>the DHT addresses your contacts gave you are actual ec25519 public keys.
For nontechnical users, that's a massive downside. The first tox client to integrate ToxMe into itself will get very popular, very fast, provided it's got the right marketing.
>The first tox client to integrate ToxMe into itself will get very popular, very fast, provided it's got the right marketing.
Ouch. qTox had it for quite some time already, and given that I didn't observe massive increase in its popularity (there was increase, but ~normal), it's got to be the marketing (or lack of thereof)...
Sadly, I don't know about marketing, and while there were some people who could into marketing, hiring them would require money, which Tox ecosystem doesn't have at all, and if it had, it would be spent on hiring devs part or full time. :|
With that being said, it's quite likely that the UI for the integration in qTox is not the best one, and could use some improvements. If you have any suggestions / ideas how it could be made better, please don't hesitate to make an issue on qTox repo with them: https://github.com/qTox/qTox . Or any other part of qTox.
Anyways, aside from qTox also Antox should have ToxMe integration. I don't know about other clients.
> For nontechnical users, that's a massive downside.
I disagree entirely. It's an upside. They get to benefit from PKI without even understanding anything. A person's address gets them the actual person.
ToxMe requires trusting the ToxMe identity provider, and is an obvious point of attack. And we'd no doubt see fake addresses that resemble other peoples, and other such nonsense.
There's minimising the inconvenience (with ideas like the QR code feature they have), and there's plain giving up security for minimal gained convenience, which we should just avoid.
>I disagree entirely. It's an upside. They get to benefit from PKI without even understanding anything. A person's address gets them the actual person.
Yes, but which messaging service will the nontechnical user use? The one where they can exchange usernames, or even phone numbers, and it Just Works? Or the one where they have to give their friends a long alphanumeric sequence of gibberish?
It doesn't benefit them if they don't use the protocol.
>ToxMe requires trusting the ToxMe identity provider, and is an obvious point of attack. And we'd no doubt see fake addresses that resemble other peoples, and other such nonsense.
Obviously. This is why it's a bad thing that nontechs will probably go in that direction, if they use Tox at all.
>(with ideas like the QR code feature they have)
I was hoping somebody had implement QR: that helps a lot, but I'm not sure if it's enough...
For nontechnical users, that's a massive downside. The first tox client to integrate ToxMe into itself will get very popular, very fast, provided it's got the right marketing.