/tech/ - Technology★

>>831555 (OP)

wrong thread, doofus

datamine yourself

what distro are you running? is it a systemd one? if it's systemd-based networking, sorry chuck, check a search engine that leads to stackoverflow.

Tox is compromised, it leaks your IP and potentially other sensitive data

>>831598

You are stupid. P2P by definition leaks your IP. What I am concerned about is the pinging of servers on startup that aren't your peers.

>>831571

I couldn't find the thread via ctrl+f

>datamine yourself

>what distro are you running

The go fuck yourself distro. I by default have nothing pinging out of my distro on startup. But by running tox it fucking pings out to all of those addresses. Don't datamine yourself. Just fucking tell me if this is intented behaivor or if its a fucking botnet.

>novg.net

>lopatin.pw

The webpage clearly says what those people run on their servers

>Tox IM bootstrapper

Wow, it's litrully (((i'm shaking already))) muh (((botnet))) do I fit in guys xDD

Do not use software if you are too stupid to understand how it works.

Tox is a corporationless alternative to Skype, it won't save you from all threats at once, learn2opsek n00b.

>>831603

>I couldn't find the thread

>via ctrl + f

>unwilling to disclose his distro

Anyone else wanna bet Ubuntu? Pretty obvious at this point.

>>831598

Tox-over-Tor is godmode. Get on our level fagit.

Ok anon, why shouldn't I use Tox? What are the downsides?

>>831571

>>831603

>>831713

>derailing this hard into a systemd/distro thread.

>>831603

>pinging of servers on startup that aren't your peers.

That's interesting

What servers is it pinging?

>>832078

Read the thread. Hint: >>831611

JUST USE IRC

>>831555 (OP)

>Is this by design and I am being retarded

<expecting a p2p program to magically find peers without bootstrapping itself

The latter

>>832186

>(((bootstrap)))

>not just using direct IP's and ports

Is this P2P or a client/server program? If you can use tox without these servers then p2p. But if you can't use tox without these servers or even changing these servers, then it's not p2p but is client/server. They really should add a option to change the bootstrap server(s). Or just call it client/server instead.

>>832198

>then it's not p2p but is client/server

You've discovered hot water.

>>832198

I don't get it. You call these machines servers because they have a domain name and if it is only an IP then it's not a server? Anyways if you don't like the bootstrap nodes I'm sure you can change them to some that you trust.

>>832198

>They really should add a option to change the bootstrap server(s).

They do, it's fucking GPL3. Open your registered copy of Sublime Text.exe and change it to bootstrap off your cuck fuckbuddies' IPs instead.

Tox is dead, it's run by a retard who is too scared to use his real name so there is no accountability whatsoever. just use signal

>>832529

T.not secret agent

>>832514

Thanks for the info.

>>832417

If those IP's/computers that act as redirectiona fucking server you newfag are predictable/always the same then you can MITM the IP and redirect traffic much more easily. Say to fake a call with someone or just block access to the server for finding people/toxing them in the future. Not being in control of what servers are pinged out at first is a privacy issue if you don't want your Tox traffic to be tracked by (((them))) with (((their))) eye in the sky view. Even if they can't listen to your conversation without great amounts of effort.

>>832774

/tech/ urgently needs an IQ check before posting.

>>832774

I really fucking hope you're the newfag here, if you don't understand that a node in a P2P network is both a server and a client. These bootstrap nodes are there to let you bootstrap a bunch of IPs for participating in the DHT, not do advanced communication.

>>832777

>what is whois

>what is (((domains by proxy))) and (((perfect privacy LLC/hilliarly clinton shell companies)))

I would agree normally, but the IP's in OP's pic are all alphabet ip's that got pinged out. Are those the defaults? Because those are undoubtebly proxies logging requests by tox clients.

>>832069

Tox protocol has a single dedicated tor node hence all traffic can be monitored and timed.

>>842150

You can use any TCP bridge over tor. All traffic over tor does not in fact use one node. Literally anything can be timed that goes through tor by recording at the exit nodes lol. It still provides anonymity. This level of retardation my god. Its not like they can demask your location or decode your messages.

>>842160

Not related

>>842160

Every arrest has been because of an OPSEC failure.

The entire LulzSec crew made *countless* mistakes like disclosing their eating habits and connecting from their residential IPs while using the aliases they were supposed to be "anonymous" under.

