Tox over Tor

emdee 2022-10-15 10:21:23 +00:00
parent 1b956831db
commit 146a54ff7e
13 changed files with 1003 additions and 988 deletions

@ -1,59 +1,59 @@
Previous: [[SecurityVulnerabilities]] Previous: [[SecurityVulnerabilities]]
By design, Tox relies on a small number of BS nodes. As the network By design, Tox relies on a small number of BS nodes. As the network
is now, the number of nodes is very small, and all well known. So Tox is now, the number of nodes is very small, and all well known. So Tox
is vulnerable to being completely taken down by blocking a small is vulnerable to being completely taken down by blocking a small
number of nodes. number of nodes.
The same problem, to a lesser extent affects Tor, although they have a The same problem, to a lesser extent affects Tor, although they have a
few thousand nodes. Doing the best we can with what we have, we can few thousand nodes. Doing the best we can with what we have, we can
take advantage of something from libtoxcore: the ```tcp_server slot```. take advantage of something from libtoxcore: the ```tcp_server slot```.
It is supported by most clients like toxic or toxygen. It is supported by most clients like toxic or toxygen.
So this is what is proposed: So this is what is proposed:
1. Fix libtoxcore to be able to accept .onion addresses for BS nodes, 1. Fix libtoxcore to be able to accept .onion addresses for BS nodes,
or test the workarounds: see [[ToxAndTorInChinaAndIran]]. or test the workarounds: see [[ToxAndTorInChinaAndIran]].
2. All BS node operators are asked to also run a Tor client (not exit node), 2. All BS node operators are asked to also run a Tor client (not exit node),
in addition to running their node. We put together easy-to-follow instructions in addition to running their node. We put together easy-to-follow instructions
on how to download/configure/run Tor. There are no risks to the BS operator on how to download/configure/run Tor. There are no risks to the BS operator
from running a Tor client (not exit node), and the overhead in negligible. from running a Tor client (not exit node), and the overhead in negligible.
The onion server is a 127.0.0.1 service, so cannot be seen by your ISP. The onion server is a 127.0.0.1 service, so cannot be seen by your ISP.
Your service is on the opennet anyway so an onion is just another access method. Your service is on the opennet anyway so an onion is just another access method.
So we get dozens of Tor onion nodes running quickly. So we get dozens of Tor onion nodes running quickly.
3. All Tor Tox client users are asked to also configure their Tox client to 3. All Tor Tox client users are asked to also configure their Tox client to
use ```--tcp_server``` with a random port, and configure their Tor client use ```--tcp_server``` with a random port, and configure their Tor client
(not exit node) to provide that ```tcp_server``` as an onion accessible relay, (not exit node) to provide that ```tcp_server``` as an onion accessible relay,
in addition to running the normal Tor. We put together easy-to-follow in addition to running the normal Tor. We put together easy-to-follow
instructions on how to configure Tor to serve that ```tcp_server``` as an onion. instructions on how to configure Tor to serve that ```tcp_server``` as an onion.
There are no risks to the user as he's already running a Tor client There are no risks to the user as he's already running a Tor client
(not exit node), and the overhead in the Tox client in negligible. (not exit node), and the overhead in the Tox client in negligible.
The tcp_server is a 127.0.0.1 service, so cannot be seen by your ISP. The tcp_server is a 127.0.0.1 service, so cannot be seen by your ISP.
So we get a tcp_server extra for every Tor user. That scales well. So we get a tcp_server extra for every Tor user. That scales well.
4. Modify Tox clients to detect if they are behind Tor and on their homepage 4. Modify Tox clients to detect if they are behind Tor and on their homepage
or splash screen ask them to run a ```tcp_server```. or splash screen ask them to run a ```tcp_server```.
5. Improve the client documentation on how to run Tox over Tor, 5. Improve the client documentation on how to run Tox over Tor,
particularly for Android users: how to download Orbot from particularly for Android users: how to download Orbot from
<https://f-droid.org> (preferred over Srewgle Play) and configure them. <https://f-droid.org> (preferred over Srewgle Play) and configure them.
Tell them to try first running Orbot and a browser that works with it, Tell them to try first running Orbot and a browser that works with it,
and test out if their mobile to see if they can run Tor. The Tor devs are actively and test out if their mobile to see if they can run Tor. The Tor devs are actively
playing cat and mouse with Iran and have other tricks if regular Tor fails. playing cat and mouse with Iran and have other tricks if regular Tor fails.
6. Improve our ability to monitor network performance, including TCP relays, 6. Improve our ability to monitor network performance, including TCP relays,
so we can detect if anyone is attacking the network. so we can detect if anyone is attacking the network.
PS: Trying make it easy to package and run a BS node in places like PS: Trying make it easy to package and run a BS node in places like
Iran is going about it in the wrong way; I doubt running a BS node in Iran is going about it in the wrong way; I doubt running a BS node in
Iran is healthy thing to do. Get them onto Tor, and improve service over Tor. Iran is healthy thing to do. Get them onto Tor, and improve service over Tor.
Much better to get all of our BS nodes to run an onion service so Much better to get all of our BS nodes to run an onion service so
there is good availability and redundancy, and fix the minor problems there is good availability and redundancy, and fix the minor problems
needed for Tox to work with onion BS nodes. needed for Tox to work with onion BS nodes.

@ -1,12 +1,12 @@
Previous: [[Home]] Previous: [[Home]]
## Group Of Devices POC ## Group Of Devices POC
One way to address the multi-device problem is to add the multiple devices of a person into a NGC group. One way to address the multi-device problem is to add the multiple devices of a person into a NGC group.
It may not scale well because messaging is sent to all devices of all users; It may not scale well because messaging is sent to all devices of all users;
a single active user approach would be more efficient. a single active user approach would be more efficient.
And it wouldn't work for groups very well as a group-of-devices can And it wouldn't work for groups very well as a group-of-devices can
not be a member of an NGC group. not be a member of an NGC group.

64
Home.md

@ -1,32 +1,32 @@
# Welcome to the Wiki. # Welcome to the Wiki.
What I am noticing is that there is no notion of a Tox Improvement What I am noticing is that there is no notion of a Tox Improvement
Proposal(TIP), so ideas and vulnerabilities get forgotten in Proposal(TIP), so ideas and vulnerabilities get forgotten in
abandonned PRs in abandoned repos, or ignored issues. abandonned PRs in abandoned repos, or ignored issues.
I suggested wiki.tox.chat as a place to identify and prioritize TIPs I suggested wiki.tox.chat as a place to identify and prioritize TIPs
but maybe we can elaborate POCs here. I want to "argue" it out to get but maybe we can elaborate POCs here. I want to "argue" it out to get
to the "best" proposal so work so work can get going on a trial to the "best" proposal so work so work can get going on a trial
version. developers who know the key exchange mechanisms can bring a version. developers who know the key exchange mechanisms can bring a
lot of the existing codebase to bear on this problem, and resolve lot of the existing codebase to bear on this problem, and resolve
wrinkles in the concepts. wrinkles in the concepts.
### Multi-Device DHT announcements: ### Multi-Device DHT announcements:
* [[MultiDevice Announcements POC]] * [[MultiDevice Announcements POC]]
* [[GroupOfDevicesPOC]] * [[GroupOfDevicesPOC]]
* Original TokTok ToxMultiDevice: [[ToxMultiDevice]] * Original TokTok ToxMultiDevice: [[ToxMultiDevice]]
### Network Resilience ### Network Resilience
* [[ToxNetworkResilience]] * [[ToxNetworkResilience]]
### Security ### Security
* [[SecurityVulnerabilities]]: * [[SecurityVulnerabilities]]:
** [[UseGroupPasswordThroughAKDF]] ** [[UseGroupPasswordThroughAKDF]]
** [[VulnerabilitiesInTheToxOnion]] ** [[VulnerabilitiesInTheToxOnion]]
** [[DDosSmallNumberOfBSNodes]] ** [[DDosSmallNumberOfBSNodes]]

@ -1,343 +1,343 @@
Previous: [[Home]] Previous: [[Home]]
## We need to solve the usage of Tox with multiple devices. ## We need to solve the usage of Tox with multiple devices.
This proof-of-concept (POC) is based on the premise that solving the This proof-of-concept (POC) is based on the premise that solving the
usage of Tox with multiple devices is an urgent problem, as anyone usage of Tox with multiple devices is an urgent problem, as anyone
with mobiles runs into it, and all the competition software deals with it. with mobiles runs into it, and all the competition software deals with it.
MultiDevice is much easier in centralized systems and our decentalization MultiDevice is much easier in centralized systems and our decentalization
is why it's hard for us; if we make it, we make be the first ever! is why it's hard for us; if we make it, we make be the first ever!
**Woke Warning:** gender specific, non-android/furry friendly grammar **Woke Warning:** gender specific, non-android/furry friendly grammar
is used throughout. is used throughout.
The idea here is to address one simple usecase: a person can have The idea here is to address one simple usecase: a person can have
multiple devices and he wants one device to be "active" at any given time. multiple devices and he wants one device to be "active" at any given time.
So he pushes so kind of announcement of what device he is currently So he pushes so kind of announcement of what device he is currently
using so that others can communicate to the device he is currently using. using so that others can communicate to the device he is currently using.
The POC ignores the problem of history sync that this creates. The POC ignores the problem of history sync that this creates.
Others can address that later perhaps with tools like rsync. Others can address that later perhaps with tools like rsync.
## Background ## Background
When it comes to multi-device support, at the present time we are When it comes to multi-device support, at the present time we are
lagging behind well-known centralized messenger systems. A few lagging behind well-known centralized messenger systems. A few
examples are Google Hangouts, Facebook Messenger, and Skype. Every one examples are Google Hangouts, Facebook Messenger, and Skype. Every one
of these syncs messages to every device which connects to their of these syncs messages to every device which connects to their
network. If you need an address, number, or entire friend list its a network. If you need an address, number, or entire friend list its a
simple login away. [[ToxMultiDevice]] simple login away. [[ToxMultiDevice]]
Not the goal of this project but an important benefit, Multi-Device Not the goal of this project but an important benefit, Multi-Device
support would solve some of the issues sharing a ToxID: it would allow support would solve some of the issues sharing a ToxID: it would allow
the clients to connect with mobile devices (NFC, QR codes, other) and the clients to connect with mobile devices (NFC, QR codes, other) and
be available anywhere. be available anywhere.
