong about marketing it as "NSA proof"?
The only thing it exposes are IP addresses, and the NSA probably already has information about lots of IP addresses. IP addresses don't mean jack shit - not to the NSA and not to anyone with half a brain cell.
>>
File: toxDevs.png (412 KB, 589x2469) Image search: [iqdb] [SauceNao] [Google]
toxDevs.png
412 KB, 589x2469
>>43369047
>IPs are anonymous, they don't identify one person or group of people, just computers.
>IP addresses don't mean jack shit - not to the NSA and not to anyone with half a brain cell.
That's about the most inane thing I heard all day.
>>
>>43369064
That information was probably found with more of a starting point than an IP address.
If you want your IP address to be hidden because you're retarded, use a VPN.
>>
>>43369082
I didn't mean to imply that the pic is related to IP adresses, but your ISP knows pretty well who you are, and so does any government related agency.
>>
>>43369118
Your ISP knows who you are because they give you the IP address.
In fact, your ISP knowing who you are has nothing to do with IP addresses. Your ISP knowing about the websites you visit and their content is a legitimate concern.
The NSA/whatever probably does know who I am ; but they did that with more information than an IP address.
If they have some record, then they have profiles of social media accounts, emails, and other things - IP addresses are useless to them; just as they are to you and me.
The only thing an IP exposes is country and a city nearby. If you care about that information, use a VPN.
>>
>>43369047
Again. I'm not talking about the IP issue. Let me be clear. When NSA knows who they want to target, an individual that is suspiciously using privacy software Tox. NSA breaks into that computer. NSA steals private key / taps directly into microphone. Tox is compromised. It is not secure against NSA, since NSA can compromise computers in massive scale. It's not like they're using crappy payloads that scream about intrusion. No, the UNITEDRAKE etc. systems make high-end stuff like Meterpreter look like crap. Where TFC differs is the lack of 0-day vulnerabilities since it uses hardware approach. But still, the software is honest about what it doesn't protect the user against - such as TEMPEST, preinstalled and physically compromised operating systems etc. Security is a process and being dishonest with users equals selling snake oil.
>>
>>43369168
You seem to be slow, so I explain it very slowly:
Scenario 1:
Alice wants to talk to Bob, but doesn't anyone to know that she is. Tox can't be used since it's trivial for anyone with access to her packages to see to which IP she is talking to. Since the ISP keeps track on which IP address belongs to who they can easily know that Bob is the recipient of her messages.

Scenario 2:
Alice wants to leak secret documents about the US govermnment torturing prisoners. She uses tox to contact a reporter which then gives her ID to the local police. The government then puts alice into guantanamo.
>>
>>43369214
If your computer has been compromised, this is not the problem of Tox.
This is like saying anything in compromised if the private key is taken or the computer has been broken into with root access.
Tox isn't what's being exploited if they break into your computer, your computer is being exploited - and Tox played no role in enabling that.
>>
>>43369249
This equals saying it's not the fault of car company for not offering safety belts because driving is always safe when nobody on the road makes mistakes. If you can't offer Tox on secure platform, don't claim it's secure.
>>
>>43369249
Additionally, whose to say a buffer overflow issue in Tox can't compromise the computer?
>>
>>43369246
You should really be using something more than a chat program with your own IP to do the things you described, especially with someone you don't trust or have no real relationship with.

>>43369249
By this logic, no software which encrypts things using public key crypto is secure, because the NSA can get your private key. Is this what you're saying?
Please don't give me the car analogy; Tox isn't bundled as part of any system claiming to be secure.
The security of the user's computer is up to the user, not the Tox developers. If the user shared his private key with everyone, would that mean there is a vulnerability in Tox?
Tox does not claim to defend against people having root access to your computer and taking your private key. Any software which does this is probably lying.

>>43369320
That would be the fault of Tox (compromising the computer).
>>
>>43369365
>You should really be using something more than a chat program with your own IP to do the things you described, especially with someone you don't trust or have no real relationship with.
So again tox is only usefull if you trust the person on the other end AND the tox devs?
>>
>>43369365
I noticed the middle one quotes wrong post.

I'm saying if you offer a system that stores the private key on same computer that's connected online, the key can be compromised. Not accepting the reality of NSA's capabilities is not helping address the issue.

You either airgap (non-realtime comms) keys or you waterfall secure them (real time comms)

Read this

https://www.schneier.com/blog/archives/2013/0/how_to_remain_s.html
Then read this
http://cs.helsinki.fi/u/oottela/tfc.pdf

User can't secure the proprietary platforms Tox is being offered. Linux is of course different but hardening it past NSA's ingenuity is harder than hardware isolation.

You're claiming
"NSA-proof communication for everyone"

provides people more awareness and security than

"Tox is secure against passive attacks. Remember that if NSA compromises your computer (which they do), software is rendered insecure)"
>>
>>43369606
Typo with Schneier url
https://www.schneier.com/blog/archives/2013/09/how_to_remain_s.html
Thread replies: 326
Thread images: 19
Thread DB ID: 7799



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.