Tox.chat’s developers make bold claims of offering game-changing security in a private messaging service. Critics have answered with charges of major vulnerabilities that put your identity and data at risk.
As usual, the truth lies somewhere in between.
Shortcomings of Tox.chat’s encryption
First off, we can offer some reassurance. We’ve reviewed Tox.chat’s encryption protocols, and they are advanced and rock solid.
But as we’ve seen with the security failures of other messaging services like WhatsApp, the phrase “end-to-end encryption” leaves many big questions unanswered, such as: What data is encrypted? And more importantly, what isn’t?
In the case of Tox.chat, the encryption methods don’t hide your IP address, and that raises some legitimate concerns. Anyone you connect with via Tox.chat can see your IP, which means they can easily find out your exact location.
Even if you trust your contacts with your IP address, the information would be available to anyone who accesses their devices, including hackers. The risk grows with group messaging or video conferencing.
Concerns about Tox.chat’s network structure
One of the big selling points of Tox.chat is decentralization. A P2P network means there is no hub server where data is stored, which in turn means greater user privacy. However, some users have alleged that Tox.chat is not fully decentralized, after all.
More importantly, even a fully decentralized P2P network creates risk.
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 Jan 2024 06:53:39 GMT
Content-Type: text/html
Last-Modified: Tue, 02 Jan 2024 21:11:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/”65947c1f-2b85″
Expires: Sat, 06 Jan 2024 06:53:38 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63072000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Encoding: gzip
Offsite link, not following: https://twitter.com/projecttox
Offsite link, not following: https://www.facebook.com/toxproject
Offsite link, not following: https://github.com/TokTok/c-toxcore
Offsite link, not following: https://wiki.tox.chat/users/community#irc
Offsite link, not following: https://www.digitalocean.com/
Offsite link, not following: http://creativecommons.org/licenses/by-sa/4.0/
Offsite link, not following: https://github.com/Tox/tox.chat/tree/master/themes/website/templates/index.html
TokTok : iphydf@users.noreply.github.com
Offsite link, not following: https://wiki.tox.chat/
Offsite link, not following: https://lists.tox.chat/
Offsite link, not following: https://blog.tox.chat/
Offsite link, not following: https://toktok.ltd/
Offsite link, not following: https://wiki.tox.chat/
Offsite link, not following: https://lists.tox.chat/
Offsite link, not following: https://blog.tox.chat/
Offsite link, not following: https://toktok.ltd/
Offsite link, not following: https://www.gnu.org/philosophy/free-sw.html
https://www.freshports.org/net-im/uTox
Beware of tox.chat warning ⚠️
Dumping email addresses to file
#WarGhost
