Ricochet (software)

Ricochet
Developer(s)	Blueprint for Free Speech
Initial release	June 2014
Stable release	1.1.4 [ needs update ] (fork took over development, now at 3.0.15) / 7 November 2016
Repository	github.com/blueprint-freespeech/refresh-site ;
Written in	C++
Operating system	Windows, OS X, Linux, FreeBSD
License	BSD-3-Clause
Website	www.ricochetrefresh.net

Last updated July 22, 2023

Ricochet or Ricochet IM is a free software, multi-platform, instant messaging software project originally developed by John Brooks^[5] and later adopted as the official instant messaging client project of the Invisible.im group.^[6] A goal of the Invisible.im group is to help people maintain privacy by developing a "metadata free" instant messaging client.^[7]

History

Originally called Torsion IM, Ricochet was renamed in June 2014.^[1] Ricochet is a modern alternative to TorChat,^[8] which hasn't been updated in several years, and to Tor Messenger, which is discontinued.^[9] On September 17, 2014, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in a Wired article by Kim Zetter.^[5] Zetter also wrote that Ricochet's future plans included a protocol redesign and file-transfer capabilities.^[5] The protocol redesign was implemented in April 2015.^[10]

In February 2016, Ricochet's developers made public a security audit that had been sponsored by the Open Technology Fund and carried out by the NCC Group in November 2015.^[11] The results of the audit were "reasonably positive".^[12] The audit identified "multiple areas of improvement" and one vulnerability that could be used to deanonymize users.^[11] According to Brooks, the vulnerability has been fixed in the latest release.^[13]

Technology

Ricochet is a decentralized instant messenger, meaning there is no server to connect to and share metadata with.^[8] Further, using Tor, Ricochet starts a Tor hidden service locally on a person's computer and can communicate only with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network. A user screen name (example: ricochet:hslmfsg47dmcqctb) is auto-generated upon first starting Ricochet; the first half of the screen name is the word "ricochet", with the second half being the address of the Tor hidden service. Before two Ricochet users can talk, at least one of them must privately or publicly share their unique screen name in some way.

Privacy benefits

Ricochet does not reveal user IP addresses or physical locations because it uses Tor.^[5]
Message content is cryptographically authenticated and private.^[11]
There is no need to register anywhere in order to use Ricochet, particularly with a fixed server.^[8]
Contact list information is stored locally, and it would be very difficult for passive surveillance techniques to determine whom the user is chatting with.^[5]
Ricochet does not save chat history. When the user closes a conversation, the chat log is not recoverable.
The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.^[5]^[8]
Ricochet is a portable application, users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.^[8]

Related Research Articles

AIM was an instant messaging and presence computer program created by AOL, which used the proprietary OSCAR instant messaging protocol and the TOC protocol to allow registered users to communicate in real time.

<span class="mw-page-title-main">Instant messaging</span> Form of communication over the internet

Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.

<span class="mw-page-title-main">Pidgin (software)</span> Open-source multi-platform instant messaging client

Pidgin is a free and open-source multi-platform instant messaging client, based on a library named libpurple that has support for many instant messaging protocols, allowing the user to simultaneously log in to various services from a single application, with a single interface for both popular and obsolete protocols, thus avoiding the hassle of having to deal with a new software for each device and protocol.

Yahoo! Messenger was an advertisement-supported instant messaging client and associated protocol provided by Yahoo!. Yahoo! Messenger was provided free of charge and could be downloaded and used with a generic "Yahoo ID" which also allowed access to other Yahoo! services, such as Yahoo! Mail. The service also offered VoIP, file transfers, webcam hosting, a text messaging service, and chat rooms in various categories.

BitlBee is a cross-platform IRC instant messaging gateway, licensed under the terms of the GNU General Public License.

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

Meebo was an instant messaging and social networking service provider. It was founded in September 2005 by Sandy Jen, Seth Sternberg, and Elaine Wherry, and was based in Mountain View, California. Initially the company offered a web-based instant messenger service, extending its offer in more general online chat and even social networking directions. In June 2012, Google acquired Meebo to merge the company's staff with the Google+ developers team.

TorChat was a peer-to-peer anonymous instant messenger that used Tor onion services as its underlying network. It provided cryptographically secure text messaging and file transfers. The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located.

Instantbird is a discontinued cross-platform instant messaging client based on Mozilla's XULRunner and the open-source library libpurple used in Pidgin. Instantbird is free software available under the GNU General Public License. Over 250 add-ons allow user customization of, and addition of, features. On October 18, 2017, Florian Quèze announced that "... we are stopping development of Instantbird as a standalone product."

Secure instant messaging is a form of instant messaging. Both terms refer to an informal means for computer users to exchange messages commonly referred to as "chats". Instant messaging can be compared to texting as opposed to making a mobile phone call. In the case of messaging, it is like the short form of emailing. Secure instant messaging is a specialized form of instant messaging that along with other differences, encrypts and decrypts the contents of the messages such that only the actual users can understand them.

ChatSecure is a messaging application for iOS which allows OTR and OMEMO encryption for the XMPP protocol. ChatSecure is free and open source software available under the GPL-3.0-or-later license.

