irungentoo
Allow users to send files in group chat
I think that users should have the ability to send files in group chats, and for it then to perhaps show who has accepted the file.
I initially reported this issue here.
I think it would be a bad idea. It would permit to send malware massively by inviting every contact you have in your friendlist. :-1:
@SkyzohKey, People will always find some way of using a feature for malicious or just unintended purposes, or in unintended way, that does not mean though that we should just get rid of all features which could potentially used for bad reasons if used by the wrong person. For instance with your argument I could say that it's a bad idea to even allow you to send messages to other people because you could send something malicious or bad in another sense.
You can spread malware through IM programs anyway, but that doesn't mean that you should just remove all the features which could theoretically allow you to transfer a malicious file because that will really damage the user experience and if Tox can't do what other IM programs can do, then people might just stop using and go for other programs that can meet their needs and provide useful functionality it even if it is safer not to allow people to send files and whatnot.
Users should be aware of the fact that this could happen, and it's just generally a good practice not to accept files unless you know what and why they are being sent to you, and also suddenly all of someone's contacts being sent a file in a group chat looks very suspicious, but just because some users may fall for this does not mean that you should limit functionality and not allow users without malicious intent to use it as intended. In my opinion here, the positives for this outweigh the negatives.
As I said before, you might as well just not allow people to send files at all because you could spread malware, but if you open an issue in favour of stopping people transferring files at all I don't think you'll get much support...
@SkyzohKey No, I think It's the user responsability to check for a virus. In 1 on 1 chat, you can already send a virus to someone
@SkyzohKey, I know many IM programs which allow this, and non of them scan it for you, so I don't see why Tox would. Plus you can already send a virus to someone in a normal chat with them (as opposed to the group chat) as @TheNain38 said. If you are worried that what is being sent to you is a virus, don't accept it, or scan it yourself. The client should just give you the ability to send it, you have to exercise proper judgement in the situation you are faced with.
Plus then would the question of which AV to use, installation of the AV, updating it etc... And then it just gets overcomplicated.
@SeventhSonOfASeventhSon this feature will be added, it's just lower priority than many of the other things getting worked on right now. Current groups don't even have file sending and we're about to merge brand new groups.
@ProMcTagonist, Of course, yes, I understand. How soon is "about to" may I ask?
@irungentoo is working on updating TCP to support the new groupchat API. None of the code is public yet.
I wonder if it could be possible to apply some P2P magic when transferring files in a groupchat, let other people who've downloaded the file act as additional sources for the download if they want. Would help with sharing larger files if the original person sending them doesn't have that good of an upload speed.
@ace13, What if one of the 'additional sources' decided to try and tamper with the file? Would there be some security checks in place that would prevent them from doing this?
You could have a small - signed - manifest for the file that is sent transparently with it, for validations sake. That way you don't have to worry about the additional sources tampering with the data, as those pieces would just fail to verify against the file manifest. And since it's signed, you could even let them redistribute it as well as the file later on, to let people download the file even if the original source drops offline.
@ace13 that's the plan, to have something torrent-like.
@SeventhSonOfASeventhSon that's easily solvable with crypto. You'd know this if you knew at least little bit of it.
It's kind of sad that a lot of toxcore issues are long discussions made by Tox users with not much understanding of p2p and crypto, or discussions stared by knowledgeable people but with a lot of unknowlegable people commenting on them, all of which makes developers stay away from toxcore issues :\ I'm not saying that your opinion is not appreciated, but user feedback and developer discussion doesn't really go hand in hand.
@nurupo, I wasn't saying that there aren't ways around security issues like the one I mentioned, I was just asking if you would implement them because people sometimes forget or don't think it necessary. Like I'm sure you could just fix this easily be signing the file.
Yeah, the sender would need to split the file in chunks, sign the metadata about the chunks and sign hashes of each of the chunk, or something similar. I wonder if we could just take a torrent library and use it directly on top of toxcore networking and crypto stack.
Definitely a nice feature.
Something else: What do you think about that the creator of a group chat will be able to choose at the beginning whether file transfers are allowed in that group or not? There will be some IRC-like group chats that won't need file transfers, I guess. And if there are about 100+ people in the group chat, I also think that it can massively be used to distribute malware. Of course, everybody should check it before downloading, but, you know how it will work in reality. Assume there's a (IRC-like) tech help group chat and someone is asking about how to do this and that - and someone is sending the (alleged!) solution as a script. Of course, the person who needs help will use it because he doesn't know. And ... it's happened!
So, file transfers also in group chats is a nice feature and would be great to have. But the option to set if file transfers are allowed in the group chat at the beginning could be very useful.
@nurupo you mean wrap libtorrent in libtoxcore or incorporate libtorrent into toxcore? On Feb 11, 2016 10:11 AM, "nurupo" [email protected] wrote:
Yeah, the sender would need to split the file in chunks, sign the metadata about the chunks and sign hashes of each of the chunk, or something similar. I wonder if we could just take a torrent library and use it directly on top of toxcore networking and crypto stack.
— Reply to this email directly or view it on GitHub https://github.com/irungentoo/toxcore/issues/1512#issuecomment-182984120 .
As a temporary workaround: "I think honestly, if you just use the peerlist in tox and just do individual sendfile to everyone, that works pretty well for a group sendfile command"
Regarding not having all group members added as a friend: "do you really want to send them a file if you're not friends with them and already in a group with them". Again, a temp workaround
