Tox makes no attempt to cloak your IP address when communicating with other users, as the whole point of peer-to-peer is to connect you directly to your friends. A workaround does exist in the form of tunneling your Tox connections through Tor.
– Tox Wiki
My concern is at what level on the Network’s stack would it be implemented at, how would this affect the privacy offered by the SAFE protocol, and how might those effects be mitigated?
To start, I’d say that relay nodes may be able to act as a buffer - much like the work around with Tor that they define in the quote. Or perhaps for low-latency applications cloaking your IP address may not be needed. However I would caution against this second argument as security should come first.
So could this/should this be run on top of the network? I recall David Irvine saying that the plan for videochatting etc. was to give people a secure connection and then just let them talk P2P.
If you mean secure connection as opposed to anonymous connection then yeah, this’d work just fine. It works on the IP level, which the Network’s Stack is based on top of. So while the network could be used for key exchange, etc., the actual connection would be at the IP level. But secured. I think @dirvine (if he did say that, I’m not sure where if he did - but it sounds about right) would have meant that it’s up to another P2P program to use that once the two entities found each other. This would do just that.
Another thing that I’m wondering is that I doubt very much that it uses random ports such as does the Network. But once again, if we’re just shooting for secured (and not anonymous) connections, then this is of no concern.