From 2068699ff76b7b9f7eb959df8fc46b50e0e73eeb Mon Sep 17 00:00:00 2001 From: emdee Date: Sun, 9 Oct 2022 18:00:03 +0000 Subject: [PATCH] Cleanup --- DDosSmallNumberOfBSNodes.md | 3 ++- GroupOfDevicesPOC.md | 8 ++++---- Home.md | 2 +- MultiDevice-Announcements-POC.md | 2 ++ QToxGreen.md | 6 ++---- SecurityVulnerabilities.md | 2 +- ToxAndTorInChina.md | 10 +++++++--- ToxComparedWithOtherIm.md | 14 +++++++++++--- ToxMultiDevice.md | 3 ++- UseGroupPasswordThroughAKDF.md | 2 +- VulnerabilitiesInTheToxOnion.md | 2 +- 11 files changed, 34 insertions(+), 20 deletions(-) diff --git a/DDosSmallNumberOfBSNodes.md b/DDosSmallNumberOfBSNodes.md index 9d75a7c..9afffba 100644 --- a/DDosSmallNumberOfBSNodes.md +++ b/DDosSmallNumberOfBSNodes.md @@ -4,6 +4,7 @@ By design, Tox relies on a small number of BS nodes. As the network is now, the number of nodes is very small, and all well known. -So Tox is vulnerable to being completely taken down by blocking a small number of nodes. +So Tox is vulnerable to being completely taken down by blocking a +small number of nodes. See: [[ToxAndTorInChina]] diff --git a/GroupOfDevicesPOC.md b/GroupOfDevicesPOC.md index 6f04f3f..09affa3 100644 --- a/GroupOfDevicesPOC.md +++ b/GroupOfDevicesPOC.md @@ -1,3 +1,7 @@ +Previous: [[Home]] + +## Group Of Devices POC + One way to address the multi-device problem is to add the multiple devices of a person into a NGC group. It may not scale well because messaging is sent to all devices of all users; @@ -5,7 +9,3 @@ a single active user approach would be more efficient. And it wouldn't work for groups very well as a group-of-devices can not be a member of an NGC group. -Up: [[Home]] - - -green's test edit :) \ No newline at end of file diff --git a/Home.md b/Home.md index beab468..1a66065 100644 --- a/Home.md +++ b/Home.md @@ -1,4 +1,4 @@ -Welcome to the Wiki. +# Welcome to the Wiki. What I am noticing is that there is no notion of a Tox Improvement Proposal(TIP), so ideas and vulnerabilities get forgotten in abandonned PRs in abandoned repos. diff --git a/MultiDevice-Announcements-POC.md b/MultiDevice-Announcements-POC.md index 4b45cc7..56ce94c 100644 --- a/MultiDevice-Announcements-POC.md +++ b/MultiDevice-Announcements-POC.md @@ -1,3 +1,5 @@ +Up: [[Home]] + See [[MultiDeviceAnnouncementsPOC]] diff --git a/QToxGreen.md b/QToxGreen.md index 0e5d4d4..edfa665 100644 --- a/QToxGreen.md +++ b/QToxGreen.md @@ -1,6 +1,4 @@ -Anthony? is this you? - -linkedin https://ca.linkedin.com/in/anthony-bilinski-b4178611a (archive: https://archive.ph/X6Tsy ) +Up: [[Home]] # Anthony Bilinski @@ -12,7 +10,7 @@ Works full time as: > Developer & Firmware Maintainer & Developer at Avigilon * https://www.zoominfo.com/p/Anthony-Bilinski/628037601 -* https://ca.linkedin.com/in/anthony-bilinski-b4178611a +* https://ca.linkedin.com/in/anthony-bilinski-b4178611a (archive: https://archive.ph/X6Tsy ) * https://www.zoominfo.com/p/Anthony-Bilinski/3246706849 So he's working on Open Source projects as his day job at Avigilon May 2016 - Sep 2021 - 5 years 5 months. Maybe qTox was his day job until Sept 2021? diff --git a/SecurityVulnerabilities.md b/SecurityVulnerabilities.md index 3f3aa86..8d130a9 100644 --- a/SecurityVulnerabilities.md +++ b/SecurityVulnerabilities.md @@ -6,7 +6,7 @@ Previous: [[Home]] * Currently, toxcore uses onion routing in the process of establishing connections between friends, with the aim of obscuring their identities from third parties. However, this method does not achieve this goal. [This document describes a proposed replacement for onion routing.](https://github.com/zugz/tox-DHTAnnouncements/blob/master/DHTAnnouncements.md)This proposal is adapted