## First Steps ## First Steps
The idea is to firstly define a PersonaID, much like a ToxPk that The idea is to firstly define a PersonaID, much like a ToxPk that
stays permanent across his devices, and maps the Person to the active ToxPk. stays permanent across his devices, and maps the Person to the active ToxPk.
So the first step is to extend all library code and all clients to So the first step is to extend all library code and all clients to
work with PersonaIDs as well as ToxPks. The PersonaIDs would be client work with PersonaIDs as well as ToxPks. The PersonaIDs would be client
facing, and the ToxPk code would be for internal access. A simple facing, and the ToxPk code would be for internal access. A simple
implementation would be duplicating all code calls that deals with implementation would be duplicating all code calls that deals with
ToxPks to have a layer of calls on top that take the PersonaID and ToxPks to have a layer of calls on top that take the PersonaID and
consult a table that contains the active ToxPk, and then calls the consult a table that contains the active ToxPk, and then calls the
ToxPk function. ToxPk function.
For the sake of argument, let's say that the table is initially For the sake of argument, let's say that the table is initially
populated with all the existing ToxPks by deriving a default PersonaID populated with all the existing ToxPks by deriving a default PersonaID
ToxID by a simple method: the default table contains a PersonaID that ToxID by a simple method: the default table contains a PersonaID that
is the ToxPk (identity table). is the ToxPk (identity table).
So we can add this layer of PersonaID->ToxPk mapping to the library So we can add this layer of PersonaID->ToxPk mapping to the library
and all clients right away with no breakage. In time, the clients will and all clients right away with no breakage. In time, the clients will
move to showing the PersonaID not the ToxPk as the primary client-facing ID, move to showing the PersonaID not the ToxPk as the primary client-facing ID,
and extend the clients with the ability to see the table of Personae -> and extend the clients with the ability to see the table of Personae ->
ToxPks (but maybe not change the entries), and the active ToxPk for ToxPks (but maybe not change the entries), and the active ToxPk for
each PersonaID. each PersonaID.
More concretely, the PersonaID mapping table would be like a dictionary More concretely, the PersonaID mapping table would be like a dictionary
with 2 (or more) types of entries; before the arrival of a blob update, with 2 (or more) types of entries; before the arrival of a blob update,
the table is by default (assuming JSON) the table is by default (assuming JSON)
``` ```
{"Pk1": "Pk1", {"Pk1": "Pk1",
"Pk2": "Pk2", "Pk2": "Pk2",
...} ...}
``` ```
So we could get the whole network switched over to accommodating PersonaIDs So we could get the whole network switched over to accommodating PersonaIDs
with no breakage. After the arrival of a blob to update the table, with no breakage. After the arrival of a blob to update the table,
the PersonaID is an ordered dictionary mapping to a list of device PKs: the PersonaID is an ordered dictionary mapping to a list of device PKs:
``` ```
{"Pk1": "Pe1", {"Pk1": "Pe1",
"Pe1": ["Pe1k1", "Pe1k2", ...], "Pe1": ["Pe1k1", "Pe1k2", ...],
"Pk2": "Pk2", "Pk2": "Pk2",
...} ...}
``` ```
or better still, associated ordered dictionary mapping to a dictionary with or better still, associated ordered dictionary mapping to a dictionary with
```devices``` entry with a dictionary using nicknames: ```devices``` entry with a dictionary using nicknames:
``` ```
{"Pk1": "Pe1", {"Pk1": "Pe1",
"Pe1": {"devices": { "Pe1": {"devices": {
"Device1Nick": "Pe1k1", "Device1Nick": "Pe1k1",
"Device2Nick": "Pe1k2", ...} "Device2Nick": "Pe1k2", ...}
}, },
"Pk2": "Pk2", "Pk2": "Pk2",
...} ...}
``` ```
where: where:
* ```Pk1``` is the PK of user1, * ```Pk1``` is the PK of user1,
* ```Pe1``` is the PersonaID of user1, which could be the public signing key of user1. * ```Pe1``` is the PersonaID of user1, which could be the public signing key of user1.
* ```["Pe1k1", "Pe1k2", ...]``` are the PKs of each of the devices of user1, * ```["Pe1k1", "Pe1k2", ...]``` are the PKs of each of the devices of user1,
delivered in a blob signed by ```Pe1`` delivered in a blob signed by ```Pe1``
Richer formats for the table are obviously possible, but we want to Richer formats for the table are obviously possible, but we want to
maintain a structure that foresees this table being managed by a maintain a structure that foresees this table being managed by a
keyring manager like ```keepassxc```. keyring manager like ```keepassxc```.
## MultiDevice Announcements Push ## MultiDevice Announcements Push
So if we modify the library and clients as described above, how do we So if we modify the library and clients as described above, how do we
keep it up to date when a friend changes his devices? If we know the keep it up to date when a friend changes his devices? If we know the
PersonaID, how is the library code table of PersonaID to ToxPk mapping PersonaID, how is the library code table of PersonaID to ToxPk mapping
updated? We want this to be mainly automatic without bothering the user. updated? We want this to be mainly automatic without bothering the user.
We would need to modify the client code to save a copy if the mapping We would need to modify the client code to save a copy if the mapping
table, so that when we start up a client, the mapping table is filled table, so that when we start up a client, the mapping table is filled
with last good values from the Persona storage. For the sake of this POC: with last good values from the Persona storage. For the sake of this POC:
1. the storage file could be JSON, possibly encrypted with ToxESave, or 1. the storage file could be JSON, possibly encrypted with ToxESave, or
2. it could be a files in a ```Personae``` directory with files saved 2. it could be a files in a ```Personae``` directory with files saved
in JSON or YAML, like we do with avatars, with the filename being named in JSON or YAML, like we do with avatars, with the filename being named
```PersonaID.json```. ```PersonaID.json```.
Again, we want to maintain a structure that foresees this table being Again, we want to maintain a structure that foresees this table being
managed by a keyring manager like ```keepassxc```. It would not be managed by a keyring manager like ```keepassxc```. It would not be
saved in a profile, as this table spans multiple profiles. saved in a profile, as this table spans multiple profiles.
Let's say we have a friend, and we know his ToxPk. We initially derive Let's say we have a friend, and we know his ToxPk. We initially derive
his PersonaID by setting it to the friend's public key - the entry in his PersonaID by setting it to the friend's public key - the entry in
the table is a string. the table is a string.
We will call "a blob" the information that will update our PersonaID We will call "a blob" the information that will update our PersonaID
mapping to his active ToxID that is pushed to clients. We want to mapping to his active ToxID that is pushed to clients. We want to
watch the blob flow for changes. So what is the blob flow of information? watch the blob flow for changes. So what is the blob flow of information?
1. If a blob is small we can base64 encode it and stick it in his status message, 1. If a blob is small we can base64 encode it and stick it in his status message,
2. We can do a blob push mechanism like we do for avatars, and push a blob into a file in a sub-directory called ```Personae```, and handle updates the way we do avatars. 2. We can do a blob push mechanism like we do for avatars, and push a blob into a file in a sub-directory called ```Personae```, and handle updates the way we do avatars.
3. We might push it as a DHT announcement. 3. We might push it as a DHT announcement.
Some clients may let the user decide whether of not to accept a blob Some clients may let the user decide whether of not to accept a blob
update when it arrives. update when it arrives.
## MultiDevice Announcements Blob ## MultiDevice Announcements Blob
So what is the blob of information that is pushed? So what is the blob of information that is pushed?
It has these characteristics: It has these characteristics:
1. It has 3 things - a name and a payload, and a NaCl signature. 1. It has 3 things - a name and a payload, and a NaCl signature.
2. It is small - 1K to 4K in size. 2. It is small - 1K to 4K in size.
3) As we will need a NaCl signing keypair in order to sign the payload, 3) As we will need a NaCl signing keypair in order to sign the payload,
the name, (PersonaID) can be the public key of the signing keypair - the name, (PersonaID) can be the public key of the signing keypair -
32 bytes or 64 hex chars. 32 bytes or 64 hex chars.
4. If we push the blob info by DHT announcements, it pushed regularly 4. If we push the blob info by DHT announcements, it pushed regularly
so people can get the PersonaID relatively soon - say hourly for now. so people can get the PersonaID relatively soon - say hourly for now.
Any longer means a person who has not connected to that friend before Any longer means a person who has not connected to that friend before
has to wait longer if they only have a PersonaID. If we push it like has to wait longer if they only have a PersonaID. If we push it like
avatars, then it can be pushed once at start and subsequently on any changes. avatars, then it can be pushed once at start and subsequently on any changes.
5) It might be encrypted so that the contents can not be seen in transit, 5) It might be encrypted so that the contents can not be seen in transit,
but if the push mechanism is within Tox, it would be unnecessary. but if the push mechanism is within Tox, it would be unnecessary.
6) It must be signed so that it can be verified to be from the 6) It must be signed so that it can be verified to be from the
PersonaID, so we will assume every person generates a NaCl signing PersonaID, so we will assume every person generates a NaCl signing
keypair and uses the same keypair for all of his devices. The public key keypair and uses the same keypair for all of his devices. The public key
of the signing keypair can be used as the PersonaID. If a secret is used of the signing keypair can be used as the PersonaID. If a secret is used
as the seed of the signing keypair, then the generated keypair is reproducible. as the seed of the signing keypair, then the generated keypair is reproducible.
