What about the technical merits of Tox?
EDIT: It's done.
You would rather trust a huge corporation instead of a community-developed project?
http://dribbble.com/shots/479881-Secure-Chat
http://logopond.com/gallery/detail/165288
https://www.google.ca/search?q=secure+chat+logo - first page hit too
Not cool at all, "cool guys around the world".
--
(edit) Regardless of whether this was copied, over-inspired or independently conceived (but let's be realistic here), the generally accepted rule of the game is that the first to the finish line gets to keep the logo. I don't make my living with logo design, but I did kill a week of sketching, refining and re-balancing on this one and I do happen to like it a lot. For what it's worth, I wrote a P2P VPN system in the past (called Hamachi) and I am involved in p2p and crypto domains in general. So I expect you to extend some professional courtesy, change the logo and close this matter in an amicable matter.
EDIT: The logo was originally made in /gd/ (4chan's graphic design board), and since the board is archived I managed to track down the thread it was made in.
Here's a somewhat different version that people were playing around with at first (which also featured a lock, a speech bubble and a keyhole doubling as a person):
https://archive.foolz.us/gd/thread/86081/#86375
Then someone thought about moving the speech bubble to the keyring here:
https://archive.foolz.us/gd/thread/86081/#87186
And then after some iteration they got to the current version:
EDIT: and now I remember where I've heard that name before, as well: http://testrun.org/tox
Perhaps a rebranding effort is in order? That sort of work seems to be right up /g/'s alley? Google is your friend!
[+] [137 messages] "Bunch of people arguing about logo copyright & design for an open-source project."
This is still a pretty heavy argument about it on the 4Chan threads.
1.) Using a padlock to represent computer security.
2.) Using a cartoon chat bubble to represent a way to chat on your computer.
3.) Using a little oval on top of a bigger oval to represent a person.
Is it really that much of a stretch to combine the three? I would think that this concept would be pretty standard output from someone with even a moderate amount of visual communication skills.
It's a rather simple visual sentence and I can easily imagine quite a few people having come up with this concept.
Please realize that both logos are built on top of an already existing visual language and that neither of you are really all that original to begin with.
What matters is how similar the precise combination of visual elements are in the two logos.
Yes, it is possible that they were created independently. However, after looking at the "evidence" provided by Daiz, it seems more likely that an anonymous channer borrowed the design without crediting it.
Perhaps the person who made the logo for this project had the same idea as this commenter.
Is it possible that they simply had a similar idea? It doesnt appear that they lifted the logo as is. Look at the person in their logo; it looks quite different (it doesnt stop at the shoulders like yours does). Other things are also slightly different. These differences lead me to believe that they at least made their logo by hand. Now if it was inspired by yours i dont know. To be fair, that google link does NOT show me your logo anywhere on the page. Furthermore, I tend to go with the principle of Hanlon's razor[1].
Besides, the icon was made by an anonymous person so it's not really like we can blame anyone.
Isn't that convenient?
This will remove the unnecessary distraction for you. Note that this is not without precedent. Mozilla renamed Firebird to Firefox because of the community's opinion.
Respectfully disagree. The generally accepted law is clear enough, as I understand it: that you have (automatic) copyright over your own design work, but not your idea. (Bad Analogy: I am free to make a for-profit game about flinging red birds at pigs, but I can't use Rovio's code or the Red Bird graphic) If you work as a graphic designer, you need to understand how this impacts on your work.
If you wish to protect your design any further, you need to specifically register a trademark to prevent confusion between businesses in the same industry.
It's clear that they haven't copied your design - the appearance of the work is quite different - and besides it seems plausible or even likely they came up with the (very nice) idea independently.
This is also important to understand for people hiring graphic designers for freelance work - in the UK at least, the designer maintains the copyright for commissioned work unless contractually agreed otherwise (even though the business can still trademark it). In theory, the designer can later prevent you from repurposing one of their designs. For example, if you later decide to start selling merch for your brand, you may have to renegotiate with the designer.
