Hidden service p2p messenger

Ricochet

With recent events it is very obvious that LE is taking a much more drastic approach to silence us.

In the case of a completely anonymous IM service most suggest XMPP using OTR however I'd suggest taking a peak at a totally anonymous option called Ricochet, it only connects to tor and only assigns usernames via a tor hidden service address.

This uses no servers meaning no logs it has been audited and granted as one if not the most secure p2p messaging service to date.

If you feel like taking a glance at the source code here it is.


Comments


[3 Points] bhp5:

Thanks fed, I'll keep your secure website in mind ;)


[1 Points] HardC0r3:

where can i find the audit results?


[1 Points] _PrinterPam_:

By the author's own admission: "This software is an experiment. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software. Do not rely on Ricochet for your safety unless you have more trust in my work than it deserves. "

+1 for responsibility in making that statement. +1 for open source. -10 for a user to depend upon this at this time.

The client is essentially nothing more than a messaging framework slapped on top of a hidden service. De-anonymization of a hidden service is a big concern if not carefully managed by limiting the number of introduction points in the torrc (hidden services have multiple, as opposed to a single entry-point for clients), ensuring stream isolation, not using that client's traffic ports for anything else, etc. This is beyond most users' expertise. It's why good security for a market goes far beyond web vulnerabilities...something very few people seem to be aware of. Secure Linux administration is a whole other beast. So is ample expertise in Tor & the onion network.

Now, I'm not bashing the author or his work. I think it's great, and critical, that people continue to work on anonymity solutions. But this is, as he says, 'experimental.' In the security/cryptography realm, new/experimental = unknown & unknown is the same as 'bad.'