Non of them were really "leet" hence why all their exploits were simple. All they were good at was PR whoring.

>>842216

>disclosing their eating habits

Did someone really get caught because of this? How would that even happen?

>>849722

are you retarded or just usual /tech/ user?

simply get their daily routine, their favourite food, their local pizza deliveries and you're golden!

also: get their work ip's, get into their modern hardware pc's, plant some child porn, frame them for some silly non-existent shit, you're double golden and also promoted as a result.

a-also: manage to explain that meltdown meme to your director, while he points out all hardware was created with backdoors in mind, """you see, kid, <<to spy on russian hackers>>""".

a-a-also: you're on the list just for trying to connect to the tor network; get your pink mark on a mailbox.

>>832819

Reminder that we are under attack

>>846231

>>849770

geez, lay off the amphetamines, fellow shitposter. your boss is at least right about everything having backdoors, leagues ahead of your average normie.

>>831555 (OP)

signal seems a lot more secure and practical, is there a good reason not to trust it?

>>849885

>signal seems a lot more secure and practical

>needs your phone number

kek

>>849906

it's about secure and private messaging, not anonimity. unlike tox it's actually usable and supports offline messages, while not storing metadata or contact lists and having gpl clients and servers.

they have a desktop client and it works without google play services too now.

>>849955

A bundled copy of chrome is not a desktop client.

>>849959

it's standalone now

>>849885

>>849955

> Private messaging and not anonymity

What did you mean by this?

How the fuck is private messaging with a phone number anonymous?

>>849885

Being centralized isn't the most ideal thing.

Also it requires some google shit by default and you need a workaround to get around that.

>>849988

E2E encryption is private but not necessarily anonymous. People can see who you're talking to but not what you're talking about.

Also, from what they say, I think who you are talking to is only visible from signal's servers.

https://github.com/WhisperSystems/Signal-iOS/wiki/FAQ

>>849988

the point is, it's not, but both the message contents and metadata are safe from third parties.

don't get me wrong, there are better solutions, but i'm not going to convince regular people to sign up on my xmpp server or use pgp with self-hosted e-mail, so signal is by far the best real life solution.

but i get it, for online stuff, go ahead and use tox or something else.

>>850004

>are safe from third parties

What third parties? Like Google and Microsoft? Nobody is talking about them. You've changed "bad corporations" for some ephemeric "good corporation" that somehow maintains it's servers without charging you any fees or displaying ads, what their funding comes from, eh?

What about wiretaps? What about compromised servers you won't be able to change in case of major fuc-kup? What about brute-forcing users by adding all possible phone numbers? What about gsm carriers that see you receiving confirmation SMS from Signal servers?

Remember, for state actors and organized crime metadata is more than enough. They don't need to know what you are talking about with your wife when you do it from car while driving to mall and then bringing home some food.

>>850015

>What third parties? Like Google and Microsoft? Nobody is talking about them.

They are my biggest concern, by far.

>You've changed "bad corporations" for some ephemeric "good corporation" that somehow maintains it's servers without charging you any fees or displaying ads, what their funding comes from, eh?

I really wish you didn't have point there, they received funding through donations and grants, but the ties to Twitter and the abuse potential are worrying. Still, the AGPL is pretty lenient, and I'd rather trust them than just give up.

>What about wiretaps? What about compromised servers you won't be able to change in case of major fuc-kup?

What about brute-forcing users by adding all possible phone numbers?

Signal warns you about changed keys unlike WhatsApp that might keep MitM attacks hidden from you by default, if that's what you mean.

>What about gsm carriers that see you receiving confirmation SMS from Signal servers?

What about them? They receive exactly that information, nothing more, unlike with regular calls and sms.

>Remember, for state actors and organized crime metadata is more than enough. They don't need to know what you are talking about with your wife when you do it from car while driving to mall and then bringing home some food.

True, that's why Signal is the best choice in my opinion, simply because they don't keep that meta-data by design and can't give it to law enforcement on court orders, and neither can cellular providers or Google and Facebook.

Three-letters are a different beasts, they don't know laws and you never know what exploits they might find, but that's not a reasonable concern. Iirc the Snowden leaks showed them having huge trouble with TextSecure, but we can't assess that now.