If we use DHT announcements, each client would watch the stream for If we use DHT announcements, each client would watch the stream for
blobs named the PersonaID that they are interested in, which they know blobs named the PersonaID that they are interested in, which they know
from the public signing key being in the status message of the from the public signing key being in the status message of the
friends. Pushing the blob through DHT announcements would mean that friends. Pushing the blob through DHT announcements would mean that
the PersonaID to ToxPk mapping could be accessed even by people who the PersonaID to ToxPk mapping could be accessed even by people who
were not yet your Friends - helping discovery. This may not be a good were not yet your Friends - helping discovery. This may not be a good
idea, depending on if it's encrypted. This set of ToxPks could be keys idea, depending on if it's encrypted. This set of ToxPks could be keys
that open the encrypted blob. Anyone who already has a ToxPk of the that open the encrypted blob. Anyone who already has a ToxPk of the
Persona could open the blob to get the update. Hence this encryption Persona could open the blob to get the update. Hence this encryption
is different from most Tox encryption in that multiple keys can open is different from most Tox encryption in that multiple keys can open
it - like a multi-key Vera/True/dmwrapper container. But it might be it - like a multi-key Vera/True/dmwrapper container. But it might be
enough for the blob to be signed, and that would be a good starting enough for the blob to be signed, and that would be a good starting
point - add encryption later if needed. point - add encryption later if needed.
The public signing key could be put into the status message field of The public signing key could be put into the status message field of
each Person, and if each user put the same signature public key as the each Person, and if each user put the same signature public key as the
status message on each of his devices, then that signing PK can become status message on each of his devices, then that signing PK can become
the PersonaID. The mapping table can be automatically scanned and any the PersonaID. The mapping table can be automatically scanned and any
entries for which the PersonaID == ToxPk could be automatically entries for which the PersonaID == ToxPk could be automatically
updated to use the signing key as the PersonaId. updated to use the signing key as the PersonaId.
I had assumed we would have to use the DHT to deal with decentralization. I had assumed we would have to use the DHT to deal with decentralization.
But this POC makes me think we can use the toxcore status_message But this POC makes me think we can use the toxcore status_message
and avatar_files code to do it without the DHT, at least to Friends. and avatar_files code to do it without the DHT, at least to Friends.
So let's say for now to focus this discussion, we will ignore DHT announcements. So let's say for now to focus this discussion, we will ignore DHT announcements.
1. Set your status message to be the signing public key and push the blob by some means like avatars to Friends, or 1. Set your status message to be the signing public key and push the blob by some means like avatars to Friends, or
2. It can be pushed as a status message. If we compress and base64 2. It can be pushed as a status message. If we compress and base64
encode the blob, sign it and attach the signature in hex, and keep it encode the blob, sign it and attach the signature in hex, and keep it
under 1007 chars, then it can be set as your status message on all of under 1007 chars, then it can be set as your status message on all of
your devices. The status message is visible to all of your friends so your devices. The status message is visible to all of your friends so
they all have a copy of the latest blob all of the time. they all have a copy of the latest blob all of the time.
3. If the blog.gz is less than 1000 chars, could it fit in a QR code? 3. If the blog.gz is less than 1000 chars, could it fit in a QR code?
In fact we could do #2 first to get things going, and then do #1, In fact we could do #2 first to get things going, and then do #1,
which is more changes to the code, although a lot of the code could be which is more changes to the code, although a lot of the code could be
morphed from the avatar code. Or you could push a blob as a file if morphed from the avatar code. Or you could push a blob as a file if
it got too big for a status message. it got too big for a status message.
The same blob would be on each of a Person's devices. The same blob would be on each of a Person's devices.
### Use the status message if less than 1007 bytes ### Use the status message if less than 1007 bytes
With the signature and the public key, this should leave room for at With the signature and the public key, this should leave room for at
least 12 devices in less than 1007 bytes, compressed and base64 least 12 devices in less than 1007 bytes, compressed and base64
encoded. With 1007 bytes with the signature and signing key, and encoded. With 1007 bytes with the signature and signing key, and
nicknames of 12 bytes it will take about 16 nicknames of 12 bytes it will take about 16
devices: ```1007-128-64-2/(32+6+12) = 16``` devices: ```1007-128-64-2/(32+6+12) = 16```
One problem with this is that only your Friends could verify the blob, One problem with this is that only your Friends could verify the blob,
which means users you have never invited will not be able to verify, which means users you have never invited will not be able to verify,
unless they had the signing public key independently (perhaps using unless they had the signing public key independently (perhaps using
/sendfile). But perhaps that's good. Clients could watch status /sendfile). But perhaps that's good. Clients could watch status
message changes easily using the status_message callback. message changes easily using the status_message callback.
### It can be pushed as files like avatars amongst Friends ### It can be pushed as files like avatars amongst Friends
All the avatar code could be repurposed to also handle blobs, with the All the avatar code could be repurposed to also handle blobs, with the
signing public key put into the Person's status message. Avatars are signing public key put into the Person's status message. Avatars are
simple file transfers; there is a WHOLE byte dedicated for "file_kind", simple file transfers; there is a WHOLE byte dedicated for "file_kind",
which means we can "just" add a new file_kind and use the exising file which means we can "just" add a new file_kind and use the exising file
transfer code. In the beginning the clients would not need to be able transfer code. In the beginning the clients would not need to be able
to generate the blob - a simple Python script could do it outside the clients. to generate the blob - a simple Python script could do it outside the clients.
Unknown for now is does the client have to send a Friend ```add Unknown for now is does the client have to send a Friend ```add
request``` to any new ToxPks found in the blob (new devices) to make request``` to any new ToxPks found in the blob (new devices) to make
them active if the client has never seen the PK before? I assume yes. them active if the client has never seen the PK before? I assume yes.
If so then it complicates things a little as the blob might need to contain If so then it complicates things a little as the blob might need to contain
ToxIDs. The code could accept either ToxPks or ToxIds, distinguishing ToxIDs. The code could accept either ToxPks or ToxIds, distinguishing
by length. Or you could just require that the Person already be a by length. Or you could just require that the Person already be a
Friend with that device before the information in the table was useable. Friend with that device before the information in the table was useable.
(The blob might be a signed way of associating nicknames with Pks if (The blob might be a signed way of associating nicknames with Pks if
we use associated ordered dictionary mapping to a dictionary with nicknames.) we use associated ordered dictionary mapping to a dictionary with nicknames.)
The clients would manage this seamlessly to aggregate the ToxPks The clients would manage this seamlessly to aggregate the ToxPks
together under one Persona that is shown to the user. The library does together under one Persona that is shown to the user. The library does
most of this by accepting the update from the blob to update the table most of this by accepting the update from the blob to update the table
pointing from PersonaID to the new list of ToxPks (devices) with the pointing from PersonaID to the new list of ToxPks (devices) with the
first one being the active one. first one being the active one.
The generation and signing verification of the blobs could be done The generation and signing verification of the blobs could be done
outside of the clients in a utilty common to all clients. The clients outside of the clients in a utilty common to all clients. The clients
let a user push a blob whenever he wants - like when he changes devices. let a user push a blob whenever he wants - like when he changes devices.
## MultiDevice Profiles ## MultiDevice Profiles
In order for MultiDevice to work, we need to bootstrap a new devices from an In order for MultiDevice to work, we need to bootstrap a new devices from an
existing profile. If you just copy a profile from one device to the next it will not work as you cannot have 2 profiles with the same keys online at the same time. We could have a simple utility that rekeys a profile and creates a new ToxID, so that we could copy a profile and rekey it. Then the new client would push a new blob with the new device's PK, signed by the signing keypair which is independent of profiles. existing profile. If you just copy a profile from one device to the next it will not work as you cannot have 2 profiles with the same keys online at the same time. We could have a simple utility that rekeys a profile and creates a new ToxID, so that we could copy a profile and rekey it. Then the new client would push a new blob with the new device's PK, signed by the signing keypair which is independent of profiles.
The profile rekey utility could also do other things at the same time, like edit the TCP_RELAYS section of the profile if desired. The profile rekey utility could also do other things at the same time, like edit the TCP_RELAYS section of the profile if desired.
See <https://git.plastiras.org/emdee/tox_profile> See <https://git.plastiras.org/emdee/tox_profile>
## MultiDevice Groups ## MultiDevice Groups
Previously, we described how we simply copy a profile to a new devices Previously, we described how we simply copy a profile to a new devices
and change the public/private keys as a starting point. and change the public/private keys as a starting point.
But we are left with as special problem with NGC groups. But we are left with as special problem with NGC groups.
The code is assumed to have been modified to handle Personas and, at The code is assumed to have been modified to handle Personas and, at
first glance, NGC groups become groups of Personas. Each member of the first glance, NGC groups become groups of Personas. Each member of the
group is a Persona, and uses the table lookup to get the active ToxPk. group is a Persona, and uses the table lookup to get the active ToxPk.
But the group structure in the profile has a copy of the founder's But the group structure in the profile has a copy of the founder's
shared_state.founder_public_key (group_pack.c#L293) So if the profile shared_state.founder_public_key (group_pack.c#L293) So if the profile
being copied onto a new device is the profile of the founder, then being copied onto a new device is the profile of the founder, then
this key would need to be updated too. this key would need to be updated too.
Besides the group keypair in #L351-2 Besides the group keypair in #L351-2
* bin_pack_bin(bp, chat->chat_public_key, EXT_PUBLIC_KEY_SIZE); // 1 * bin_pack_bin(bp, chat->chat_public_key, EXT_PUBLIC_KEY_SIZE); // 1
* bin_pack_bin(bp, chat->chat_secret_key, EXT_SECRET_KEY_SIZE); // 2 * bin_pack_bin(bp, chat->chat_secret_key, EXT_SECRET_KEY_SIZE); // 2
The chat->chat_secret_key is all zeros, I assume in everyone but the founder's The chat->chat_secret_key is all zeros, I assume in everyone but the founder's
profile. profile.
It seems also that self's group keypair are saved to the group: It seems also that self's group keypair are saved to the group:
* self_public_key #L353 * self_public_key #L353
* self_secret_key #L354 * self_secret_key #L354
Do these keys have to be updated with the new keypair of the new Do these keys have to be updated with the new keypair of the new
profile? Or do you only copy the keys from the profile that was in profile? Or do you only copy the keys from the profile that was in
use when the Person first joined the group as a user - wrinkle. In use when the Person first joined the group as a user - wrinkle. In
which case, the notion of the blob needs extending from just the which case, the notion of the blob needs extending from just the
ToxPks and nicknames of each of the devices, to include the secret ToxPks and nicknames of each of the devices, to include the secret
keys of that Persona for each NGC group the Persona belongs to. keys of that Persona for each NGC group the Persona belongs to.
