/tech/ - Technology★

development is slow, but tox works for me

>>863876 (OP)

>GNU Ring: https://ring.cx/

>refuses to work without mic permission

shit tier

Reminder TOX was never secure and leaked your ip to anyone you communicated with

>>863876 (OP)

>Mac OSX

>Not using Facetime/iMessage.

>>863890

That's how peer to peer works you dumb fuck. You can see the IP of everyone connected on BitTorrent downloads, does that mean BT is insecure?

>>863896

>That's how peer to peer works you dumb fuck

No it isn't, your information CANNOT be encrypted and exposed at the same time.

>>863908

Yes it is. The content of your conversations is encrypted. If you want to obfuscate your address too use it through a network or service that does that.

>>863890

WHAT THE FUGG IS TOR :--_DDDDDD

>>863896

>That's how peer to peer works you dumb fuck

Not necessarily. I2P, for instance, won't show you the IPs of your peers.

>>863916

It does expose the addresses of the peers you connect to directly. That's how you connect to the network. Same as you have to know the address of your tor entry node, and vice versa.

>>863916

Then netstat will give it to you, retard.

>>863926

What about Mumble?

>>863876 (OP)

>Tox is dead

https://github.com/qTox/qTox/commits/master

>1 day ago

>1 day ago

>5 days ago

>7 days ago

>>863890

Daily reminder that your IP is being leaked to 8chan. Daily reminder that your IP is being leaked to your proxy provider. Daily reminder your IP is being leaked to the tor node.

>>863937

Holy shit! Big if true, abandon the internet, everyone, it's insecure!

I'm starting to wonder how anyone survived using the net when literally everything leaked your IP address to everyone you interacted with.

>>863944

> when literally everything leaked your IP address

Literally everything does leak your IP to every computer yours interacts with.

>>863890

>Reminder TOX was never secure and leaked your ip to anyone you communicated with

Reminder that privacy, security, and anonymity are 3 different things. Tox never claimed to hide your IP address when not run through Tor.

You are a fucking idiot.

Matrix/Riot

>>863916

You're still sending packets to a node. Of all the p2p protocols, i2p actually isn't too dissimilar to Tor in some respects. Obviously, garlic routing was inspired by onion routing; it's also the thing that distinguishes i2p from other protocols, ironically. You're still leaking your IP address to the nodes that you upload to and download from; it's just that your identity is obfuscated by the nodes that come thereafter--at least, as I understand it. So you don't leak your IP address to the intended recipient. And that's basically the same for all anonymizing p2p protocols and certainly true for the other ones; it's just that your identity is obscured in different ways.

>>863931

Never used it myself, but from the complaints I've read, it takes some effort to get it setup properly. Works excellently once it's set up, ostensibly, but the learning curve makes it pretty inaccessible.

One non-libre complaint I have with Discord that I scold people who use and endorse Discord for is the fact that Discord has no support for people with disabilities. Combined with the fact that it's proprietary and the team hasn't even expressed an interest in addressing that issue, it's safe to conclude that Discord hates cripples and should be avoided, not to boycott or chastise Discord but simply because, well, it's inaccessible to crippled people and thus will never be a good universal standard.

>>863989

+ botnet data miner

>>863916

> I2P, for instance, won't show you the IPs of your peers.

I2P leaks your IP to every routing peer you connect to.

>>863996

I think you might be thinking of Kovri, the Monero-integrated fork of the fully-functioning C++ implementation of the i2p protocol.

>>863889

>refuses to work without mic permission

What are you, a phone user?

>>863889

How dare a voice chat app require mic permissions.

>>864081

You can its called IP spoofing. You can do it in c without too much work on UDP packets for example. Its just hard to complete a handshake protocol without them being able to respond to you.

>>864087

How do you call the transfer of misleading information as a connection? If your IP is spoofed, the traffic isn't going to return to to you.

>>864090

Not all traffic has to be bidirectional. UDP does not even have a "connection". You could send a packet to someone that says "send this to this other person" with them having no idea who you are.

>>864092

That kind of signalling is meaningless. It's also known as spam.

