Ricochet (software)

Ricochet
Developer(s)	Invisible.im
Stable release	1.0.4^[1]
Operating system	Windows, OS X, Linux
License	BSD^[2]
Website	ricochet.im

Ricochet or Ricochet IM is an open source, multi-platform, instant messaging software project originally developed by John Brooks^[3] and later adopted as the official instant messaging client project of the Invisible.im group.^[4] A goal of the Invisible.im group is to help people maintain privacy by developing a "metadata free" instant messaging client.^[5]

History

Originally called Torsion IM, Ricochet was renamed in 2014-June. Ricochet is a modern alternative to TorChat, which hasn't been updated in several years.^[5]^[6] On 2014-September-17, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in a Wired (magazine) article by Kim Zetter.^[3] Australian security journalist Patrick Gray, along with the rest of the Invisible.im group, dropped plans to develop their own instant messaging client from scratch.^[3]

Future plans for Ricochet version 1.1.0 include a protocol redesign^[7] and file-transfer capabilities.^[3]^[8]

Overview

Ricochet is a decentralized instant messenger, meaning there is no server to connect to and share metadata with.^[6] Further, using Tor (anonymity network), Ricochet starts a Tor hidden service locally on a person's computer and can only communicate with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network. A user screen name (example: “ricochet:hslmfsg47dmcqctb“) is auto-generated upon first starting Ricochet; the first half of the screen name is the word "ricochet", with the second half being the address of the Tor hidden service. Before two Ricochet users can talk, at least one of them must privately or publicly share their unique screen name in some way.

Privacy benefits

Ricochet users are not personally identifiable.^[9]
Ricochet does not reveal user IP addresses or physical locations because of Tor.^[3]
Message content is cryptographically authenticated and private.^[9]
There is no need to register anywhere in order to use Ricochet, particularly with a fixed server.^[6]
Contact list information is stored locally, and it would be very difficult for passive surveillance techniques to determine whom you're chatting with.^[3]
Ricochet does not save chat history. When you close a conversation, the chat log is not recoverable.
The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.^[3]^[6]
Ricochet is a portable application, users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.^[6]

Security warnings

Ricochet has not been subjected to an independent security audit.^[6]
An already-compromised computer system will typically defeat the privacy protections that Ricochet offers, such as a keystroke logging malware.
Even though Ricochet uses Tor, other applications will not be using Tor unless you've independently set up additional Tor services on your computer.
Active and passive surveillance techniques can still tell if you're using the Internet, and when, but not necessarily what you're doing on the Internet.^[3]
Since a Ricochet user does not register or log in anywhere to use Ricochet,^[6] not even with a password, it is important to implement layered physical security, including disk encryption, to protect Ricochet.
Tails Linux users, and other live operating systems users, can optionally backup Ricochet to zero-knowledge cloud services such as SpiderOak, or on a personally owned USB drive (ideally encrypted).

References

↑ "Releases". https://ricochet.im/''. Retrieved 2 November 2014.
↑ "Ricochet / LICENSE". GitHub. Retrieved 10 November 2014.
↑ 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 Zetter, Kim. "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". wired.com. Wired. Retrieved 2 November 2014.
↑ "2014-09-17: Update from the Invisible.im Team". invisible.im. Retrieved 2 November 2014.
↑ 5.0 5.1 "Anonymous and serverless instant messaging that just works". https://github.com/''. Retrieved 2 November 2014.
↑ 6.0 6.1 6.2 6.3 6.4 6.5 6.6 "Tor proxy anonymous Instant Messenger". hacker10.com. Hacker10. Retrieved 10 November 2014.
↑ "Base implementation for new protocol". GitHub. Retrieved 10 November 2014.
↑ John Brooks' Tweet on Twitter
↑ 9.0 9.1 "Technical design of Ricochet". GitHub. Retrieved 10 November 2014.

External links

Wikimedia Commons has media related to Ricochet.

Ricochet (software) repository at GitHub
Ricochet technical design: https://github.com/ricochet-im/ricochet/blob/master/doc/design.md
Ricochet protocol: https://github.com/ricochet-im/ricochet/blob/master/doc/protocol.txt

Instant messaging

Protocols
(comparison)

Open	IMPP IRC MTProto RetroShare SIP MSRP SIMPLE TextSecure Tox XMPP Jingle WFP Zephyr

Closed	MSNP OSCAR TOC Skype YMSG

Services

Clients
(comparison)

Single protocol	AIM Baidu Hi BlackBerry Messenger CSipSimple Facebook Messenger FaceTime Fetion Gadu-Gadu GroupMe IBM Sametime ICQ IMVU indoona Linphone Palringo Qnext RetroShare SFLphone Signal Skype Telegram Tencent QQ TextSecure Tox WeChat WhatsApp Yahoo! Messenger

Multi-protocol	Adium Ayttm BitlBee Centericq eBuddy Empathy Fire Gizmo5 Instantbird Jitsi Kopete Messages/iChat Microsoft Lync Miranda IM Nimbuzz Pidgin QIP 2010 Trillian Upptalk Xfire

XMPP (Jabber)	Bombus Facebook Chat Gajim Google Talk Psi Tkabber

MSNP	aMSN emesene Windows Live Messenger Windows Messenger