Edited to carefully note: IANAL, take this as advice at your own risk.
Further international edit, from wikipedia, emphasis mine: The United States, Canada and other countries also recognize common law trademark rights, which means action can be taken to protect an unregistered trademark if it is in use.
1) Intellectual property laws state that the TOX project is not infringing on any copyright unless it directly takes assets from your logo. As you can plainly see, the TOX logo was created from scratch. 2) Even if intellectual property laws did work that way (again, they don't) it's also incredibly obvious that the TOX logo concept was arrived upon totally independently of your logo.
You have no legal ground to stand on in this regard, and a shaky ethical ground considering that you somehow think you're entitled to exclusive rights to this really quite generic idea. ESPECIALLY considering you've been sitting on this idea for well over a year - as far as I know, there's no risk of this project being confused with an existing brand or idea, and there are no actual pieces of software that use this logo.
I'm sorry that you feel like this TOX logo has violated your 'generally accepted rules'. Perhaps they aren't as general as you assume?
It is far from obvious. Linked posts show how they were stomping around a simpler logo for a long time busy with minor adjustments until someone posted a much improved logo, which just happened to be almost identical to the OP's. That was not an evolution.
But even that aside, you are viewing this situation all wrong. "Legalities", "legal ground to stand on", etc. The way Tox handled this is nothing short of peeing in a community pool. How do you envision Tox replacing Skype if the project leadership can't handle a simple dispute over a logo in a civilized manner? Look at latitude's creds, they should be wanting him on their side, but, no, let's mix him with a barrel of shit, because he dared to suggest that /gd/ might've ripped his work. Right on.
Either way - hope you and Tox come to an agreeable solution. For what it's worth I like your spin on it better :-)
Nice logo by the way.
The current Tox logo wasn't even the first proposed logo with the chat bubble/padlock idea. There were a lot of other ones. People were taking the idea from other logos and improving it. That's innovation.
You weren't the first one to come up with the idea; and even if you were, that doesn't give you exclusive rights to it.
Grow a pair and show some "professional courtesy" yourself by not giving a fuck.
Are you associated with them?
How could these guys have known it was "yours" ?
There's several other similar projects, but they are usually hard to set up and use for an average user.
Tox is FLOS software developed by community, and currently licensed under GPLv3. We are considering changing the license to something more permissive, so it would be possible to put it on the App & Win8 Stores.
Currently, it is in really early stages of development. But we already have basic IM, and nCurses interface. We use NaCl library for encryption and will probably add FFmpeg for video.
We are working on a cross-platform GUI using Qt5. Please note that the screen-shots on the main website are only mockups, and (in my opinion) should have been labeled as such.
Since the website is down, here's some links:
Subreddit: http://www.reddit.com/r/projecttox/
Core code: https://github.com/irungentoo/ProjectTox-Core
Qt GUI code: https://github.com/nurupo/ProjectTox-Qt-GUI
Website code: https://github.com/stal888/ProjectTox-Website
IRC Freenode chanel: #InsertProjectNameHere
First, If I'm reading the source correctly, they are doing public key encryption for every message. Which, ok, DJB was a fan of at least for DNSCurve, but is generally regarded somewhat dimly for efficiency reasons. So I guess this puts them on one extreme of the Bell Curve or the other. I wonder which?
[EDIT, removed point about nonce's in handshake]
Funnily enough, at first glance it looks like they covered at least some of the obvious issues: they do at least attempt to authenticate the session key and the crypto_box's use of a Nonce prevents replay and re-ordering attacks.
How do they handle video chat? Crypto_box won't work there naively sense packets will get lost and the nonce's won't be in sync.
We know.
Putting the nonces in the handshake along with the session public key was simple.
In the NaCl docs it is advised that if you can keep the nonces secret that you do so.
* Lossless UDP? Is there a reason not to do TCP?
* There is no way to know if the public key is genuine, so the system is very sensitive to MITM.
* The key exchange is inadequate. Why not do DH if it's just to have session keys?