>>864094

>Can build a protocol on

>Is spam

uh okay

>>864087

This inane shitposting has to be some turbo sperg's idea of a troll

>>864092

You can't do broad-range broadcast on IP retard, you'd have to establish those connections individually.

Good luck transferring any data that way.

>>864098

>IP

>Connection

IP is connectionless

>Good luck transferring any data that way.

Yea you just send it to the person and it gets to them not hard.

>>864097

Network signals only have meaning when traffic goes to legitimate destinations. Having unsolicited signals is not a connection. IP spoofing has no meaning beyond sending spam to addresses that didn't ask for it.

>>864099

>"hello postman, I want to send my friend a letter"

>"no, I don't have their address"

>>864105

You can send your friend a letter there is just no return address. People do this all the time with mail.

>>864106

>"hello postman, I want to send my friend a reply to his letter he sent me"

>"no, he didn't leave a return address"

>>864104

The destination is legitimate.

>Having unsolicited signals is not a connection

Its a packet not a connection this is not TCP

>IP spoofing has no meaning

Only in the same way that mail not having a return address has no meaning. The mail still has content.

>that didn't ask for it.

Your machine gets random connections from machines using non spoofed IPs 24/7 already

>>864107

You open up the letter and it says:

PGP SIGNED ... hey bob send this to jim .. END PGP

Looks like we just found a meaningful protocol

>>864111

That's what we have, retard.

>>864120

Except that it currently leaks your IP

whats wrong with jitsi

>>864122

It is impossible to have communications without a return address.

>>864125

Yea people cant send letters without return addresses thats obviously impossible

>>864135

tox.me is a shitty name system not even a part of tox anymore

>>864127

talking 1 way isn't communication.

It does not matter if it is "communication" or not. I can push data to a place I want to without leaking my IP to the destination. There are many many legitimate uses for this.

>>864142

...And a chat program is not one of them. Neck yourself.

>>864143

Wrong. A group chat can be done in a ring topology where you send the message to the next guy and get a message from someone you don't have the IP of. In fact tox is in a ring topology.

>>864145

explain how a ring topology can protect both users in a 2 person chat.

>>864146

Why does communication have to be limited to two people? What a limited mind.

>>864146

You can send messages on one IP / computer and receive messages on a second computer / IP.

>>864147

ok so a 3rd party intermediary bot. Cool. How can you trust that bot?

>>864150

Intermediary bot? I just meant a ring with 3 people.

>How can you trust that bot?

You don't have to if you spoof your IP

>>864151

>spoof your IP

>bot sends reply to fake IP

>convo dies

real clever bud.

>>864153

You don't need a conversation to communicate things

>>864112

Hello Anon :^)

>>864112

I'm glad you got out of prison, Anon. How was "vacation"?

>>864154

Tox which is a general purpose chat system doesn't work the way you say things should work. Tox is a 2+ person chat system. At least one person sends a message and the other person receives it. If any of those people are spoofing IP addresses, then the message can never be sent to where it needs to go.

>>864210

how did these tox dev retards not think to address this by now? (inb4 just use tor xd)

>>864216

The Tox developers don't need to fix IP spoofing. It is not a problem at all that Tox leaks your IP address.

I wonder how it must feel to work at GNU making a messenger so shitty and unwanted that the only way you can try to shill it is posting inane nonsense about Tox.

>>864070

I were talking about the Android version.

>>864075

It shouldn't require it if I only wanted to use text-based features.

>what is graceful degradation?

>what is defense in depth?

it's a shame that this level of underhandedness is going from GNU, I'd expect them to make software that is actually good…

>>864245

The mistake you're making is the fact all software is final and that the current state represents the ultimate will of the developer for the program. Shame on you for making such a hasty assumption.

>>864228

:^)

surprised no one answered with wire private messenger, it's pretty acceptable and has an active development

> Depends om google play services

Dropped

>>863876 (OP)

>ring

Lets talk about more stable alternatives

https://wire.com/en/

https://about.riot.im/

Last time i tried Ring, it didnt have file transfer, making it perfectly useless for collaboration.

>>864339

It's on F-droid. Stop spreading FUD, shill.

>>864216

>I was just pretending to be retarded.

Bad news anon, every single website you visit has your IP.

Even those Garry Fortress 2 servers your autistic ass plays.

>>864418

Something about the project just irresistibly attracts braindead retards. I don't know if it's NASA or what.

t. long time contributor and github issue closer

day after day after day of INTEGRATE MY BLOCKCHAIN XD I LOST MY ACCOUNT PLS RESET

>>864418

>Is this a government psyop or just a meme that trolls me every time?

I feel just the same brother

>Tox

>Matrix

>Riot

>Ring

There are many ways to video chat privately. If you're not doing it already it's because you don't really care about it or because you don't have anyone to talk to.

Either wat this thread is useless and irrelevant. Sage.

>>864439

I could be wrong but i think ring is the only one that does p2p multichat video.

riot is an implementation of matrix, dont know why you have them listed separately.

Post your ring ID.

>>863876 (OP)

>requires gtk3 AND qt5 installed

>no jessie support

>developed by literal trannies

Just use Tox or Ricochet. Or XMPP, if you want to convert normies. It has a nice mobile client.

>>864135

You keep posting this pic in every thread. You are still wrong.

>>864446

>wasting bandwidth on pictures of some neckbeard in his room

>wasting six times as much bandwidth on pictures of six different neckbeards in their room

Video chat is a meme.

>GNU RIng

>essentially no attempt to be secure

Actual options with working groupchats+video/audio would be matrix/riot

>>864039

>>864112

>Someone is butthurt enough to DoS a 20+ user groupchat

Must be Kalynx or the arisuchan girl owner lol

>>866801

Riot has opt-out telemetry as well as stating that "the current encryption methods are experimental and not to be trusted". I'd rather trust Wire for privacy, but Riot does seem much better.

>>866753

> not using something because 'trannies'

Do you not use CPU's?

Does your computer run on something else?

>>863926

So you're one of those autists who won't stop sperging out over Discord?

>>863989

The complaints come from the fact Mumble has a big scary completely optional setup wizard on first run, that's only there to ensure you're not clipping over everyone else like a fucking retard or relying so heavily on automatic gain control that the mic picks up hard disk clicks from a room over. Things I see constantly from Discord/Skype/etc users.

Why no mention of Keebase?

https://keybase.io/

>>864418

u mad?

>>868179

wowee just what we needed another fucking single-website web browser running on every computer

> Imagine a Slack for the whole world

no fucking thanks

So matrix uses webrtc for calls, so there is a direct connection, which also leaks IP to chat members? Why than it's not able to transfer large files directly, complaining about server restrictions?

somebody please explain why SIP clients are dead in the water and nobody uses

>>868246

Matrix was founded and developed by a consortium of Telecomms companies. Pay close attention to all the buzzwords. They're trying to sell you something

>>868189

2010 called. They want u mad back.

>>868635

They could be like in i2p where you don't know IP of the machine that recives your data. But my qustion is why matrix has p2p connections and not able to send files directly.

>>868635

By design it 'leaks' ip addresses. This retarded concept that you can connect to others without giving your ip address likely comes from the same people who think that signal is secure. You either give your peer your address or you give to a centralized server its literally by design.

>>868636

How would you connect two computers without one computer knowing the address of the other computer?

>>868639

They will know an address of each other, but it doesn't have to be an ip address. Like in tor/i2p, you know an ip of machine you are asking to be a proxy for you and this machine has no idea about what you are sending and who is final recipement.

>>868649

>congrats, you reinvented the Server

Its a little different when you are using multiple servers choosen from lots of others, changing them from time to time and being a server yourself so when you are sending something through the "server" it doesnt know if that is your message, or message from other guy you are transfering. So if you are really interested - RTFM i2p spec.

>>868651

>every program that uses the internet should incorporate i2p.

I'd use Ring but I can't get people to switch. They just want their Facebook, twitter, or steam messenger shit because that's all they know and everyone else uses it anyway so why bother trying to force them?

