Is Tox secure?

[Tergolp]

I just found the app called Tox. Is it secure? How about the anonymity and privacy / encryption?

EDIT: I'm asking because I found a few threads here at HackerNews telling us it is not secure to use and we shouldn't using it.

[silur]

It is. I've tested, overviewed the code and packet-sniffed several self-claimed anonymous and secure chat apps, tox was in a tie with signal and telegram with security, and first place for me with anonimity. The toxCore philosophy (isolating the protocol tools from the client) is a big plus too, you can create your own client or integrate tox to your app however you like. The sodium crypto library is really trusted and easy-to-use (less control but it's more failproof than openSSL primitives), it's based on the NaCL library written by the creator of Salsa20/Chacha20 encryption Daniel Bernstein.

[irundebian]

Anonymous developers, no public code audits by renowned security experts. Haha.

[silur]

The encryption is both super-fast and well-tested, stream ciphers are more suitable in the era of internet voice and video calls, where you don't always know the length of the data to be encrypted, and using block ciphers will cause a (I know, negligible but...) latency because you have to wait for X bytes to fill a block.

[Tergolp]

EDIT: I'm asking because I found a few threads here at HackerNews telling us it is not secure to use and we shouldn't using it.

[silur]

Well it is indeed a point that it is yet to be reviewed by an acknowledged security company, and toxcore's last commit was in 2015. I'll search for one of these threads though

[Tergolp]

Thank you. I really do not know if I should use it for sensitive information on a daily basis.