In other words if I have 3 profiles with 3 nicks and 3 keypairs, and the In other words if I have 3 profiles with 3 nicks and 3 keypairs, and the
first profile had a GROUP section where I have a group_nick, could I copy first profile had a GROUP section where I have a group_nick, could I copy
the GROUP section entirely into the other 2 profiles, and then be a member the GROUP section entirely into the other 2 profiles, and then be a member
of the NGC group known as group_nick when I used those profiles? If so, of the NGC group known as group_nick when I used those profiles? If so,
the Persona should have dictionarys for each group, with the Persona should have dictionarys for each group, with
```group_nick```, ```self_public_key``` and ```self_secret_key``` in each. ```group_nick```, ```self_public_key``` and ```self_secret_key``` in each.
( Aside: I don't like the idea of keeping secret keys in profiles; they ( Aside: I don't like the idea of keeping secret keys in profiles; they
should be managed by a keymanager. In a corporate setting, this will should be managed by a keymanager. In a corporate setting, this will
be a requirement. ) be a requirement. )
There is a Python script to parse profiles that could be modified to rekey There is a Python script to parse profiles that could be modified to rekey
group self entries at: https://git.plastiras.org/emdee/tox_profile group self entries at: https://git.plastiras.org/emdee/tox_profile
## Future Directions ## Future Directions
If Personae identify which are your devices, it opens the possibility that If Personae identify which are your devices, it opens the possibility that
clients could treat incoming messages from one of your devices differently. clients could treat incoming messages from one of your devices differently.
Instead of simply displaying the message in a window, the client might Instead of simply displaying the message in a window, the client might
examine the message to see if it is a command. So clients could build in, examine the message to see if it is a command. So clients could build in,
for example a filebot, that responds to a set of commands if it's coming for example a filebot, that responds to a set of commands if it's coming
from one of your devices. Automated file transfer, DoorSpy, history sync; from one of your devices. Automated file transfer, DoorSpy, history sync;
the possibilities are endless. the possibilities are endless.
## Summary ## Summary
The changes to the core are not large: The changes to the core are not large:
1. Change the status message callback to look for public signing keys 1. Change the status message callback to look for public signing keys
2. Change the status message callback to look for blobs as a first 2. Change the status message callback to look for blobs as a first
implementation, and then later extend the avatar file transfer mechanism implementation, and then later extend the avatar file transfer mechanism
to transfer blobs to transfer blobs
3. Use the public signing keys to verify the blobs. This a NaCl call. 3. Use the public signing keys to verify the blobs. This a NaCl call.
4. Store the blobs in a subdirectory, with their signature. 4. Store the blobs in a subdirectory, with their signature.
5. Use the blobs to populate the table, and designate one entry as active. 5. Use the blobs to populate the table, and designate one entry as active.
6. Wrap all the calls that use a PK to look in the table for the active PK. 6. Wrap all the calls that use a PK to look in the table for the active PK.
7. Update the tables, if files are deleted from the ```Persona``` directory. 7. Update the tables, if files are deleted from the ```Persona``` directory.
All existing unmodified users would continue to work: no testnet required. All existing unmodified users would continue to work: no testnet required.
Assuming the blobs were created by an independent stand alone utility, Assuming the blobs were created by an independent stand alone utility,
the changes to the clients are not large: the changes to the clients are not large:
1. Consult the mapping table and show it to the users. 1. Consult the mapping table and show it to the users.
2. Accept or reject new blob updates. 2. Accept or reject new blob updates.
3. Redefine the notion of contacts to point to the PersonaID. 3. Redefine the notion of contacts to point to the PersonaID.
4. Add the ability to push a new blob to Friends, or perhaps selected Friends. 4. Add the ability to push a new blob to Friends, or perhaps selected Friends.
Also we would want the Python script to keep profiles within a Persona in sync. Also we would want the Python script to keep profiles within a Persona in sync.
We need to resolve the questions about having the same groups Personae. We need to resolve the questions about having the same groups Personae.

@ -1,48 +1,48 @@
Up: [[Home]] Up: [[Home]]
# Anthony Bilinski # Anthony Bilinski
## Zoominfo LinkedIn ## Zoominfo LinkedIn
Works full time as: Works full time as:
> C Software Engineer & Open Source Project Application > C Software Engineer & Open Source Project Application
> Developer & Firmware Maintainer & Developer at Avigilon > Developer & Firmware Maintainer & Developer at Avigilon
* https://www.zoominfo.com/p/Anthony-Bilinski/628037601 * https://www.zoominfo.com/p/Anthony-Bilinski/628037601
* https://ca.linkedin.com/in/anthony-bilinski-b4178611a (archive: https://archive.ph/X6Tsy ) * https://ca.linkedin.com/in/anthony-bilinski-b4178611a (archive: https://archive.ph/X6Tsy )
* https://www.zoominfo.com/p/Anthony-Bilinski/3246706849 * https://www.zoominfo.com/p/Anthony-Bilinski/3246706849
So he's working on Open Source projects as his day job at Avigilon May 2016 - Sep 2021 - 5 years 5 months. Maybe qTox was his day job until Sept 2021? So he's working on Open Source projects as his day job at Avigilon May 2016 - Sep 2021 - 5 years 5 months. Maybe qTox was his day job until Sept 2021?
Avigilon is a video surveillance hardware and software company founded in 2004, went public on the VSE and was bought out by Motorolla. His zoominfo listing gives Avigilon is a video surveillance hardware and software company founded in 2004, went public on the VSE and was bought out by Motorolla. His zoominfo listing gives
```a***@curtiswright.com``` as his email. Curtiswright is a well know USGov contractor. He did an Internship at Curtis in 2014, so the @curtiswright email may not be current - an old zoominfo address. ```a***@curtiswright.com``` as his email. Curtiswright is a well know USGov contractor. He did an Internship at Curtis in 2014, so the @curtiswright email may not be current - an old zoominfo address.
His boss and colleague on the zoominfo.com list both check out. His boss was a [well-known Security Industry professional](https://www.sdmmag.com/articles/100828-security-industry-mourns-the-loss-of-matthew-krebs) not based in Canada. His boss and colleague on the zoominfo.com list both check out. His boss was a [well-known Security Industry professional](https://www.sdmmag.com/articles/100828-security-industry-mourns-the-loss-of-matthew-krebs) not based in Canada.
## Website ## Website
His web site no longer responds https://www.abilinski.com/ His web site no longer responds https://www.abilinski.com/
It was just a one page pointing to a ToxId It was just a one page pointing to a ToxId
* https://web.archive.org/web/20180825193239/https://www.abilinski.com/ * https://web.archive.org/web/20180825193239/https://www.abilinski.com/
His BS nodes no longer respond: His BS nodes no longer respond:
* tox.abilinski.com * tox.abilinski.com
* tox2.abilinski.com * tox2.abilinski.com
There is no github activity since July: There is no github activity since July:
* https://github.com/qtox/qtox * https://github.com/qtox/qtox
* https://github.com/anthonybilinski * https://github.com/anthonybilinski
## Funding ## Funding
Nothing on reddit.com in the last 6 months: Nothing on reddit.com in the last 6 months:
* https://www.reddit.com/user/Anthony_Bilinski * https://www.reddit.com/user/Anthony_Bilinski
Posted a [blog that announced he had a year's funding](<https://qtox.github.io/blog/2022/02/15/full-time) Posted a [blog that announced he had a year's funding](<https://qtox.github.io/blog/2022/02/15/full-time)
in February, but no idea who is the sponsor. It looks like `sphaerophoria` sponsored anthony? https://github.com/sphaerophoria?achievement=public-sponsor&tab=achievements in February, but no idea who is the sponsor. It looks like `sphaerophoria` sponsored anthony? https://github.com/sphaerophoria?achievement=public-sponsor&tab=achievements
But the licence for file for [toxext](https://github.com/toxext/toxext/), But the licence for file for [toxext](https://github.com/toxext/toxext/),
a sphaerophoria project initialy came from a sphaerophoria project initialy came from
[anthonybilinski/add-licence](https://github.com/toxext/toxext/commits?author=sphaerophoria) so they may be the same person. [anthonybilinski/add-licence](https://github.com/toxext/toxext/commits?author=sphaerophoria) so they may be the same person.

@ -1,15 +1,15 @@
Previous: [[Home]] Previous: [[Home]]
* [[UseGroupPasswordThroughAKDF]] * [[UseGroupPasswordThroughAKDF]]
* [[VulnerabilitiesInTheToxOnion]] * [[VulnerabilitiesInTheToxOnion]]
* [[DDosSmallNumberOfBSNodes]] * [[DDosSmallNumberOfBSNodes]]
* Currently, toxcore uses onion routing in the process of establishing connections between friends, with the aim of obscuring their identities from third parties. However, this method does not achieve this goal. [This document describes a proposed replacement for onion routing.](https://github.com/zugz/tox-DHTAnnouncements/blob/master/DHTAnnouncements.md)This proposal is adapted from an original proposal by [grayhatter](https://wiki.cmdline.org/doku.php?id=dht:new_friend_finding). * Currently, toxcore uses onion routing in the process of establishing connections between friends, with the aim of obscuring their identities from third parties. However, this method does not achieve this goal. [This document describes a proposed replacement for onion routing.](https://github.com/zugz/tox-DHTAnnouncements/blob/master/DHTAnnouncements.md)This proposal is adapted from an original proposal by [grayhatter](https://wiki.cmdline.org/doku.php?id=dht:new_friend_finding).