>>868658

Ring is unstable as fuck. If you want the attention of normies point them to Riot.im/Wire. They aren't as buggy and have clients for all platforms.

>>868653

I didn't say so. Thought it would've been nice to have more anonimity oriented programms which are not shit.

>>868661

<trust your peer

>trust a server

Pick one and only one.

>>868663

Question is amount of trust and bandwich. Servers require more trust than a single peer if you're using lots of them at the same time. Servers are more limited shit, and also the point of break. So it's pretty much retarded to have p2p connections and restrict them to just calls.

>YOU MUST CHOOSE BETWEEN DIRECT CONNECTIONS AND SENDING ALL PACKETS THROUGH ZUCKERBERG

>ONLY OPTIONS

>what is onion/garlic routing

fuck this place

>>868739

>WAHHH I WISH ONION SERVERS WERENT SEVERS WAAAAA~

If you call someone in current year, you already trust that person on not recording your voice and sending it to NSA//FSB/Mossad to identify you, therefore there is no point in hiding your IP from them behind servers/proxies/onion routing.

Honestly, what's wrong with federation with end to end encryption? It's how the Internet works and has worked since forever before a few companies managed to centralize everything with obscene amounts of money and computing power. Full decentralization is complicated as all hell and more often than not it involves tradeoffs in usability, resources, security/privacy or a combination of all three.

>inb4 muh node is compromised by dangerous SJW

Then keep all the data in synch between server and client, it is not that hard. Fuck, you could even write it in a way none of the involved servers knew jack shit about you or your partner, or even without your partner knowing jack shit about you.

>Users have two passwords: the node account password (gets sent to the server; your everyday password) and your data file encryption password, which serves to keep secure your data even if uploaded to a server

>Server logs you in, retrieves your encrypted data file and sends it back to you as is

>Client decrypts your data file with your second password, checks the timestamp. If the timestamp is newer than the stored data file, attempt to merge the changes with the local data file. Upload the new data file with the new timestamp, regardless of changes

>Said data file contains both your public and private keys, used to identify you between networks. Extra security may be achieved through the use of another pubkey, this one not uploaded to the server, on top of that. Not the default to keep shit simple enough for normies. Maybe not the most aecure schema but still miles more secure than any other chat program.

>Your contacts list consists of a list of pubkeys with an associated name and addresses.

>Ask your server to open a "session" with each server that appears in your contact list. Said session consists on an encrypted connection between you and your friends' servers, with your server as a middleman. For extra security, this session may be quick to expire

>Contact each server on whether your friends' pubkeys are present and/or online. This is done periodically as a heartbeat in a high latency lane to avoid network correlation attacks: all heartbeat requests are batched and sent all at once every X seconds

>All your server knows is you have friends who have used some server at least once. All their server knows is a guy with session XYZ is online and asking for certain pubkeys

>You may introduce extra security by downloading chunks of logged in users whose pubkeys start with certain two chars

>Whenever you start a conversation, you ask your server for a low latency session with the other server. This is, of course, both encrypted between your server and theirs, and you and their server.

>Ask their server to get them a message delivered. This message is a handshake. If the user accepts the handshake, your friend asks for a another low latency session between them and your server, which sends a handshake in the other direction.

>Low latency sessions are kind of like heartbeat sessions, but much faster

>Once there is an IO, the end to end encrypted conversation starts.

>Identities are verified, then conversation proceeds normally

All your server knows is you are conversating with someone on the other server, but not whom. The other server does know there is someone conversating with your friend, but does not know who you are. You and your friend can verify your identities, even if you don't reveal them your IP. You can get your friends' pubkey first from an easy to remember nameserver and fuck, you could even use a single password for both login and decryption if you send the server your decryption password hashed via client. Not the most secure of schemas, but transparent as all hell for the user, and it could even be optional.

>>868776

tldr

>>868752

>onion servers

I have taken the bait. Fuck my jimmies.

>>868666

>Onion servers are not servers

hahahahaha

>>868758

You could use speach to text to speach.

