Tox.chat – P2P Secure Messaging App ON FIRE! But Is It Safe?
Tox.chat, a P2P-based messaging app, claims to give users a higher level of security than any other messaging service. We set out to find the reality behind the claims. Here's an in-depth look at Tox.chat's strengths and weaknesses, and tips on how to use it with confidence. Share
Tox.chat, an open-source messaging app that includes video calling, has been making waves with promises of never-before-seen security for messages and calls. Unlike other instant messaging (IM) apps, Tox.chat works over a P2P network.
By protecting all traffic on the app with superior encryption, Tox.chat promises you an easy way to stay in touch with your friends, family, and coworkers without worrying about your chat history being sold, censored, or hijacked.
But how safe is Tox.chat to use, really? Is there any truth to the rumors that using the service exposes your IP address? If so, what risks does that exposure create?
We put Tox.chat to the test to see if it lives up to the hype, if the alleged vulnerabilities are real, and how you can make sure your data and devices are completely safe when you use it.
Features of Tox.chat
Tox.chat uses a peer-to-peer (P2P) network, which means that data is channeled through a vast network of user connections. There’s no central server where messages are stored – and potentially read or collected by third parties.
The software is free to use, but also readily available for anyone to modify or share since it’s open source. There are seven different versions, with a range of support for Windows, OSX, Android, and iOS, as well as alternative clients for Linux and BSD.
All of the clients support basic features: text messaging, audio and/or video calling, group chats, file transfers, and desktop sharing. Some clients have unique additional features – the Toxygen client, for example, offers faux offline file transfer.
You can download and use any of the clients at no cost, but bear in mind that they’re all still in development. That means you can expect exciting new features in the future, but some bugs in the present.
The best part? You will never see ads on any of the primary seven clients!
Potential Risks of Using Tox.chat
Tox.chat’s developers make bold claims of offering game-changing security in a private messaging service. Critics have answered with charges of major vulnerabilities that put your identity and data at risk.
As usual, the truth lies somewhere in between.
Shortcomings of Tox.chat’s encryption
First off, we can offer some reassurance. We’ve reviewed Tox.chat’s encryption protocols, and they are advanced and rock solid.
But as we’ve seen with the security failures of other messaging services like WhatsApp, the phrase “end-to-end encryption” leaves many big questions unanswered, such as: What data is encrypted? And more importantly, what isn’t?
In the case of Tox.chat, the encryption methods don’t hide your IP address, and that raises some legitimate concerns. Anyone you connect with via Tox.chat can see your IP, which means they can easily find out your exact location.
Even if you trust your contacts with your IP address, the information would be available to anyone who accesses their devices, including hackers. The risk grows with group messaging or video conferencing.
Concerns about Tox.chat’s network structure
One of the big selling points of Tox.chat is decentralization. A P2P network means there is no hub server where data is stored, which in turn means greater user privacy. However, some users have alleged that Tox.chat is not fully decentralized, after all.
More importantly, even a fully decentralized P2P network creates risk.
Specifically, using any P2P network involves some risk of DoS, malware, or spyware attacks because your connection is accessed by others on the network. This is one reason why many P2P services recommend always using a virtual private network (VPN).
Further testing is needed
Without doubt, the creators of Tox.chat have put many hours and a lot of effort into giving you an alternative to mainstream IM apps that have known security issues.
However, with all Tox.chat apps still in development, there’s no way to fully assess the risks. Fortunately, you don’t have to take any chances when you try out Tox.chat, because there’s an easy way to protect your devices and data right now.
Why You Should Use a VPN with Tox.chat
For all the good things it has to offer, Tox.chat can’t do one crucial thing – mask your IP address. This shortcoming is the root of all risks associated with using the service and one of the major reasons to use a VPN.
When you use a VPN, your true IP will be replaced with one matching the remote server you use. No other user, not even a cybercriminal who sneaks onto the network, could trace your traffic back to you.
