The last time I've tried (~ 1 month ago), there was no video support (unlike what you can see on the screenshot) but otherwise I would be happy to use it, anything would be more stable than skype anyway.
Do you know any other alternatives ?
(I will try to install the new version, it might work better)
Sounds like either they're not aware of Retroshare (uses Qt for GUI), or they think developing in C++ is too much of a hurdle.
It's peer-to-peer, uses web-of-trust, completely encrypted, already has chat/mail/"www"/voice chat/file sharing/etc.
Still missing the video chat plug-in though, but it's on the to-do list.
Very little configuration required seems to be one main idea.
The most important reason I have been interested in Tox is that I got the impression early on that they intend to make it resistant to traffic analysis as well (and judging from this thread
http://4chanarchive.net/threads/g/Tox-Thread/43340618
there are still such plans) but that isn't emphasized in the page at tox.im any more.
I'm guessing they're prioritizing getting something that the average Skype user would be capable of installing and configuring, and saving the onion routing feature for later.
I do think that a directory service for search/lookup may be desired as well... where people can upload their device key(s) and bind to say their email address or other handle for search/discovery.
Tox is peer-to-peer, whereas XMPP requires (de)centralized servers. Tox is encrypted always, XMPP is unencrypted by default and OTR is hard to use. The Tox API, as alpha as it is, is pretty easy to work with, too. I wrote mostly complete Guile bindings for libtoxcore and a basic Tox bot in about a week.
You don't really need to run an XMPP server either. There are plenty public ones available, and the more popular ones have been very stable since their inception.
I've seen Tox before and looked into it. Think I've commented on it before, but maybe not, so here's my take: Nice sentiment. Doesn't yet quite live up to what it wants to be. But if the project can listen and adapt to advice like this, it has scope to improve and be a really important contender.
Firstly, it needs metadata protection with onion (or, better, garlic) routing. Without that, it still has a pretty big mass-analysis flaw. Please look at I2P for an example of the kind of architecture that would work well: two DHTs with decoupled garlic routing in between? You may, or may not, leverage an existing network for that; there are some obvious cover-traffic advantages if you do, but it's less synergistic.
Secondly, I don't see a full forward-secure messaging ratchet in there, it's really per-session. Look into Axolotl, and in particular what TextSecure v2 aka Signal has done for group chats too. Tox - using libsodium - already has every tool it needs to do that, it just doesn't do it fully yet.
Thirdly, more stability. The susceptibility of the DHTs to resource-starvation attacks. (I don't think I2P ever actually implemented the hashcash it planned for?) But there's been some further work on that. Scalability is tricky, especially in the face of on-path attackers...
Skype is pretty awful. It's actually pretty much centralised now, using TLS, but still runs much like the bad P2P network it used to be: closed-source software with a bad reputation for eating 100% CPU and awful chat desync. Most people who use it would rather be using something better, and I think there's plenty of scope there - people would switch if there was something better. Let's make sure an alternative is much better?
Oh, maybe look into a distributed consensus protocol of some form for name registration - if it's possible to do a light one which can impose ordering...
I've not performed a full security review. It's too young for that, and it's too young to rely on. When the above are addressed, then it's time to give it a more thorough look. /akr
Ok, my grandmother can use Skype now. And yes, she has to use an instruction guide I printed out for her. My question: Would my grandmother recognize this as an alternative to Skype?
Manuals? It's a 6 step process for logging in and trying to talk to her sister, IF she is also online. If Skype changes that process, I'll have to write up another one, not that it'll be hard though. Still, I guess I should re-figure my question.: Can I write a process, in under 10 steps, that my grandmother can use to talk, face to face via video, to her sister in another timezone with this program?
Mumble is a low latency chat server. You join a server, people join your channel, you chat. Its designed for public group conversations, like in games.
Tox is more like Skype, but it has no central server. You add friends to a buddy list and chat with them, you add more people to the chat and it becomes a group chat.
WebRTC allows peer-to-peer video conferencing through a web browser without a third party server. Which means there is no intermediary server to record the data.
WebRTC is just a protocol. You can use it any way you like. Lots of folks use it to talk to a switching server, probably because P2P IP connections can't always be made, while a server connection is guaranteed to work.
The crypto appears to be fairly standard - it uses NaCl's crypto_box to encrypt and decrypt almost everything, with a per-session keypair authenticated by the user's long-term key. Code quality is a bit OpenSSL-esque though.
where the devs are quite defensive about their choices to (1) reinvent the wheel (2) use technologies that are (according to the comments) not secure (3) not audit their proposed crypto/security architecture by experts.