>>868776

So a single guy/organisation could just run most of the servers and if you'll use your own server there will be almost no users on it and it will be very easy to find out thats you.

>>868776

Every federated system I know ties your identity to the server. The server own has full control over your communicates (obviously they cant read them or forge them). You cannot migrate between servers and are trapped with the host you picked initially. If you could migrate between federated servers it might be better. But as long as I have to depend on some asshole keeping their server up forever I wont trust it.

>>876252

>Also not sure how they keep my private keys secure... does this mean that they can masquerade as me if I use the name service?

Your private key never leaves your possession. The name service just provides a DNS listing that returns your tox ID, so your lazy normalfaggot friends can type anon@sucks.cocks instead of pasting in your tox ID.

>>876277

>tox ID

But whenever I log into a Ring Client, not only it's the .crt certificate there, but also my. key

>>876252

>does this mean that they can masquerade

Anyone you have added already they will not be able to impersonate you because you have already exchanged keys. Anyone else that adds the name though after the DNS has been compromised could pretend to be you but under a different ID.

>>876305

Okay.

>>863896

oh shidd :-DDDD

>>876342

What platform are you on?

>>876342

The GNOME client is bugged. You need to start a conference call, drag the users you want to it, and then you can use the chat feature in a group.

>source still being actively worked on as of this week

>somehow "basically dead"

The problem with faggots like you is that you assume that a mature project needs a bunch of commits every day. It's a Poetteringism.

>>876530

>No new features in qtox nor utox in several months.

>No group voice or video

>Android Client STILL crashes if you attempt a voice or video call

Dead Project.

>>863876 (OP)

I use RetroShare, post your certificates everyone

>>876547

I'd like to add that GNU Ring is also certificate+key driven :^)

>>876541

<muh ever increasing list of features

<android isn't a disaster anyway

bloat and crapware, werx on my machine

>>864087

anon I bet you frequently forget to pull your pants down before taking a dump

>>876643

>I don't understand how networking protocols work but you are the retard!

>>876639

>wants text only

>whining about bloat

Use IRC+SSL

>>864182

>>864197

Boo!

>>864418

>Is this a government psyop

Strongly this. Sow FUD. Same for USGOV mostly bankrolling Tor devs for the last decade: FUD. USGOV needs an open secure obfuscation network for their operatives internationally to use, and the public using TBB is the cover traffic. No shit they'd fund their own creation!

If you're paranoid, recompile with a higher circuit size (it's a macro value somewhere in the code), and audit audit audit!

>>863876 (OP)

>>863886

Tox is pretty much dead because it leaks IPs to your friends list and with online messengers you can't fucking trust internet friends with your personal data, so Tox fucked itself. Their ability to stay retarded and never rectify this and just go "lol just apply proxy, problem solved" is why no one will use Tox on any serious basis. It is the biggest reason why tech communities haven't and will not use it whenever they hear of it.

The lack of proper chatroom support doesn't help either.

>>864001

That's not at all true

>>876934

>Tox is pretty much dead because it leaks IPs to your friends list and with online messengers you can't fucking trust internet friends with your personal data, so Tox fucked itself.

How do you communicate without trading IPs?

What's wrong with using a proxy?

Maybe don't use a SECURE messaging client with people you don't trust.

>>864431

They're most likely typical leddit retards who want a Discord or Skype without the botnet/700+ MB of RAM used by electron

>>864431

>INTEGRATE MY BLOCKCHAIN XD I LOST MY ACCOUNT PLS RESET

Imagine implementing the cancer known as blockchain into Tox?

>I LOST MY ACCOUNT PLS RESET

...What?

>>876939

>That's not at all true

Thats literally how p2p works faggot. The anonymity router you connect to knows who you are.

>>876791

Server can read messages

>>877010

This, literally any host that trades messages.

I don't know why this retard can't grasp what down syndrome pajeets can.

>people suggest riot.io as an alternatives to discord

>get around to trying it out

>no proper voice channels

>no way to adjust the volume of an individual

>basic features that are in virtually every VOIP program made in the last decade

Where were you when open source was btfoed?

