OHAI, So, I assessed it vis-a-vis stef's rules already, otherwise I would not dive into it at all. ;)
But yeah, let's have a look. Dnia wtorek, 3 lutego 2015 19:28:01 Markus Ottela pisze: > From the PoW of Stef's seven rules of thumb to detect snake oil: > > *1. Not free software * > https://github.com/irungentoo/toxcore/commit/dcc3921682c8bededfac7d76f4976fd > 56b051c72 "/Licenced the code under the GPL for now./" (Free software? Good. > But, "for now" ? Is it going to change?) So, that's not going to change, IMHO. There are several developers and I don't think there was any ascribing of copyrights to any legal or physical person, so changin a license *from* GPL is not entirely straightforward. I ticked this one as "AOK". > *2. Runs in a browser * > No. AOK. > *3. Runs on a smartphone * > https://wiki.tox.im/index.php/Multiple_Devices > Has been suggested but not yet implemented. https://wiki.tox.im/Antox Still, you don't have to use it. As in, I use a desktop client, not going to be using it on my mobile anyway. It doesn't *require* smartphone use, just like e-mail does not *require* a smartphone e-mail app (if you use one, well, that's your choice). inb4 "e-mail is not safe" -- puh-lease, that was just a way to illustrate a point. "AOK" for here too. > *4. The user doesn't generate, or exclusively own the private encryption > keys* > The user is in control, ACK. > yet the source of randomness and crypto implementation are not explained > properly. The wiki talks about public keys and PFS without explaining > the relation between the two. > https://github.com/irungentoo/toxcore/blob/master/docs/updates/Crypto.md ACK. So, the PDF I linked to goes a *bit* further (just a wee bit). Go have a look at the "Crypto" section: https://jenkins.libtoxcore.so/job/Technical_Report/lastSuccessfulBuild/artifact/tox.pdf/ So, at least not a "we hold your keys -- FOR SAFETY!!1!" kind of snakeooil. Half of an "AOK" from me here. > *5. There is no threat model* > "/With the rise of government monitoring programs/" implies it's > designed to be secure against state surveillance. > "Tox does not cloak IP addresses when communicating with other users" > In disclaimer it is also just stated that > "/Tox prevents message contents from being read or altered by third > parties, or anyone else other than the intended recipient/", yet it > doesn't even bother to evaluate the system against HSAs or MSAs. True. One has to consider their own threat model and assess if Tox is the answer. Tox does *not* provide anonymity, it at least *tries* to provide OTR- like features (encryption, integrity, etc.). > Instead, the threat model seems to revolve around developer anonymity > (https://wiki.tox.im/DevAnonymity). "/Potential harassment by the > government and trolls/" seems to include people pointing out issues with > the software as well. Indeed. So again, half an "AOK". > *6. Uses marketing-terminology like "cyber", "military-grade"* > It doesn't, although it does say "/leading-class encryption/", and the > logo is yet another unnecessary lock. I like the logo. "AOK" from me, especially taken into account they're not reimplementing the wheel but using NaCL instead. > *7. Neglects general sad state of host security * > This. The developers think it is obvious for every user, that if the > endpoint device is compromised, there is no security. This is horrible > since average computer user is still mainly occupied with thoughts "I > need a firewall" or "I might get a virus" -- not "The government might > exploit unpatched OS or exploit a 0-day" or "The company behind my > proprietary OS might be issued a subpoena to include a backdoor". It's > not the job of Tox developers to patch OS, but it's their job to warn > users there are attack vectors the developers are not in control of. > They have refused to do so, which limits the users ability to make > informed choices depending on their threat model. Well, yes, and my beef with Tox is also that the private keys do not require a passpharse to unlock. So that's a no-no in my book. Still, this doesn't look like snakeoil; rather like a good idea with not-so- stellar execution, which *might* get better. Am I missing anything? > ---- > > For some time I've wanted to evaluate TFC from these perspectives as well: Could we have a *separate* thread for it? I'm really interested in having a more in-depth discussion of Tox and this could potentially hi-jack this thread. Much obliged. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
signature.asc
Description: This is a digitally signed message part.
