Cover Image

Secure Messaging with Tox-Chat

March, 25. 2019f 2019 - Reading time: 6 minutes

I am increasingly distancing myself from technologies that permanently monitor and evaluate me and create behavioral profiles of me. My Android phone, which I'm not happy with either, has been freed from all kinds of trackers hidden in apps with Exodus privacy. I deleted my Windows 10 on the notebook without replacement and replaced it with the great Manjaro-Linux, because the built-in spy tools and the self-evident fact that Microsoft simply turns spying on during installation and later updates made me sick. But one thing remains: How can I chat with other people without being able to read everything I write or communicate with from central places?

What we need

I thought about what I actually wanted and the following came out:

  • I always want to chat encrypted, so that nobody other can read along.
  • I don't want to a central server to store user data or buffer content because I can't control it.
  • I want to be able to log in without having to provide a telephone number. I don't need a phone number and nobody other identifying me. I don't have to identify myself uniquely, I kick people I don't like out of my chat. And I don't want to find others by phone number.
  • I want this program to run on as many platforms as possible so that many people can chat with me, no matter which operating system they are using.
  • I want all the code in the program to be open source, not owned by any company, and not funded by governments or big foundations.
  • I don't want my messages and data to be stored somewhere unencrypted, like on email servers.

I don't know what your priorities are. Maybe that it runs on a mobile phone? I'm getting more and more distant from it. But that's more because of the Snowden education and my minimalism than because I don't like mobile phones. More information about the safety of messengers is available at my site.

What we get

Tox can do a lot more than I need. I had tried it some time ago, but had experienced a lot of bugs and crashes. Well, programs will hopefully get better with time. What I liked from the beginning is that the program is clear and similarly easy to use, such as Skype. It also has some tricks that allow me to be called or reached from outside without having to set anything special on my router. This distinguishes it from Retroshare, for example.

I actually only want to chat, but the part can do much more: You can make phone calls, make encrypted video calls. You can transfer files without a central server, directly from computer to computer and there are group chats. You can also share your screen if you need to help someone.

Not all Tox clients currently implement all the features. In this matrix you can see the current state of development.

Video Introduction

Im Rahmen des Vortrages "Wie schützen wir uns vor dem Überwachungsstaat" haben Markus Möller und Toni Mahoni Alternativen zu unsicheren Mainstreamprodukten aufgezeigt. Den Ausschnitt über Tox kann man hier betrachten (Video bei Youtube). Das Video ist schon von 2017, ich finde es aber ganz gut und viele wichtige Informationen werden vermittelt. Im Video wird der Client qTox erklärt, das ist wohl auch das am Weitesten verbreitete Programm.

Central Register on toxme.io

You can register your own profile, i.e. the public ID and the user name, centrally at toxme.io. This is a central directory, but the registration is pseudonymous, so there is no need to use a real name.

It is important to know that every device you have installed Tox on currently has its own ID. There is nothing central about it. But if you have a mobile phone and a notebook, you can also share both IDs with your friends. And you can export your id and import it on another device. But you can't use it concurrently on both devices.

Experiences as of Februar 2019

Together with my girlfriend and a friend I tried qTox on three platforms: Windows, Mac and Linux. All three of us were connected to the internet via routers (with NAT).

What's up? A chat 1:1 and also a group chat work without problems. If you're only a couple, video telephony and calls work without problems, although the Mac couldn't set up the camera. For the fact that the whole thing runs without a central server, not bad at all. We also didn't have to change anything on our router, port releases or the like. Files were sent back and forth and screenshots were taken and sent.

There were problems with the use of three and probably more. Files in group chat could not be sent. Group calls only ever arrived at one of two possible participants.

Chat-Groups

When everyone had finished the program, the defined chat groups were also completely lost. In general, everyone who is in a chat group and stops and restarts his program has to be invited into the group again. This means that the groups are not persistent, but lightweight - always defined for the current session only. It is also not possible to join groups from outside, only friends can join them. They are therefore not suitable for providing a support group, for example.

Conclusion

Basically everything's great if you just want to chat too far. All group functions are still insufficient from my point of view. At least groups would have to be kept if you go out of the program and back again. Retroshare is much further along in this respect.

About

The World in the Eyes of Mr. Doering.

Experiences, Mentions, Inspirations, Emotions and Experiences

Der deutsche Blog ist hier.