##mCVEs: ##mCVEs:
* [CVE-2018-25022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022) The Onion module in toxcore before 0.2.2 * [CVE-2018-25022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022) The Onion module in toxcore before 0.2.2
See also: [[ToxComparedWithOtherIm]] See also: [[ToxComparedWithOtherIm]]
See also: <https://github.com/TokTok/c-toxcore/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity> See also: <https://github.com/TokTok/c-toxcore/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity>

@ -1,77 +1,92 @@
Up: [[Home]] Up: [[Home]]
From: https://github.com/TokTok/c-toxcore/issues/419 From: https://github.com/TokTok/c-toxcore/issues/419
I don't think indistinguishable message bytes and sizes are going to I don't think indistinguishable message bytes and sizes are going to
make any difference when they are sent over a network of so few bootstrap nodes. make any difference when they are sent over a network of so few bootstrap nodes.
And anyone operating in a hostile environment is probably already And anyone operating in a hostile environment is probably already
running Tox over Tor, which works well. running Tox over [Tor](https://www.torproject.org/download), which works well.
Did the reports of blocking in China include blocking over Tor? Tor Did the reports of blocking in China include blocking over Tor?
itself has implemented pluggable transport mechanisms that are Tor itself has implemented pluggable transport mechanisms that are
continuously being improved, and these include ways to make the continuously being improved, and these include ways to make the
traffic look like another protocol like HTTP or whatever: traffic look like another protocol like HTTP or whatever:
<https://snowflake.torproject.org/> <https://snowflake.torproject.org/>
So the best way to handle this may be to improve the documentation in So the best way to handle this may be to improve the documentation in
Tox of how to use Tor, and how to configure Tor to use pluggable transports (obfs4). Tox of how to use Tor, and how to configure Tor to use pluggable transports (obfs4).
Whether or not you trust Tor (you can't trust Exit nodes 40% of the time) Whether or not you trust Tor (you can't trust Exit nodes 40% of the time)
they are the only things that work right now in e.g. Egypt or Iran. they are the only things that work right now in e.g. Egypt or Iran.
I also think the only way of getting a lot of resilience "cheaply" is I also think the only way of getting a lot of resilience "cheaply" is
to encourage bootstrap node operators to also run a Tor client to serve to encourage bootstrap node operators to also run a Tor client to serve
the BS node over Onionv3. This is the only way I can see dealing with the the BS node over Onionv3. This is the only way I can see dealing with the
fact that Tox is a network of so few bootstrap nodes. If the Tox nodebase was fact that Tox is a network of so few bootstrap nodes. If the Tox nodebase was
improved to serve BS nodes, and OnionV3 relays, it would be much more resilient. improved to serve BS nodes, and OnionV3 relays, it would be much more resilient.
I'm assuming the adversaries cannot block .onion addresses within Tor. I'm assuming the adversaries cannot block .onion addresses within Tor,
which I think is a valid assumption.
There is a way of configuring a Tor client to uniquely assign a
life-of-the-tor-instance IPv4 address from a predefined private range There is a way of configuring a Tor client to uniquely assign a
(VirtualAddrNetworkIPv4) to each onion address it sees: life-of-the-tor-instance IPv4 address from a predefined private range
```AutomapHostsOnResolve 1```. So Tox could use OnionV3 BS nodes in a (VirtualAddrNetworkIPv4) to each onion address it sees:
properly configured Tor with just some properly configured BS hosts lists ```AutomapHostsOnResolve 1```. So Tox could use OnionV3 BS nodes in a
(if enough BS nodes provided OnionV3 addresses). Then we could leave properly configured Tor with just some properly configured BS hosts lists
the heavy lifting of the cat-and-mouse games of pluggable transports etc. (if enough BS nodes provided OnionV3 addresses). Then we could leave
to Tor (or i2p), and not try to chase them ourselves. the heavy lifting of the
[cat-and-mouse games](https://github.com/guardianproject/orbot/issues/742)
If you have such a list of onion addresses, the Tor user, who is running of pluggable transports etc. to Tor, and not try to chase them ourselves.
a Tor instance anyway to connect with the Tox client, adds this to the
```/etc/tor/torrc``` If you have such a list of onion addresses, the Tor user, who is running a Tor
``` instance anyway to connect with the Tox client, adds this to the ```/etc/tor/torrc```
VirtualAddrNetworkIPv4 172.16.0.0/12 ```
AutomapHostsOnResolve 1 VirtualAddrNetworkIPv4 172.16.0.0/12
``` AutomapHostsOnResolve 1
Then with the list of onion addresses for BS nodes that are running Tox as OnionV3, ```
then you can use ```tor-resolve``` or ```tor-resolve -4``` to get the Then with the list of onion addresses for BS nodes that are running Tox as OnionV3,
good-for-you-only IP addresses of OnionV3 BS nodes in IPv4. So the Tox user then you can use ```tor-resolve``` or ```tor-resolve -4``` to get the
does this and puts these addresses into his ```DHTnodes.json``` and boostraps his good-for-you-only IP addresses of OnionV3 BS nodes in IPv4. So the Tox user
Tox client over Tor Onions. This works with libtoxcore is it is today, as long as does this and puts these addresses into his ```DHTnodes.json``` and boostraps his
your client doesn't suffer from the dreaded deranged-hard-coded-bs syndrome. Tox client over Tor Onions. This works with libtoxcore is it is today, as long as
your client doesn't suffer from the dreaded deranged-hard-coded-bs syndrome.
These steps would be automated by a simple bash or Python script,
perhaps a Python script wrapped into an exe for Windows. These addresses are These steps would be automated by a simple bash or Python script, perhaps a
good for life of the Tor instance, and the script would need rerunning when Tor Python script wrapped into an exe for Windows/Android. These addresses are
is restarted. You can also get the IPv4 address of each Onion BS node, good for life of the Tor instance, and the script would need rerunning
(for-life-of-the-tor-instance which is usually long enough) when Tor is restarted. You can also get the IPv4 address of each Onion BS node,
in Python using the Tor stem library. (for-life-of-the-tor-instance which is usually long enough) in
Python using the Tor stem library.
I've tried this but it's currently impossible to test as there is no equivalent
to the ```other/fun/bootstrap_node_info.py``` script for TCP connections. The best thing we can do is to make these instructions available with
For UDP you can send a packet of len 78 with the magic first bytes and get a Tox downloads, and to ensure that all distributions of Tox come with
version and MOTD reply. Not so for TCP ( ```tor-resolve``` on all platforms. I doubt it comes with
in fact if you do send such a packet to the TCP it send the BS node into an [Orbot on Android](https://github.com/guardianproject/orbot/releases)
[infinite loop for which it neverrecovers](https://github.com/TokTok/c-toxcore/issues/2332)). and I doubt it comes with [Tor](https://www.torproject.org/download/) or
So we need a simple fix to the TCP_server code to at least look for a [Torbrowser on Windows](https://www.torproject.org/download/).
special packet like this and be nice and send a simple nice reply like We could ask the maintainers of
the UDP case. Raised as https://github.com/TokTok/c-toxcore/issues/2331 [TRIfA](https://f-droid.org/en/packages/com.zoffcc.applications.trifa/) and
[aTOX](https://f-droid.org/en/packages/ltd.evilcorp.atox) to include
We should not kid ourselves that we don't all live in China or Iran - it in their distributions, and it would be simple for us to compile a version
the planet is in a loc$down, and I think we might quickly find out just of ```tor-resolve``` for our packages to make sure it is available to our users.
how much resiliance we need. s/China/Iran/Syria/Russia/GDR It's a static utility that rarely changes.
* https://www.themoscowtimes.com/2021/12/07/why-the-kremlin-blocking-tor-is-a-big-deal-a75751 I've tried this but it's currently impossible to test as there is no equivalent
* https://www.wired.com/story/russia-block-tor-censorship/ to the ```other/fun/bootstrap_node_info.py``` script for TCP connections.
* https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook For UDP you can send a packet of len 78 with the magic first bytes and get a
* https://www.lifesitenews.com/news/biden-executive-order-allows-spying-on-americans-to-assess-political-instability-climate-threats/ version and MOTD reply. Not so for TCP (in fact if you do send such a packet
to the TCP it send the BS node into an
Up: [[DDosSmallNumberOfBSNodes]] [infinite loop for which it neverrecovers](https://github.com/TokTok/c-toxcore/issues/2332)).
So we need a simple fix to the TCP_server code to at least look for a
special packet like this and be nice and send a simple nice reply like
the UDP case. Raised as https://github.com/TokTok/c-toxcore/issues/2331
We should not kid ourselves that we don't all live in China or Iran -
the planet is in a loc$down, and I think we might quickly find out just
how much resiliance we need. s/China/Iran/Syria/Russia/GDR
* https://www.themoscowtimes.com/2021/12/07/why-the-kremlin-blocking-tor-is-a-big-deal-a75751
* https://www.wired.com/story/russia-block-tor-censorship/
* https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
* https://www.lifesitenews.com/news/biden-executive-order-allows-spying-on-americans-to-assess-political-instability-climate-threats/
Up: [[DDosSmallNumberOfBSNodes]]

@ -1,68 +1,68 @@
Up: [[SecurityVulnerabilities]] Up: [[SecurityVulnerabilities]]
# Tox Compared With Other IM software # Tox Compared With Other IM software
## DeCentralized ## DeCentralized
### richochet ### richochet
Always uses Tor, rather than Tox, where Tor can be used at will. Always uses Tor, rather than Tox, where Tor can be used at will.
* <https://richochet.im> https: certificate expired over a year ago, and latest version in 2016. * <https://richochet.im> https: certificate expired over a year ago, and latest version in 2016.
* <https://github.com/ricochet-im/ricochet> last updated 2017. * <https://github.com/ricochet-im/ricochet> last updated 2017.
