Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow easy transition to a new ToxID without having to start afresh #1580

Open
ghost opened this issue May 24, 2016 · 8 comments
Open

Allow easy transition to a new ToxID without having to start afresh #1580

ghost opened this issue May 24, 2016 · 8 comments

Comments

@ghost
Copy link

ghost commented May 24, 2016

With Tox, if somebody gets physical or remote access to your machine somehow and steals your Tox profile as well as your password (if it's an encrypted profile) then they will be able to log in as you on another machine and talk to your contacts as well as receive messages, so currently the best thing to do (the only thing) is to create a new Tox profile and just tell all your contacts to add the new one and remove the old one. You can't just change your password and have done with it like something with central servers, which to most degrees is a good thing, but it does mean that one has to create a new profile and have all of that hassle.

So I think that it would be really good if Tox would allow users through the Tox clients to be able to in these circumstances just click a button which would basically mean that a new Tox profile is created with a new ID and everything except for the fact that the transition is barely noticeable for the user as the client will automatically then send a message to all contacts with the new ToxID. Depending on the client it will then either switch in the new ToxID automatically or ask/prompt the user about this. And non of the user's preferences will be lost.

I think that this would be a really good option to have so that when users have such security problems they don't have to shake things up setting up a new profile and re-adding all of their contacts again and also the contacts won't be forced to remove and add new ToxIDs as it will be all sorted out in the background and the security risk removed.

I am filing the report in toxcore rather than a Tox client because I am not sure if toxcore gives clients all the necessary abilities to be able to do this, but if I am wrong please let me know and I will file this with individual clients.

@GrayHatter
Copy link
Collaborator

What's to stop someone from using this to block you from contacting your friends?

Eg. issues the "please use this new ToxID" command -> then reverts to the previous save file.

Your contacts ignore your old ToxID, and now you can't talk to any of them?

@ghost
Copy link
Author

ghost commented May 24, 2016

@GrayHatter, Well, maybe this would be the reason why then it would be good if it only prompted your friends and made them aware of what has happened but that they should contact you through other means to make sure of your situation as this could in fact be the bad guy. I don't know, it could be used for bad and for good, maybe then it's best to give the user the power but to well inform. I just think an easier way for creating a new profile after an old one is compromised is needed that easily adds all your contacts etc... But if the other contacts are told all they need to know in a little box that comes up when this happens then well that's probably all you can do and it's then up to them... As it would be if the hacker just created a new profile, sent a request to the friend (getting the ToxID from the compromised profile) and then convinced them that the old profile was in fact the bad and compromised one.

@ghost
Copy link
Author

ghost commented May 25, 2016

@GrayHatter, I think that even if all it does is allow the creation of a new key set and everything so that for the purposes of security it is a new profile, if it just sends requests to all contacts (or perhaps when you click on a contact it tells you you will need to send a new request to them and it gives you a button) and perhaps mentions to them in a little box that this is a profile created from the base of their contact's profile (if it were a hacker this would be useful information too as when they alerted the person they would know that they had got the previous profile so they probably should get a new profile too). That would be all really, it could also ask the contact if they would like to also keep the old profile as a contact or whether they would like for it to be removed for convenience if they are sure that the new profile contacting them is not just a hacker (like before accepting any request hopefully they will have checked through other means that it is the actual person).

But basically it would just be useful to easily be able to create a new profile but with all your old settings and contacts there at least to some degree so that you don't have to get all of their ToxIDs again even if you have to request to be their contact again.

@ghost
Copy link
Author

ghost commented May 25, 2016

This is an issue for toxcore isn't it by the way? This isn't something I should really be filing for individual clients is it? I mean, I don't know if there are the facilities provided by toxcore already to do this?

@GrayHatter
Copy link
Collaborator

That design idea isn't bad. But it's probably more of a client issue /
feature request
On May 25, 2016 12:31 PM, "SeventhSonOfASeventhSon" <
[email protected]> wrote:

@GrayHatter https://github.com/GrayHatter, I think that even if all it
does is allow the creation of a new key set and everything so that for the
purposes of security it is a new profile, if it just sends requests to all
contacts (or perhaps when you click on a contact it tells you you will need
to send a new request to them and it gives you a button) and perhaps
mentions to them in a little box that this is a profile created from the
base of their contact's profile (if it were a hacker this would be useful
information too as when they alerted the person they would know that they
had got the previous profile so they probably should get a new profile
too). That would be all really, it could also ask the contact if they would
like to also keep the old profile as a contact or whether they would like
for it to be removed for convenience if they are sure that the new profile
contacting them is not just a hacker (like before accepting any request
hopef ully they will have checked through other means that it is the actual
person).

But basically it would just be useful to easily be able to create a new
profile but with all your old settings and contacts there at least to some
degree so that you don't have to get all of their ToxIDs again even if you
have to request to be their contact again.


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#1580 (comment)

@SkyzohKey
Copy link

Required for this to work securely:

  1. Recovery pass-phrase (like bitcoin wallet' ones)
  2. Contact sharing

@ghost
Copy link
Author

ghost commented May 26, 2016

@SkyzohKey: That first one is a really good idea!

@GrayHatter
Copy link
Collaborator

IMO, my multidevice spec is a better solution for this...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants