Now that TOX development is basically dead, can we talk about other secure and Libre Voice+Video programs

It does expose the addresses of the peers you connect to directly. That's how you connect to the network. Same as you have to know the address of your tor entry node, and vice versa.

Then netstat will give it to you, retard.

Riot was the closest thing to getting my friends to get the fuck off of Discord, but it's too early days because it lacks a decent UI. When we'd tried it, you'd jump into a call and you couldn't even tell who was in it. qTox won second place for being a piece of shit that worked but crashed the moment you left the call. One of these days, these programs are going to come within spitting distance of the big botnet shit and I'll be released from my never ending torment, but unfortunately, Group Voice is one of the hardest problems to tackle.

What about Mumble?

github.com/qTox/qTox/commits/master

Daily reminder that your IP is being leaked to Holla Forums. Daily reminder that your IP is being leaked to your proxy provider. Daily reminder your IP is being leaked to the tor node.

Holy shit! Big if true, abandon the internet, everyone, it's insecure!
I'm starting to wonder how anyone survived using the net when literally everything leaked your IP address to everyone you interacted with.

Literally everything does leak your IP to every computer yours interacts with.

Reminder that privacy, security, and anonymity are 3 different things. Tox never claimed to hide your IP address when not run through Tor.

You are a fucking idiot.

Matrix/Riot

You're still sending packets to a node. Of all the p2p protocols, i2p actually isn't too dissimilar to Tor in some respects. Obviously, garlic routing was inspired by onion routing; it's also the thing that distinguishes i2p from other protocols, ironically. You're still leaking your IP address to the nodes that you upload to and download from; it's just that your identity is obfuscated by the nodes that come thereafter--at least, as I understand it. So you don't leak your IP address to the intended recipient. And that's basically the same for all anonymizing p2p protocols and certainly true for the other ones; it's just that your identity is obscured in different ways.

Never used it myself, but from the complaints I've read, it takes some effort to get it setup properly. Works excellently once it's set up, ostensibly, but the learning curve makes it pretty inaccessible.

One non-libre complaint I have with Discord that I scold people who use and endorse Discord for is the fact that Discord has no support for people with disabilities. Combined with the fact that it's proprietary and the team hasn't even expressed an interest in addressing that issue, it's safe to conclude that Discord hates cripples and should be avoided, not to boycott or chastise Discord but simply because, well, it's inaccessible to crippled people and thus will never be a good universal standard.

+ botnet data miner

I2P leaks your IP to every routing peer you connect to.

I think you might be thinking of Kovri, the Monero-integrated fork of the fully-functioning C++ implementation of the i2p protocol.

The requirements that my friends need to move over include
We used mumble for a bit but it infringed on the first and last. We need something either mimicking Skype or Discord, where Mumble exists in a completely separate niche.

What are you, a phone user?

How dare a voice chat app require mic permissions.

Are you actually Indian? lol.

You can its called IP spoofing. You can do it in c without too much work on UDP packets for example. Its just hard to complete a handshake protocol without them being able to respond to you.

How do you call the transfer of misleading information as a connection? If your IP is spoofed, the traffic isn't going to return to to you.

Not all traffic has to be bidirectional. UDP does not even have a "connection". You could send a packet to someone that says "send this to this other person" with them having no idea who you are.

That kind of signalling is meaningless. It's also known as spam.

uh okay

This inane shitposting has to be some turbo sperg's idea of a troll

You can't do broad-range broadcast on IP retard, you'd have to establish those connections individually.

Good luck transferring any data that way.

IP is connectionless

Yea you just send it to the person and it gets to them not hard.

Network signals only have meaning when traffic goes to legitimate destinations. Having unsolicited signals is not a connection. IP spoofing has no meaning beyond sending spam to addresses that didn't ask for it.

...

You can send your friend a letter there is just no return address. People do this all the time with mail.

...

The destination is legitimate.

Its a packet not a connection this is not TCP

Only in the same way that mail not having a return address has no meaning. The mail still has content.

Your machine gets random connections from machines using non spoofed IPs 24/7 already

You open up the letter and it says:
PGP SIGNED ... hey bob send this to jim .. END PGP
Looks like we just found a meaningful protocol

There is a current DoS running amok on Tox.
The way that the protocol is designed, all you have to do is separate one of the participants from two of the people in the chat group, and they are effectively DoS'd from a chat group. This can be done by either fighting with a group bot's topic protection ten or so times a second, or by sending invalid data to the target user's ID (which isn't hard to find in group chat). This is also known to DoS them from the entire network. This attack also works over Tor, since all you need is the ID.