* The system is very easy to brute force as the acknowledgement is based on a known plain text. This is very bad.
A quick glance at https://github.com/irungentoo/ProjectTox-Core/blob/master/co...
I found a potential buffer overflow at line 143. If an attacker sends a large file, what happens?
Making crypto software is not just a question of wrapping a crypo lib (in that case NaCl) with a GUI. There are some tricky security issues as how you use the crypto.
Comments like this:
> IMPORTANT: release two major sanctioned UIs, one for autists, one with inbuilt support for the previous list so that plebs can't get confused with setting it up and autists don't complain about it getting in their way. de geso > I would suggest a "Advanced options" where the autists can rejoice with all kinds of options (and it doesn't frighten the normalfags, since it's not shown by default). Also, 2 UIs would be chaos to maintain.
Talk about not needing to be an expert to use it, but then a "learn more" button sending people to github?
Not inspiring confidence so far.
It's nice to see they're using an existing crypto library. I'd be surprised if they haven't made errors implementing it.
https://github.com/irungentoo/ProjectTox-Core
Tox is a completely decentralized secure messaging service which aims to replace skype.
It it still in heavy development.
So far we have IM working almost perfectly but no completed GUI yet except for a basic ncurses interface used to test the core.
For the detailed info on how everything works see: https://github.com/irungentoo/ProjectTox-Core/wiki
I feel it's strange that your IP is shared to the world together with your public key, so it is, in this sense, anti-anonymous.
You cannot even use it with Tor, because it uses UDP.
Eg in XMPP, only your server sees your IP address until you initiate some out-of-band p2p thing such as file transfer. Federated client-server architectures such as email and XMPP are also pretty well understood by now, especially email has been around a long time.
Trade-offs, trade-offs everywhere!
What of the who/when/how-long/how-often metadata is evident when using Tox? As compared to normal skype or IM, that is?
0. How important is simplicity (modularity) to the project?
1. Will Tox work for user "idontrungentoo"? Will it compile on Solaris, BSD, etc.
2. Will the GUI be optional? If not, why is it mandatory?
3. Can Tox work without DHT? What if two users just want to call each other without connecting to tens, hundreds or thousands of strangers? If there are problems with the DHT, are they SOL?
It would be good to have competing teams all working on some similar system (a Skype alternative) and then have an open bake off, instead of just idle criticism in forums like this one. This way we could see which system actually works the best instead of just theorizing about design choices and taking random anecdotes from alleged users in forums on faith.
0: it's a lib, and there are at least 2 client being developed (ncurse and qt)
1: it currently compile on linux/os x/window
2: see 0.
3: no, but you could potentially host a "private" boostrap node and have a separate network.
Well, congratulations.
If the NSA is collecting everything, then it's possible to go back in time once you become a person of interest. This doesn't necessarily help you if you are actively planning something that the government is interested in, but if you become a political opponent to the NSA, they could look into your past for skeletons to blackmail you with. Who you are talking to may not give them enough information to do anything without the content of the conversations.
""" I see in 2013 you had many long encrypted conversations with someone we now know to be a pedophile, what were you talking about exactly """
PS You could also apply a simple Icecast and/or MPD video stream under those proctols, even [[stomp.github.io][STOMP]].
...who know what to do next after they click the 'download' button and are forwarded to a GitHub page. I'd like to give the app a try, but I look at that page and I don't know where to start.
Here are the most liked alternatives proposed on anther thread:
tala
whispr
mila
aspis
orwell
nota
extasi
eave
fabula
I'm guessing you know it means 'lock' in Hindi? http://translate.google.com/#en/hi/lock
[1] it's complicated.
You guys should really look into the WebRTC project ( http://code.google.com/p/webrtc/ ) so you don't re-invent the wheel with video conferencing with just raw ffmpeg. You could also make web browser clients in the future possibly. It takes quite a bit of QoS and other work to make video conferencing work right! Take advantage of the PhDs that google & co hire and re-use their full time jobs!
