I want to chat, VoIP and video-conference with my friends without giving away any metadata to third parties. I thought about using Tor (Tox, Briar) and other decentralized applications (Status, something using gun.js), however there were some caveats: Briar didn't support VoIP/video, Tox should work, but for some reason I can't find enough coverage about it - it seems like not many people use it even though it should meet the above requirements. Status (whisper protocol) didn't seem well suited for VoIP/video neither. I'm not sure if there are any VoIP/video Dapps using gun.js already?
Is there any way to establish a connection via UDP hole punching that will stay, so that peers let each other know each time IP changes (our ISPs change IP every month or so) without any outside STUN/randevouz-like server?
It's not about building a peer-to-peer network, but a private point-to-point connection. If this was possible, even if our ISPs still collected metadata from it, I assume one could still hide it completely via a Tor/VPN layer on top later on.
It is possible if you can control your home router (NAT router) and be able to set port forwarding to your own computer/device in the internal network. Many home routers have that option. Practically you have to agree with your friends on the ports to use and then let each other know the public IP of your home router.
I said ports because depending on the application/protocol you want to use, you may need more than one (e.g., one for signalling protocol, one for audio stream and one for video stream -- this is common for VoIP with Session Initiation Protocol/SIP). If you want a multi-party mesh conference call, you need more forwarded ports.
You also need to configure your chat application to use the ports where the traffic is forwarded. Some SIP client applications allow that.
Then it is about distribution among the peers of the public IPs for home routers. There is the option for dynamic DNS, where the home router can push the new IP to a dynamic DNS server on every change. This is of course a matter of the home routing having this feature. But this can be considered giving metadata to a 3rd party. Maybe there are applications that can just ping each other periodically and update on retrieving from a different IP, for security, some authentication has to be set in place to be sure the packets come from your trusted friends.
However, if you or your friends are not tech savvy, dealing with all the above can be complex. In such case I would rather rent a cheap cloud virtual machine (VM), there are plenty of options under 10$/month, and run own instance of an open source chat/voice/video conference system, such as Jitsi Meet, Matrix/Element, RocketChat or Mattermost, just to name a few. Many offer Docker images that makes it easy to run and they typically can automatically use Let's Encrypt to get TLS certificate and offer good privacy and secure communication. A domain needs to be purchased as well to make it work easy with web browsers.
A second variant would be to use the cloud VM server to create an encrypted VPN (Virtual Private Network) with some open source solution like OpenVPN or WireGuard. Then every friend will connect to the VPN, you all will be like in a local network and can use any chat app without caring about changing of home router IP.