If you're running a multimillion dollar drug operation and you're too incompetent to set up, or too cheap to pay someone to do in your place what most home-labbers could with a couple hundred bucks of hardware, then you're going to get caught and you probably deserve it.
Realistically xmpp over i2p or tor on a disposable live-booting OS would be the best answer. Shit even a one-time-use pay-as-you-go gas station burner woulda been better in most cases. Failing that, you should at least plant yourself in a corrupt enough country and just pay off the local law-enforcement.
If you can't do opsec and own your own comms, then why the fuck would you break international law like that?
I tried to use tox cli client and it's barely usable. Gui clients just half baked barely products. Adding to the piling bad reputation of the development team ( some fraud, adding backdoor ip leaks ) I think it's enough to bury tox
Some time ago the project itself seemed nice (toxcore github included) and there were a few nice little clients which even worked, ratox was especially cool (a fifo client), I've made an attempt to switch friends\family to tox back then, and we used toxic and utox for voice calls with one my friend instead of skype.
However, since then it seems as if the changes were not positive.
It's really sad, because it felt as the closest thing to come ideologically to replacing skype with a free and open source technology. I'd say something architecturally similar to tox plus activitypub-connected directory\identity (and maybe history) servers would be a success.