toxcore
toxcore copied to clipboard
irungentoo
Discovery of Users
I could not find anything useful on this topic, thus this thread.
Recently, I introduced Tox to my girlfriend and sent her my ToxID. She try it out on her tablet. She was even more surprised regarding the long identifier as she discovered that she even need to scroll to the right to see it fully.
Long story short, she liked the encryption, group, voice and video features, but those IDs... she compared them to "useless ICQ numbers". I know technically that is not quite the same, but from what I know Tox aims to be as user-friendly as it can be.
User discovery is an important part here as well. Is there a way to query after user names? I know they are not unique but it would be a start and if there are two users with the same username, e.g. the last two digits of the ToxID can be used (and interchanged manually) in order to distinguish the buddy from other guys.
I recommend https://toxme.se/ :) Lets you assign a short "[email protected]" to your identifier, which majority of the clients will allow you to then use instead.
Thanks for the prompt answer. :) Unfortunately, it looks like the website is down (at least for me).
Generally, I would prefer a decentralized solution to this issue; basically part of the main protocol. That is why I posted here. The downtime of toxme.se again shows me that this key issue should be addressed by a p2p technology like Tox.
Maybe, Tox is the wrong place for this and there should be another p2p solution that solely cares about discovery which Tox clients and other p2p software could then use. However, I guess the fastest and most reliable solution would be baked right into Tox itself (and maybe extracted into its own package after a while).
The site is working for me :o I even tried refreshing and all is good. Try again? Also, yeah, I know what you mean, but I don't think you can do this in a decentralized way - because then you couldn't easily ensure uniqueness of the "requested" shortname, I think.
Nope. It does not work. :(
Discovery here does not necessarily mean search and find one and only one result on the first try. Uniqueness is not required here.
Ambiguity can be removed by human interaction easily (e.g. comparing last two digits of ToxID). Maybe, also by introduction of more personal fields like location etc by which can be searched. But I guess the username will be sufficient for a long time.
@srkunze you can use any DNS server you want. Almost every client supports toxdns https://github.com/Tox/Tox-STS/blob/master/STS.md#dns-discovery
@srkunze What he means is that there are other sites besides toxme.se that offer identical services. I know they exist, but unfortunately I don't know any of them off the top of my head. (Whether or not you trust them is up to you to determine -- this of course also applies to toxme.se)
@stqism ^ toxme.se is down @srkunze Can you please elaborate on what you mean when you say toxme.se doesn't work? You mean your browser simply can't connect to it, as if your computer was offline (even though everything else works)? Any additional information would be quite useful to determine why it doesn't work for you. There are scattered reports that it doesn't work, but all the devs, as well as others like LittleVulpix, can't seem to reproduce. Obviously there is an issue though, so any details you can provide would be excellent.
@srkunze could you check with different DNS? It was often reported to not work with some DNS services.
Use google's DNS to check it: 8.8.8.8 or 8.8.4.4 if you can, or some other that would be reliable.
Also, you must understand that such things are a trade between privacy and user-friendliness. Personally, I don’t want my ID to be publicly associated with myself.
@zetok @stqism That is funny. nslookup with my default DNS server tells me: "server can't find toxme.se: NXDOMAIN". nslookup with 8.8.8.8 tells me the IP address of toxme.se: 104.219.184.187 When using that IP address in Chrome and Firefox, they first resolve the IP address to a name AND then tells me again the server cannot be resolved. I know I (as a tech-savvy user) could tweak my settings but from a normal user's point of view that is unacceptable. Tox is meant to be configuration-free even if it is not Tox' fault.
The beauty of Tox and when ToxIDs were exchanged already, is that is just works out of the box (as it is supposed to be from what I can read on its website):
- I do not need to register anywhere
- I do not need to configure concepts I do not even understand such as DNS
I think you got the idea.
@GrayHatter Not sure if I understand the document correctly but it seems that I would need to contact a DNS server to include my Tox URI. Again not that simple I think.
@all Let me tell you what I actually had in mind (also with respect to @ArchangeGabriel's privacy concern): a checkbox in the client which basically allow's Tox to distribute my username via the Tox network.
