Tox expose user's IP address by default(and the user need to use proxy such as Tor to mask IP).
It seems "Ring", on the other hand doesn't use IP as identifier.

I couldn't find Ring's forums to talk about "Tox" btw.

Tox expose user's IP address by default(and the user need to use proxy such as Tor to mask IP).
It seems "Ring", on the other hand doesn't use IP as identifier.

Are you seriously blissfully unaware?

First of all, IP is not an identifier. Tox ID is.

Second of all, either Ring has to also "expose" IPs, or is centralized, in which case their claim about being P2P can be thrown out of the window.

Third of all, the matter which you don't seem to be concerned about, is actual security.

Tox has been build on a principle that there is only secure mode available. Ring, on the other hand seems to want to use "established standards", which are full of loopholes that strip out security. And no, it's not just a matter of some theoretical loophole, but it's a functionality that Ring has build-in – after all, to be actually inter-operational with SIP, they have to have an option to remove security.

Dunno, people don't generally to be concerned about security, and thus qTox tries to provide the best UX for people, and while doing so provide security.

On a side note:

Tox expose user's IP address by default (…)

Could you perhaps point out where is it "exposed" ?

Tox expose user's IP address by default

I'm talking about Issue #3420 . "Tor" can mask your original IP, though "Tox" expose(leak) original IP to friends. This is what I'm worrying about(and I'm using Tor proxy combination).

Ring has to also "expose" IPs, or is centralized

So this sentence "Decentralized communication" which appears on top page description is a "lie"?
I've send an email to SFLinux, I'll post a reply if they respond.

qTox tries to provide the best UX for people, and while doing so provide security

I concern about security, and it's good to hear.

How about adding this question to https://tox.chat/faq.html :
"What makes TOX special? I already using WhatsApp, Ring, and ChatSecure."

I'm talking about Issue #3420 . "Tor" can mask your original IP, though "Tox" expose(leak) original IP to friends. This is what I'm worrying about(and I'm using Tor proxy combination).

If you're worried about your _friends_ knowing your IP, then there's something wrong there, and it's not about technology.. And no, it's not a "leak". That's how P2P works.

How about adding this question to https://tox.chat/faq.html :

IMO it would be a waste of time. Making a FAQ page on qTox wiki with this question answered sounds like a good idea though – would you be interested in helping with that? https://github.com/tux3/qTox/wiki/_new

FAQ page on qTox wiki with this question

I think the question should be added to "tox.chat" because it is about not only "qTox" but also other Tox clients, such as Antox, uTox. Should I post this issue to [email protected] ?

I added "Signal" as a rival. related: https://github.com/LibreSignal/LibreSignal/issues/37

"What makes TOX special? I already using other software such as... ."
The other software, such as WhatsApp, Ring, ChatSecure, and Signal are not secure than you think.
"WhatsApp" and "Signal" use central server, and the former software doesn't encrypt user communication at all. It's easily controlled by the government because it is not P2P.
"Ring" is using SIP protocol, which is very old and not P2P friendly. They claimed it as a "decentralized"
software, and it's bullshit. "ChatSecure" use XMPP protocol with central server style, no secure at all.

(I'm not a writer. Hope someone write a good one :cry: )

@zetok

Ring, on the other hand seems to want to use "established standards", which are full of loopholes that strip out security.

This does not reflect reality of secure protocols, and actual security experts typically consider "DIY security" dangerous and rely on established primitives or even protocols.

And no, it's not just a matter of some theoretical loophole, but it's a functionality that Ring has built-in – after all, to be actually inter-operational with SIP, they have to have an option to remove security.

Ring's SIP mode is separate from its P2P mode. If you explicitly set up a separate SIP account, then it can behave as a SIP client, otherwise it will only connect to its OpenDHT with full encryption throughout.

@proxifier

So this sentence "Decentralized communication" which appears on top page description is a "lie"?

No, it is not a lie. Ring is decentralized (actually, distributed, which goes further) to about the same extent as Tox.
The only real difference here is that while Tox puts the communicating peers (you and your friend) in direct communication whenever they interact, which of course means letting each party know the other party's IP address, Ring makes text chat go through the DHT itself, which means your peer won't necessarily see your IP when you use text chat (but they will when you use audio or video).

With both Ring and Tox, anyway, other random users will see your IP, because that's the only way to connect to a DHT network in any P2P system.

That doesn't make either Tox or Ring claiming decentralization/distributedness a lie at all, because they are decentralized and distributed. You're perhaps thinking about privacy matters, which are not related to decentralization.

@LuccoJ

This does not reflect reality of secure protocols, and actual security experts typically consider "DIY security" dangerous and rely on established primitives or even protocols.

No, that reflects quite well the reality of standards. The actual standard, as opposed to what we would want, is lack of security. There's only small subset of standards that aim for security, and only subset of them is good. And even then, chances of someone messing up actual implementation even when standard is good are quite high.