>>877215

opensource has always been shit. but atleast it does not pipe my conversations directly into an NSA datacenter.

>>868095

If you can tell us how to get a server configured that does OTR, file transfer and voice properly that would be great. Tried open sores trash and openfire and they are barely functional.

>>877695

I have used OMEMO before with XMPP before. It was a very shitty experience. Particularly with group chats. It would randomly turn off encryption and make shit very unclear what was going on. Broadcasting things in plaintext all the time.

>>863876 (OP)

>1990+25

>a _chat_ program needs to be actively developed

hmm i wonder where the problem could be?

tox isn't dead you mouthbreathing trannies

toktok is still in development, the next version is going to have persistent groups

toxic and other clients are still in development

what the fuck are you on about

the only thing dead regarding tox is it's userbase since people add you speak a day and then ghost you

>>877787

> the next version is going to have persistent groups

Has been in dev for literally years with no new features

>>877467

>>877215

Newfags, all software is shit. Nobody's figured out how to write non-shit software.

>>877858

Not at all. It's your own senses that causes everything to be colored in the shade of shit. There is nothing that can possibly exist that isn't shit because you've decided it to be that way.

>>877868

Name one piece of good software.

>>877905

Firefox

>>877850

I know what you're talking about but it's almost done and scheduled for 0.2.1

>>877858

>Newfags, all software is shit.

Some is shittier than others.

>>877905

GHC Compiler

Ring & Riot

>>878026

are bad

>>877937

>compiler written into families of languages and two families of programming paradigms.

>>878063

You want to write a garbage collector in a garbage collected language? Are you retarded? Of course the runtime is written in something else.

>>878139

>garbage collected language

>can't compile itself

I thought Haskel was a serious language, not some script piece of shit.

Rust compiler doesn't have this problem.

>>878180

>Rust compiler doesn't have this problem.

You know what a runtime is and what rust does not have?

>>878180

>any language with a GC is not serious

ayyyyyyy

>>876934

so you mean i can still use it with non random people i know, k thx

>>878189

>any language with a GC is not serious

Not him, but I kind of feel that a GC is just there to protect shitty programmers and/or shitty design.

Am I wrong?

>>863876 (OP)

Suce ma | Pauline.

>>877905

systemd

>>863916

Jesus, if you actually believe this you're such an idiot. How do you think that node sends messages back to you?

>>886591

He said ONE piece of software, anon

>>863908

This level of retarded.

To even talk about security requirements you start with a threat model that doesn't look like 'muh information'. You should definitely distinguish between metadata and full take. Tox may not meet everyone's information security requirements; Don't communicate a terrorist threat to undercover CI while using tox.

But, depending on your threat model, having a peer communicant discover your IP address may be preferable to having a Microsoft record it in a database for years.

>>864109

Some ISPs do egress filtering.

>>868639

Every peer could receive all traffic like blockchain

>>888168

>just use broadcast topology

AHAHAHAHAHA

Retard, AHAHAHA.

>>868663

Or broadcasting, which has trade off processing way more messages.

>>888169

Clearly dosn't scale well, I am not saying its ideal, I prefer peers to have my IP, and that my voice client doesn't manage my Anonymity.

>>888163

And some ISPs block bittorrent so what

>>864313

Wire is hosted by (((Amazon))).

>>896584

If every message is sent to every person then you cant prove who sent or received anything without even needing to use (((tor))).

>what is bitmessage

>>863890

oh no!, not my ip!

>>896597

IP = city you are in. Not something you want to share with every random fuck.

>>864109

>Your machine gets random connections from machines using non spoofed IPs 24/7 already

Your firewall gets those connections and drops them on the floor if it's worth anything at all.

>>864127

You're the crazy guy that yells at the radio thinking they'll hear you, aren't you?

>>864135

>people use it for stuff I disapprove of therefore the software is inherently bad

>>864122

>I want a decentralized P2P service that doesn't leak the Oh-So-Important information of what my (dynamic!) IP is.

>>896599

Okay, so the real answer is to connect your IP to a chat server that you don't control.

This thread is a fucking mess.