This protection is especially important in countries with heavy government internet surveillance. By connecting to a server in another country, you can keep your use of Tox.chat completely invisible to the authorities.
We recommend using a well-established VPN that offers DNS leak protection and a kill switch. The kill switch stops data transmission if your VPN server connection drops for any reason, ensuring that your IP will never become visible.
DNS leak protection ensures that none of your data will make its way onto the public internet, where it would be vulnerable to eavesdropping by your ISP, government surveillance, or hacking.
The best VPNs strongly encrypt your messages and everything else leaving your device, while providing protection against tracking and malware. Extra layers of encryption on top of the encryption Tox.chat provides mean extra security.
Make sure to choose a VPN with lightning-fast network speeds to ensure easy messaging and smooth video calls. Finally, since Tox.chat is a P2P network, it’s best to choose a VPN that allows P2P activity, particularly if you exchange files.
You’ll find all of these features with any of our top-rated VPNs listed below.
The Best VPNs to Use with Tox.chat
NordVPN is an industry-leading VPN with advanced security features like Double VPN, which sends your data through two servers. The industry standard is only one, so NordVPN goes a step beyond to keep your identity and location hidden.
All NordVPN apps include a kill switch and DNS leak protection, making it an excellent sidekick to Tox.chat. NordVPN is based outside the 14-Eyes Alliance, so it’s free from data retention laws and doesn’t log any of your use.
With over 5,000 fast servers spread across 62 countries, NordVPN can help you safely stay in touch with friends all over the world. It’s also a powerful tool to unblock geo-restricted streaming sites like Netflix, which users love.
You can test NordVPN out with a 3-day free trial or purchase a plan with the assurance of a 30-day money-back guarantee.
ExpressVPN boasts the highest connection speeds of the hundreds of VPNs we’ve tested. The apps are user-friendly, use military-grade encryption, and automatically find the best server for your purpose.
A strict no-logging policy keeps you anonymous, and a hard-to-find split-tunneling feature is very handy if you need to connect to both a local network and the internet simultaneously. The kill switch is automatic and reliable.
ExpressVPN offers a 30-day money-back guarantee with a no-questions-asked refund policy, making it a great candidate for a test drive. It costs a little more than other top VPNs, but many happy users consider it more than worth its price.
CyberGhost’s straightforward, visual interface makes it easy to use the apps like a pro, even if you’re a VPN beginner. Preconfigured profiles for private surfing and P2P make it easy to find a server optimized for your Tox.chat purpose.
Both a kill switch and DNS leak protection are built into all CyberGhost apps, and the company operates beyond 14-Eyes scrutiny, in privacy-friendly Romania. Your Tox.chat activity will never be stored, since CyberGhost keeps zero logs.
You can try CyberGhost out with a 7-day free-trial on iOS and Android, and if you choose to purchase a plan of 6 months or longer, you’ll be covered by an impressive 45-day money-back guarantee.
PrivateVPN uses robust 2048-bit encryption with AES-256, so you know the provider takes your privacy and online security seriously. PrivateVPN also maintains a no-logging policy and offers both a kill switch and leak protection.
In spite of operating a relatively small network (only about 100 servers in 50+ countries), PrivateVPN consistently impresses users and experts with its reliably fast network speeds. Video calling on Tox.chat will be no problem with this VPN.
You’ll have to coax customer support to get it, but a 7-day free trial is available from PrivateVPN, and all subscriptions are covered by a 30-day money-back guarantee.
As advocates for internet freedom and security, we welcome any technology developed with the goal of protecting your privacy while you stay connected with your loved ones. Tox.chat and its developers fully deserve the praise they receive for their efforts.
The apps are free to use and free of ads, and the software is open source. Based on these factors alone, Tox.chat represents a major step up from most, if not all, other messaging options we have right now.
Nevertheless, using Tox.chat involves clear risks because your IP address is exposed. So while we applaud its creators, we remind you to protect yourself with a top-quality VPN whenever you use Tox.chat or any messaging app.