TOX: an Encrypted Skype Replacement

Skype has long been a very popular method of making voice and video calls around the world. The service originally started as a method of making voice calls from one computer to another computer anywhere in the world, at no cost. As the service grew in popularity, many more features were added: the ability to call regular telephone numbers anywhere in the world (for a fee), the addition of two-way video calls, conference calls, instant messaging, file transfers, and more.

One the major advantages of Skype has always been that voice calls were encrypted. Years ago, the Skype web pages declared, “highly secure with end-to-end encryption”. Security services were invisible to the user, and encryption could not be disabled. Many users trusted Skype to keep their private calls just that: private.

Eventually, Skype’s encryption was broken. Law enforcement agencies and others started recording Skype conversations. Around the same time, Skype was purchased by Microsoft. Rumors persist claiming that Microsoft added a “back door” to allow government agencies and others to wiretap Skype conversations. However, those rumors may or may not be accurate. Whatever the cause, many Skype users are now looking for more secure solutions.

A new project, called TOX, is under development. When pronounced, “TOX” sounds almost the same as “talks.” The TOX web site proclaims, “Your safety is our top priority, and there isn’t anything in the world that will change that.” TOX offers secure, encrypted text chats, video chats, the ability to share images and files, and to make audio calls from your computer. The web site also states, “Files can be shared as fast as you and your partner’s Internet connection allows, audio calls are instantaneous, and there are no arbitrary limits to how many people you can have in a group conversation.”

The TOX software presently is in pre-Alpha status. That is, not all the software has yet been written. What is available today probably is buggy and may crash frequently. However, it shows promise. Once fully developed, TOX may become the secure communications tool of choice in the post-Snowden era. At this time, TOX is useful for instant messaging. Voice calls and video chats are being added but are not yet stable enough for practical use.

TOX relies on encrypted peer-to-peer networking to chat with others, eliminating the need for messages to travel through a central server. Centralized servers require an organization to maintain the servers, to assign user names and passwords, and such services typically know who their users are. The use of centralized servers increases the risk of control and even of wiretapping. Skype itself used to be based on peer-to-peer networking, but since Microsoft acquired the company, Skype has been moving away from peer-to-peer towards centralized servers.

In contrast, nobody is in control of TOX. There are no centralized servers. In fact, there is no need to supply a name, address, or even an email address in order to use TOX. After you download the TOX software, you are automatically assigned a long string of numbers and letters called a TOX ID. The ID is not generated by a centralized organization. Instead, it is assigned by the TOX software in your computer. It will never appear in any organization’s list of “our customers.” The TOX software never displays or sends your name, email address, or physical address to anyone else, not even to the person you are communicating with.

There is no “phone book” or other list of TOX users. To chat with others you simply share that ID with others that you wish to communicate with. Once your friends add your TOX ID to their buddy list you can start chatting. The other person (or persons) in the conversation only see your TOX ID, not your name. The downside is that the long string of letters and numbers in a TOX ID are difficult to memorize.

Using TOX IDs instead of a user account allows for greater anonymity. It also means you can start using the app right away without having to sign-up for a new account first—a “configuration-free” experience is one of the aims of the project.

The TOX software is open source. That is, anyone may look at the source code to see if there are “back doors” or other security issues. The use of open source software greatly reduces the possibility of surreptitious “hooks and handles” in the program. In contrast, Skype is “closed source;” no one outside of Skype/Microsoft knows what is in the software.

TOX is still under development. If you want to experiment with the program in its present state, you can download Windows, Macintosh, and Linux versions. A version for Apple’s iOS (iPhone, iPad, iPod Touch) is under development. However, TOX is not yet reliable enough to trust with your deepest secrets, as the code has yet to be audited by security experts.

TOX is easy to use. It can be installed and made operational within seconds. TOX is available free of charge. You will never be asked for your name, email address, or for a credit card number. TOX will never harass you with ads, or require you to pay for features. In fact, the program’s source code is also freely available. If you are a programmer, you are free to modify your copy of TOX as you wish. The developers would appreciate your sharing your code improvements with them as well.

You can learn more about TOX at https://tox.im. You also might want to read the TOX wiki at https://wiki.tox.im/FAQ.

One thought on “TOX: an Encrypted Skype Replacement

  1. To chat with others you simply share that ID with others that you wish to communicate with.

    Using TOX IDs instead of a user account allows for greater anonymity.

    Just don’t use email to send your ID to a prospective TOX correspondent!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s