[feature request] Same account should be able to be online simultaneously from several locations

[yurivict]

Problem: Users would like to use the same account on the desktop and on the mobile devices so that contacts wouldn't need to know which account to call to reach them.

Currently: When I copied ~/.config/tox directory over to another system tox seems confused and shows contacts going online/offline all the time.

How it should work: Several instances of the same account should be able to register on the network at the same time. Messages sent to the account should go to all of the instances if they are online. Messages that reached only some of the instances should sync with the other instances when they come online. Voice/video calls should ring on all accounts, but can be answered on one of them.

I remember that skype did something like this. This feature is very natural and convenient for users.

[ProMcTagonist]

Multidevice is in development by @GrayHatter. He's made it clear that it won't work as you've described because sending private keys over the network is a security nightmare, but the effect will be the same.

Maybe you can retitle your issue as a request for multi-account?

[yurivict]

By "key exchange" here you mean the transfer of the account from one machine to another? This is achieved, for example, by copying the directory. This isn't a nightmare. Otherwise, no additional key transfers are required (over the network) during the Tox session.

[GrayHatter]

In respect to multi-device. Using the same key on multiple devices, and the
transfer of that key via multi-device would be problematic.

A sneakernet transfer wouldn't share those issues. Which is what I believe
the request means.

But the current implementation wouldn't allow the same keypair to have two
different addresses. Changing would be a huge rewrite, that I believe would
be less secure. So I'm against this idea.
On May 21, 2016 12:29, "yurivict" notifications@github.com wrote:

By "key exchange" here you mean the transfer of the account from one
machine to another? This is achieved, for example, by copying the
directory. This isn't a nightmare. Otherwise, no additional key transfers
are required during the Tox session.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#1576 (comment)

[yurivict]

Changing would be a huge rewrite, that I believe would be less secure. So I'm against this idea.

This is a very useful feature, the way how users expect it to be, regardless of that this is a rewrite or not. Why is this a huge rewrite? This feature requires these elements:

• Register the account on the network multiple times vs. only once
• Send messages to all instances of the recipient account
• Sync between instances when the additional instance comes online

[GrayHatter]

On May 21, 2016 13:02, "yurivict" notifications@github.com wrote:

Changing would be a huge rewrite, that I believe would be less secure.
So I'm against this idea.

This is a very useful feature, the way how users expect it to be. That
this is a re-write doesn't change this fact. Why is this a deep re-write?

Because the messenger of toxcore has no concept of individual connections
being separate from a contact. So you'd have to rewrite the
messenger/connection interface.

This feature requires these elements:

Register the account on the network multiple times vs. only once

How would you expire/timeout connections?

How would you stop a single connection/user from connecting hundred of
times and DOS'ing the network/relays?

Send messages to all instances of the recipient account

How would you know if someone stole your account and is listening in to
your conversations?

Would you use separate crypto sessions per instance or reuse them?

Syncing between instances of the additional instance comes online

So many questions here. This is very complicated to do correctly. And also
better solved by the multi-device spec I'm working with.

But how would you recover if you lost a device?

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub

[yurivict]

And also better solved by the multi-device spec I'm working with.

Could you please provide the link for the spec?

[GrayHatter]

https://docs.google.com/document/d/1op6zGR0KYdF7tTWSSX79KQieJu30vLZ6XG327kIBhxQ/edit

[yurivict]

Ok, thanks, I like your spec.

[Xykun]

How would you know if someone stole your account and is listening in to your conversations?

It would not be a viable security on it's own, but adding something like a popup or maybe a number written next to your nickname showing how much devices the account actually has connected at the same time can be good. Since you could once have an accredited device stolen and used without acknowledging. (just throwing this suggestion to help, nevermind if it doesn't)

[yurivict]

@GrayHatter Do you have an estimate for the ETA of multi-device feature?

[GrayHatter]

Currently without more contributors or donations. The earliest could be end
of this year. But even that's not super likely.

On Aug 14, 2016 12:40, "yurivict" notifications@github.com wrote:

@GrayHatter https://github.com/GrayHatter Do you have an estimate for
the ETA of multi-device feature?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#1576 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAO20H1PX7V5Qjic590YieX3MxvQK_W6ks5qf28dgaJpZM4IjrVS
.