Would love to see a community project analogous to this one develop in the e-mail space since too many users find PGP to be cumbersome, despite some very nice implementations. Bitmessage and I2P's bote are both very interesting, but the prior project needs more experienced security people working on it (and some serious refactoring), and the latter suffers from the perceived issues of the "darknet" (not an issue for me, but...).
We're on it! https://parley.co will be entering pre-beta later this week. Maybe not technically a "community project" because it's being built by a company that is at least partly motivated by profit, but the whole thing is BSD-licensed so people can do whatever they want with it.
You're right that iOS isn't a completely secure OS.. But using a secure app on iOS is better than using regular SMS going through AT&T.
Perfect is very difficult to achieve here- Most PCs have nonfree a BIOS, and even then, many CPUs can be updated by encrypted updates from the manufacturer.
It very well might be possible to ensure that your machine isn't vulnerable... But you're not going to have many people to talk to.
I think the tradeoff for having an iOS app is worth it. It puts the users of the iOS app (and those talking to them) a bit more at risk, but doesn't compromise the whole network.
Let them make that tradeoff. It's better than talking to an empty room.
If we went with your way of thinking, most of my friends would never use Tox, thus making it useless to me, thus meaning I'd have to use a non-end-to-end-encrypted messaging protocol such as SMS or Facebook Chat.
I use a mac, and if it's compromised, I'd like to stop using it.
I'd consider changing the license for other reasons. What is the GPL getting you? If your desire is to have the most people using this software to increase security, you should follow openssh's lead and use an actually free license, or even public domain.
Hole punching.
>There is no way to know if the public key is genuine, so the system is very sensitive to MITM.
If you want to add someone you need their public key (their id) which is 32bytes (It's small because we use ECC instead of RSA). Unless someone somehow replaces the key (your id) when you give it to your friend the system should be secure.
>The key exchange is inadequate. Why not do DH if it's just to have session keys?
The key exchange is designed that way because we want forward secrecy.
>The system is very easy to brute force as the acknowledgement is based on a known plain text. This is very bad.
Can you please elaborate on this. If you are speaking about the the second part of the crypto handshake I can assure you that the fact that the plaintext is known is not a problem.
>I found a potential buffer overflow at line 143. If an attacker sends a large file, what happens?
The function read_packet is hard coded to never return something bigger than MAX_DATA_SIZE.
I ask why you don't use DH and you answer "because we want forward secrecy". DH has been designed for perfect forward secrecy. Therefore I fear we might have some sort of misunderstanding here.
You don't want to permit known plain text attack as "in depth defense" approach. If there is ever any weakness in your software, you want to make it very hard to exploit it. Known plaintext will make exploiting weaknesses in your PRNG very easy for example.
As for your last comment... If someone ever changes the behavior of read_packet, you're dead. So I'm sorry, but you have potential buffer overflow. Think in 4 dimensions Marty! :)
edit Shit, i'm wrong. I missed this line 599 of Lossless_UDP.c:
if (size > MAX_DATA_SIZE)
return 1;
That is the only section that verifies the size of the memory being copied, which is still dangerous. Every memcpy should enforce the size being no greater than the size of Data.data, and not rely on .size having been previously set properly.I will give you a high level example of what he is talking about. your software displays a public key to perform encryption. what 'the NSA' can do is put a proxy (or use your isp) in between you and the person you are sending data to. Then they can pose as the person you are sending data to by hosting their own public key to both you and the person you want to send data to. now they can decrypt information that you send, and then encrypt it with their private key and send it to the other person. NOW THE NSA CAN SPY ON YOU USING YOUR APP.
man in the middle attacks can get much more complex than that, but this should help you understand what is going on.
If you are attempting to write security software you should really at least learn crypto AND networking. it seems like you have not accomplished either of these.
You should have posted this at the chans, where I voiced some similar objections.
