You have approximately 14.8 seconds to name an IM client or protocol

>>59811863
IRC

>>59811879
Irc isn't peer-to-peer

>>59811863
everything that has a larger user-base.
An IM with no user-base isn't worth a dime.

Matrix you dip

Matrix Tox bridge when?

>>59811863
GNU Ring

Kik, BBM, Facebook Messenger, Skype
>why
Because people I talk to actually use them.

File: come-be-happy.jpg (256KB, 1000x1502px) Image search: [Google]

256KB, 1000x1502px

>>59812198

>>59812220
I'm rather content just using SMS. Besides, that cartoon thing's not exactly enticing.

>>59812198
>no whatsapp

???

File: ready_to_kill.png (176KB, 560x530px) Image search: [Google]

176KB, 560x530px

>>59812198
>>59812249
>>59812267
I want normies to leave.

>>59812267
I live in the US, nobody here even knows what a WhatsApp is.

>>59812290
How am I a normie?

>>59812329
Why is the US always so far behind everything?
Whatsapp is messaging done right

>>59812405
>messaging done right
Before they were owned by Facebook, maybe

>>59812405
I don't mind the IM fragmentation, literally everyone has SMS/MMS

>utox
Is it even still alive at this point?

XMPP w/ OTR

Done.


Goodbye.

>>59812063
If it has me and the person I want to speak to it's fine for me

Wire.
Sadly, no one uses it either way.

>>59811907
why does this matter

>>59811863

theres something the terrorists are using which was in teh news recently, its not tox

said it was the most popular in the world

File: 1484842221745.jpg (114KB, 866x824px) Image search: [Google]

114KB, 866x824px

>>59813010
Must be AndroidMessage

File: mpv-shot0009.png (2MB, 1920x1080px) Image search: [Google]

2MB, 1920x1080px

>>59812452
>libpurple garbage
Hahahahah.

tox is basically dead and the clients are all garbage.

signal, WhatsApp, telegram

>>59815107
>signal, WhatsApp, telegram
Fuck off, shill.

>>59812079
Lol, optional e2e. In this post-snowden world.

>>59812175
Never.

>>59811863
kys, sqtism

>>59811863
What is this? Is anyone using it outside of /g/ memelords? No?

See >>59812198 + WhatsApp. :^)

File: mpv-shot0010.png (895KB, 1920x1080px) Image search: [Google]

895KB, 1920x1080px

>>59815296
It's an open, DHT-based, public key as DHT address, always e2e encrypted, forward-secrecy, distributed IM system.

Or the magic combination of features that an IM system needs in the present world.

>>59813010
I've hear it was some kind of forum, called rabbit or something.

>Implying tox is used for anything other than sharing CP
It's worthless

>>59811863
Even the logo is awesome.

>>59811863
ricochet

>>59813010
>whatsapp

>>59811863
Wire and Signal are a thousand times better.

https://github.com/TokTok/c-toxcore/issues/426

>hey guys there's glaring issues with your crypto
>fUCK YOU YOU CIA NIGGER THIS IS A SEKRIT NSA OP TO DESTROY TOX GET OUT WE'RE PERFECT

And this is why you should never trust homebrew crypto that actively refuses public help by more knowledgeable people.

>>59817615
Seesh, github issues.

Tox crypto was looked at by actual cryptographers a while ago; There was some hacker news thread about it.

There's one known issue, which has to do with impersonating the friends of a person who's private key has been stolen.

The devs are well aware of it, and it will eventually get fixed, but it requires breaking protocol, and c-toxcore from toktok (maintained fork of the original tox library) has other priorities. Namely, cleaning the code and documenting the protocol to some sane standard.

>>59818418
That's a pretty great response, anon. Too bad irungentoo and the rest of the GH team has fucking autism and can't handle (proper) criticism.

>>59811907
Who gives a shit, just put up your own server and force SSL connections or something.

>>59811863
matrix/riot

>>59811863
iMessage.

>>59818596
>irungentoo
I'm not sure he's still around. The people running the project right now (the toktok c-toxcore fork) are mostly active client developers.

Wire.

This thread was invaded by the /pol/ and /v/ shilling for CIA.

>>59811863
Retroshare with Tor.

>>59818891
Well, he was around enough to shit all over that GitHub issue and seems pretty happy to just shut down critique along with his dick-sucking posse

>>59819700
>that GitHub issue
Are you referring to the one with a massive security hole if you share your private key with people?

Threema secure messenger

>>59812183
More like GNU Meme, amirite?

>>59819792
Hey look the TIDF showed up.

>>59819848
Great argument as always. :^)

>>59819871
When someone points out a flaw in your crypto, regardless of what attack vector is, you should really listen and not just instantly defend whatever non-existent scope/timeline/protocol you think of on the spot.

