|
|
|
|
|
|
by throwaway31763
3397 days ago
|
|
|
I thought they were already compromised since both these services use SMS authentication; since the defaults AFAIK aren't particularly concerned about a change in the public key, it's broken for anything secure anyway. Tox on the other hand seems much more secure... though I guess if you're phone is compromised you're pretty much screwed to start with (which is not too hard with all the bloatware one needs these days). |
|
|
Long story short: if someone obtains your Tox private key, they are able to impersonate you in the conversations with other people without you realizing it.
Tox developers admitted this was an issue. Fixing this means changing the protocol itself (which will affect everyone).
Tox is still experimental (which they admit here: https://github.com/TokTok/c-toxcore/issues/426) and it is not advisable to use it.