Sunday, August 18, 2013

Tox Developer Fed Up, Quits

One of the largest contributors to the Tox project, slvr, quit the project and posted a rant to GitHub, denouncing it as a failure and the other developers as incompetent.

He posted this issue to GitHub (mirrored below in case it gets removed):
I'm quitting. 
I came here to Tox, to develop what I thought was going to be a groundbreaking new piece of software. These were many issues with the software I saw, which were the reasons I came to developing for Tox; and these issues still exist in the software today:
  • A serious leakage of privacy in the DHT. A user with majority control could easily trace out a user's social graph based on who a user connects to. Mounting such a Sybil attack is trivial for an attacker with sufficient resources: i.e.: the NSA.
  • This weakness is fundamental to the design of the DHT that irungentoo has decided on.
  • Possible protocol disruption based on too much data being sent in the clear. If an if an agency/ISP/government/attacker is able to insert arbitrary traffic onto the internet, this is quite trivially hijackable.
  • I was working on a protocol revamp to repair this. Since I am leaving, I shall no longer be working on this fix.
  • A disregard for security in general; trading off security for user-convenience and DoS prevention. DoSing should be secondary concern to security, and implementation convenience shouldn't factor into it at all.
I joined this project to fix the inexperience I saw in core members with respect to securely-designed software. Most developers of the project have little or no experience with cryptography. irungentoo, the individual with experience, has a balant disregard for privacy in his implementation. 
Quotations of things I have said regarding Tox in the past include: 
"The worst possible attack is for a malicious agent with majority share to deny lookups. Oh, and for the social graph of a user to be mapped. I'm still quite annoyed about the Lossless_UDP bit of code, however. The design of this system makes an interesting trade-off: Preventing a theoretical abuse **at the cost of leaking a user's social network.**" 
"Urgh. I have nothing to say so I won't say anything more. " 
"Good news about Tox: Their project will fail; probability of failure increases exponentially with size of network. Even better news about Tox: I told them about it a day or two ago, and nobody has fixed it yet. (Sorry guys, you're not getting any patches from me but I'll be helpful enough to point out how badly you screw things up.)" 
"Evidently the quality of the implementation doesn't matter as long as people believe that they are secure even when they ARENT" 
"The devs of Tox are fucking incompetent. Toxic is the word. How the fuck did you screw up a Kad implementation so badly. URGH" 
"URGHHFFFF. (Sorry, it's just the "take a look at what Project Tox is doing" time of the day again.)"

4 comments:

  1. Too bad, I look forward to see some projects for a better alternative to Skype that could not only be pushed to users easily, but advertised well so the world could switch from the Skype madness.

    ReplyDelete
  2. Too bad, I look forward to see some projects for a better alternative to Skype that could not only be pushed to users easily, but advertised well so the world could switch from the Skype madness.

    ReplyDelete
  3. Too bad, I look forward to see some projects for a better alternative to Skype that could not only be pushed to users easily, but advertised well so the world could switch from the Skype madness.

    ReplyDelete
  4. Too bad, I look forward to see some projects for a better alternative to Skype that could not only be pushed to users easily, but advertised well so the world could switch from the Skype madness.

    ReplyDelete