*Tox What is it?

An open source project for anti spying ; Based on the DHT(BitTorrent) Instant messaging protocol for Technology ; An encrypted communication system for security .
After the American prism project came to light , A group called irungentoo It's a great success 17 The day after 2013 year 6 month 23 in Github The project was launched on the Internet , The goal is to provide safe and convenient communication for the public .

* Tox what are you having?

  • 【 Encrypted communication 】—— Each session is encrypted with a different password , It's safe , Smart anti cracking
  • 【 De centralization 】—— There is no server to store your account information and session content , No way to spy , Privacy guaranteed
  • 【 Free open source 】—— The source code is freely available 、 Revise and review , Don't worry about software backdoors , Let alone hate advertising

◇ Encrypted communication

Unencrypted communication is like a voice over the air , Everyone who floats by knows what's on the phone , Below we call the unencrypted communication content 【 Plaintext 】. Many applications in China are due to their own reasons , It's very irresponsible to send plaintext data directly , It's very easy to cause the message to be intercepted and tampered by the intentional person , In all kinds of fraud cases, the so-called technical means are common , The emergence of encrypted communication is to protect users , Improve safety .

However , In recent years, encrypted chat software can be described as endless , In the face of today's increasing crack efficiency ,Tox How is the anti cracking performance ?
Tox Use forward secrecy ( english :Forward Secrecy, It belongs to symmetric encryption , See below for details ), Its key “ In exchange for ” The mechanism is very clever , It can effectively resist all kinds of cracking methods .

Technology brothers, don't use it when you see it Symmetric encryption Just look at it Tox yo , Introducing Tox Before encryption , First, use the application scenario to answer two questions :

What is symmetric encryption ?

Scene one :
When the file is compressed, the content can be encrypted —— Set compression password , You also need to provide the password to unzip , This kind of encryption and decryption with the same password is called Symmetric encryption .

that , Asymmetric encryption ?

Scene two :
Before sending business secret e-mail, encryption is usually done , The difference is that the password used to encrypt the content of the e-mail has been published by the other party , We call it 【 Public key 】( Public key ), The other party received it and kept it in private 【 Private key 】 Decrypt the message to get plaintext , Encryption and decryption with a completely different password , This is called Asymmetric encryption . It should be noted that the public key and private key are generated by the algorithm in pairs , That is to say, a private key only needs a unique matching public key . Asymmetric encryption can also effectively prevent repudiation , I will not expand here .

Malpractice analysis

If the files in scenario 1 are only stored locally, it's OK , If you want to send it to someone else , You need to tell the other party what your password is , The confidentiality of this communication process is an additional issue , More times are more likely to reveal your ciphertext generation habits .
The second scenario solves the problem of the password , But there are new problems , The key of both sides has not been changed for a long time , Encrypted data may be recorded and stored by a third party for a long time in the flow process , Wait for the private key to leak in the future 、 Decrypt the data at one time after the protocol vulnerability or cracking efficiency is improved .

Tox How to solve the above historical problems ?

Clarify before you answer Tox Several concepts of key :
Public key : Tox What the software interface sees Tox Id, For public release
Private key : It is built into a file in a specific directory of this computer , We become the key file , Don't let out
Encryption key : be used for 【 This time 】 The password for the encrypted session

Tox Adopted Forward secrecy It's for safety , The two sides of communication exchange public key in advance ( Exchange by adding friends ), Keep the private key by yourself , Exchange some necessary parameters including randomness before each communication , Then each side takes   The public key of the other party + Own private key + Necessary parameters , On your own 【 One sided 】 The operation generates the key of this encryption , The magic thing is that the key composition algorithm can ensure that both sides independently generate encryption keys with the same content ( The essence ), Finally, the key is used to encrypt the content and send it out , The other party decrypts the data with the same key of this machine , To avoid scenario 1, you need to tell the other party the plaintext password , And the next session is another equally complex encryption key . In case the private key leaks ( Protect yourself ), As long as the local records are cleared , Protection with random parameters , It's also hard to trace historical encryption keys , This can effectively combat traffic recording , Even in the future, the cracking efficiency will be improved by leaps and bounds , And because the encryption key is changing all the time , There's no way to crack content all at once , Only when the cost of cracking greatly exceeds the data itself can data security be effectively guaranteed .

Add : Forward secrecy has the super ability to realize secure communication in an insecure network environment , But if your local computer environment is already occupied , Everything is a floating cloud , Please make sure the environment is clean ( Digging a hole ……)—— Fire prevention, burglary prevention, insider protection .

◇ De centralization

Centralized application scenarios :
Cloud synchronization , Content can be synchronized to “ On the tall ” The cloud —— No matter where you are, I am by your side , As soon as the account logs in , All the love came immediately ;
offline message , The message is first stored in the official server of the software , When the other party goes online, they can receive it immediately —— Care is everywhere .

