Their technical report barely even gives an overview of how the system works, certainly not enough to understand it and implement it. How have they gotten this far with such a vague design? I think it would be a miracle if Tox doesn't contain any glaring security bugs.