Relaunched as <https://github.com/blueprint-freespeech/ricochet-refresh> Relaunched as <https://github.com/blueprint-freespeech/ricochet-refresh>
* no group chat * no group chat
* can't use system Tor - only its own * can't use system Tor - only its own
* didn't see any mobile apps * didn't see any mobile apps
* Had a [vulnerability](https://thehackernews.com/2016/02/ricochet-secure-messenger.html) with [HTML in invites](https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf) * Had a [vulnerability](https://thehackernews.com/2016/02/ricochet-secure-messenger.html) with [HTML in invites](https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf)
### briar ### briar
* https://briarproject.org/ * https://briarproject.org/
* https://code.briarproject.org/briar/briar-desktop/ * https://code.briarproject.org/briar/briar-desktop/
Features: Features:
* Peer-to-peer encrypted messaging and forums * Peer-to-peer encrypted messaging and forums
* Messages are stored securely on your device, not in the cloud * Messages are stored securely on your device, not in the cloud
* Connect directly with nearby contacts - no Internet access required * Connect directly with nearby contacts - no Internet access required
* written in Java * written in Java
* Uses Tor. * Uses Tor.
* has an [Android](https://briarproject.org/installing-briar-via-f-droid/) app and desktop (the app is more featured than the desktop) * has an [Android](https://briarproject.org/installing-briar-via-f-droid/) app and desktop (the app is more featured than the desktop)
* No support for Windows and macOS * No support for Windows and macOS
* chats and groupchats * chats and groupchats
* [Well documented](https://code.briarproject.org/briar/briar/-/wikis/home) * [Well documented](https://code.briarproject.org/briar/briar/-/wikis/home)
* [Externally Audited](https://briarproject.org/raw/BRP-01-report.pdf): "the quality and readability of the apps source code was rather exceptional" * [Externally Audited](https://briarproject.org/raw/BRP-01-report.pdf): "the quality and readability of the apps source code was rather exceptional"
* USGov funded: Open Technology Fund/U.S. Agency for Global Media/Radio Free Asia * USGov funded: Open Technology Fund/U.S. Agency for Global Media/Radio Free Asia
* The apps are betas that expire in 90 days: "For security reasons, their accounts and data will expire with the beta." * The apps are betas that expire in 90 days: "For security reasons, their accounts and data will expire with the beta."
### ZeroNet ### ZeroNet
* Abandonned by its creator, it is being carried on by a number of * Abandonned by its creator, it is being carried on by a number of
non-cooperating forks. non-cooperating forks.
* A known RCE vulnerability is in some of the forks, but the developers * A known RCE vulnerability is in some of the forks, but the developers
of the patched forks have not filed a CVE. of the patched forks have not filed a CVE.
* None of the current developers have write access to the main web site, * None of the current developers have write access to the main web site,
which distributes code with the CVE. which distributes code with the CVE.
## Centralized ## Centralized
Centralized systems make it easy to MITM the E2E crypto, so unless they Centralized systems make it easy to MITM the E2E crypto, so unless they
are open source, they can't be trustworthy. are open source, they can't be trustworthy.
It is *much* harder to Tox over Tor than to block services like It is *much* harder to Tox over Tor than to block services like
WhatsApp which relay on centralized servers. WhatsApp which relay on centralized servers.
### WhatsApp ### WhatsApp
* https://www.sott.net/article/472864-Telegram-CEO-issues-warning-about-WhatsApp-security * https://www.sott.net/article/472864-Telegram-CEO-issues-warning-about-WhatsApp-security
## Signal ## Signal
[Signal](https://dt.gl/the-2021-review-of-messaging-service-providers-movim/) [Signal](https://dt.gl/the-2021-review-of-messaging-service-providers-movim/)
not only uses Amazon Web Services servers but also Microsoft and Google servers, not only uses Amazon Web Services servers but also Microsoft and Google servers,
and now to make things even more toxic they are also using and now to make things even more toxic they are also using
[Cloudflare](https://dt.gl/cloudflare-why-the-fuss/) which makes in unusable with Tor. [Cloudflare](https://dt.gl/cloudflare-why-the-fuss/) which makes in unusable with Tor.

@ -1,318 +1,318 @@
# Toxcore Multi-Device Support Design Proposal # Toxcore Multi-Device Support Design Proposal
<https://docs.google.com/document/d/1op6zGR0KYdF7tTWSSX79KQieJu30vLZ6XG327kIBhxQ/> <https://docs.google.com/document/d/1op6zGR0KYdF7tTWSSX79KQieJu30vLZ6XG327kIBhxQ/>
To be a useable communication system, Tox needs to support multiple To be a useable communication system, Tox needs to support multiple
devices per user. This is the [TokTok](https://toktok.ltd) proposal. devices per user. This is the [TokTok](https://toktok.ltd) proposal.
## Objective ## Objective
This proposal is an RFC for a possible implementation of multi-device This proposal is an RFC for a possible implementation of multi-device
support for the Toxcore Messenger system. With the goal of replacing support for the Toxcore Messenger system. With the goal of replacing
Skype we must come close to feature parity, as well as ease of Skype we must come close to feature parity, as well as ease of
use. Currently Tox clients need to share a ToxID. This ID inhibits use. Currently Tox clients need to share a ToxID. This ID inhibits
connecting with existing friends as it is only well-suited to machine connecting with existing friends as it is only well-suited to machine
reading. reading.
The primary goal is to make it simple for clients to securely implement multi-device support, without having to know or manage anything about a contacts devices. The primary goal is to make it simple for clients to securely implement multi-device support, without having to know or manage anything about a contacts devices.
The following implementation requires some additional features to be The following implementation requires some additional features to be
added to Toxcore. These features have been requested before; however, added to Toxcore. These features have been requested before; however,
the goal of this implementation is to add Multi-Device support the goal of this implementation is to add Multi-Device support
only. The additional APIs that would be required (see next section) only. The additional APIs that would be required (see next section)
would only need to be minimal implementations to get multi-device would only need to be minimal implementations to get multi-device
working. And while their feature set should be expanded, thats not working. And while their feature set should be expanded, thats not
the goal of this implementation. the goal of this implementation.
## Background ## Background
ToxIDs are difficult to share without having an existing textual ToxIDs are difficult to share without having an existing textual
communication connection (anything you can copy from or paste communication connection (anything you can copy from or paste
to). Sharing ToxIDs in other ways is problematic. to). Sharing ToxIDs in other ways is problematic.
When it comes to multi-device support, at the present time we are When it comes to multi-device support, at the present time we are
lagging behind well-known centralized messenger systems. A few lagging behind well-known centralized messenger systems. A few
examples are Google Hangouts, Facebook Messenger, and Skype. Every one examples are Google Hangouts, Facebook Messenger, and Skype. Every one
of these syncs messages to every device which connects to their of these syncs messages to every device which connects to their
network. If you need an address, number, or entire friend list its a network. If you need an address, number, or entire friend list its a
simple login away. simple login away.
Not the goal of this project but an important benefit, Multi-Device Not the goal of this project but an important benefit, Multi-Device
support would solve some of the issues sharing a ToxID: it would allow support would solve some of the issues sharing a ToxID: it would allow
the clients to connect with mobile devices (NFC, QR codes, other) and the clients to connect with mobile devices (NFC, QR codes, other) and
be available anywhere. be available anywhere.
## Prerequisites ## Prerequisites
### Data Syncing (Friends and Messages): ### Data Syncing (Friends and Messages):
Devices may go online and offline. Its required that an online device be able to keep other devices in the “device group” in sync, Updating both friends and messages.(a)[^1](b)[^2] Devices may go online and offline. Its required that an online device be able to keep other devices in the “device group” in sync, Updating both friends and messages.(a)[^1](b)[^2]
### Contact Syncing ### Contact Syncing
Contacts (called friends in the Toxcore API) are synced across all Contacts (called friends in the Toxcore API) are synced across all
devices using a transactional method. As a pair the devices decide devices using a transactional method. As a pair the devices decide
which will have the primary role, and which will take secondary. which will have the primary role, and which will take secondary.
hroughout the entire syncing process, the primary device will send hroughout the entire syncing process, the primary device will send
its data, followed by a “done” packet. The secondary will then send its data, followed by a “done” packet. The secondary will then send
its data, followed by its own “done” packet. The primary device will its data, followed by its own “done” packet. The primary device will
then send a “commit” packet, and will then commit the data from then send a “commit” packet, and will then commit the data from
temporary storage, into active use. Once receiving the “commit” temporary storage, into active use. Once receiving the “commit”
packet, the secondary device will do the same. packet, the secondary device will do the same.
Either Client can send an Error packet at either time, which will then Either Client can send an Error packet at either time, which will then
Message ordering Message ordering
Devices may sync out of order, but messages need to be consistently Devices may sync out of order, but messages need to be consistently
ordered. To simplify this, messages will be separated into “connection ordered. To simplify this, messages will be separated into “connection
sessions”, each getting a pseudorandom tox_session_ID. Messages will sessions”, each getting a pseudorandom tox_session_ID. Messages will
then be ordered within that session by a delta_t. Delta_t in this case then be ordered within that session by a delta_t. Delta_t in this case
will be the elapsed seconds from the start of the tox instances first will be the elapsed seconds from the start of the tox instances first
current connection to that peer. current connection to that peer.
Each session will be identified by a pseudo-unique hash from the Each session will be identified by a pseudo-unique hash from the
previous connect that included a confirmed message receipt. This will previous connect that included a confirmed message receipt. This will
ensure that both sessions and messages are ordered correctly once each ensure that both sessions and messages are ordered correctly once each
client is completely synced. (Optionally robust verifiability can be client is completely synced. (Optionally robust verifiability can be
gained by a git style hash of the x parent sessions) gained by a git style hash of the x parent sessions)
### Pseudo-unique Message IDs ### Pseudo-unique Message IDs
#### Update #### Update
``` ```
typedef void tox_friend_message_cb(Tox *tox, uint32_t friend_number, TOX_MESSAGE_TYPE type, const uint8_t *message, size_t length, void *user_data); typedef void tox_friend_message_cb(Tox *tox, uint32_t friend_number, TOX_MESSAGE_TYPE type, const uint8_t *message, size_t length, void *user_data);
``` ```
with with
``` ```
typedef void tox_friend_message_cb(Tox *tox, uint32_t friend_number, TOX_MESSAGE_TYPE type, const uint8_t *message, size_t length, uint64_t message_id, uint64_t delta_t, void *user_data); typedef void tox_friend_message_cb(Tox *tox, uint32_t friend_number, TOX_MESSAGE_TYPE type, const uint8_t *message, size_t length, uint64_t message_id, uint64_t delta_t, void *user_data);
``` ```
Required for syncing messages between friends * devices. Each message Required for syncing messages between friends * devices. Each message
would include a message_id that would increment with each message. and would include a message_id that would increment with each message. and
reset with each new tox_instance (starting message ID is currently reset with each new tox_instance (starting message ID is currently
undecided). Messages id sections would have to be grouped by a client undecided). Messages id sections would have to be grouped by a client
coming online or going offline. These are per friend, per coming online or going offline. These are per friend, per
connection. And would be the same when sending the same message to connection. And would be the same when sending the same message to
multiple devices of a single friend. multiple devices of a single friend.
