Table of Contents
Previous: Home
Regarding the general issue of "oh my god tox is not secure don't use it" this is slightly overreacting to the actual issues. 426
-
Although Tox works over Tor, we do not recommend its usage for anonymity as it leaks DNS requests due to a 6-year old known unaddressed security issue: https://github.com/TokTok/c-toxcore/issues/469 Do not use it for anonymous communication unless you have a TCP and UDP firewall in place. The exception to this is the Toxygen client, which only gives c-toxcore IP addresses which are resolved through Tor; Up-to-date code is on https://git.plastiras.org/emdee/toxygen This also allows us to use onion addresses in the DHTnodes.json file. Still for anonymous communication we recommend having a firewall in place.
-
Currently, toxcore uses onion routing in the process of establishing connections between friends, with the aim of obscuring their identities from third parties. However, this method does not achieve this goal. This document describes a proposed replacement for onion routing.This proposal is adapted from an original proposal by grayhatter.
CVEs:
- CVE-2018-25022 The Onion module in toxcore before 0.2.2
See also: ToxComparedWithOtherIm
See also: https://github.com/TokTok/c-toxcore/issues?q=is%3Aissue%20is%3Aopen%20label%3Asecurity
Up: Home