Tox   looks like a promising solution for secure, encrypted communications. The official client implementation is based on the Toxcore protocol library, which is very feature-rich and has a variety of functions besides VoIP. By default, Tox does not attempt to cloak your IP address from authorized contacts. However, Tox connections can be tunneled through Tor, allowing communication with others even if they are not anonymous.  Desktop and mobile client versions have been developed for every major OS platform. 
In the Tox design, users are assigned a public and private key, with direct connections being established in a peer-to-peer network. Users can message friends, join chat rooms with friends or strangers, and send each other files. Everything is encrypted using the NaCl crypto library, via libsodium.   Tox helps to protect user privacy by: 
- Removing the need to rely on central authorities to provide messenger services
- Enforcing end-to-end encryption with perfect forward secrecy as the default and only mode of operation for all messages
- Making your identity impossible to forge without the possession of your personal private key, which never leaves your computer
- Voice and video calls.
- Instant messaging.
- Desktop screen sharing / streaming.
- File sharing.
- Typing indicators.
- Message read-receipts.
- Profile encryption.
- Group messaging, voice and video conferencing.
Additional features can be implemented by any client, so long as they are supported by the core protocol. Features that are not related to the core networking system are left up to the client. 
The following instructions will install the "qTox" graphical user client. As qTox is not currently available as a stand-alone Debian package, users have three choices in late-2018:
- Build the package from source (difficult).
- Rely on an unsigned, self-contained AppImage downloaded from the Tox homepage (insecure).
- Install Flatpak from stretch-backports and then install Tox from the Flathub repository (easiest).
It is recommended to create a separate Whonix-Workstation before installing addtional software. Tox is also alpha software which has not been formally audited, therefore it is less trusted.
1. Boot Whonix-Workstation (
2. Add the current Debian stable backports codename
stretch-backports to Debian apt sources.
Note: this applies to Whonix 188.8.131.52.6. Later Whonix versions may use a codename different to
In Whonix-Workstation (
whonix-ws-14) TemplateVM, run.
sudo su -c "echo -e 'deb http://http.debian.net/debian stretch-backports main contrib non-free' > /etc/apt/sources.list.d/backports.list"
Alternatively, users who like Onionizing Repositories can set the .onion mirror.
sudo su -c "echo -e 'deb tor+http://vwakviie2ienjx6t.onion/debian stretch-backports main contrib non-free' > /etc/apt/sources.list.d/backports.list"
3. Update the package lists.
sudo apt-get update
4. Install the select software.
sudo apt-get -t stretch-backports install flatpak
The procedure is now complete.
On occasion it is necessary to undo this configuration, for example when upgrading from Debian
buster.  To proceed, run.
sudo rm /etc/apt/sources.list.d/backports.list
Add the Flathub Repository and Install qTox
Flathub is a common place to source Flatpak applications. To enable it, run.
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
Next, restart Whonix-Workstation to allow flatpak to finish setting up.
To install qTox from flathub, open a terminal (Konsole) and run. 
flatpak install flathub io.github.qtox.qTox
To launch qTox, run.
flatpak run io.github.qtox.qTox
TODO: Add instructions on how to use Tox with Stream Isolation without Tor over Tor.
TODO: Add instructions for Qubes-Whonix.
- Depending on the mobile / desktop client in use.
- Users should Prefer Packages from Debian Stable Repository, but using backports is better than manual software installation or using third party package managers since this prefers APT. To contain the risk, Non-Qubes-Whonix users might want to consider using Multiple Whonix-Workstations and Qubes-Whonix users might want to consider using Multiple Qubes-Whonix TemplateVMs or Software Installation in a TemplateBasedVM.
- Most often this step applies before attempting major Whonix upgrades; upgrade instructions are also made available at that time (see Stay Tuned).