Each of these are pending an implementation spec. But are self-evident Each of these are pending an implementation spec. But are self-evident
in their use and general implementation. in their use and general implementation.
## Implementation ## Implementation
Security and safety is the primary concern, however this needs to be tempered with usability. The user needs to be prompted to choose high availability or high security. Security and safety is the primary concern, however this needs to be tempered with usability. The user needs to be prompted to choose high availability or high security.
### Device IDs ### Device IDs
Device IDs need to be unique and never changing. On each connect, each Device IDs need to be unique and never changing. On each connect, each
client should query each friend they connect to, to verify if they client should query each friend they connect to, to verify if they
support multi-device AND are in a group. This can be done by asking support multi-device AND are in a group. This can be done by asking
for the deviceID at ```__device0```. If there is a device at that for the deviceID at ```__device0```. If there is a device at that
address; then enumerate for each other device. Devices will be found address; then enumerate for each other device. Devices will be found
by the string_to_id service using the protected `__device[0-9]+` by the string_to_id service using the protected `__device[0-9]+`
group. (Toxcore must protect strings that start with two underscores group. (Toxcore must protect strings that start with two underscores
such as “__[string]”, and not allow a client to use them in the such as “__[string]”, and not allow a client to use them in the
string_to_id API.) string_to_id API.)
Starting with ```__device0```, the client will attempt to resolve the Starting with ```__device0```, the client will attempt to resolve the
ToxID at each incrementing ```__device#```. Once a ```__device#``` ToxID at each incrementing ```__device#```. Once a ```__device#```
returns empty, the client should stop. Each ```__device#``` string returns empty, the client should stop. Each ```__device#``` string
should be queried separately, ideally in a pseudo-random order to should be queried separately, ideally in a pseudo-random order to
prevent clear text attacks on the encryption. {under discussion} For prevent clear text attacks on the encryption. {under discussion} For
each ToxID at each ```__device#``` the client must add them to their each ToxID at each ```__device#``` the client must add them to their
list of devices for this friend/user, and probe each device in the list of devices for this friend/user, and probe each device in the
same way. The default should be high security mode, in which if any same way. The default should be high security mode, in which if any
list at any device do not match, toxcore should report that friend to list at any device do not match, toxcore should report that friend to
be in an unsecure state, and shouldnt send any messages to any of the be in an unsecure state, and shouldnt send any messages to any of the
devices. devices.
The ```__device#``` list for every client must match exactly to what every other device reports. And each ```__device#``` once used must always resolve to that ID. The ```__device#``` list for every client must match exactly to what every other device reports. And each ```__device#``` once used must always resolve to that ID.
To enhance security once a ```__device#``` (number) is taken by a To enhance security once a ```__device#``` (number) is taken by a
device, that ```__device#``` must always resolve to either the same device, that ```__device#``` must always resolve to either the same
ToxID, or to all zeroes [0] if the device has been removed from the ToxID, or to all zeroes [0] if the device has been removed from the
Tox “group” by the user, in a case such as losing the private key, or Tox “group” by the user, in a case such as losing the private key, or
uninstalling the Tox client. Toxcore will maintain a local list of uninstalling the Tox client. Toxcore will maintain a local list of
each device for each user, changes to a ```__device#``` will be each device for each user, changes to a ```__device#``` will be
assumed to be an impersonation attack. Removed devices will still keep assumed to be an impersonation attack. Removed devices will still keep
their ```__device#```, but that ```__device#``` will instead resolve their ```__device#```, but that ```__device#``` will instead resolve
to zeros. A string of zeros signifies that there was a device, but it to zeros. A string of zeros signifies that there was a device, but it
was removed intentionally. A ```__device#``` once resolved to zeros, was removed intentionally. A ```__device#``` once resolved to zeros,
must never change back to a ToxID. must never change back to a ToxID.
To remove or add a device, you will tell toxcore to add the device at To remove or add a device, you will tell toxcore to add the device at
ToxID to this group. That toxcore instance will then, try to connect ToxID to this group. That toxcore instance will then, try to connect
to that device and verify that it also wants to connect to the to that device and verify that it also wants to connect to the
existing device group. Once accepted, the toxcore instance on the existing device group. Once accepted, the toxcore instance on the
primary device will assign a ```__device#``` to the new device, and primary device will assign a ```__device#``` to the new device, and
sync both its ID, to the other devices already in the group, as well sync both its ID, to the other devices already in the group, as well
as the existing devices to the new device. Once all the devices in the as the existing devices to the new device. Once all the devices in the
group are in sync, any of the existing and online devices can sync the group are in sync, any of the existing and online devices can sync the
friend/contact list, and the selected amount of history text history friend/contact list, and the selected amount of history text history
to the new device. to the new device.
A max limit of devices will need to be chosen later to limit worst A max limit of devices will need to be chosen later to limit worst
case usage of enumerating devices. (Additional protocol requirements case usage of enumerating devices. (Additional protocol requirements
will be detailed later, i.a. security limitations, verifiable, master will be detailed later, i.a. security limitations, verifiable, master
device, slave device, deauthed devices.) device, slave device, deauthed devices.)
## Message sending ## Message sending
When a client sends a message to a friend/user, Toxcore will only When a client sends a message to a friend/user, Toxcore will only
attempt to send the message to the last 3 devices that sent data from attempt to send the message to the last 3 devices that sent data from
the user that are online.(c)[^3] (d)[^4] (e)[^5] E.g., Device_A sends a the user that are online.(c)[^3] (d)[^4] (e)[^5] E.g., Device_A sends a
message, Device_B comes online, Device_C sends a file, Device_D sends message, Device_B comes online, Device_C sends a file, Device_D sends
a message then goes off line, Device_F sends a picture, Device_H comes a message then goes off line, Device_F sends a picture, Device_H comes
online. Toxcore will attempt to send only to devices A, C and F. While online. Toxcore will attempt to send only to devices A, C and F. While
H did have the latest data sent/received, it wasnt data generated by H did have the latest data sent/received, it wasnt data generated by
the user, so we assume that the user is most likely to be on one of the user, so we assume that the user is most likely to be on one of
those 3 devices. Toxcore will only have to verify that one client those 3 devices. Toxcore will only have to verify that one client
received the message, and may stop. This will protect the sender from received the message, and may stop. This will protect the sender from
having to maintain a list of who needs what message, and leave the having to maintain a list of who needs what message, and leave the
additional data syncing up to the receiving client. additional data syncing up to the receiving client.
It is considered the job of the receiving client to keep all the other It is considered the job of the receiving client to keep all the other
devices in sync with the rest of the group. devices in sync with the rest of the group.
### Alternatives Considered ### Alternatives Considered
1. Not supporting multi-device (separate friends in the contact list for each device). 1. Not supporting multi-device (separate friends in the contact list for each device).
* Not considered, this feature is required to be competitive. Not user friendly, no syncing, too hard to create and maintain friend lists. * Not considered, this feature is required to be competitive. Not user friendly, no syncing, too hard to create and maintain friend lists.
2. Sharing the private key of a single ToxID to multiple devices. 2. Sharing the private key of a single ToxID to multiple devices.
* Non starter. Security nightmare. * Non starter. Security nightmare.
* Requires protocol rewrite. * Requires protocol rewrite.
3. [[GroupOfDevicesPOC]] 3. [[GroupOfDevicesPOC]]
4. [[MultiDeviceAnnouncementsPOC]] 4. [[MultiDeviceAnnouncementsPOC]]
### Unsolved Issues ### Unsolved Issues
How will messages be hashed to generate the seed for the message ID? How will messages be hashed to generate the seed for the message ID?
Effective and secure history syncing across devices. Effective and secure history syncing across devices.
How to add a user to your contact list How to add a user to your contact list
* By Primary ToxID(f)[^6](g)[^7] * By Primary ToxID(f)[^6](g)[^7]
* By any deviceID * By any deviceID
* Something else? * Something else?
## Roadmap ## Roadmap
1. Unique message IDs 1. Unique message IDs
1. incrementing numbers 1. incrementing numbers
2. delta-from last 2. delta-from last
2. Device network 2. Device network
1. deviceID vs toxID 1. deviceID vs toxID
2. Adding a device 2. Adding a device
3. Removing a device 3. Removing a device
4. Sending a message to more than one device 4. Sending a message to more than one device
3. Syncing data 3. Syncing data
1. contact list 1. contact list
2. messages 2. messages
3. other? 3. other?
## Notes & FAQ: ## Notes & FAQ:
Conversations that need to be added to the spec: Conversations that need to be added to the spec:
``` ```
<nurupo> say Alice has a tox client running on a phone and another tox client on pc. Alice has Bob in contacts. Bob is online and sends Alice a file. <nurupo> say Alice has a tox client running on a phone and another tox client on pc. Alice has Bob in contacts. Bob is online and sends Alice a file.
<nurupo> will Alice see the file request on both clients? <nurupo> will Alice see the file request on both clients?
