Screenshot: WIRED/Source: Tox
The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.
When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.
Eventually, they settled on the name Tox, and you can already download prototypes of the surprisingly easy-to-use tool. The tool is part of a widespread effort to create secure online communication tools that are controlled not only by any one company, but by the world at large—a continued reaction to the Snowden revelations. This includes everything from instant messaging tools to email services.
It’s too early to count on Tox to protect you from eavesdroppers and spies. Like so many other new tools, it’s still in the early stages of development and has yet to receive the scrutiny that other security tools, such as the instant messaging encryption plugin Off The Record has. But it endeavors to carve a unique niche within the secure communications ecosystem.
‘Up to Your Imagination’
The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever—not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there’s no central hub to snoop on or take down.
There are other developers trying to build a secure, peer-to-peer messaging systems, including Briar and Invisible.im, a project co-created by HD Moore, the creator of the popular security testing framework Metasploit. And there are other secure-centric voice calling apps, including those from Whisper Systems and Silent Circle, which encrypt calls made through the traditional telco infrastructure. But Tox is trying to roll both peer-to-peer and voice calling into one.
Actually, it’s going a bit further than that. Tox is actually just a protocol for encrypted peer-to-peer data transmission. “Tox is just a tunnel to another node that’s encrypted and secure,” says David Lohle, a spokesperson for the project. “What you want to send over that pipe is up to your imagination.” For example, one developer is building an e-mail replacement with the protocol, and Lohle says someone else is building an open source alternative to BitTorrent Sync.
The New Skype
That said, the core Tox team is focused on building the features specifically required for building a Skype replacement. There are at least 10 different Tox messaging and voice clients so far, each supporting a different range of features. Eventually, Lohle says, there will be “official” clients for each major operating system, but for now the team is just recommending a few specific clients. µTox, which is available for Linux and Windows, is a the “bleeding edge” reference design, while qTox is the project’s recommendation for OS X users and Antox is the recommended for Android. There is no iOS version as of yet.
µTox is still rough, but the interface and experience is straightforward. You download the client, and it automatically creates a public encryption key that you can provide to everyone, and a private encryption key that you keep on your computer or phone. From there, it works very much like Skype. You can add a friend to your contact list by pasting in their public key, and then you just click their name to send them a message, or click the big phone icon to call them. If you want to move your identity from one computer to another, you just copy a single file that includes your private key and contact list.
There are still a few features that are missing, though. For example, there’s no way to do a group chat yet. And there’s no way to be logged in as the same person on two different devices — say, both your phone and your computer. But Lohle says those features are coming, and the team already as a proof-of-concept for how group chat will work.
He says the team has no plans to turn it into a company or monetize it in any way. “No one getting paid, but we dedicate as much time as we can,” he says. “If I’m not in class, or I’m not eating, I’m probably working on Tox, and that’s at least the same for probably 10 people.” Besides, the lead developer, known only as irungentoo, is completely anonymous, so it would be hard to issue him a paycheck. “I don’t think any of us know his real name,” Lohle says.
The Link With 4Chan
Today Lohle downplays Tox’s relationship to 4chan. “We were self-sufficient after only a couple weeks,” he says. “We also posted on reddit and hacker news, and people joined from that.” He probably has good reason to distance the project from the site. The racism, homophobia and misogyny on display on the 4chan on a day to day basis would be a big turn off both for users and potential contributors.
The association has also exposed the project to the trolling and drama characteristic of the forum, which often makes it hard for outsiders to evaluate. For example, one Tox developer raised concerns about Tox users exposing their IP addresses to each other. The team responded by masking IP addresses through a technology called onion routing — the same technique that the Tor Project uses to protect user anonymity on the web. But the fix didn’t stop a wave of paranoia from sweeping forums, and it’s hard to tell how much of that is trolling and how much of it is legitimate concern.
Can You Trust It?
Worse, the project let its “warrant canary” page go offline for a week. A warrant canary is usually a website that states that a company or organization has not be served by a secret subpoena from the NSA or any other law enforcement or intelligence agency. It’s meant as a way to bypass laws that prevent companies from warning their customers that they have been served with a national security letter. The Tox team claimed in a blog post that they simply forgot to put the warrant canary back online after moving web hosts. But the incident led to degree of understandable suspicion.
Meanwhile, few security experts outside the project have reviewed the Tox code yet, but the project is based on an existing set of code libraries for working with crypto algorithms called NaCl, which has received considerably more attention. “NaCl is a newish library that is nevertheless very highly regarded in the security community, produced by skilled people,” says the Electronic Freedom Frontier senior staff technologist Jacob Hoffman-Andrews, who hasn’t yet evaluated Tox.
But it’s entirely possible to good crypto libraries in poor ways, so the Tox team is saving money to hire a professional security firm to audit the code once it reaches a more stable state. “Right now we’re relying on the open source community,” Lohle says. “We have about 15 who stare at the code for days or weeks.”