<span class="mw-page-title-main">Tox (protocol)</span> Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email address for registration, only a one-time purchase. Threema is available on iOS and Android and has clients for Windows, macOS, Linux, and can be accessed via web browser but requires a mobile app to function.

Signal is an encrypted messaging service for instant messaging, voice, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users, or for group messaging.

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

1 2 Brooks, John. "The name 'Torsion' is not ideal". GitHub. Archived from the original on 7 December 2018. Retrieved 13 January 2016.
↑ Error: Unable to display the reference properly. See the documentation for details.
↑ "Release 1.1.4". 7 November 2016. Retrieved 15 March 2018.
↑ Brooks, John. "Ricochet / LICENSE". GitHub. Archived from the original on 7 September 2021. Retrieved 7 September 2021.
1 2 3 4 5 6 Zetter, Kim (17 September 2014). "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". Wired. Condé Nast. Retrieved 2 November 2014.
↑ Invisible.im Team (17 September 2014). "2014-09-17: Update from the Invisible.im Team". invisible.im (Press release). Archived from the original on 9 January 2016. Retrieved 13 January 2016.
↑ ricochet-im. "ricochet-im/ricochet". GitHub. Archived from the original on 27 October 2014. Retrieved 2 November 2014.
1 2 3 4 5 Hacker10 (23 March 2014). "Tor proxy anonymous Instant Messenger". hacker10.com (Blog). Archived from the original on 11 July 2021. Retrieved 13 January 2016.
↑ sukhbir. "Tor Messenger Beta Chat over Tor easily" (Blog). Tor Project. Archived from the original on 30 October 2015. Retrieved 13 January 2016.
↑ Brooks, John (11 April 2015). "Ricochet 1.1.0". GitHub. Archived from the original on 19 July 2020. Retrieved 13 January 2016.
1 2 3 Hertz, Jesse; Jara-Ettinger, Patricio; Manning, Mark (15 February 2016). "Ricochet Security Assessment" (PDF). NCC Group. Archived (PDF) from the original on 13 January 2021. Retrieved 17 February 2016.
↑ Baraniuk, Chris (19 February 2016). "Tor: 'Mystery' spike in hidden addresses". BBC News. BBC. Archived from the original on 21 February 2016. Retrieved 19 February 2016.
↑ Cox, Joseph (17 February 2016). "'Ricochet', the Messenger That Beats Metadata, Passes Security Audit". Motherboard. Vice Media LLC. Archived from the original on 23 January 2017. Retrieved 17 February 2016.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[github-issue20-1] 1 2 Brooks, John. "The name 'Torsion' is not ideal". GitHub. Archived from the original on 7 December 2018. Retrieved 13 January 2016.

[wikidata-c9fe15bca23050b1dc954d9c349d1ead6126d00c-v8-2] Error: Unable to display the reference properly. See the documentation for details.

[wikidata-ea74b3e961ead6a02b8688ec9a554d2bf80a3dce-v8-3] "Release 1.1.4". 7 November 2016. Retrieved 15 March 2018.

[4] Brooks, John. "Ricochet / LICENSE". GitHub. Archived from the original on 7 September 2021. Retrieved 7 September 2021.

[WIRED-1-5] 1 2 3 4 5 6 Zetter, Kim (17 September 2014). "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". Wired. Condé Nast. Retrieved 2 November 2014.

[INVISIBLE-1-6] Invisible.im Team (17 September 2014). "2014-09-17: Update from the Invisible.im Team". invisible.im (Press release). Archived from the original on 9 January 2016. Retrieved 13 January 2016.

[GITHUB-1-7] ricochet-im. "ricochet-im/ricochet". GitHub. Archived from the original on 27 October 2014. Retrieved 2 November 2014.

[Hacker10-1-8] 1 2 3 4 5 Hacker10 (23 March 2014). "Tor proxy anonymous Instant Messenger". hacker10.com (Blog). Archived from the original on 11 July 2021. Retrieved 13 January 2016.

[Tor_Messenger-9] sukhbir. "Tor Messenger Beta Chat over Tor easily" (Blog). Tor Project. Archived from the original on 30 October 2015. Retrieved 13 January 2016.

[10] Brooks, John (11 April 2015). "Ricochet 1.1.0". GitHub. Archived from the original on 19 July 2020. Retrieved 13 January 2016.

[NCC-Group-2016-01-11] 1 2 3 Hertz, Jesse; Jara-Ettinger, Patricio; Manning, Mark (15 February 2016). "Ricochet Security Assessment" (PDF). NCC Group. Archived (PDF) from the original on 13 January 2021. Retrieved 17 February 2016.

[12] Baraniuk, Chris (19 February 2016). "Tor: 'Mystery' spike in hidden addresses". BBC News. BBC. Archived from the original on 21 February 2016. Retrieved 19 February 2016.

[13] Cox, Joseph (17 February 2016). "'Ricochet', the Messenger That Beats Metadata, Passes Security Audit". Motherboard. Vice Media LLC. Archived from the original on 23 January 2017. Retrieved 17 February 2016.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]