(Note that I said real-time. Buffering is fine for one-way communication, lousy for conversations)
>Comments like this
>> IMPORTANT: release two major sanctioned UIs, one for autists, one with inbuilt support for the previous list so that plebs can't get confused with setting it up and autists don't complain about it getting in their way. de geso > I would suggest a "Advanced options" where the autists can rejoice with all kinds of options (and it doesn't frighten the normalfags, since it's not shown by default). Also, 2 UIs would be chaos to maintain.
The project originated from 4chan's /g/ (technology) board. It works differently from Reddit and HN, since there's no karma, and the comments are anonymous.
This caused it to develop a unique culture. On one hand, it enables people to express their real opinions without being afraid of getting downvoted by hivemind. On the other hand, it attracts trolls and causes a lot of rudeness and offensive behaviour.
I like the website, because you can see the true nature of people, and you don't feel the pressure to say what everyone else wants you to say.
>Talk about not needing to be an expert to use it, but then a "learn more" button sending people to github?
We were working on this for only about a month, and Tox is not even in the alpha stage yet. Once we get the GUI working properly, we will surely upload binaries to the website.
Thanks for this.
I was there in rec.arts.anime.misc with m00t in 2002 when he decided to set up 4chan.
"User was banned for this post", in red, is my idea. "Bring back snacks" is my meme. I had the 10,000 GET. I created the first C-C-C-Combo! post, but not the first C-C-C-Combo Breaker! post. I'm still in contact with Cracky-Chan. I am a BBCode master, and I have read my SICP today. I helped keep the pool closed; I hate GaiaFusers nearly as much as I hate furries. I don't visit 4chan much anymore because, you know, newfguys, but I hope you kids are enjoying the place and not stinking it up too much. :-p
> We were working on this for only about a month,
I tend to be really harsh on crypto projects. Please, ignore anything I say. There are, however, some experts posting in this thread and I hope their advice is useful.
"I just got back from the store. I picked up some bananas while I was there."
Both sentences say the same thing. No, they are not completely the same, but neither are the logos in question.
If you want to talk about precise combinations of visual elements, there are LOTS of differences.
Look closely at the logos. The Tox logo makes the person more like a keyhole. The Secure Chat logo uses something more like a natural human silhouette. The ratios of the arc to square are different. The spacing is different. There's a bunch of differences. Frankly, my eye appreciates the the layout and design of the Secure Chat logo... the weights of the Tox logo are a little off... I DO really like the keyhole/person combo, though! So each design has its merits.
The only similarities are the padlock, the chat bubble, and the person.
Just like how in my textual sentences the only similarities are "store", "multiple bananas", and "at some point today".
The point is, the two sentences, one textual and the other visual, both "say the same thing" and are made up of "the same concepts" and "predefined elements of language"... and neither should be considered plagiarism or even that unique to warrant talking about originality...
Also, that "OMG you were talking to a pedo!" threat doesn't mean much of the conversations were innocuous. To make that threat, they would need a good confidence that you couldn't (for whatever reason[1]) just turn over chat logs proving that nothing was amiss.
[1] E.g. The chat reveals something you want to keep hidden, even if it doesn't relate to the fact that the person is a paedophile, or maybe the logs just don't exist, etc.
> A: Because delivering news without taking any risk is very important to us. There is a lot of information disclosure or secret news gathered on Channel 2. Few people would post that kind of information by taking a risk. Moreover, people can only truly discuss something when they don't know each other. If there is a user ID attached to a user, a discussion tends to become a criticizing game. On the other hand, under the anonymous system, even though your opinion/information is criticized, you don't know with whom to be upset. Also with a user ID, those who participate in the site for a long time tend to have authority, and it becomes difficult for a user to disagree with them. Under a perfectly anonymous system, you can say, "it's boring," if it is actually boring. All information is treated equally; only an accurate argument will work.
Like Oscar Wilde has said: "Man is least himself when he talks in his own person. Give him a mask, and he will tell you the truth."
Lag is also a pig sometimes.
Datagram protocols are just more natural for message-oriented communication.
