The web forum 4chan is notorious (most recently) for juvenile imagery and hacking shenanigans. But it’s also the birthplace (or spawning ground) of a subversive app aimed at the NSA’s mass surveillance program:
When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.
Eventually, they settled on the name Tox, and you can already download prototypes of the surprisingly easy-to-use tool. The tool is part of a widespread effort to create secure online communication tools that are controlled not only by any one company, but by the world at large — a continued reaction to the Snowden revelations. This includes everything from instant messaging tools to email services.
The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever — not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there’s no central hub to snoop on or take down.
There are other developers trying to build a secure, peer-to-peer messaging systems, including Briar and Invisible.im, a project co-created by HD Moore, the creator of the popular security testing framework Metasploit. And there are other secure-centric voice calling apps, including those from Whisper Systems and Silent Circle, which encrypt calls made through the traditional telco infrastructure. But Tox is trying to roll both peer-to-peer and voice calling into one.
Actually, it’s going a bit further than that. Tox is actually just a protocol for encrypted peer-to-peer data transmission. “Tox is just a tunnel to another node that’s encrypted and secure,” says David Lohle, a spokesperson for the project. “What you want to send over that pipe is up to your imagination.” For example, one developer is building an e-mail replacement with the protocol, and Lohle says someone else is building an open source alternative to BitTorrent Sync.
The new Skype
That said, the core Tox team is focused on building the features specifically required for building a Skype replacement. There are at least 10 different Tox messaging and voice clients so far, each supporting a different range of features. Eventually, Lohle says, there will be “official” clients for each major operating system, but for now the team is just recommending a few specific clients. µTox, which is available for Linux and Windows, is a the “bleeding edge” reference design, while qTox is the project’s recommendation for OS X users and Antox is the recommended for Android. There is no iOS version as of yet.
µTox is still rough, but the interface and experience is straightforward. You download the client, and it automatically creates a public encryption key that you can provide to everyone, and a private encryption key that you keep on your computer or phone. From there, it works very much like Skype. You can add a friend to your contact list by pasting in their public key, and then you just click their name to send them a message, or click the big phone icon to call them. If you want to move your identity from one computer to another, you just copy a single file that includes your private key and contact list.
There are still a few features that are missing, though. For example, although you can do a group text chat, there’s no way to do a group voice chat yet. And there’s no way to be logged in as the same person on two different devices — say, both your phone and your computer. But Lohle says those features are coming, and the team already has a proof-of-concept for how group voice chat will work.
He says the team has no plans to turn it into a company or monetize it in any way. “No one getting paid, but we dedicate as much time as we can,” he says. “If I’m not in class, or I’m not eating, I’m probably working on Tox, and that’s at least the same for probably 10 people.” Besides, the lead developer, known only as irungentoo, is completely anonymous, so it would be hard to issue him a paycheck. “I don’t think any of us know his real name,” Lohle says.