-
Notifications
You must be signed in to change notification settings - Fork 193
/
Copy pathPRIVACY
20 lines (19 loc) · 4.15 KB
/
PRIVACY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Antox privacy policy
1. Antox uses libtoxcore (https://github.com/TokTok/c-toxcore) to provide instant messaging and audio/video conference functionality.
2.1 Antox stores your Tox profile only on your device, it's not stored on any other server.
2.2 If someone gains an access to the Tox profile stored on your device, they can claim your identity on Tox. If you have selected a password for your Tox profile, the Tox profile would be stored encrypted with your password, which would mitigate the issue of someone claiming your identity on Tox by stealing the Tox profile file, assuming the attacker can't easily guess the password.
2.3 As a consequence of storing the profile only on the device, you can't restore your Tox profile if you lose it.
3. Antox stores the message and audio/video call logs only on your device, they are not stored on any other server.
4. All the data sent over the network, including messages and audio/video calls, are sent encrypted in such a way that only the intended recepient can decrypt them.
5.1 All the data sent over the network, including messages and audio/video calls, are sent directly to the intended recepient without use of any central server, with a few exceptions as follows.
5.2 Tox tries to establish a direct, peer-to-peer, connection with the recepients. In some cases it's not possible due to the network restrictions (restrictive NATs), in which case libtoxcore uses a relay node to relay all your conversations with a recepient. Note that by #4 the relay node can't decrypt contents of messages and audio/video calls, as the relay node is not the intended recepient of those.
5.3 If you have TCP mode enabled, your traffic is rounter though a relay node. Note that by #4 the relay node can't decrypt contents of messages and audio/video calls, as the relay node is not the intended recepient of those.
5.4 If you have specified a HTTP or SOCKS5 proxy, libtoxcore would relay the traffic using that proxy. Note that by #4 the proxy can't decrypt contents of messages and audio/video calls, as the proxy is not the intended recepient of those.
6. libtoxcore doesn't route DNS traffic though a proxy.
7.1 In order to be able to discover other Tox users and be discovered by them, libtoxcore uses DHT. Every Tox client is a DHT node. The data that is stored in DHT is 1) your temporary DHT public key, which can't be used to identify you as it's generated randomly and changes every time you restart Antox, and 2) your IP address.
7.2 The implication of this is that everyone can traverse the DHT and find IP addresses of all Tox users, including you. Everyone can tell that someone on your IP address is running Tox. Those IP addresses might be the actual addresses of Tox users, or addresses of proxies if the Tox users used a proxy. If you don't want to let anyone know that you are running Tox on your IP address, you should use a proxy.
7.3 Tox is designed to prevent any user you have not authorized (added as a friend) from finding the association of your Tox Id and IP based on DHT data.
8. To connect to the DHT Antox utilizes a list of bootstrap nodes maintained by Tox Project at https://nodes.tox.chat/. Antox choses several of the bootstrap nodes of this list at random and connects to them.
9.1 For the convenience, Antox allows an optional use of ToxMe, a centralized phonebook-like service that allows a name to Tox Id mapping. There are free and open source implementations of ToxMe service available, meaning that you can run your own and use it in Antox. Antox comes with https://toxme.io/ ToxMe service pre-configured by the default.
9.2 ToxMe service is a regular JSON HTTPS API web server which you can ask to associate a name with your Tox Id, so that later someone could lookup your Tox Id by a name. It has all the privacy consequences of using such a service: the service can associate the IP address with your Tox Id, and it can see which IP addresses look up for your name, assuming that they are your potential friends. If those potential friends are also ToxMe users on the server, then it can further associate their Tox Ids with their IPs and be able to construct your social graph.
9.3 ToxMe is not part of libtoxcore, and as such ToxMe traffic is not being proxied.