Computer Security: Setting Up Tox messenger

What is Tox?

It’s an instant messaging protocol with applications available for all the most popular operating systems.

What are the benefits?

1. peer-to-peer: no central point of failure or interference
2. no metadata: related to point 1, no third party can see who you are messaging, when or from where
3. encrypted: content of messages are encrypted
4. perfect forward secrecy: each message is encrypted with a separate key, so that decrypting one message does not allow an attacker to decrypt your previous messages (this is an advantage over GPG encryption)

What are the shortcomings of Tox?

1. new/alpha software not all apps have full functionality (i.e. no group messaging on Antox for Android), and software can be buggy
2. untested related to it’s newness as well as the relative complexity of a full messaging app, the encryption/security of Tox is not as well tested as GPG
3. peer-to-peer: This is not really a shortcoming, but you should be aware that when you use Tox with someone, while no one else should be able to see where you are messaging from, the persyn you are communicating with has access to your IP address by default. This is much better than most other apps out there, and it can mitigated by running Tox behind the Tor network. Below are instructions for how to do this.

How to run TRIfA behind Tor on an Android device

1. install Orbot and TRIfA both are available from F-Droid repositories if you don’t have or don’t want to use Google Play Store
2. open Orbot
3. click the button to turn on “VPN Mode”
4. at the bottom where it says “Tor-Enabled Apps” click the little gear wheel on the right
5. on the following screen check the box for TRIfA and any other apps you want to be forced through Tor
6. hit the back arrow
7. in orbot click the big “Start” button.
8. once orbot has a connection to Tor open TRIfA app and follow instructions for setting up your account

How to install Tox messaging app in Tails OS

[NOTE: If you were already using Tox in Tails, you should back up your config files before installing Tox again. Go to Places -> Dotfiles, then hit ctrl-H, then go into .config folder and copy the folder named “tox” and all its contents to your Persistent folder as a backup.]

• In Tails set up Persistence for dotfiles, applications and personal data following directions here: https://tails.boum.org/doc/persistent_storage/configure/index.en.html#index13h2<
• reboot Tails

• at login screen, first set up administrative password 1) click the “+” under “Additional Settings”

         2) click "Administrative Password"
  
         3) enter a password you will remember in both boxes and click "Add"

• enter your password you set for persistence and click “Unlock”
• once it says “Settings were loaded from the persistent storage” click “Start Tails”
• go to Applications -> System Tools -> Synaptic Package Manager
• you will need to enter the administrative password you set above (not persistence password)
• Synaptic will load the list of available software - will take a couple minutes and requires network connection

• click the search button and type in “qtox” or “utox” depending on which client you want

  Which should i pick?

        qTox, because uTox seems to crash every time you change settings in Tails, however, uTox is the lighter one, so slow computers might prefer it
  
        https://github.com/qTox/qTox
  
        https://github.com/uTox/uTox
  
        NOTE: the versions available in the stable debian repos will often be older than the latest versions on github, you can install the latest version but this guide will not cover that

• right-click on the package you searched for and click “Mark for Installation”
• it will ask if you want to install additional required packages, click “Mark”
• click “Apply” button, then click “Apply” on the screen that comes up – it will now download and install tox packages
• you should get a Tails popup asking if you want to Install Every Time - click that and this will occur automatically next time you boot Tails
• you can close Synaptic
• Run qTox by going to Applications -> Internet -> qTox (or uTox)
• create a Tox ID - password protect it in settings->Advanced

• Set tox up to use Tor

          IN qTox: click the gear in lower left and go to Advanced settings
  
          1) uncheck enable IPv6 and uncheck enable UDP (probably already off)
  
          2) Proxy type: SOCKS5
              Address: 127.0.0.1
              Port: 9050
  
          3) Click "Reconnect" - wait a bit and the circle next your name should turn green when you connect (also probably in your top menu bar)
  
          IN uTox go to: settings->Advanced
  
          1) Proxy (SOCKS 5) Address: 127.0.0.1   Port:9050
  
          2) Force uTox to always use proxy
  
          3) turn off Ipv6
  
  4) turn off UDP
  
         NOTE: sometimes changing these seems to cause uTox to crash, the important setting is the proxy to make sure it's connecting to Tor
  

• Shutdown qTox/uTox IMPORTANT: must do this before the below!

In order to save any settings, including your Tox ID keys, and your friends, you need to copy the files automatically stored in your dotfiles to the permanent persistent folder. More background on how to save dotfiles: https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html#index11h2

local/temporary dotfiles in RAM are found here: /home/amnesia/.config/ permanent persistent dotfiles folder is here: /live/persistence/TailsData_unlocked/dotfiles/.config/

These files/folders are probably hidden. To see them, if you are in the file folder view click on the icon with three horizontal bars at the top and check the box to show hidden files.

To find these folders in a finder window: Click on Other locations at the bottom, then select computer. There you will see live and home folders

You need to move the tox folder and all its contents from the first location to the second. There should be two files in the tox folder: “tox_save.tox” and “utox_save”, then as you add friends files will be created for their info and your conversations if you choose to have conversations saved in the app.

The first time you do this copying over you will need to create the .config folder in the /live/persistence/TailsData_unlocked/dotfiles/ location if it’s not there already.

Command to use in terminal window when in the folder you want to copy TO: cp -r /home/amnesia/.config/tox /live/persistence/TailsData_unlocked/dotfiles/.config/

NOTE: Doing this using sudo (root user) will change file ownership to root. File ownership MUST be amnesia.

To check file ownership in Terminal:

 $ls -lah

To change file ownership in Terminal:

 $sudo chown amnesia:amnesia 

Connecting with others

To connect with others you must send them your Tox ID. This is not your name, your name is for display purposes only.

• click on your name/status in upper left
• you should now see your Tox ID as a long string of characters and a QR code, you can copy the long string into an PGP encrypted email and email it to your contact (if in persyn/on mobile they can scan the QR code, or you can send the image to them)
• if someone send you their Tox ID, in qTox click the “+” in bottom left and paste the code in “Add a Friend” -> Tox ID, similarly in uTox, paste your friend’s Tox ID into the Add Friend at bottom left.
• click “send friend request” and wait for their response - this is best done when you know the friend is online because you must both be online to exchange messages

Updating utox

Tails will automatically install the latest version available in the debian stable repo. Installing newer versions is beyond the scope of this guide.

Troubleshooting utox in Tails suggestions

• Delete the tox files from BOTH .config locations above
• Reinstall tox
• Run tox: it will create new files into your local .config folder
• Shut down tox. Move new tox_save.tox and utox_save over to persistence .config folder
• Try rerunning tox to see if your ID is persistent within a tails session. If so try restarting tails to see if it is persistent now.