Tox has a crypto issue. If someone gains access (read: it doesn't necessarily mean someone shared [i.e. willingly] their key) to another's key, the attacker can now impersonate anyone to that user, or impersonate the user itself.

I'd be very understand if Tox said "Hey, take a look at this document detailing what Tox does and does not, we appreciate you filing this issue, however, it resides outside the scope of what Tox is intended to protect"

Instead you get irungentoo and his gang instantly going into TIDF mode screaming "YOU SHARED YOUR KEY YOU DESERVE IT FUCK OFF"

Tox is full of people who view Tox as an extension of themselves. They've worked very hard on it and don't know how to separate critique from personal attack. And that's how you've ended up in this toxic shithole, and it's like walking on eggshells.

File: Deprecated.png (120KB, 1084x411px) Image search: [Google]

120KB, 1084x411px

Why would anyone use Tox when there's Wire?

>>59812267
hello kind sir... the whatsapp is a very good app my friend.... thanks good morning

>>59819984
If someone has your private key, you're fucked either way.

>>59820148
Right, but you're even more fucked if that means other people can impersonate your friends to you.

As an example of why this is bad, note that a vulnerability that leaks the private key doesn't necessarily yield code execution, as demonstrated by heartbleed. But if they can impersonate your friend after stealing your private key... you might run an exe from your "trusted friend", effectively yielding code execution.

It's an issue that can and will eventually be fixed.

>>59811907

>isn't peer to peer

what does dcc stand for again, i'm getting forgetful in my old age.

>>59820300
It stands for insecure, server-mediated, not encrypted, trivial to MITM, client to client.

>>59817279
1024-bit RSA
lolololololol

Whatsapp, because it's okay and nearly everyone uses it.

>>59815343
Sounds cool! Does it suck?

>>59817615
All I see is an acknowledged issue that they plan on fixing that relies on the attacker having compromised something that should preferably never have been compromised in the first place.

I also see Chicken Little screaming at the the top of his lungs about how the sky is falling and how the people maintaining an inherited shitshow of a codebase are of inferior intellect because they only want to break the client once.

GitHub was a mistake.

Silence, Conversations with OMEMO and OTR

>>59811863
Signal (and I say this unironically)

>>59811863
Discord.

>>59815107
>lists all trash apps
Wire is the /g/ approved app newfriend

>>59822611
Signal>Wire

Get with the times, gramps.

>>59822678
It's okay kiddo you'll eventually grow out of those toddler apps. Chrome and Google in general aren't cool. Signal isn't either. All sub par. Oh and don't worry they let people retake the A+ Certification test. It's easy and you'll pass eventually.

>>59811863
textsecure

Tox is the best protocol right now, it's the clients that are kinda sucky at times.

>>59812615

If you care at all about security you ought to know why it's important to have your conversation not go through a central mystery-box server.

>>59822499
Fuck you, I came into this thread specifically to bait with "Discord." and you have denied me that.

Apologize.

Also, Line.

>>59811863
Club penguin

>>59825868
/thread

>>59825868
Talk more about it, anon.

>>59811879
IRC with Blowfish encrypted messages.

>>59822197
>he defends Tox for free

The debate/conversation between iphydf and zx2c4 was perfectly reasonable and actually interesting to read. Then GrayHatter came in and starting explosively shitting everywhere, and the whole thing went kaput.

GitHub isn't a mistake. Letting retards speak on behalf of Tox is. Put GrayHatter on a leash or something for christ's sake, they're worse than stqism's shitposts from way back yonder.

>>59826362
s/starting/started

msn messenger with msn reviver.
no one uses it so no one will bother to hack it

>>59826435
I'm more of a fan of using hacked WoW accounts to all drop dead in org to spell out where the next attack is.

>>59826362
I'm not defending Tox. My two cents is that it's pretty much useless.

The conversation was productive, but hearing zx2c4 constantly bitch about "muh homebrew" and "leave it to the pros" like there's such a thing as perfect crypto is fucking annoying. He literally (truly and literally) suggested a banner telling people to not use a program because you're vulnerable if you expose your private key. It doesn't help that he can't see the reasoning behind making all major fixes to the protocol at once.

GreyHatter was a pussy for locking it.

GitHub is a mistake. The concept is fine, but the culture of GitHub has become absurd.

>>59826487
>if you expose your private key

Again, you're blaming the user for something Tox fails at. See >>59820274. There are historical examples of vulnerabilities that leak data, including private keys. No one is expecting Tox to be impenetrable, but when you can further improve Tox's security from external vulnerabilities, there should be a movement towards a solution.

I was saying earlier that Tox devs/fans/etc. have an issue where they cannot separate critique from personal attack. You're doing the same thing by making conclusions.

A) You're automatically assuming that if someone's private key is exposed, it's their fault. ("if YOU expose YOUR key" actively blames the user")

B) zx2c4 never said to tell users they shouldn't download Tox. They said you should warn users that they should not assume Tox is secure. And that's pretty reasonable for a project that has already shown an unwillingness to fix handshake flaws, a total lack of documentation, and a shady history (stqism taking money, GSOC shit).

The issue I'm getting at here is that Tox is way too egotistical about itself for being such a new project. Tor has been around for more than a decade and they still go through numerous warnings and a general sense of humility about their code.

Examples:
>People can use Tor to communicate MORE SAFELY
>Tox [...] connects you with and family WITHOUT ANYONE LISTENING IN

>Tor CAN'T SOLVE ALL anonymity problems.
>The ONLY people who can see your conversations are the people you're talking with.

And sure, Tor brags a shitload about who uses Tor successfully, etc. on their website because 15 years worth of numerous publications, research, and testing has shown Tor to be relatively safe. Tox has none of this and yet espouses with conviction of it's safety.

Tox has a moral obligation to its userbase to ensure that people understand its strengths and weaknesses. It begins with the basic assumption, like you were complaining about, that no crypto is perfect.

>>59826716
>>59826487

And because no crypto is perfect, then Tox should indeed warn users of potential pitfalls. And not tuck it away in some "ha ha yeah expect to run in some bugs XD"

Prosody, OMEMO and Conversations as a client

All a nigga needs

>>59826716
I completely understand the user's key being compromised isn't necessarily the user's fault. However, for the sake of the argument, we assume a perfectly vigilant user, this vulnerability still depends on some other method of stealing the user's private key.

He stopped just short of saying that the Tox developers are not competent enough for viable cryptography and that Tox is fundamentally compromised.

>But in case it does, then let this be a wake-up call to developers not to roll your own crypto, as well as a wake-up call to users not to rely on crypto software written by non-experts.

Tox was a /g/ meme project. It exists to implement it's own crypto. Despite it's shortcomings, it could definitely be way worse.

>I strongly recommend that you put a large red disclaimer on the Tox website and in all applications indicating to users that Tox is not secure.

By this same logic, Tor, OTR, etc. should all be advertised as fundamentally busted because they're not 110% secure. This guy is seriously overreacting.

zx2c4 didn't suggest jettisoning Tox, but azet sure did, after multiple appeals to "muh experts, Noise is flawless so why even try!" This was his response suggesting that they shut down the Tox network (which really raises some questions).

> I'd recommend taking the project/network off-line for the time being until you have a proper threat model sorted out and discussed
> There're a few ways to take such a project down, a simple one is not to provide working binaries to end-users anymore and make the source-code on GitHub accessible only for experts that want to play with or improve upon Tox properly (i.e. don't automate builds or something like that) - that's harsh, I know :)

>>59826999
>this vulnerability still depends on some other method of stealing the user's private key.
Exactly, which is why I said "...but when you can further improve Tox's security from external vulnerabilities, there should be a movement towards a solution."

>But in case it does, then let this be a wake-up call to developers not to roll your own crypto, as well as a wake-up call to users not to rely on crypto software written by non-experts.

I mean, like I said.
>Flaw pointed out
>NOT OUR JOB
>Let this serve as an example

I spoke earlier last night about Tox's lack of documentation. And the whole reason why zx2c4's issue is such a problem is specifically due to a lack of documentation.

Tox is just improvising what they care about and what they don't on the spot. There's no document or otherwise nailing down what Tox seeks to cover or not. I'm sure the GitHub issue would've been 3-5 comments had there been a threat model.
>hey guys your handshake is fucked
>yeah man, we're aware, Tox isn't going to fix it because it relies on an external force
>[potential debate about whether or not the scope is proper]

Instead you just get shit flinging.

And so why does Tor, OTR, etc, not advertise themselves as fundamentally busted? Because they have clear goals of what they cover, what they don't, how everything works, and in some cases, external audits and years of academic research and testing. Tox has none of this!

>>59827141
I really do want to stress iphydf's and zx2c4's conversations were constructive and gave insight into both's arguments. I'm not attacking iphydf's work, just the general attitude most contributors of Tox seem to have.

The changes made to the repo with the experimental banner and somewhat upfront issues is a step in the right direction. The path forward here relies on documentation.

A lot of fields more or less use the same taglines with important stuff like this:
>If you didn't document it, it doesn't exist.
>DOCUMENT, DOCUMENT, DOCUMENT