Anone heard about it? Anything bad about security?

I’ve checked speeds with my friend, the’re quite good, file transfer speed is insane compared to signal.

  • anon5621@lemmy.ml
    link
    fedilink
    arrow-up
    18
    ·
    edit-2
    6 months ago

    It’s cool p2p protocol but nowdays no good clients, most of them unmaintained and qtox have so shit code.Feels like developer didn’t learn anything about writing safe c++ code.On android there trifa app but it’s works… pretty weird,there also atox but it’s doesn’t implemented feature about video/voice calls.

    • montar@lemmy.mlOP
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      6 months ago

      Looks like it’s got same problems as Matrix does (despite architecture diffirences).

        • floofloof@lemmy.ca
          link
          fedilink
          English
          arrow-up
          7
          ·
          6 months ago

          What are the main problems of Matrix? I have searched around for this but not found anything concrete. I use Element with E2EE and haven’t had any real problems with it.

          • delirious_owl@discuss.online
            link
            fedilink
            arrow-up
            8
            ·
            6 months ago

            It supports unencrypted messages. Lots of metadata is not encrypted (eg all reactions).

            Many orgs cant use software where users can send messages unencrypted. Its a security risk, even if the user did it by mistake.

            • Corngood@lemmy.ml
              link
              fedilink
              arrow-up
              2
              ·
              6 months ago

              I think most orgs would want to own the server and for messages to not be end-to-end encrypted. All connections to the server would still be encrypted.

              That would be more in-line with slack or something.

              If you’re referring to federation specifically then that’s going to get pretty complicated with security policies.

        • montar@lemmy.mlOP
          link
          fedilink
          arrow-up
          4
          ·
          6 months ago

          I mean efficient clients that are both easy for non-techy ppl and their 4GB of RAM.

  • kixik@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    6 months ago

    Have you read it’s github front page?

    This is an experimental cryptographic network library. It has not been formally audited by an independent third party that specializes in cryptography or cryptanalysis. Use this library at your own risk.

    BTW, if you look at its issues (including closed ones, which most probably aren’t really closed) you’ll find pretty interesting discussions about its crypto not being right. That said, I’m not sure what irungentoo brings to the picture…

    At any rate, if you’re looking for distributed messaging, I’d look into Jami. It also uses DHT and something similar to torrents mechanism. Jami is my only option so far for distributed messaging. There’s also Briar, but I don’t like it for regular messaging, particularly on phones (too much battery usage), neither its underlying technology, but if it’s to your liking, then that’s another option for distributing messaging.

      • kixik@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        The audit is true, but at least Jami didn’t make up its own crypto lib, it uses standard already in use crypto stuff. To there’s a huge difference there.

        BTW, they are actually re-writing stuff… But yes, they need more recent audits…

    • amanneedsamaid@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      Worth mentioning that I could not for the life of me get Jami to work in any way the last time I tried it; I’ve seen many guides and overviews, but couldn’t find a single one where it’s actually successfully used. Cool idea, though

      • kixik@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        I has improved quite a bit. The phone app still requires navigating over its settings to get less battery consumption, and having ntfy or any other unifiedPush notification provider available in the phone. But with the default configs, you get Jami working at least. I tried it before, and I found before synchronization between devices was a mess. Currently it just works. I still find it hard on immediate/urgent calls or messages, which might not happen when you expect, but other than that it’s working.

        On the desktop, the default configs are pretty sane.

        And the best part, it’s being actively developed. And the UI is undergoing through lots of improvements. So if usability is your concern, it’s getting better, and each release improves over the prior one…

  • Lemmchen@feddit.de
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    6 months ago

    Tox has pretty much been dead from the beginning. There never was a significant user base.