‘Ricochet’ the messenger for the dark web

‘Ricochet’ the messenger for the dark web

Ricochet uses the power of Tor and sidesteps the core problem of metadata.

Instant Messaging or IM has been part of our life for many years. Most of us are using Skype, WeChat or WhatsApp on a daily base. They offer different features, but one thing they all have in common: they are not anonymous!

Most apps nowadays offer end-to-end encryption that kept the content of your messages away from your friendly neighbourhood law enforcement agents, but your metadata will still be accessible to them, which is enough to know who you really are, and to whom you’re talking to.

So, you should not use them if privacy and security are a main concern.

But what is metadata?

Metadata is not what you type on a device. As explained earlier, your content is end-to-end encrypted with most apps, but rather the footprint that’s left behind: Your internet protocol addresses (IP addresses) of computers from which messages are received or sent, or if using mobile phones the telephone numbers involved in a chat.

But there is light at the horizon and it is called Ricochet.

Ricochet is an open source, peer-to-peer, decentralized instant messaging app available for Windows, Mac, and Linux that is providing superb anonymity to its users and has already cleared its first professional security audit carried out by NCC Group, global experts in cyber security and risk mitigation.

“The concept with Ricochet is: how can we do messaging without any server in the middle – without trusting anything to forward your messages to your contacts. That turns out to be exactly one of the problems that hidden services can solve: to contact someone, without anybody in the middle knowing who you are or who you’re contacting.”
John Brooks (Ricochet developer)

Let’s have a closer look, shall we?

Using Tor, Ricochet starts a Tor hidden service locally on a person’s computer and can communicate only with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network, thereby preserving anonymity and complicating passive network surveillance.

Download your client (we use the MacOS app) and open it. The app will now connect with Tor. At least for me, this window was only shown once.

On subsequent connections Ricochet’s main window will display your connection information.

To start we need to add at least one contact. Click on the + icon. On top of the pop-up you see your own Ricochet ID, literally a unique .onion address, to share. Only who got this .onion address can contact you and send messages. Underneath you can add the ID and name of a contact. Click ‘Add’ and you are done. The name will be added to the left side panel as a contact request. Once your newly added contact comes online they will be notified of your request and can accept or reject it.

On the left side panel the online/offline status of your contacts are displayed. Once one of your contacts is online you can start to chat. Please note that you cannot send messages to a contact that is offline, hoping it will be displayed to them once they come online. Since there is no middleman, no intermediate server who stores your message, messages can only be exchanged while both parties are online. Also, Ricochet does not save your chat history. Once you close a conversation or go offline, the chat log is not recoverable.

Only your contact list information is stored locally. I would also like to mention that if someone is getting hold of your computer and is able to open Ricochet, they are able to pretend to be you, since there is no login, no password protection. To counteract encrypt your disk, if you are using Ricochet with sensitive contacts.

Ricochet is a simple messenger. We don’t find gimmicks like emoticons (if we really need them is another question), it’s simple and straightforward. No need to set it up, it works out of the box. All we miss is a file exchange feature and some added security, in case our computer got lost.