There's a whole bunch of extensions/plugins/userscripts for HN out there, including ones that implement thread hiding. I personally use Hacker News Enhancement Suite for Chrome.
The only reason that occurs is because all the non-technical lurkers want a way to contribute.
Sit in the thread monitoring progress. Then congratulating progress when it's made.
Or, if they want to contribute without causing arguments. Go upvote this on Reddit, WOT, Twitter, and whatever else in a way which won't cause a shitstorm in /g/.
Even so, demanding that a FOSS project (with extremely limited resources) scraps a perfectly fine logo and starts from scratch just because a similar logo exists is simply not a reasonable demand.
Given the 4chan "culture" both you and I know what the answer would've been if he'd go via the private channels.
I see you're building on PGP, which has been historically confusing for non-tech folks, but I look forward to see what you've come up with to counter that confusion.
A couple of issues:
1. Not sure if you'll be using the same server/TLS cert for your actual web-based e-mail sender, but I got a giant warning on Android (Kindle Fire running Chrome for Android) about the certificate being invalid. It's probably the fact that you need to host the intermediate certificates on your site (i.e., the chain of trust is "broken"). If you are hosting them, then it might be this issue: http://www.unrelatedshit.com/2011/10/21/positivessl-not-work...
2. Again on the https, have you considered upgrading to TLS 1.1, or 1.2? You'd be able to offer ECDHE for forward secrecy, among other advantages. But you may have reasons for sticking with 1.0.
3. Are you vulnerable to SSL stripping attacks, like Moxie Marlinspike proposed? You are redirecting http requests to https.
Again, you may not be using this server for your actual registration, but just fyi.
One more suggestion: you may want to simplify the pricing. Do you really need 6 different categories? I'd try to eliminate at least 1, and ideally 2 or 3. Three categories may be the sweet spot (I think there's actual empirical research underlying this, but don't have time to search for citations). For a (non-scientific) summary of this, see: http://thinktraffic.net/most-common-pricing-mistake
Good luck, and feel free to e-mail me at my username @ gmail if you need a beta tester.
We are going to simplify the pricing, at least for the time being. Our beta is going to be more of a pre-beta, and completely free. Supporters will be able to pre-purchase a professional plan at less than half price, but otherwise we still have a lot of kinks to iron out before we feel comfortable charging for Parley (details will all be announced Thursday).
If you want in on the pre-beta, you can either sign up for the mailing list or check back at https://parley.co on Thursday :)
So how could the proxy pass for another person?
If you mean that it is communicated over TCP/IP(what i gathered from reading the doc), what is stopping someone who has access to whatever is connected to your IP from redirecting traffic to that port in order to do what was already discussed.
if you mean that it is shared in person off the internet, then what is the point of this program. Diffe Hellman, ECC, zero Knowledge proofs are all dependent on the discrete log problem being hard, so you might as well just start broadcasting to their ip with the key that they gave you in person instead of going through the trouble(and increase in vulnerability) of trying to establish that the person is who they say they are. maybe I'm wrong but I don't think that math is wrong.
in any case, I feel like the problem for this program stems from the fact that validating the IP address of the person is much more complicated than it seems. Its pretty much the reason centralized databases are needed for connections between people(those are bad things in our world now).
this is pretty much what is needed for this http://en.wikipedia.org/wiki/Web_of_trust
Edit: that said I haven't looked at their solution. Maybe it has the same issues. Or worse.
My guess was they wanted to handle things like video chat and file transfer that OTR doesn't handle. But at least for video chat, I don't think it NACL will work out of the box either
Trust me. The logo does not make or break your program.
Nevertheless, I stand by my remark regarding the pertinence of DH in that case.
I'm not sure what paper you're referring to but wouldn't be surprised if Diffie's name was on one of the first "forward secrecy" papers; that stuff is/was kind of Whit Diffie's beat (not "privacy" per se, but the higher-layer implications of public key cryptosystems). But Diffie-Hellman predates any formalized notion of forward secrecy by something like 20 years.