This is being used to great effect in Club Cyberia. Pics related. The devs do not care about this exploit, because it would take a redesign of the protocol to fix.

Do not use Tox with people you are not 100% trusting.

That's what we have, retard.

Except that it currently leaks your IP

whats wrong with jitsi

It is impossible to have communications without a return address.

Yea people cant send letters without return addresses thats obviously impossible

...

tox.me is a shitty name system not even a part of tox anymore

talking 1 way isn't communication.

It does not matter if it is "communication" or not. I can push data to a place I want to without leaking my IP to the destination. There are many many legitimate uses for this.

...And a chat program is not one of them. Neck yourself.

Wrong. A group chat can be done in a ring topology where you send the message to the next guy and get a message from someone you don't have the IP of. In fact tox is in a ring topology.

explain how a ring topology can protect both users in a 2 person chat.

Why does communication have to be limited to two people? What a limited mind.

You can send messages on one IP / computer and receive messages on a second computer / IP.

ok so a 3rd party intermediary bot. Cool. How can you trust that bot?

Intermediary bot? I just meant a ring with 3 people.

You don't have to if you spoof your IP

real clever bud.

You don't need a conversation to communicate things

Hello user :^)

I'm glad you got out of prison, user. How was "vacation"?

Tox which is a general purpose chat system doesn't work the way you say things should work. Tox is a 2+ person chat system. At least one person sends a message and the other person receives it. If any of those people are spoofing IP addresses, then the message can never be sent to where it needs to go.

how did these tox dev retards not think to address this by now? (inb4 just use tor xd)

The Tox developers don't need to fix IP spoofing. It is not a problem at all that Tox leaks your IP address.

...

I wonder how it must feel to work at GNU making a messenger so shitty and unwanted that the only way you can try to shill it is posting inane nonsense about Tox.

I were talking about the Android version.

It shouldn't require it if I only wanted to use text-based features.
it's a shame that this level of underhandedness is going from GNU, I'd expect them to make software that is actually good…

The mistake you're making is the fact all software is final and that the current state represents the ultimate will of the developer for the program. Shame on you for making such a hasty assumption.

:^)

surprised no one answered with wire private messenger, it's pretty acceptable and has an active development

Dropped

Lets talk about more stable alternatives
wire.com/en/
about.riot.im/

Last time i tried Ring, it didnt have file transfer, making it perfectly useless for collaboration.

It's on F-droid. Stop spreading FUD, shill.

Bad news user, every single website you visit has your IP.
Even those Garry Fortress 2 servers your autistic ass plays.

OPs post wasnt even about tox. Is EVERY chat program thread going to become about the nature of p2p?
Is this a government psyop or just a meme that trolls me every time?
WHY DOES THIS KEEP HAPPENING. Tox and the LEEK UR EYE PEE meme was 5 fucking years ago people. What the fuck.

Something about the project just irresistibly attracts braindead retards. I don't know if it's NASA or what.
t. long time contributor and github issue closer
day after day after day of INTEGRATE MY BLOCKCHAIN XD I LOST MY ACCOUNT PLS RESET

I feel just the same brother

There are many ways to video chat privately. If you're not doing it already it's because you don't really care about it or because you don't have anyone to talk to.
Either wat this thread is useless and irrelevant. Sage.

I could be wrong but i think ring is the only one that does p2p multichat video.

riot is an implementation of matrix, dont know why you have them listed separately.

Post your ring ID.

Just use Tox or Ricochet. Or XMPP, if you want to convert normies. It has a nice mobile client.

You keep posting this pic in every thread. You are still wrong.

Video chat is a meme.

Actual options with working groupchats+video/audio would be matrix/riot

Must be Kalynx or the arisuchan girl owner lol

Riot has opt-out telemetry as well as stating that "the current encryption methods are experimental and not to be trusted". I'd rather trust Wire for privacy, but Riot does seem much better.

Do you not use CPU's?

Does your computer run on something else?

So you're one of those autists who won't stop sperging out over Discord?

The complaints come from the fact Mumble has a big scary completely optional setup wizard on first run, that's only there to ensure you're not clipping over everyone else like a fucking retard or relying so heavily on automatic gain control that the mic picks up hard disk clicks from a room over. Things I see constantly from Discord/Skype/etc users.

...

Why no mention of Keebase?

keybase.io/

u mad?

wowee just what we needed another fucking single-website web browser running on every computer
no fucking thanks

Suggestions?

So matrix uses webrtc for calls, so there is a direct connection, which also leaks IP to chat members? Why than it's not able to transfer large files directly, complaining about server restrictions?

somebody please explain why SIP clients are dead in the water and nobody uses

Matrix was founded and developed by a consortium of Telecomms companies. Pay close attention to all the buzzwords. They're trying to sell you something

2010 called. They want u mad back.

serious question.
Are all peer to peer connections not supposed to use IP addresses?

They could be like in i2p where you don't know IP of the machine that recives your data. But my qustion is why matrix has p2p connections and not able to send files directly.

By design it 'leaks' ip addresses. This retarded concept that you can connect to others without giving your ip address likely comes from the same people who think that signal is secure. You either give your peer your address or you give to a centralized server its literally by design.

How would you connect two computers without one computer knowing the address of the other computer?

They will know an address of each other, but it doesn't have to be an ip address. Like in tor/i2p, you know an ip of machine you are asking to be a proxy for you and this machine has no idea about what you are sending and who is final recipement.

got it. I'll put my top clowns on it.

congrats, you reinvented the Server.

Welp im out. This is the state of Holla Forums.

Its a little different when you are using multiple servers choosen from lots of others, changing them from time to time and being a server yourself so when you are sending something through the "server" it doesnt know if that is your message, or message from other guy you are transfering. So if you are really interested - RTFM i2p spec.

...

I'd use Ring but I can't get people to switch. They just want their Facebook, twitter, or steam messenger shit because that's all they know and everyone else uses it anyway so why bother trying to force them?

Ring is unstable as fuck. If you want the attention of normies point them to Riot.im/Wire. They aren't as buggy and have clients for all platforms.

I didn't say so. Thought it would've been nice to have more anonimity oriented programms which are not shit.

...

Question is amount of trust and bandwich. Servers require more trust than a single peer if you're using lots of them at the same time. Servers are more limited shit, and also the point of break. So it's pretty much retarded to have p2p connections and restrict them to just calls.

fuck this place

...

If you call someone in current year, you already trust that person on not recording your voice and sending it to NSA//FSB/Mossad to identify you, therefore there is no point in hiding your IP from them behind servers/proxies/onion routing.

Honestly, what's wrong with federation with end to end encryption? It's how the Internet works and has worked since forever before a few companies managed to centralize everything with obscene amounts of money and computing power. Full decentralization is complicated as all hell and more often than not it involves tradeoffs in usability, resources, security/privacy or a combination of all three.

Then keep all the data in synch between server and client, it is not that hard. Fuck, you could even write it in a way none of the involved servers knew jack shit about you or your partner, or even without your partner knowing jack shit about you.
All your server knows is you are conversating with someone on the other server, but not whom. The other server does know there is someone conversating with your friend, but does not know who you are. You and your friend can verify your identities, even if you don't reveal them your IP. You can get your friends' pubkey first from an easy to remember nameserver and fuck, you could even use a single password for both login and decryption if you send the server your decryption password hashed via client. Not the most secure of schemas, but transparent as all hell for the user, and it could even be optional.

tldr

I have taken the bait. Fuck my jimmies.

hahahahaha

You could use speach to text to speach.

So a single guy/organisation could just run most of the servers and if you'll use your own server there will be almost no users on it and it will be very easy to find out thats you.

Every federated system I know ties your identity to the server. The server own has full control over your communicates (obviously they cant read them or forge them). You cannot migrate between servers and are trapped with the host you picked initially. If you could migrate between federated servers it might be better. But as long as I have to depend on some asshole keeping their server up forever I wont trust it.

Anyone have any luck with the name service? I can't change my account settings after making an account with it enabled.

Also not sure how they keep my private keys secure... does this mean that they can masquerade as me if I use the name service?

Your private key never leaves your possession. The name service just provides a DNS listing that returns your tox ID, so your lazy normalfaggot friends can type [email protected] instead of pasting in your tox ID.

But whenever I log into a Ring Client, not only it's the .crt certificate there, but also my. key

Anyone you have added already they will not be able to impersonate you because you have already exchanged keys. Anyone else that adds the name though after the DNS has been compromised could pretend to be you but under a different ID.

Okay.

oh shidd :-DDDD

How exactly do you setup group chats in Ring? I tried the dragging thing but it didn't work.

What platform are you on?

