0.2.17 / 5 March 2022
|Operating system||Windows, Linux, OS X, Android, iOS, FreeBSD, OpenIndiana, Sailfish OS|
|Type||VoIP, Instant messaging, Videoconferencing|
Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.
The initial commit to GitHub was pushed on June 23, 2013, by a user named irungentoo. Pre-alpha testing binaries were made available for users from February 3, 2014, onward. On July 12, 2014, Tox entered an alpha stage in development and a redesigned download page was created for the occasion.
Users are assigned a public and private key, and they connect to each other directly in a fully distributed, peer-to-peer network. Users have the ability to message friends, join chat rooms with friends or strangers, voice/video chat, and send each other files. All traffic over Tox is end-to-end encrypted using the NaCl library, which provides authenticated encryption and perfect forward secrecy.
Tox makes no attempt to cloak your IP address when communicating with friends, as the whole point of a peer-to-peer network is to connect you directly to your friends. A workaround does exist in the form of tunneling your Tox connections through Tor. However, a non-friend user cannot easily discover your IP address using only a Tox ID; you reveal your IP address to someone only when you add them to your contacts list.
Tox clients aim to provide support for various secure and anonymised communication features; while every client supports messaging, additional features like group messaging, voice and video calling, voice and video conferencing, typing indicators, message read-receipts, file sharing, profile encryption, and desktop streaming are supported to various degrees by mobile and desktop clients. Additional features can be implemented by any client as long as they are supported by the core protocol. Features that are not related to the core networking system are left up to the client. Client developers are strongly encouraged to adhere to the Tox Client Standard in order to maintain cross-client compatibility and uphold best security practices.
Though several apps that use the Tox protocol seem similar in function to regular instant messaging apps, the lack of central servers similar to XMPP or Matrix currently has the consequence that both parties of the chat need to be online for the message to be sent and received. The Tox enabled messengers deal with this in separate ways, some prevent the user from sending the message if the other party has disconnected while others show the message as being sent when in reality it is stored in the sender's phone waiting to be delivered when the receiving party reconnects to the network.
The Tox core is a library establishing the protocol and API. User front-ends, or clients, are built on the top of the core. Anyone can create a client utilizing the core. Technical documents describing the design of the Core, written by the core developer irungentoo, are available publicly.
The core of Tox is an implementation of the Tox protocol, an example of the application layer of the OSI model and arguably the presentation layer. Implementations of the Tox protocol not done by the project exist.[failed verification]
Tox uses the Opus audio format for audio streaming and the VP8 video compression format for video streaming.
Tox uses the cryptographic primitives present in the NaCl crypto library, via libsodium. Specifically, Tox employs Curve25519 for its key exchanges, xsalsa20 for symmetric encryption, and Poly1305 for MACs. Because the tox protocol can be used by many different applications, and because the tox network broadcasts the used client, it is also possible for clients to use additional encryption when sending to clients which support the same features.
A client is a program that uses the Tox core library to communicate with other users of the Tox protocol. Various clients are available for a wide range of systems; the following list is incomplete.
|Name||Operating system||Written in||Development status & comments|
|Antidote||iOS||Swift||Abandoned (see project's GitHub page)|
|Antox||Android||Scala, Java||Abandoned, last update in December 2017|
|Cyanide||Sailfish OS||C++||Abandoned, last update in Jan 2017|
|gTox||Linux||C++ (GTK+ 3)||Abandoned (see project's GitHub page)|
|qTox||Linux, FreeBSD, OS X, Windows||C++ (Qt)||Active|
|Toxic||Linux, FreeBSD, OpenBSD, DragonflyBSD, NetBSD, Solaris, macOS, Android||C (Ncurses)||Active|
|Toxy||Windows||C# (WPF)||Unmaintained (see project's GitHub page)|
|Toxygen||Linux, Windows||Python (Qt via PySide)||Active|
|µTox||Linux, FreeBSD, OS X, Windows||C||Active|
|xWinTox||Linux, FreeBSD, Solaris||C/C++ (FLTK)||Abandoned, last update in Dec 2015|
|Isotoxin||Windows||C++||Abandoned last update in Mar 2018|
|ratox ||Linux, BSD, OS X||C||Abandoned|
|WebTox||Web-based||HTML5 (client) + Go (server)||Abandoned, last update in Jan 2016|
|yat||Linux, Windows, macOS||Vala||Active|
There are also Tox protocol plugins for Pidgin (no longer maintained, but working as of 2018-03-30) and Miranda NG.
At July 11, 2015, Tox developers officially announced their disassociation with Tox Foundation, due to "a dispute over the misuse of donated funds" by Tox Foundation head and CEO, according to LWN.net. Due to domains being in control of the Tox Foundation, main development of the project was transferred to a new infrastructure, servers, and new domain.
Tox received some significant publicity in its early conceptual stage, catching the attention of global online tech news sites. On August 15, 2013, Tox was number five on GitHub's top trending list. Concerns about metadata leaks were raised, and developers responded by implementing Onion routing for the friend-finding process. Tox was accepted into the Google Summer of Code as a Mentoring Organization in 2014 and 2015.