This is opt-in. So, @ArchangeGabriel would not do that and that is fine.
I would do it as I wish to be discovered by my friends easily. It doesn't need to be unique among all usernames. Final resolution can always be done by human interaction or changing your username.
@srkunze this is actually not a bad idea just incase some GO decides they want to kill off DNS. But how would you suggest tox handle name collisions or impersonations?
Oh, yeah, that was the second point I was talking about. This makes MITM much more easy to do, so MITM must be solved first.
Nice to see I produced my concern understandably. :)
I imagine that I could simply enter the username (or part of it) in the interface ("Add new friend") and the client gets me a list of ToxIDs that matches their associated usernames (if published at all) with the requested one.
So, verification (at least in the first step of such an implementation) should be left to the user (maybe by telling him explicitly in the client "check with your buddy if the last 3 digits of his ToxID are correct").
When people agree to use Tox together, they already communicated. Thus, they have another channel to check the checksum (last digits of the ID, or whatever you prefer most).
One could also think of an extension where people when exchanging their usernames, not only use their plain username but also use the last digits appended: myusername-134. The client can check if the id matches automatically and add the friend. That is not bullet-proof but usable.
An additional idea would be to have friends automatically verify if the id of another friend matches. Not bulletproof either but when done in background provides another means of security aka awareness.
If you want to have 100% security (at least when the underlying assumptions of encryption and co are true), use ToxID instead.
However, I guess for the average joe, this system would simplify Tox usage greatly.
I imagine that I could simply enter the username (or part of it) in the interface ("Add new friend") and the client gets me a list of ToxIDs that matches their associated usernames (if published at all) with the requested one.
Where would this database be kept in a distributed network? And if you're only going for partial matches, how many would handle 10s of 1,000s of matches? And how would you avoid network poisoning?
So, verification (at least in the first step of such an implementation) should be left to the user (maybe by telling him explicitly in the client "check with your buddy if the last 3 digits of his ToxID are correct").
One could also think of an extension where people when exchanging their usernames, not only use their plain username but also use the last digits appended: myusername-134. The client can check if the id matches automatically and add the friend. That is not bullet-proof but usable.
This is already what toxdns does; [email protected], That's more user friendly than username-###
An additional idea would be to have friends automatically verify if the id of another friend matches. Not bulletproof either but when done in background provides another means of security aka awareness.
How would this work?
@GrayHatter I stated in IRC earlier the details, but doing it correctly is an engineering problem that doesn't even have a solution. Like, no distributed database designs in existence fit what we need well enough and without creating new issues.
@stqism I'm just trying to tease out the exact workflow requested because when I say this is the perfect thing for a client to handle, I want to be able to provide some guidance on how to submit a better issue to that client.
Where would this database be kept in a distributed network?
Somewhere in the DHT. I share search data like {'username': 'me'} signed with my key. If you want to store too much data, nodes will refuse to it. At least friends should store the data if short enough. Other nodes can contribute.
It is okay if the data is not always available. Currently, I am out of luck anyway; no need for a 100% reliable system. It will be when Tox gains adoption (by adding features like this ;-)), since some of my friends will be online and share my publicly available search data.
And how would you avoid network poisoning?
Could you be more specific here?
And if you're only going for partial matches, how many would handle 10s of 1,000s of matches?
Just return the first 10 in whatever order they be served. If you call yourself "miller" and 100,000 other guys had the same great idea, the feature will be useless to you. So, you either don't use it or you will change your username.
I might tighten the scope of this issue: of course it would be nice to have a fully fledged social network discovery mechanism to find former colleagues, friends and so on. However, the issue at hand is not supposed to solve that; at least not 100%; maybe only to 10% if at all.
This issue is about solving the problem of a human-readable and human-transferable (e.g. via voice over plain air). I might know the last two digits of my ToxID but not more. Using my username, I am able to help my girlfriend (sitting next to me) getting the Tox app installed, and adding me to her friend list. If there are more than one "me"s, I can use the two digits of my ToxID to tell her: "tap on the second one there" and point my finger on it as well.