The GNOME client is bugged. You need to start a conference call, drag the users you want to it, and then you can use the chat feature in a group.

The problem with faggots like you is that you assume that a mature project needs a bunch of commits every day. It's a Poetteringism.

Dead Project.

I use RetroShare, post your certificates everyone

I'd like to add that GNU Ring is also certificate+key driven :^)

...

user I bet you frequently forget to pull your pants down before taking a dump

...

Use IRC+SSL

Group voice has been around for forever, and qTox added blocking peers just last week, both of which you would know if you actually used Tox instead of just obsessively whineposting about it.
Wew.

Boo!

Strongly this. Sow FUD. Same for USGOV mostly bankrolling Tor devs for the last decade: FUD. USGOV needs an open secure obfuscation network for their operatives internationally to use, and the public using TBB is the cover traffic. No shit they'd fund their own creation!

If you're paranoid, recompile with a higher circuit size (it's a macro value somewhere in the code), and audit audit audit!

I do use it nigger.

Tox is pretty much dead because it leaks IPs to your friends list and with online messengers you can't fucking trust internet friends with your personal data, so Tox fucked itself. Their ability to stay retarded and never rectify this and just go "lol just apply proxy, problem solved" is why no one will use Tox on any serious basis. It is the biggest reason why tech communities haven't and will not use it whenever they hear of it.

The lack of proper chatroom support doesn't help either.

That's not at all true

How do you communicate without trading IPs?
What's wrong with using a proxy?
Maybe don't use a SECURE messaging client with people you don't trust.

Hey faggots, how do I send files on RING on GNOME. I can't figure out how to do it...

They're most likely typical leddit retards who want a Discord or Skype without the botnet/700+ MB of RAM used by electron

Imagine implementing the cancer known as blockchain into Tox?
...What?

Thats literally how p2p works faggot. The anonymity router you connect to knows who you are.

Server can read messages

This, literally any host that trades messages.
I don't know why this retard can't grasp what down syndrome pajeets can.

Where were you when open source was btfoed?

opensource has always been shit. but atleast it does not pipe my conversations directly into an NSA datacenter.

If you can tell us how to get a server configured that does OTR, file transfer and voice properly that would be great. Tried open sores trash and openfire and they are barely functional.

I have used OMEMO before with XMPP before. It was a very shitty experience. Particularly with group chats. It would randomly turn off encryption and make shit very unclear what was going on. Broadcasting things in plaintext all the time.

hmm i wonder where the problem could be?

tox isn't dead you mouthbreathing trannies
toktok is still in development, the next version is going to have persistent groups
toxic and other clients are still in development

what the fuck are you on about
the only thing dead regarding tox is it's userbase since people add you speak a day and then ghost you

Has been in dev for literally years with no new features

Newfags, all software is shit. Nobody's figured out how to write non-shit software.

Not at all. It's your own senses that causes everything to be colored in the shade of shit. There is nothing that can possibly exist that isn't shit because you've decided it to be that way.

Name one piece of good software.

Firefox

I know what you're talking about but it's almost done and scheduled for 0.2.1

Some is shittier than others.

GHC Compiler

Ring & Riot

are bad

...

You want to write a garbage collector in a garbage collected language? Are you retarded? Of course the runtime is written in something else.

I thought Haskel was a serious language, not some script piece of shit.
Rust compiler doesn't have this problem.

You know what a runtime is and what rust does not have?

ayyyyyyy

so you mean i can still use it with non random people i know, k thx

Not him, but I kind of feel that a GC is just there to protect shitty programmers and/or shitty design.
Am I wrong?

Suce ma | Pauline.

systemd

Jesus, if you actually believe this you're such an idiot. How do you think that node sends messages back to you?

He said ONE piece of software, user

This level of retarded.

To even talk about security requirements you start with a threat model that doesn't look like 'muh information'. You should definitely distinguish between metadata and full take. Tox may not meet everyone's information security requirements; Don't communicate a terrorist threat to undercover CI while using tox.

But, depending on your threat model, having a peer communicant discover your IP address may be preferable to having a Microsoft record it in a database for years.

Some ISPs do egress filtering.

Every peer could receive all traffic like blockchain

AHAHAHAHAHA
Retard, AHAHAHA.

Or broadcasting, which has trade off processing way more messages.

Clearly dosn't scale well, I am not saying its ideal, I prefer peers to have my IP, and that my voice client doesn't manage my Anonymity.

And some ISPs block bittorrent so what