Out in the Open: Hackers Build a Skype Thats Not Controlled by Microsoft

Screenshot: WIRED/Source: Tox

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But its also the birthplace of one of the latest attempts to subvert the NSAs mass surveillance program.

When whistleblower Edward Snowden revealed that full extent of the NSAs activities last year, members of the sites tech forum started talking about the need for a more secure alternative to Skype. Soon, theyd opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.

Eventually, they settled on the name Tox, and you can already download prototypes of the surprisingly easy-to-use tool. The tool is part of a widespread effort to create secure online communication tools that are controlled not only by any one company, but by the world at largea continued reaction to the Snowden revelations. This includes everything from instant messaging tools to email services.

Its too early to count on Tox to protect you from eavesdroppers and spies. Like so many other new tools, its still in the early stages of development and has yet to receive the scrutiny that other security tools, such as the instant messaging encryption plugin Off The Record has. But it endeavors to carve a unique niche within the secure communications ecosystem.

The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoevernot even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so theres no central hub to snoop on or take down.

There are other developers trying to build a secure, peer-to-peer messaging systems, including Briar and Invisible.im, a project co-created by HD Moore, the creator of the popular security testing framework Metasploit. And there are other secure-centric voice calling apps, including those from Whisper Systems and Silent Circle, which encrypt calls made through the traditional telco infrastructure. But Tox is trying to roll both peer-to-peer and voice calling into one.

Actually, its going a bit further than that. Tox is actually just a protocol for encrypted peer-to-peer data transmission. Tox is just a tunnel to another node thats encrypted and secure, says David Lohle, a spokesperson for the project. What you want to send over that pipe is up to your imagination. For example, one developer is building an e-mail replacement with the protocol, and Lohle says someone else is building an open source alternative to BitTorrent Sync.

That said, the core Tox team is focused on building the features specifically required for building a Skype replacement. There are at least 10 different Tox messaging and voice clients so far, each supporting a different range of features. Eventually, Lohle says, there will be official clients for each major operating system, but for now the team is just recommending a few specific clients. Tox, which is available for Linux and Windows, is a the bleeding edge reference design, while qTox is the projects recommendation for OS X users and Antox is the recommended for Android. There is no iOS version as of yet.

Tox is still rough, but the interface and experience is straightforward. You download the client, and it automatically creates a public encryption key that you can provide to everyone, and a private encryption key that you keep on your computer or phone. From there, it works very much like Skype. You can add a friend to your contact list by pasting in their public key, and then you just click their name to send them a message, or click the big phone icon to call them. If you want to move your identity from one computer to another, you just copy a single file that includes your private key and contact list.

See more here:
Out in the Open: Hackers Build a Skype Thats Not Controlled by Microsoft