from an original proposal by [grayhatter](https://wiki.cmdline.org/doku.php?id=dht:new_friend_finding). -CVEs: +##mCVEs: * [CVE-2018-25022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022) The Onion module in toxcore before 0.2.2 diff --git a/ToxAndTorInChina.md b/ToxAndTorInChina.md index cd9eb50..85352e3 100644 --- a/ToxAndTorInChina.md +++ b/ToxAndTorInChina.md @@ -1,7 +1,11 @@ -FromL https://github.com/TokTok/c-toxcore/issues/419 +Up: [[Home]] -I don't think indistinguishable message bytes and sizes are going to make any difference when they are sent over a network of so few bootstrap nodes. -And anyone operating in a hostile environment is probably already running Tox over Tor, which works well. +From: https://github.com/TokTok/c-toxcore/issues/419 + +I don't think indistinguishable message bytes and sizes are going to +make any difference when they are sent over a network of so few +bootstrap nodes. And anyone operating in a hostile environment is +probably already running Tox over Tor, which works well. Did the reports of blocking in China include blocking over Tor? Tor itself has implemented pluggable transport mechanisms that are continuously being improved, and these include ways to make the traffic look like another protocol like HTTP or whatever: diff --git a/ToxComparedWithOtherIm.md b/ToxComparedWithOtherIm.md index 30acfc3..85974d7 100644 --- a/ToxComparedWithOtherIm.md +++ b/ToxComparedWithOtherIm.md @@ -2,7 +2,10 @@ Up: [[SecurityVulnerabilities]] # Tox Compared With Other IM software -## richochet +## DeCentralized + + +### richochet Always uses Tor, rather than Tox, where Tor can be used at will. @@ -15,7 +18,7 @@ Relaunched as * didn't see any mobile apps * Had a [vulnerability](https://thehackernews.com/2016/02/ricochet-secure-messenger.html) with [HTML in invites](https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf) -## briar +### briar * https://briarproject.org/ * https://code.briarproject.org/briar/briar-desktop/ @@ -35,9 +38,14 @@ Features: * USGov funded: Open Technology Fund/U.S. Agency for Global Media/Radio Free Asia * The apps are betas that expire in 90 days: "For security reasons, their accounts and data will expire with the beta." -# ZeroNet +### ZeroNet * Abandonned by its creator, it is being carried on by a number of non-cooperating forks. * A known RCE vulnerability is in some of the forks, but the developers of the patched forks have not filed a CVE. * None of the current developers have write access to the main web site. + +## Centralized + +Who cares. + diff --git a/ToxMultiDevice.md b/ToxMultiDevice.md index 88ee939..00666f7 100644 --- a/ToxMultiDevice.md +++ b/ToxMultiDevice.md @@ -2,7 +2,8 @@ -To be a useable communication system, Tox needs to support multiple devices per user. +To be a useable communication system, Tox needs to support multiple +devices per user. This is the [TokTok](https://toktok.ltd) proposal. ## Objective diff --git a/UseGroupPasswordThroughAKDF.md b/UseGroupPasswordThroughAKDF.md index a056d98..8bbff3f 100644 --- a/UseGroupPasswordThroughAKDF.md +++ b/UseGroupPasswordThroughAKDF.md @@ -1,4 +1,4 @@ -Previous: [[SecurityVulnerabilities]] +Up: [[SecurityVulnerabilities]] Chatting with sudden6 (Sep 2022) says this still an open vulnerability. diff --git a/VulnerabilitiesInTheToxOnion.md b/VulnerabilitiesInTheToxOnion.md index cd659f7..39b4fae 100644 --- a/VulnerabilitiesInTheToxOnion.md +++ b/VulnerabilitiesInTheToxOnion.md @@ -1,4 +1,4 @@ -Previous: [[SecurityVulnerabilities]] +Up: [[SecurityVulnerabilities]] Chatting with JF (Aug 2022) makes me think that these are still open: Known vulnerabilities in the tox onion: