Tox (protocol)

{{Short description|Distributed protocol for telephony and instant messaging}}

{{Infobox software

| name = Tox

| title = Tox

| logo = ToxLogo.png

| author =

| developer =

| latest release version = 0.2.21

| latest release date = {{Start date and age|2025|05|15|df=yes}}{{cite web|date=2025-05-15|title=Release v0.2.21 · TokTok/c-toxcore|url=https://github.com/TokTok/c-toxcore/releases/tag/v0.2.21|publisher=TokTok Project|access-date=2025-05-21}}

| latest preview date =

| programming language = C

| operating system = Linux, OS X, Windows, Android, iOS, FreeBSD, OpenIndiana, Sailfish OS

| service_name =

| language =

| language count =

| genre = VoIP, Instant messaging, Videoconferencing

| license = GPL-3.0-or-later.

}}

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone.{{cite web|title=Secure Messaging for Everyone|url=https://tox.chat|work=Tox|access-date=6 August 2015}} A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

History

= Inception =

An idea of developing a secure peer-to-peer messenger which would later turn into Tox sparked on the anonymous imageboard 4chan{{Cite web |date=2013-06-23 |title=Daily reminder that Skype reads the URLs you send, your browser profile, sends encrypted data to Microsoft data centers and gives your conversations to the NSA. |url=https://desuarchive.org/g/thread/34778013/#q34779405 |website=4chan (mirrored)}} amidst the allegations that Skype provided the NSA with access to their infrastructure and encryption, just before they were bought by Microsoft.{{cite web |url=https://news.softpedia.com/news/Skype-Provided-Backdoor-Access-to-the-NSA-Before-Microsoft-Takeover-NYT-362384.shtml |title=Skype Provided Backdoor Access to the NSA Before Microsoft Takeover (NYT) |website=Softpedia|date=20 June 2013|author=Bogdan Popa}}{{cite web |url=https://news.softpedia.com/news/Leaked-Documents-Shows-the-NSA-Had-Full-Access-to-Skype-Chats-468691.shtml |title=Leaked Documents Show the NSA Had Full Access to Skype Chats |website=Softpedia|date=31 December 2014 |author=Bogdan Popa}}

The initial commit to GitHub was pushed on June 23, 2013, by a user named irungentoo.{{cite web|title=Initial commit|url=https://github.com/irungentoo/toxcore/commit/f8ccb9adb99fc143e11927a461d06da1b3d5bcba|publisher=GitHub|access-date=18 February 2014}} Unofficial community builds became available as early as on August 23, 2013,{{Cite web |date=2013-08-23 |title=Binaries - Tox |url=http://wiki.tox.im:80/Binaries |url-status=dead |archive-url=https://web.archive.org/web/20131004060330/http://wiki.tox.im:80/Binaries |archive-date=2013-10-04}} with the first official builds made available in October 2013.{{Cite web |date=2013-10-04 |title=Binaries - Tox |url=http://wiki.tox.im:80/Binaries |url-status=dead |archive-url=https://web.archive.org/web/20131004060330/http://wiki.tox.im:80/Binaries |archive-date=2013-10-04}} On July 12, 2014, Tox entered an alpha stage in development and a redesigned download page was created for the occasion.{{Cite web |date=2014-08-09 |title=Binaries - Tox |url=https://wiki.tox.im/Binaries |url-status=dead |archive-url=https://web.archive.org/web/20140809164209/https://wiki.tox.im/Binaries |archive-date=2014-08-09}}

= Tox Foundation controversy =

During the first two years of its life, the project's business and monetary side was handled by Tox Foundation, a California-registered corporation.{{Cite web |title=Tox Foundation - BusinessesCalifornia |url=http://www.businessescalifornia.com/c/business/tox-foundation/C3671152 |url-status=dead |archive-url=https://web.archive.org/web/20160321163204/http://www.businessescalifornia.com/c/business/tox-foundation/C3671152 |archive-date=2016-03-21 |access-date= |website=www.businessescalifornia.com}} On July 6, 2015 an issue was open on the project's GitHub, where a third party stated{{Cite web |title=Current situation of Tox · Issue #1379 · irungentoo/toxcore |url=https://github.com/irungentoo/toxcore/issues/1379 |access-date=2023-05-20 |website=GitHub |language=en}} that Tox Foundation's sole board member, Sean Qureshi, used an amount of money in the thousands of US dollars to pay for their college tuition,{{Cite web |title=Current situation of Tox · Issue #1379 · irungentoo/toxcore |url=https://github.com/irungentoo/toxcore/issues/1379 |access-date=2023-05-20 |website=GitHub |language=en}} with those funds coming from Tox Foundation's participation in Google Summer of Code. When asked for additional clarification, irungentoo, on behalf of the project's team, confirmed the allegations.{{Cite web |title=Current situation of Tox · Issue #1379 · irungentoo/toxcore |url=https://github.com/irungentoo/toxcore/issues/1379 |access-date=2023-05-20 |website=GitHub |language=en}} On July 11, 2015 the project's infrastructure and repositories were moved to a new locations, due to the fact that Qureshi controlled the original project's domains and servers. In the project's blog the development team has announced their "disassociation" with Tox Foundation and Qureshi in particular, and further addressed the issue.{{Cite web |date=2015-07-11 |title=Current Situation – Tox Blog |url=https://blog.tox.chat/2015/07/current-situation-3/ |access-date=2023-05-20 |language=en-US}} This situation caused many prominent contributors to cease Tox-related activity.{{cite web |date=15 July 2015 |title=A split within the Tox project |url=https://lwn.net/Articles/651003/ |access-date=14 February 2016 |website=LWN.net |publisher=Nathan Willis}}

= Project's fork and Rust implementation =

Sometime during 2016, the original reference implementation saw a steady decline in development activity,{{Cite web |title=Commits · irungentoo/toxcore |url=https://github.com/irungentoo/toxcore |access-date=2023-05-18 |website=GitHub |language=en}} with the last known commit currently dated Oct 2018.{{Cite web |title=Fix memory leak when closing TCP connection. · irungentoo/toxcore@bf69b54 |url=https://github.com/irungentoo/toxcore/commit/bf69b54f64003d160d759068f4816b2d9b2e1e21 |access-date=2023-05-20 |website=GitHub |language=en}} This caused the project to split, with those interested in continuing the development creating a new fork of Tox core{{Cite web |title=Commits · TokTok/c-toxcore |url=https://github.com/TokTok/c-toxcore |access-date=2023-05-18 |website=GitHub |language=en}} called "c-toxcore" around the end of September 2016.

Currently c-toxcore is being developed by a collective known as the TokTok Project.{{Cite web |title=The TokTok Project - Home |url=https://toktok.ltd/ |access-date=2023-05-18 |website=toktok.ltd}} They describe their mission as "to promote universal freedom of expression and to preserve unrestricted information exchange".{{Cite web |title=The TokTok Project - Mission |url=https://toktok.ltd/mission.html |access-date=2023-05-18 |website=toktok.ltd}} Their current goals are to continue slow iterative development of the existing core implementation, along with in-parallel development of a new reference implementation in Rust.{{Citation |title=Tox |date=2023-05-08 |url=https://github.com/tox-rs/tox |access-date=2023-05-18 |publisher=tox-rs}}

Initially, the Rust implementation of the protocol library was split in two halves, one handling most of the grunt work of communication with the network, and another one responsible specifically for bootstrap node operation. In December 2022 those were merged, with developers stating that code was now mature enough to support basic communication and bootstrap node operations using TCP connections. As of June 2023 the development is still ongoing, but no client implementations using Rust core library is available yet.

= Security audit and related concerns =

Although the original core library implementation and its forks have been available for the general public for almost a decade, none of them have been reviewed by a competent third-party security researcher.

In 2017, WireGuard's author Jason A. Donenfeld opened an issue on the project's GitHub page{{Cite web |title=Tox Handshake Vulnerable to KCI · Issue #426 · TokTok/c-toxcore |url=https://github.com/TokTok/c-toxcore/issues/426 |access-date=2023-05-20 |website=GitHub |language=en}} where he stated that c-toxcore is vulnerable to key compromise impersonation (KCI) attacks. Donenfeld attributed his find to the fact that Tox is relying on "homebrew crypto" developed by "non-experts" to facilitate handshakes. He also criticized some other design choices used by Tox developers as well, like using raw ECDH values as encryption keys.

This report has caused developers to put an additional disclaimer on the project's GitHub page,{{Citation |title=TokTok/c-toxcore |date=2023-05-18 |url=https://github.com/TokTok/c-toxcore |access-date=2023-05-20 |publisher=TokTok Project}} stating that Tox is an experimental cryptographic network library that has not been formally audited by an independent third party that specializes in cryptography or cryptanalysis, with a separate disclaimer that users may use it on their own risk.