This is already what toxdns does; [email protected], That's more user friendly than username-###
Unfortunately, it is not. It requires an additional step for my girlfriend to sign up at somewhere.blerg.
Why? Because adoption stops when I only can persuade my friends to use Tox for chatting with me EXCLUSIVELY. They need to be added by their friends easily as well to create a network effect.
toxdns for user discovery basically defeats the key selling points of Tox (at least to me): easy of use (easy setup, no configuration, no registration) + spy-free (no third-party involvement).
How would this work?
When you try to add a friend, the user can request from his friends a confirmation whether or not the found friend is the same (ToxID) they have in their list. If so, they send "yes". If not, if not in their list or if the do not want to share that piece of data, they send "no". You can take that as a guesstimate whether this "miller" is the one you are looking for or not as you might share some common friends. That is basically part of the more fully fledged social network discovery. Thus, not necessary in the first step.
I stated in IRC earlier the details, but doing it correctly is an engineering problem that doesn't even have a solution. Like, no distributed database designs in existence fit what we need well enough and without creating new issues.
What are the assumptions?
It is okay if the data is not always available.
You say it needs to be more user friendly, but then say it can just seemingly randoms drop features?
Could you be more specific here?
What's to stop one malicious user from submitting millions of usernames to the DHT?
It would be nice to have a fully fledged social network discovery mechanism to find former colleagues, friends and so on.
Clients may want to support this, but toxcore is just a backbone of a communication system. Social networking is and should remain separate.
This is already what toxdns does; [email protected], That's more user friendly than username-###
Unfortunately, it is not. It requires an additional step for my girlfriend to sign up at somewhere.blerg.
That's what you have to do with skype... Only it's currently cooked into the install process. Maybe that's what you want clients to do? Require users to register with their system?
Why? Because adoption stops when I only can persuade my friends to use Tox for chatting with me EXCLUSIVELY. They need to be added by their friends easily as well to create a network effect.
toxdns for user discovery basically defeats the key selling points of Tox (at least to me): easy of use (easy setup, no configuration, no registration) + spy-free (no third-party involvement).
By submitting a username that traces back to your toxid to public DHT you've already got 3rd party. You have to trust every node to not be malicious, instead of a single site with a signed SSL cert.
When you try to add a friend, the user can request from his friends a confirmation whether or not the found friend is the same (ToxID) they have in their list. If so, they send "yes". If not, if not in their list or if the do not want to share that piece of data, they send "no".
This would allow an attacker to enumerate your friends list, and track you're whole social network.
You say it needs to be more user friendly, but then say it can just seemingly randoms drop features?
It is okay if the data is not always available. Currently, I am out of luck anyway; no need for a 100% reliable system. It will be when Tox gains adoption (by adding features like this ;-)), since some of my friends will be online and share my publicly available search data.
.
What's to stop one malicious user from submitting millions of usernames to the DHT?
What's to stop one malicous user from submitting millions of ToxIDs to the DHT?
That's what you have to do with skype... Only it's currently cooked into the install process. Maybe that's what you want clients to do? Require users to register with their system?
I wonder how you read and interpret my posts. Again this is what I said about this:
toxdns for user discovery basically defeats the key selling points of Tox (at least to me): easy of use (easy setup, no configuration, no registration) + spy-free (no third-party involvement).
By submitting a username that traces back to your toxid to public DHT you've already got 3rd party. You have to trust every node to not be malicious, instead of a single site with a signed SSL cert.
Single sites that do not work (I know it is the fault of the DNS but why should users care)? Sites that require registration? Sites that hinder adoption because on the road to a successful registration there many things can go wrong?
Point is not that third-parties can associate my ToxID with my username. The issue is User Discovery done easy by allowing the client to distribute my username associated with my ToxID throughout the network.
It is a usability issue. Humans interact by using names not by using freaking long numbers.
This would allow an attacker to enumerate your friends list, and track you're whole social network.
If my friends attack me, I would be worried.
