(2014-09-01) Tox P2P Voice And Messaging

Tox *is part of a widespread effort to create secure online communication tools that are controlled not only by any one company, but by the world at large—a continued reaction to the Snowden revelations. This includes everything from Instant Messaging tools to email services. It’s too early to count on Tox to protect you from eavesdroppers and spies. Like so many other new tools, it’s still in the early stages of development and has yet to receive the scrutiny that other security tools (have).

There are other developers trying to build a secure (Messaging Security), peer-to-peer (P2P) messaging systems, including Briar and Invisible.im, a project co-created by HD Moore, the creator of the popular security testing framework Metasploit. And there are other secure-centric voice calling apps, including those from Whisper Systems and Silent Circle, which encrypt calls made through the traditional telco infrastructure. But Tox is trying to roll both peer-to-peer and voice calling into one.

Actually, it’s going a bit further than that. Tox is actually just a protocol for encrypted peer-to-peer data transmission. “Tox is just a tunnel to another node that’s encrypted and secure,” says David Lohle, a spokesperson for the project. “What you want to send over that pipe is up to your imagination.” For example, one developer is building an EMail replacement with the protocol, and Lohle says someone else is building an open source alternative to BitTorrent Sync.

Few security experts outside the project have reviewed the Tox code yet, but the project is based on an existing set of code libraries for working with crypto algorithms called Na Cl, which has received considerably more attention.*