Hoes does it differ from Tox?

Tox does not use TLS for encryption. It uses NaCL library. So I would expect Tox to be more secure. TLS had a lot of problems over the years.

I was really excited about Ring a few years ago. It hat much much much better (lower) battery & data consumption then Tox on Android. But sometimes messages weren't delivered and I never knew if they arrived at the other end and where the problem was.

There are a bunch of things unclear to me or bad designed in my opinion:
- Asks for a password on account creation. The password is used when you want to add another device to your account. Ask for a password when it is first used!
- No file transfer. Without in-chat Picture/video transfer, this will never get widespread adoption
- Global name registration. Every remotely popular name will be instantly taken, Its not 1995 anymore where this works. Either go name@domain, so ideally you have the same alias as your Mail address. Add some prove of work and/or backup to a blockchain if you want to prevent the mail provider from impersonating people. Or use a Pet-Name system.
- Is the Ethereum Naming Contract even truly decentralized? Who pays the gas for the contract and can anyone add names to it without going through their API?
- Give me more details about the connection! There is a Turn Server pre configured. (Turn routes all the voice/video data over a centralized server.) Tell me when it (isn't) used.
- "Identity managed by X.509 certificates" is that supposed to be a good thing? I guess it may have something to do with the sip compatibility...
- "OpenDHT collects and saves metadata. This makes it possible for eavesdroppers to observe the traffic on some DHT node and see who is talking to whom."

... I'll stop here, I probably forgot a lot of stuff. Maybe I'll give it another try when they implemented inline file transfer. It doesn't really look well engineered, but if it works...

*edit* Still nice to see they gave a talk with new information instead of their usual general "Ring is awesome" talk.

I'm not sure that "distributed" is better than "decentralized". Clearly, all proprietary/centralized communication tools are evil, and sooner or later are turned against their users. But making every single device an "equal peer" to me does not provide sufficient benefit while at the same time demanding scarce resources from mobile devices.

But I applaud if Ring some day delivers audio/video live as reliable as "Conversations" (or XMPP/OMEMO in general) deliver non-live messages today.

If i understood the pdf correctly, mobile devices will connect to proxy nodes instead of being full nodes. On Iphones, that will be the only option anyways, because background apps are very restricted. On android the current system works surprisingly well...

its not dead

It seems pretty interesting ! What about Kontalk (kontalk.org) ?

Hi I'm a Ring developper

The password is actually used to protect access to the account private key that allows to sign new device public keys or to revoke a device public key.
It's now possible to create an account without a password (for when you trust the platform to protect access to the private key, or if the account is simply not so important). But asking the password only on first use would be like if your OS asked to create a root password at the first sudo command !

File transfer is one of the new features we presented at FOSDEM ! :-) Should be rolling out to every platforms during the next few weeks.

It's actually possible to use a hostname when entering a username (like name@domain). Without any hostname, the global blockchain is used.
And people still register on Twitter or Gmail even if they have 1 billion+ registered users.

It's a work in progress but the idea is that we start a blockchain (mining the first N blocks), giving us enough ether to offer free names to everyone, and progressively invite members of the community to participate to the blockchain so people can mine their own token with their hardware if they wish to.

A turn server is used to relay the connection for the worst case scenario where no peer-to-peer connection is possible (both peers in different private networks). In all cases peers establish an end-to-end DTLS connection, ether on the p2p link or over the TURN server, so the turn server is only used in last ressort and would never have access to unencrypted media.

X.509 certificates allow to use TLS libraries to authenticate users/devices in a robust, standard, and powerful way.

A new Ring account generates a self-signed certificate by default, and adding contacts means doing key pinning (managing a whitelist of accepted user certificates).
An organisation could also use its CA to sign members certificates. The CA can be configured in Ring to authenticate users as being part of the organisation using the certificate chain.
The same mechanism is used for devices (attached to an account), which are authenticated using the certificate chain.

OpenDHT doesn't collects nor save any metadata. Unlike Bittorrent, data stored on the DHT is encrypted. However, unlike Tor, there is no active mechanism to hide the IP address of members of the distributed network.

Would be happy to answer any question..

“Tox does not use TLS for encryption. It uses NaCL library. So I would expect Tox to be more secure. TLS had a lot of problems over the years.”


I seriously doubt doubt that follows - you are comparing the protocol in every web browser with random crypto in a project that no one has heard about. Maybe no one has looked?!?