Regarding the general issue of "oh my god tox is not secure don't use it"
this is slightly overreacting to the actual issues.
426
Although Tox works over Tor, we do not recommend its usage for anonymity
as it leaks DNS requests due to a 6-year old known unaddressed security
issue: https://github.com/TokTok/c-toxcore/issues/469 Do not use it for
anonymous communication unless you have a TCP and UDP firewall in place.
The exception to this is the Toxygen client, which only gives c-toxcore
IP addresses which are resolved through Tor;
Up-to-date code is on https://git.plastiras.org/emdee/toxygen
This also allows us to use onion addresses in the DHTnodes.json file.
Still for anonymous communication we recommend having a firewall in place.
Currently, toxcore uses onion routing in the process of establishing connections between friends, with the aim of obscuring their identities from third parties. However, this method does not achieve this goal. This document describes a proposed replacement for onion routing.This proposal is adapted from an original proposal by grayhatter.