Check the application software list of the system , It's not hard to find a lot of “ Devotion ”( No roll call ) You need to register your account or log in with your mobile number first , In order to leave the unique identity of this tour on the official server ( Like email ), In order to achieve user behavior analysis and advertising push —— Users are wealth .
Centralization provides us with a convenient experience , It provides a guarantee for the centralized management of software , But it also provides a good hotbed for rampant monitoring and information theft . Account information leakage, which is often seen in the headlines, is not uncommon , There is an irreconcilable contradiction between safety and convenience .
The prism project also makes use of the centralized “ defects ”, Take monitoring into every aspect of your life .

Born for safety Tox Nature wants to break the shackles , It doesn't have to register , No central server , There will never be an ad push ! Except for the volunteers “ Relay server ”( Provide early guidance and late transit services , See below for details ) Outside , Each client connected to the network will also become a part of the relay network . In the past, the price of centralization was to limit some functions , First of all, there is no cloud synchronization , Message records are only stored locally ; Second, offline messages are not supported , Only pseudo offline messages , In fact, it's your “ offline message ” There is a native , The next time both parties go online at the same time, it will be sent automatically .

◇ Free open source

The project in GitHub On , Belong to GPL V2 License agreement ( The content of the agreement is self reinforcing ), Effectively avoid being commercialized in the future . But because irungentoo It mainly provides kernel development , Other software enthusiasts mainly develop their own clients based on the kernel , therefore Tox There are several different versions , similar Linux The pattern of kernel and distribution .
Clients are mainly distinguished by language , The interface styles and functions are different , You can choose . Overall, cross platform support is good , Now it's covered Windows(vista,7,8,10 Full coverage ;xp sp3 Download a specific version )、OS X(10.7+)、Linux、Android( Android )、IOS(IOS 8+) and FreeBSD;Windows Phone No action at the moment , Specific support can be found in Official website understand .
The perfect thing about desktop computers is qTox, The second is uTox. In addition to the point-to-point text used in daily life 、 voice 、 In addition to video chat and file transfer, there are unlimited group chats ( Support voice group chat ), More support for multi language 、 Topic switching 、 Proxy settings and forgery of offline messages, etc .

advertisement ^_#: Personal preference uTox, Simple interface design 、 There are dark themes , Support message embedded screenshots , however , Poor stability , There are also interface vulnerabilities , Be careful when you are a novice .

Tox The project is being perfected , It's not perfect yet , I look forward to your participation . If you're just a regular user , You can go to the discussion group of each release to feed back the function loopholes and new function requirements, etc ( In English ); If you are familiar with programming languages (C、C++、Python、Java and C# Any one of them has a corresponding client ), Hope to help repair the branch client based on this language ; If you are good at English , Hope to help translate Tox In English ( Part of it will be about network communication ).

◇ Group chat instructions

Tox At present ( There will be new designs in the future ) It is divided into 【 Self built group 】 and 【 The chat room 】, Both are still under improvement , There are some differences with the group chat we have daily contact with , Here is a brief analysis .

【 Self built group 】—— Support text 【 and 】 voice ; It's like a closed door meeting , Anyone can create , Members of the group can pull friends into the group by themselves , Users outside the group can't apply to join by themselves .
【 The chat room 】—— Support text 【 or 】 voice ; Creation time 【 must 】 Specify whether it's text chat or voice chat ; It's like open door meetings , You need to join the robot node ( You can build it yourself ), Users in the same robot node can enter a chat room under the node by themselves .

Tips : For chat rooms with a password set at the time of creation , It's like a locked door , You need to provide the corresponding password when entering .
Self built group and The chat room Because there is no central server , There are some restrictions on use for the time being , for example : The existing state of self built group can't be saved at present , After you shut down the software , You quit the group , The chat room is where all members leave “ room ” after , It will be recycled by the robot itself .

* Operation principle

Someone has failed in English for many years , Indigestion of the official natural text , If there is any discrepancy with reality, please correct it . Ordinary users can skip this section .

◇ The key file

First run Tox The key file will be generated on your computer —— It's a tour here , The file contains your private key information , Be sure to keep it safe , At the same time, you can see a Tox ID, That's a public key , Others through this ID Add you as a friend , After confirming your friend's request, you can chat happily .
For safety reasons , It is recommended that you enable the encryption option in your settings , So in theory, key files and chats (uTox There is no chat record of , Theory is a good thing ) Will be encrypted , After that, you need to enter the password every time you start the software —— Forget and die , therefore …… Do you still want to enable encryption ?

complete Tox ID The content is shown in the figure below :

Each time you add a friend, you need to input a complete Tox ID, among Publick Key Belongs to the public key , Unless you clean up the private key file , Otherwise, it will not change after generation ;NoSpam For anti disturbance design , You can change the value content to generate a “ new ” Of Tox ID, In this way, not only the existing friends do not need to add you again , And in the future, everyone can only use the new Tox ID To add you ; final Checksum Is a hash value , Provide right Public Key and NoSpam Valid verification of .

