Are any "Toxers" here around? I used this tool, which is designed to be an private and secure alternative to Skype, for quite long time. The point is that I stopped using it. Because I read about the reality about the Tox Foundation's donations and what happened to them (among other things).
Despite this issue on handling with donation money, there is also the point, that Tox isn't ready at all (I know it's in alpha stage but it's also already heavily promoted). However, I really love the variety of clients available and the structure (the separate core as an example) of creating such a tool, but as it seems the vast majority of lead developers left - the result is a tool with great idea, slow development (because of lacking on strong and continuous devs), a library of bugs and no security audit (for which the donations were originally raised). I don't want to just criticize but as it seems Tox and its foundation has some big problems that needs to be solved before I settle for another go with Tox.
As a dev (with quite some experience and understanding of the fields used by Tox) I seriously wanted to help the project, designed a "new Tox design" which probably solved all the ToxID issues but I eventually turned back and did not publish it (maybe also because of this facts and the other problems in/of the Tox Foundation). Maybe I'll go for my own tool; maybe a fork with fresh ideas and features in my mind, maybe from scratch, maybe not at all.
Yup, as it seems Tox is toxic. And it's toxicity is apparently killing Tox itself.
Tox sounds more and more like a joke to serious people who that look over it.
The "main discussion" - now evolved into some kind of drama - is going on here @ #Github and there is also a thread on reddit (not that I make advertisement for it).
UPDATE: As the "discussion" turned into shitposting and is so seen dead, also Tox is pretty much now.
I've been following the development of the Tox project since it first started on 4chan's /g/, and I've been sceptical of it from the very beginning. The first issue was that there was no need to reinvent the wheel. Retroshare exists, it's a mature project, it does videochat already among other things, so why not contribute to it or fork it? Jitsi and Pidgin are other alternatives to Skype that do everything Tox does and more. Then there was the fact that the Tox team started hyping it long before they had something resembling a working program, another red flag right there. Then there were serious doubts about the ability of the developers to implement encryption correctly. Then there was developer drama. Meanwhile, development was slow, very slow. It's just been one misstep after another for Tox. The other day I was checking 8ch's /tech/ catalog and there was this story about the "mismanagement" of the foundation's funds. Some guy took out $3k to pay for his college tuition fees or something, and didn't even bother telling the others until he was pressured into doing so. Hilarious! Tox is a great example of how not to run an open source project. Everyone who has yet to abandon this sinking ship should do so already.
So is Retroshare actually secure? I have no idea if Tox is/was, but I've been under the impression that our best hope for secure communications between ordinary people is https://whispersystems.org/
To answer the question: We don't know for sure. As far as I know there hasn't been a recent independent security audit of the software. Secondly, Tox will exists anyway, but its community seems to be pretty annoyed of problems going on behind the scenes. And also, I personally do not consider your choice as very secure, as it is closed-source (or prove move wrong?) EFF published a list of nearly all IM tools and listed up their security and privacy, so I would like there for a new instant messenger that suits my needs.
Looks like WhisperSystems does open source though: https://github.com/whispersystems/ The main concerns I have with regard to security software for the masses are: - It's seriously difficult to get crypto right. You need to be a true expert to produce genuinely secure software. - Most of the people who can get crypto right are a bunch of psychopaths selling their hacks to spy agencies and governments around the world, i.e. (other psychopaths and) exactly the people that should not have them. - It's really difficult to make security software accessible enough for mass adoption. As far as I can tell, WhisperSystems is the closest to pulling it off despite the problems.
Yup, certainly it can be (very) hard to build stable and secure software, especially when the cryptography on which it depends isn't as secure as it's considered to be. And the only way to trust the software by 100% is to make it with your bare hands - which requires: a lot of time, a lot of motivation and also a lot of money. And thanks for the Github link. I didn't searched for it at all (sorry for that), and it looks like a nice thing.