[snvzz]

While I'm sure it's well-intended, it does have a couple of fatal flaws.

* Lack of full forward secrecy means logged network logs can be decrypted in the future if an endpoint key is ever compromised.

* e2e encryption is optional, due to legacy SIP support. This is extremely dangerous as it will no doubt lead to false sense of security, with users assuming they're safe just because Ring is the program they're talking through.

Due to these two I cannot actually recommend it to anyone.

Note that Tox got these two right, and is a pretty active project which gets commits semi-daily, regardless of the nonsense about it being dead that some party seems to be spreading.

[davexunit]

The Tox community is absolutely toxic, no pun intended. I have abandoned that ship.

[synchronise]

e2e could be enforced for the DHT clients if the user states they aren't going to be using SIP though, right?

Either way, I don't use SIP so that feature isn't a dealbreaker for me.

[snvzz]

> e2e could be enforced for the DHT clients if the user states they aren't going to be using SIP though, right?

That needs user intervention, which implies his understanding of why it is necessary.

Here's a better idea, remove backwards compatibility. Perhaps they could release a separate SIP client under a different name. Just keep it away from Ring itself. Let Ring be actually secure.