With that being said, I agree that NIH isn't particularly beneficial when there's something that would do the job well.

Ring's SIP mode is separate from its P2P mode. If you explicitly set up a separate SIP account, then it can behave as a SIP client, otherwise it will only connect to its OpenDHT with full encryption throughout.

Precisely, security loophole & makes implementation more complex, which results in security bugs slipping in.

Greetings, Ring developer here,
Ring is a distributed communication platform, its nodes are part of a DHT network, so their IP is indeed exposed.
Ring accounts (the default account type) are always forced to be secured ; SIP is then only used peer-to-peer over authenticated TLS (with PFS) to negotiate codecs and keys. Users can still configure classic SIP accounts if they want for interoperability.

@proxifier if you want to add this to the faq open an issue at https://github.com/Tox/tox.chat

@LuccoJ internally Tox is using https://github.com/jedisct1/libsodium so it doesn't invent it's own crypto.

@sudden6 I had not said that Tox invents its own crypto, only that Ring doesn't. It makes pretty sure, just as Tox does, that everything travelling on it is properly encrypted; it takes a slightly different approach from Tox's by building not only on established cryptographic libraries, but also on established protocols. If that's enough (as it's being made to appear) to make it unsound security-wise... well, to put it simply, it is not enough.

It makes pretty sure, just as Tox does, that everything travelling on it is properly encrypted; (…)

Sounds like a bullshit to me, especially after having a brief look at the Ring's sauce.

   ///@enum Type Every supported encryption types
   enum class Type {
      DEFAULT   = 0,
      TLSv1_0   = 1,
      TLSv1_1   = 2,
      TLSv1_2   = 3,
      SSLv3     = 4,
   };

↑ from ring-lrc @ 4d775ea8b47e038ca3be9f83d147e054104418ec

They support crypto that is considered to be broken. https://en.wikipedia.org/wiki/POODLE

Also they're patching their crypto lib – there's something _deeply wrong_ if you have to patch the crypto lib you're using.. And no, it's not about patches itself, but about "how broken is your crypto lib, so that you have to patch it?" – ring-daemon @ 8ca874d790be92649187aabcb55fa998dae045df

I'd look more into stuff, but the more I looked the worse it got.

Not comparable to Tox at all.

(…) it takes a slightly different approach from Tox's by building not only on established cryptographic libraries, but also on established protocols. If that's enough (as it's being made to appear) to make it unsound security-wise... well, to put it simply, it is not enough.

Isn't it build on top of broken stuff? Namely, TLS/SSL. Getting actual security with this broken industry standard is not really achievable. It's a matter of complexity – the more complex something is to work with, the more bugs there will be as a result. Using something as complex as TLS/SSL really helps to have buggy crypto code.

IMO anything using SSL/TLS is going to be broken, be it sooner or later. One of reasons why Tox uses NaCl/libsodium.

This issue is clearly not going anywhere, closing for now. Let's try to keep things civil, though.

Since the last comment on this thread, Ring has become a GNU project, and is getting a lot of attention. Is Tox still an active project? The last commits on toxcore appear to be about a year ago.

@strypey JFYI Current tox development migrated under TokTok/c-toxcore

Thanks for the link. Good to see Tox dev is ongoing, despite what looks from the outside like a challenging situation over the last few years. I look forward to testing Tox when I get a new testbed OS installed.

In case anyone was wondering whether there was a response to the arguments made above, a Ring dev posted a lot of useful information here: https://security.stackexchange.com/questions/137937/how-does-ring-cx-really-work-and-how-secure-is-it/162603#162603

@aberaud

RING works great but the following makes me worry:

On the official _RING_-website https://ring.cx/en/about/privacy-and-anonymity two security/privacy "risks" are listed that seem to be acceptable.

But do you think the option _"Push notifications Use Google servers to allow receiving calls messages in the background"_ is not a security risk?

Even if I do not enable this option I do not really know if the contacted friend has disabled this option, too.

Which informations could be collected by Google?

I am a little bit surprised why _f-droid.org_ did not remove this option because this "anti-feature" was removed from _"Riot"_ https://f-droid.org/packages/im.vector.alpha/ before: _("Note that the F-Droid release does not use GCM for notifications - instead it will keep syncing in the background...")_.

Thanks for clarifying this issue in advance

@toxtox Thanks for the feedback

• Push notifications only contain a dht key, they are used as triggers to wake up devices and refresh values from the distributed hash table. The data flow for push notifications is (dht proxy node)->(FCM)->(Device with PN enabled), so the FCM server only knows about the proxy node and the receiving device.

• The F-Droid version doesn't build with Google' toolkit nor the Firebase library (like Riot). In this version the "push notification" switch in settings doesn't work, it's only a UI artifact.