It should be noted that The public key contains your local public network exit IP, The design is to facilitate friends to find you directly , If you mind the public network IP Let the cat out of the , It is suggested that we start with VPN Or agent software , Then open it again Tox, And it's already generated Tox ID If you want to regenerate the key file , Just delete the system Tox The key file in the directory (tox_save.tox ) that will do , The directory of the file in each system is as follows :

Windows: \%appdata%\tox\
Linux: ~/.config/tox/
OS X: ~/Library/'Application Support'/Tox/

because tox_save.tox I recorded my friend's ID Data such as , It's a very important document , So suggest 【 Every time 】 Make a backup after changing friends , The author just because Tox Software crash automatically empties the file . Besides Tox Configuration files on the client side 、 Friends' Avatar directory and even chat records ( The file name is friend ID) And so on are in this directory by default , Optional backup if necessary .

◇ Relay service

Tox Software has a number of built-in relay servers IP, After the software starts , Connect to the relay server first , After success Tox Will cache IP Data such as , The relay server also gets your location , And provide your online friends with IP Information , After that, I began to establish a conversation with my online friends , After successful connection , This machine also caches friends' IP data , That is to say, when chatting with friends , Each other's Internet IP Is visible .

Tox The buffered relay after the connection is complete IP With friends IP The data will be updated regularly , The list of relay servers will only use the best quality at runtime 8 individual IP, If friends IP The list has better quality than the relay server IP resources , Then IP Will be promoted to the local relay server 8 individual IP One of .

So far, there is a doubt , If you can't connect to the built-in relay server IP Well ?
Tox For relay servers that have been connected , Will cache IP Data to local file , You can try these cache nodes , In addition, it will scan the local IP, And try to connect with friends directly IP node , Friend's IP The data comes from friends Tox ID, Generate Tox The public key of , Software will then export the public network IP Encryption is written into the characters , It can be used in this special environment .
It can be inferred that the same Tox ID A number of devices have been launched one after another , There will be only the first “ go online ” Your device can find friends , After the device goes offline , It's the device behind that can be real “ go online ”, In addition, due to the forward secrecy used in the communication process, only one device can establish a connection with friends at a time .

* User distribution

The number of users is estimated by several main relay nodes provided by developers according to the number of relay nodes IP The number is counted

* The darker the color, the more online users

The figure above shows that the United States and Russia have the largest number of online users , China with lighter color 、 Australia is basically flat , Canada has the largest number of people online in light areas , Nearly twice as much as China ; The European users are Germany 、 The French 、 Ukraine 、 Sweden and Finland .

The figure below shows the proportion of the average number of relay nodes that a domestic user can get :

See you again “ Chinese grey ”, This time it's completely grey , The share is only 0.03%, Australia with the same number of users (1.9%) contrast , The proportion of relay nodes is not an order of magnitude , Heartbreak , It is speculated that this situation is similar to that of China itself IP It's about a few , Most online users are basically not fixed IP, In the future, if the number of users increases, we can reduce the dependence on foreign relay nodes , Think 7 100 million potential users , Light up the universe with Chinese red .

* At the end of the article, clear the scene

Now use Tox It's like walking alone in the desert , Boundless desolation , Can't find a friend , It may even become the only node within a hundred miles , But it's the best communication choice after the bustle , Return to quiet and safe communication ; The choice of the minority can also continue to grow , I invite you to be one of the 3000 relays in the world .
Offer Tox ID One :
Add me 、 Add me 、 Add me , Lazy input uses Tox Scan the QR code

My other blog :http://www.lemols.com/

niche Tox—— mass “ De centralization ” More articles about chat software

  1. Baccarat How to use the decentralized governance model ?

    The emergence of blockchain , Let's see the possibility of decentralization . Decentralized digital assets from the beginning of the unknown , It's been up and down for ten years , It has gradually become a popular way of value storage . Decentralized Finance , Make the ecological builders of digital assets realize that , Even without centralized gold ...

  2. Why do you say NGK The decentralized Oracle is becoming more and more popular ?

    2020 The blockchain market was very hot in 2000 , From the exchange leverage at the beginning of the year , To Defi boom , Wave after wave , The wind is shifting , Many people have no choice but to sigh that they can't keep up with the times , A lot of people jumped on the early bus . With Defi It's hot all the time , The Oracle has also entered the public eye .NG ...

  3. IM Decentralized conceptual model and architecture design

    I'm going to write about today IM The architecture model changes and design ideas involved in decentralization , The concept of decentralization means that users' access is not centralized in a data center , The decentralization here is for the data center . From this perspective , In fact, not all businesses can do it ...

