[Tox Support] Does the tox protocol send the real external ip address

Sun Feb 10 22:56:58 UTC 2019

As far as I can tell the answer is "it's complicated", but I believe the
answer is "no". Tox doesn't appear to use Tor by default, but it will
use Tor if you use the SOCKS5 proxy. I'd encourage you to look into the
links below to really understand how the system works so you can be
confident that it actually meets your goals.

The problem of peer finding is an interesting one in distributed chat
systems which intend to conceal metadata.  The way Tox does this is
described here:
https://github.com/TokTok/c-toxcore/blob/master/docs/Prevent_Tracking.txt

The document never defines DHT, but it stands for Distributed Hash
Table, which is an algorithm many different networks use to publish data
in order for two nodes to find each other.

Based on those documents, it looks like Tox does not force people to use
Tor, but instead its own onion routing.  Line 39 from the document
linked above states that Bob is creating an onion, however Bob finds a
bunch of random nodes prior to that.

This doesn't seem to be a privacy concern because all an observer can
tell is that a specific IP is using the Tox network.  The observer
doesn't necessarily know who that person is (as identified by their
public key).  In other words, there's no way to prove that the person
using Tox from that IP is Person X. Whether or not this is an acceptable
level of anonymization or not is subjective, but at the end of the day
the sender's computer has to send packets if it wants to communicate, so
most people consider the ability to link a specific communication to a
identity (username, first/last name, long term cryptographic key, etc.)
a problem.

It is possible to use Tox over Tor via the SOCKS5 proxy option. See:
https://github.com/TokTok/c-toxcore/issues/475

Another thing which may be of interest to you is that it is possible to
find peers on the same LAN as you, in which case the packets will not go
over Tor (but nor will the go over the Internet).  This is not "the real
external ip address", so it doesn't directly apply to your question, but
it's something I thought you may want to be aware of.  My guess is that
this code is not used if you're going through a SOCKS5 proxy, but I
haven't confirmed that myself.  If you want to see the code which sends
out messages to the broadcast address on the LAN, it's here:

https://github.com/TokTok/c-toxcore/blob/master/toxcore/LAN_discovery.c#L229

On 2/10/19 3:40 PM, Dara Glennon wrote:
> Does the tox protocol send the real external ip address over the network
> even if the data is tunneled over tor. This can be an anonymization
> issue such as with bittorrent, the real external IP is sent over tor
> over the p2p protocol. 
> Thanks
> 
> _______________________________________________
> Support mailing list
> Support at lists.tox.chat
> https://lists.tox.chat/listinfo/support
> 