I haven't looked into Tox, but I'd be curious to find out the highlights. Really I've just never understood why people complain about XMPP; yes, it's XML which is ugly, but it's also the right tool for the job (easy to stream, very fast SAX-style parsers, event based, etc.), it certainly has its warts, I won't pretend it's perfect, but for the most part it's been around for 20+ years getting the kinks worked out. If we just keep creating new protocols because it's not perfect, we'll never get a more or less universally federated chat protocol like we have for more long form messages (email). I don't know anyone who would say email was the most wonderful modern thing in the world, but they still use it because it's good enough and was lucky enough to become ubiquitous. Similarly, I feel like people should just use XMPP even if they don't like it for that reason (although I'd still love to find out more about Tox, what it's strengths and weaknesses are, etc.)
Tox is a fully distributed (not federated) p2p system. It supports 2-way messaging, multi-way chatrooms, voice and video calling (using Opus and VP8, respectively), file sharing, and desktop streaming, although not all features are supported by all clients. Although any client can implement any feature they like, so long as they can do it atop the actual network system, sticking to the Tox Client Standard is reccomended for maximum compatability. It implements perfect forward security, and uses libsodium for its crypto. There are a variety of clients, although most seem to use toxcore, the reference protocol implementation, under the hood. However, the spec is readily available, and there are independant implementations.
Tox's goal is essentially to create a user-friendly Skype-like chat application, with not centralized server, and strong security by default.
The downside is that your user ID on tox looks like this:
And you have to give it to anybody who wants to connect to you on tox. There are services like ToxMe which can give you email-style shorthands, but as the Tox FAQ notes, this can leave you and your contacts vulnerable to an MITM attack, if the site you use is untrustworthy.
> Tox is a fully distributed (not federated) p2p system
Ah, see, you lost me there already. I'm sure it's clever and well made and all the rest of it, but fully distributed systems either almost never work, are very difficult to get setup and use properly, or end up just not being fully distributed systems (eg. early Skype and it's "supernodes" or whatever it called them, aka "servers", or Tor [which I love] and it's directory authorities which admittedly are elected, but even so are effectively just "servers", or Bittorrent which has either trackers, aka "servers", or hard-coded DHT bootstrap nodes, aka also "servers").
Distributed systems sound great in theory, but in the real world I just never think they're worth the effort, or you have to compromise them and add some centralized element anyways, at which point you might as well just use a federated system so that people who don't want to deal with all that can use a third party server and people who do want their own specially contained distributed node can just run their own server and client.
The bootstrap nodes were probably the first ones on the DHT: hence, no bootstrap needed. If it's a new bootstrap node, it's connected to the old bootstrap nodes, or some other set of nodes in the DHT, just like any other node: distributed, not federated.
But once a node is acutually inside the DHT, it should never need to talk to the bootstrap nodes ever again: that's a pretty major win, in some respects.
Sorry, that was supposed to be a silly joke, but it also made it horribly unclear. I meant: How do you find the nodes to bootstrap yourself into the DHT in the first place? They must be IPs shipped with the client?