In March 2023, a post on the project's blog{{Cite web |date=2023-03-02 |title=Redesign of Tox's Cryptographic Handshake – Tox Blog |url=https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/ |access-date=2023-05-20 |language=en-US}} stated that one of the community members is working to redesign the cryptographic mechanism used by Tox to perform handshakes using the AKE mechanisms used in the Noise Protocol Framework. This post also contains a detailed explanation of the original vulnerability.

Features

= Encryption of traffic =

Users are assigned a public and private key, and they connect to each other directly in a fully distributed, peer-to-peer network. Users have the ability to message friends, join chat rooms with friends or strangers, voice/video chat, and send each other files. All traffic over Tox is end-to-end encrypted using the NaCl library, which provides authenticated encryption and perfect forward secrecy.

= Additional messaging features =

Tox clients aim to provide support for various secure and anonymised communication features; while every client supports messaging, additional features like group messaging, voice and video calling, voice and video conferencing, typing indicators, message read-receipts, file sharing, profile encryption, and desktop streaming are supported to various degrees by mobile and desktop clients. Additional features can be implemented by any client as long as they are supported by the core protocol. Features that are not related to the core networking system are left up to the client. Client developers are strongly encouraged to adhere to the Tox Client Standard{{cite web|title=Tox Client Standard|url=https://www.gitbook.com/book/tox/tox-client-standard/details|access-date=7 November 2015}} in order to maintain cross-client compatibility and uphold best security practices.

= Usability as an instant messenger =

Though several apps that use the Tox protocol seem similar in function to regular instant messaging apps, the lack of central servers similar to XMPP or Matrix currently has the consequence that both parties of the chat need to be online for the message to be sent and received. The Tox enabled messengers deal with this in separate ways: some prevent the user from sending the message if the other party has disconnected, while others show the message as being sent when in reality it is stored in the sender's phone waiting to be delivered when the receiving party reconnects to the network.{{Cite web|url=https://wiki.tox.chat/users/troubleshooting|title=users:troubleshooting - Tox Wiki|website=wiki.tox.chat|access-date=2019-04-26}}

Reception

Tox received some significant publicity in its early conceptual stage, catching the attention of global online tech news sites.{{cite web|title=Tox: A Replacement For Skype And Your Privacy?|url=http://siliconangle.com/blog/2013/08/05/tox-a-replacement-for-skype-and-your-privacy/|first=Saroj|last=Kar|work=Silicon Angle|date=5 August 2013|access-date=19 February 2014}}{{cite web|title=Skype-Alternative Freier und sicherer Videochat mit Tox|trans-title=More free and secure video chat with Tox|language=de|url=http://www.golem.de/news/skype-alternative-freier-und-sicherer-videochat-mit-tox-1307-100688.html|first=Sebastian|last=Grüner|work=Golem.de|date=30 July 2013|access-date=19 February 2014}}{{cite web|title=Проект Tox развивает свободную альтернативу Skype|trans-title=Tox project develops free Skype replacement|language=ru|url=http://www.opennet.ru/opennews/art.shtml?num=37542|work=opennet.ru|date=30 July 2013|access-date=19 February 2014}}{{cite web|title=Skype-Alternative Tox zum Ausprobieren|trans-title=Tox Skype replacement tested|language=de|url=http://www.heise.de/netze/meldung/Skype-Alternative-Tox-zum-Ausprobieren-1929033.html|first=Manuel|last=Nitschke|work=heise.de|date=2 August 2013|access-date=19 February 2014}} On August 15, 2013, Tox was number five on GitHub's top trending list.{{cite web|title=GitHub's new 'Trending' Feature Lets You See The Future|url=http://readwrite.com/2013/08/15/github-new-trending-feature-future|first=Matt|last=Asay|work=ReadWrite.com|date=15 August 2013|access-date=19 February 2014}} Concerns about metadata leaks were raised, and developers responded by implementing Onion routing for the friend-finding process.{{cite web|title=Prevent_Tracking.txt|url=https://github.com/irungentoo/ProjectTox-Core/blob/522f90fee138087db660dccc08413c53f388f604/docs/Prevent_Tracking.txt|work=GitHub|access-date=20 February 2014}} Tox was accepted into the Google Summer of Code as a Mentoring Organization in 2014 and 2015.{{cite web|title=Project Tox|url=https://www.google-melange.com/gsoc/org2/google/gsoc2014/tox|work=GSoC 2014|access-date=7 March 2015}}{{cite web|title=Project Tox|url=https://www.google-melange.com/gsoc/org2/google/gsoc2015/tox|work=GSoC 2015|access-date=7 March 2015}}