  4. One light client, Multilingual support , De centralization , Self active load , Discussion on the implementation of scalable real-time data writing service

    background The background is to design a real-time data access module , Responsible for receiving client Real time data writing based on ( Such as log stream , Click stream ), Data support goes straight down to HBase On ( May provide HBase Query on ), Or persist to Kafka in . It may be convenient to do some research ...

  5. Step by step to teach you to develop 、 Deploy the first decentralized application (Dapp) - Pet Shop

    Today we're going to write a complete decentralization ( Blockchain ) application (Dapps), This article can be combined with writing smart contracts . Write it at the front Before reading this article , You should be right about Ethereum . I know something about smart contracts , If you don't already know , I suggest you first look at what Ethereum is, in addition ...

  6. ImCash: Take the coin off the shelf BSV The debate on the right : The rules 、 Neutrality and decentralization

    One view is : A cryptocurrency exchange that quotes price data and performs transactions , Its business decisions often occur outside the chain , Not subject to strict . It is similar to the restriction of the chain rules of the quasi constitution , Cryptocurrency exchanges can reject prices and transactions that anyone likes , And it doesn't hurt the bottom ...

  7. Understand decentralization Stable currency DAI

    This article is reprinted from the blockchain in simple terms , Link to the original text With JPMorgan's launch JPM Coin Stable currency , It can be predicted that stable currency will become a big booster for the implementation of blockchain . frankly , For me as a programmer ( I don't know a little about economics and finance ), understand DAI My machine ...

  8. The ultimate guide to decentralized storage projects | Filecoin, Storj and PPIO Project technology comparison ( Next )

    In the last article , We mainly focus on value orientation . Technology hierarchy . Service quality . Degree of decentralization , This paper analyzes the differences of the three projects from five aspects of economic and incentive mechanism . In this article , We will focus on the architecture design of blockchain . Data transmission technology design and data storage technology design ...

  9. The ultimate guide to decentralized storage projects | Filecoin, Storj and PPIO Project similarities and differences

    Filecoin,Storj as well as PPIO The design ideas of these three storage public chains are different , There is no such thing as good or bad , This article is not written to argue about the right and wrong of each project . Decentralized storage is a long-term commercial track , Different teams go to different places on the same track ...

Random recommendation

  1. Android Studio :enable vt-x in your bios security, Open or error report solution

    quote: For Windows 10: First of all, install the intelhaxm-android.exe located in the folder SDK\ext ...

  2. [PHP] - Laravel 5 Of Hello Wold

    I make complaints about it For a long time ,Laravel Download trouble can die . First you want to install composer, and composer It's been shared again , After that, we have to install git, installed git And sign up git, wait .... Finally give up the game , It's disgusting . ...

  3. How to let dedecms Generate html The page is faster

    How to make dream come true html The page is faster ? 1. Put... In the article template “ Related articles ”.“ Hot articles ”.“ Recommended articles ” This kind of mark has been removed , In other ways , Such as :shtml.js introduce 2. Put the template path represented by mark in dream weaving template .php attach ...

  4. 【 First worship dampness 】poj-2386-Lake Counting-DFS The template questions

    Lake Counting Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 16802   Accepted: 8523 De ...

  5. iOS afnetworking The latest edition is wrong No, AFHTTPRequestOperationManager The class

    I started a small project today   It's using pod   then   Install well Afnetworking after   Find out AFHTTPRequestOperationManager   This class is gone  , After Baidu   Find out original ...

  6. Industrial control board EM9161 Yes ISO7816 Protocol support

    In current finance POS Terminals and related fields ,ISO7816 Communication protocols are widely used . Yingchuang's industrial control motherboard EM9161, Based on its asynchronous serial port , With simple settings , Then the serial port can be converted to conform to ISO7816 Interface to protocol , Implementation with a variety of smart cards ...

  7. jquery single click li Implementation code to prevent repeated loading

    Because loading content is slow , So the user may be li I hit it twice , Then you ask twice , This is what we don't want to see . In today's javascript-jquery There are two in the group demo Give me a , His method is to click first li Node copy ...

  8. Gym - 101522H Hit!

    H. Hit! time limit per test 1.0 s memory limit per test 256 MB input standard input output standard ...

  9. perl Introduction (3)

    quote        In many cases, we use reference to pass values , Can greatly improve the efficiency of the code .       Define a reference and add... Before the variable name ”\” That's all right. , Such as :       $ra=\$a;       $rb=\@b;   ...

  10. Experiment 1 : Use ADO.NET How to read data

    First step : establish Asp.net Applications stay VS in , Click on the file -> newly build -> project , Select and input as shown in the figure : The second step : New product browse page form Listing.aspx: In the project SportsStoreEx Upper point ...