Ricochet (software)
Ricochet or Ricochet IM is an open source, multi-platform, instant messaging software project originally developed by John Brooks[3] and later adopted as the official instant messaging client project of the Invisible.im group.[4] A goal of the Invisible.im group is to help people maintain privacy by developing a "metadata free" instant messaging client.[5]
History
Originally called Torsion IM, Ricochet was renamed in 2014-June. Ricochet is a modern alternative to TorChat, which hasn't been updated in several years.[5][6] On 2014-September-17, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in a Wired (magazine) article by Kim Zetter.[3] Australian security journalist Patrick Gray, along with the rest of the Invisible.im group, dropped plans to develop their own instant messaging client from scratch.[3]
Future plans for Ricochet version 1.1.0 include a protocol redesign[7] and file-transfer capabilities.[3]
Overview
Ricochet is a decentralized instant messenger, meaning there is no server to connect to and share metadata with.[6] Further, using Tor (anonymity network), Ricochet starts a Tor hidden service locally on a person's computer and can only communicate with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network. A user screen name (example: “ricochet:hslmfsg47dmcqctb“) is auto-generated upon first starting Ricochet; the first half of the screen name is the word "ricochet", with the second half being the address of the Tor hidden service. Before two Ricochet users can talk, at least one of them must privately or publicly share their unique screen name in some way.
Privacy benefits
- Ricochet users are not personally identifiable.[9]
- Ricochet does not reveal user IP addresses or physical locations because of Tor.[3]
- Message content is cryptographically authenticated and private.[9]
- There is no need to register anywhere in order to use Ricochet, particularly with a fixed server.[6]
- Contact list information is stored locally, and it would be very difficult for passive surveillance techniques to determine whom you're chatting with.[3]
- Ricochet does not save chat history. When you close a conversation, the chat log is not recoverable.
- The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.[3][6]
- Ricochet is a portable application, users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.[6]
Security warnings
- Ricochet has not been subjected to an independent security audit.[6]
- An already-compromised computer system will typically defeat the privacy protections that Ricochet offers, such as a keystroke logging malware.
- Even though Ricochet uses Tor, other applications will not be using Tor unless you've independently set up additional Tor services on your computer.
- Active and passive surveillance techniques can still tell if you're using the Internet, and when, but not necessarily what you're doing on the Internet.[3]
- Since a Ricochet user does not register or log in anywhere to use Ricochet,[6] not even with a password, it is important to implement layered physical security, including disk encryption, to protect Ricochet.
- Tails Linux users, and other live operating systems users, can optionally backup Ricochet to zero-knowledge cloud services such as SpiderOak, or on a personally owned USB drive (ideally encrypted).
References
External links
|
Wikimedia Commons has media related to Ricochet. |
|
---|
| People | | |
---|
| Technologies | |
---|
| Software | |
---|
| Related topics | |
---|
| |
|