<grayhatter> the file request will go to all online devices <grayhatter> the file request will go to all online devices
<nurupo> ok, i'm not finished <nurupo> ok, i'm not finished
<grayhatter> then the file will get canceled / "marked as accpeted on a different device" <grayhatter> then the file will get canceled / "marked as accpeted on a different device"
<nurupo> so, Alice accepts and completes the file transfer on her phone <nurupo> so, Alice accepts and completes the file transfer on her phone
``` ```
(h)[^8] (i)[^9] (j)[^10] (h)[^8] (i)[^9] (j)[^10]
``` ```
<nurupo> i guess you answered what i wanted to know <nurupo> i guess you answered what i wanted to know
<nurupo> what if race condition happens? <nurupo> what if race condition happens?
<grayhatter> but I hadn't considered that detail... It'll break the existing file transfer API... <grayhatter> but I hadn't considered that detail... It'll break the existing file transfer API...
<nurupo> Alice accepts files at the same time both on pc and phone? <nurupo> Alice accepts files at the same time both on pc and phone?
<grayhatter> nurupo, can't happen <grayhatter> nurupo, can't happen
<nurupo> why it can't happen? <nurupo> why it can't happen?
<grayhatter> the accept will processed by toxcore on the "sending" device in a single thread, it'll accept for the first device that accepts the transfer, then cancel all other divices <grayhatter> the accept will processed by toxcore on the "sending" device in a single thread, it'll accept for the first device that accepts the transfer, then cancel all other divices
<grayhatter> if two devices accept at the same time, toxcore will choose the device in the lowest number slot only because the loop will start at 0 <grayhatter> if two devices accept at the same time, toxcore will choose the device in the lowest number slot only because the loop will start at 0
<nurupo> what if Alice accepts a file on another device before it gets the cancel message? <nurupo> what if Alice accepts a file on another device before it gets the cancel message?
<grayhatter> it'll show inprogress on that device, with 0 transfer, then toxcore on the sending device will still send the cancel to that device <grayhatter> it'll show inprogress on that device, with 0 transfer, then toxcore on the sending device will still send the cancel to that device
<nurupo> Bob will get two accepts from two devices of Alice? <nurupo> Bob will get two accepts from two devices of Alice?
<grayhatter> yes, but it will ignore the 2nd <grayhatter> yes, but it will ignore the 2nd
<nurupo> how it knows which to ignore? <nurupo> how it knows which to ignore?
<grayhatter> (I'm saying all of this from what my plans are, I haven't even started on filetransfers yet) <grayhatter> (I'm saying all of this from what my plans are, I haven't even started on filetransfers yet)
<grayhatter> psudo code -> <grayhatter> psudo code ->
<nurupo> Alice might have accepted the file transfer on the phone first, but because of network latency, Bob received the acceptance from pc first and only then from the phone <nurupo> Alice might have accepted the file transfer on the phone first, but because of network latency, Bob received the acceptance from pc first and only then from the phone
<grayhatter> OH <grayhatter> OH
<grayhatter> bob will in that case cancel the phone then <grayhatter> bob will in that case cancel the phone then
``` ```
(k)[^11] (k)[^11]
``` ```
<nurupo> fair enough <nurupo> fair enough
<grayhatter> no reason to make it more complicated then it needs to be <grayhatter> no reason to make it more complicated then it needs to be
``` ```
### Feature Requests: ### Feature Requests:
(Requested publicly, no suggestions have been reviewed or accepted yet.) (Requested publicly, no suggestions have been reviewed or accepted yet.)
* Per device id priority like with XMPP https://wiki.xmpp.org/web/Jabber_Resources * Per device id priority like with XMPP https://wiki.xmpp.org/web/Jabber_Resources
* Per status+deviceid priority, XMPP does that as well * Per status+deviceid priority, XMPP does that as well
* Ability to address device id explicitly * Ability to address device id explicitly
## Footnotes ## Footnotes
* (a)[^1] Does this design document define a way in which friends (and perhaps groups) are to be synced? And how would friend/group syncing work across multi-devices that don't have a common time base? * (a)[^1] Does this design document define a way in which friends (and perhaps groups) are to be synced? And how would friend/group syncing work across multi-devices that don't have a common time base?
* (b)[^2] I haven't fully decided on the final spec for this question. * (b)[^2] I haven't fully decided on the final spec for this question.
Currently my plan is to retain information about changes as a numerical delta, and use the largest delta. But as I haven't started on this section, really I have no idea. Currently my plan is to retain information about changes as a numerical delta, and use the largest delta. But as I haven't started on this section, really I have no idea.
* (c)[^3] What about in the case of an A/V call? Does that get broadcast to call connected clients or only the last 3? A tox client running on a mobile device that had not sent a user-generated message missing a call would be bad. * (c)[^3] What about in the case of an A/V call? Does that get broadcast to call connected clients or only the last 3? A tox client running on a mobile device that had not sent a user-generated message missing a call would be bad.
* (d)[^4] I'm likely to drop that idea in total. * (d)[^4] I'm likely to drop that idea in total.
Currently toxcore sends everything to all devices. Currently toxcore sends everything to all devices.
* (e)[^5] With other services such as Discord, when a call comes in depending on what is on, I could have two PCs, a laptop and cellphone all ring, but whatever device I answer on obviously gets the call. * (e)[^5] With other services such as Discord, when a call comes in depending on what is on, I could have two PCs, a laptop and cellphone all ring, but whatever device I answer on obviously gets the call.
* (f)[^6] how is primary toxID different from any other ID? which device is the primary one? as far as I understood they are all equal. * (f)[^6] how is primary toxID different from any other ID? which device is the primary one? as far as I understood they are all equal.
* (g)[^7] I'm not sure there's going to be anything like a primary ID in the final source. When discussing it, the idea of a master device came up as a security tool. But the longer I consider it, the less I think it'll help at all * (g)[^7] I'm not sure there's going to be anything like a primary ID in the final source. When discussing it, the idea of a master device came up as a security tool. But the longer I consider it, the less I think it'll help at all
* (h)[^8] Does it make sense to think about sending the file to both * (h)[^8] Does it make sense to think about sending the file to both
clients, if the user accepts on multiple devices? Especially for clients, if the user accepts on multiple devices? Especially for
bigger files or multiple recipients a P2P protocol (e.g. torrent) bigger files or multiple recipients a P2P protocol (e.g. torrent)
may be useful. may be useful.
* (i)[^9] Yeah, I've given that a little thought. The current idea * (i)[^9] Yeah, I've given that a little thought. The current idea
floating around has been to implement something torrent like inside floating around has been to implement something torrent like inside
group chats. Maybe we could use that as well? As far as multiple group chats. Maybe we could use that as well? As far as multiple
devices, what I think is best is transfer the file to the first to devices, what I think is best is transfer the file to the first to
accept, then let the other devices sync the file themselves. That accept, then let the other devices sync the file themselves. That
way the sender doesn't have to spend the extra data for the way the sender doesn't have to spend the extra data for the
receivers convenience. receivers convenience.
* (j)[^10] I like that idea. Especially if one thinks about those users * (j)[^10] I like that idea. Especially if one thinks about those users
on a phone with limited traffic. You wouldn't want to use all your on a phone with limited traffic. You wouldn't want to use all your
available data just so others can sync. You could add a button on available data just so others can sync. You could add a button on
top of lets say a picture saying "sync with my other devices" to top of lets say a picture saying "sync with my other devices" to
start the transfer of that picture to all your other devices. But start the transfer of that picture to all your other devices. But
just sending it once should be a lot easier. I'd consider media sync just sending it once should be a lot easier. I'd consider media sync
between my devices as a nice-to-have. between my devices as a nice-to-have.
* (k)[^11] Could it be a good idea to allow sync incomplete downloaded * (k)[^11] Could it be a good idea to allow sync incomplete downloaded
files from device A to device B and then start downloading from device B files from device A to device B and then start downloading from device B

@ -32,7 +32,7 @@ configuration:
# Tox hidden service configuration. # Tox hidden service configuration.
HiddenServiceDir /var/lib/tor/tox-hsv3/ HiddenServiceDir /var/lib/tor/tox-hsv3/
HiddenServicePort 3389 127.0.0.1:3389 HiddenServicePort 3389 127.0.0.1:3389
HiddenServicePort 3389 127.0.0.1:33446 HiddenServicePort 33446 127.0.0.1:33446
``` ```
assuming your Tor lib directory os ```/var/lib/tor```. In that subdirectory assuming your Tor lib directory os ```/var/lib/tor```. In that subdirectory
you will find a file named ```hostname``` which is the ```.onion``` name you will find a file named ```hostname``` which is the ```.onion``` name

@ -1,6 +1,6 @@
Up: [[SecurityVulnerabilities]] Up: [[SecurityVulnerabilities]]
Chatting with sudden6 (Sep 2022) says this still an open vulnerability. Chatting with sudden6 (Sep 2022) says this still an open vulnerability.
Use the group password only through a KDF by sudden6 Use the group password only through a KDF by sudden6
<https://github.com/JFreegman/toxcore/pull/27> <https://github.com/JFreegman/toxcore/pull/27>

@ -1,9 +1,9 @@
Up: [[SecurityVulnerabilities]] Up: [[SecurityVulnerabilities]]
Chatting with JF (Aug 2022) makes me think that these are still open: Chatting with JF (Aug 2022) makes me think that these are still open:
Known vulnerabilities in the tox onion: Known vulnerabilities in the tox onion:
* <https://github.com//zugz/tox-onionPathsProposal/blob/master/onionVulns.md> * <https://github.com//zugz/tox-onionPathsProposal/blob/master/onionVulns.md>
* <https://github.com/TokTok/c-toxcore/issues/1121> * <https://github.com/TokTok/c-toxcore/issues/1121>
[algor1th](https://github.com/algor1th) created a formal model that shows that announcements are linkable, and note trace equivalent to searches. It can be found at https://github.com/algor1th/tox-verification/blob/master/dht.dps. Linkability here means that a public key of a node can be linked to it's ip adress when announcing. [algor1th](https://github.com/algor1th) created a formal model that shows that announcements are linkable, and note trace equivalent to searches. It can be found at https://github.com/algor1th/tox-verification/blob/master/dht.dps. Linkability here means that a public key of a node can be linked to it's ip adress when announcing.

@ -1 +1 @@
Up: [[Home]] Up: [[Home]]