Please explain why shown plain text in this context would make exploiting weaknesses in their PRNG any easier...
When you finalize a logo, you typically run a quick due diligence (a Google search) to see if you reinvented a wheel. If you did, you scrape it and start afresh. Tox didn't do that and they should've.
If they came up with it independently(a very legitimate question given the similarity of the --- very nice by the way --- logo, but one they seem to have evidence for) then there seems to be no moral problem or even a legal issue.
You're basically claiming "I thought of it first, there for it's mine" which is both legally wrong in the US for copyright(independent creation is a defense) and morally bullshit in the same way that Amazon's one click ordering patent is.
Seems like you're invested up to the point when you're wrong, which is a pattern I've observed on this site in general.
Incidentally, your anecdotal "feelings" about whether something feels original or not make for a pretty weak argument.
1. http://aloonix.neocities.org/
2. https://github.com/notuncivil/host-as-image [2]
3. https://github.com/KittyKatt/screenFetch
4. https://4chan-x.just-believe.in/
6. http://biebian.sourceforge.net/
The above list is in no particular order.
[1] https://rbt.asia/g/thread/S35615929#p35616305
[2] Full disclosure: this code is mine and I am the one who proposed it for that list. I also submitted a Show HN for it.
You mean arguing about the second best GNU/Linus distro. Everyone knows the best distro is Gentoo.
Every good logo is trivial in retrospect, it's finding a strong concept that's a bitch. I looked at /gd/ thread and virtually all of it revolves around shaping a keyhole this way or that way. Then suddenly someone says - "Here, done". Turning an empty space into a chat bubble requires a step up, it's an altogether stronger and more complex concept. It is possible that another person came up with it independently, but also consider that with all the variety of secure messaging apps no one had thought of it before 2012. It's not an easy concept to stumble upon.
(edit) This is getting meta. It is plenty obvious that Tox fellas think they are in the clear and it's OK to recycle an existing logo. I think that it's not. That's hard to reconcile.
Again, I admit my word usage is a little bit liberal, but although I haven't done serious crypto for a couple of years now, I have the strange feeling you are nitpicking. Is it just a feeling? :)
I'm referring to this paper: http://link.springer.com/article/10.1007%2FBF00124891
Curiously, although I've always preferred DLP-based crypto, I actually never implemented any. So I gladly admit my knowledge of DH key exchange might not be as profound as I would like it to be.
I don't think I'm nitpicking: I see where you're coming from but I think you might be entirely wrong.
I don't know what it means to "prefer" DLP crypto. Over what? I just don't understand what you're trying to say with that last graf.
In essence, once you've agreed on a key you won't keep it to yourself (although you could, in theory). But am I missing the point? Are we talking about two different things? I'm talking about ZK from a mathematical point of view, you know, the cavern, the treasure, the two paths... (if you know this layman example about ZK)
Unfortunately I cannot go into details, but what I meant about my preference for DLP is that although I was mathematically more attracted to DLP based algorithms (when it came to asymmetric cryptography) I didn't really have the chance to "play" with them and spent more time with RSA.
So it's probable my knowledge of the DH key exchange algorithm is imperfect and last time I wrote crypto it was very mundane (it was using RC4, that's saying a lot!), so maybe I should just refrain from commenting about crypto.
I am not claiming this, this is how things work in the logo design industry. There are of course copyrights, trademarks and legal matters, but there are also professional ethics. Ideas and concepts are getting recreated all the time, that's life. But it's also why people post sketches and ask if anyone has seen anything similar, only to discard them and move to another concept.
As such, why not just leave the logo of Tox in peace? Especially since it's a FOSS project with noble goals (even if they have yet to reach those goals, which is not surprising considering how early in the development the entire project is) and not some commercial entity intending to profit off of it.
I have plans for it. It wasn't just an idle doodle.
In this case, the products/ideas are straight-up competitors.
This isn't competition. It's complaining on a professional level.
Oh wait