Secure Messaging with Tox-Chat

I am increasingly distancing myself from technologies that permanently monitor and evaluate me and create behavioral profiles of me. My Android phone, which I'm not happy with either, has been freed from all kinds of trackers hidden in apps with Exodus privacy.

I deleted my Windows 10 on the notebook without replacement and replaced it with the great Manjaro-Linux, because the built-in spy tools and the self-evident fact that Microsoft simply turns spying on during installation and later updates made me sick. But one thing remains: How can I chat with other people without being able to read everything I write or communicate with from central places?

What I need

I thought about what I actually wanted and the following came out:

  • I always want to chat encrypted, so that nobody can read along who I don't know about.
  • I don't want to have a central server where the data is stored or where the users are stored because I can't control them.
  • I want to be able to log in without having to use a telephone number. I don't need a phone number, I need someone else to identify me. I don't have to identify myself uniquely, I kick people I don't like out of the chat. And I don't have to find anyone by phone number.
  • I want this program to run on as many platforms as possible so that many people can chat with me, no matter which operating system they are using.
  • I want all the code in the program to be open source, not owned by any company, and not funded by governments or big foundations.
  • I don't want my writing to be lying around somewhere unencrypted, like on email servers.

I don't know what your priorities are. Maybe that it runs on a mobile phone? I'm getting more and more distant from it. But that's more because of the Snowden education and my minimalism than because I don't like mobile phones. More good information on the safety of messengers can be found on my website or on the Kuketz blog.

What I get

Tox can do a lot more than I need. I had tried it some time ago, but had experienced a lot of bugs and crashes. Well, programs will hopefully get better with time. What I liked from the beginning is that the program is clear and similarly easy to use, such as Skype. It also has some tricks that allow me to be called or reached from outside without having to set anything special on my router. This distinguishes it from Retroshare, for example.

I actually only want to chat, but the part can do much more: You can make phone calls, make encrypted video calls. You can transfer files without a central server, directly from computer to computer and there are group chats. You can also share your screen if you need to help someone.

Not all Tox clients currently have all the features. In this Matrix you can see the current state of development.

Video introduction

In the context of the lecture “Wie schützen wir uns vor dem Überwachungsstaat” Markus Möller and Toni Mahoni showed alternatives to unsafe mainstream products. The excerpt about toxins can be viewed here (video on Youtube). The video is already from 2017, but I think it is quite good and a lot of important information is given. The video explains the client qTox, which is probably the most widely used program.

Central registration on toxme.io

You can register your own profile, i.e. the public ID and username, centrally at toxme.io. This is then a central directory, but the registration is pseudonymous, so there is no need to use a real name.

It is important to know that every device you have installed Tox on currently has its own ID. There is nothing central about it. But if you have a mobile phone and a notebook, you can also share both IDs with your friends.

Experiences from February 2019

Together with my girlfriend and a friend I tried qTox in a threesome: Windows, Mac and Linux. All three of us were connected to the internet via routers (with NAT).

What's up? A chat 1:1 and also a group chat work without problems. If you're only a couple, video telephony and calls work without problems, although the Mac couldn't set up the camera. For the fact that the whole thing runs without a central server, not bad at all. We also didn't have to change anything on our router, port releases or the like. Files were sent back and forth and screenshots were taken and sent.

There were problems with the use of three and probably more. Files in group chat could not be sent. Group calls only ever arrived at one of two possible participants.

Chat groups

When everyone had finished the program, the defined chat groups were also completely gone. In general, everyone who is in a chat group and stops and restarts his program has to be invited into the group again. This means that the groups are not persistent, but lightweight - always defined for the current session only. It is also not possible to join groups from outside, only friends can join them. They are therefore not suitable for providing a support group, for example.

Conclusion

Basically everything's great if you just want to chat in pairs. All group functions are still insufficient from my point of view. At least groups should be kept if you go out of the program and back again. Retroshare is much further along in this respect.