I would appreciate your thoughts on the implementation as well as you are more involved in Tox. I personally do not care so much about that as what counts to me is the resolution of the issue. I hope you got the point of this issue.
If you feel that Tox is not the right place and discovery will never be address this way, go ahead and close the issue.
If so, however, I predict problems of the adoption by average joe and maria like I described above. I just remember the "like this useless ICQ numbers".
@srkunze Re usability: in skype you need a username and a password too, and you can autologin. With DNS you do not need more than that. So I don't think DNS per sé is a big issue, as long as it's working, though a robust dht would make the enrite thing fully p2p and not depend on single points of failure. But as was stated about this raises other issues. If the server is permanently down, a new server should be found, or if it is unreachable then thisn eeds fixing. Tox MUST have an easy, non-toxid way to add friends.
Re third parties: If you publish your username and toxid it is public, no matter if on a server or in DHT. So not a big difference. Of course, this server can sell the accumulated records.
Re authenticating your friends after adding them by user name - no matter if via DNS or DHT : there is a suggested solution on https://github.com/irungentoo/toxcore/issues/1180
@srkunze I don't mean at all to try to steer you away, users become power users, become contributors, become developers. I'm merely trying to figure out exactly the issue you see. That way I can direct you to the correct place to really submit this, where it'll get the attention it deserves. Toxcore really shouldn't be involved in anything relating to sharing data or identities. all it should do is provide the framework for tox clients to communicate. Everything else, especially everything a user might want to do should be something clients worry about.
Why I'm asking so many questions is to figure out what the solution would look like for your issue. Very likely I don't see it the same way you do, so maybe toxcore should handle it. But from what I currently see as your issue, is something that would be better submitted to a client. Identity data isn't really something that the tox network should be responsible for.
I also want to add to what @aaannndddyyy has said, that any user can enumerate DHT records and then sell them too...
Toxcore really shouldn't be involved in anything relating to sharing data or identities. all it should do is provide the framework for tox clients to communicate. Everything else, especially everything a user might want to do should be something clients worry about.
I understand that. However, one thing I am not so sure about is whether clients ever could solve that problem on their own because toxcore is setting a standard here.
I know that clients could do whatever they want but when it comes to incompatibility issues, users drop out.
So, yes, this could maybe be solved by clients storing searchdata on friends' nodes but they should store the data in the very same way as any other client. So, this would need a common implementation or else incompatibilities will occur, UX will drop, users drop out.
That was my original thought on why this should be part of the core. The core set the standard.
@aaannndddyyy
Re usability: in skype you need a username and a password too, and you can autologin. With DNS you do not need more than that. So I don't think DNS per sé is a big issue, as long as it's working, though a robust dht would make the enrite thing fully p2p and not depend on single points of failure. But as was stated about this raises other issues.
The first time I started qtox is was impressed how easy it was. No configuration, it just start it up and I am online and I have an id. The guys I forwarded my tox id also were impressed. So, I do not want to destroy that experience.
Up and running. That would be huge selling point over Skype. Everything else just is like Skype. So, why not using Skype? Everybody is there. The network effect counts much.
Re third parties: If you publish your username and toxid it is public, no matter if on a server or in DHT. So not a big difference. Of course, this server can sell the accumulated records.
Not sure why third-parties are to important here and everybody keeps talking about them. 3rd parties should not be able to spy on my communications. I do not care about 3rd parties knowing my ToxID. I want to use Tox because my communication is private.
Also because every 3rd party tries to collect data and I cannot do anything about it. Even friends, colleagues could sell the data they know about you. So, if you have real life, you need to live with that anyway.
Re authenticating your friends after adding them by user name - no matter if via DNS or DHT : there is a suggested solution on #1180
Thanks for cross-linking. Not sure if his propasal is easy to implement but when I sit to my girl-friend, telling apart two usernames by the last two digits of the toxid suffices (at least) to me.
the proposal on #1180 is in order to secure against a malicious server. Implementation would be trivial, it's just about sending two custom messages and hashing. Last two digits offer no security in that case. Last two bytes would really only account for non-malicious users who chose the same name - something that currently cannot occur anyway.