[messaging] fyi: metadata-eliminating tor-based chat program: Ricochet

Sean Comeau sean at ftlnetworks.ca
Fri Sep 19 17:16:37 PDT 2014

I'd rather not appeal to authority or social graphs to decide what's worth using.

Pond and Ricochet both use Tor, but they are very different. Pond has a server, while Ricochet does not. Pond uses the Axolotl Ratchet. Here's how Ricochet is designed:


It's great that someone is working on some highly anonymous chat, and I hope the project matures and that we can all learn something from it, but I don't think this or any peer to peer system is practical for mass adoption.

Most people want to be able to send a message at any time, then turn off their device. And nobody wants to lose incoming messages just because they go offline for a short while.

From: Messaging <messaging-bounces at moderncrypto.org> on behalf of zaki at manian.org <zaki at manian.org>
Sent: Friday, September 19, 2014 4:31 PM
To: Tim Bray
Cc: messaging
Subject: Re: [messaging] fyi: metadata-eliminating tor-based chat program: Ricochet

The person who goes the by pseudonym "the grunq" is very knowledgeable member of the security community based on his excellent blog, twitter account and social graph. His contribution to and endorsement of this project seems to be the reason to take it seriously.

I haven't taken a close look at the protocol yet but I expect it would be reasonably well informed by the prior efforts in this space. Pond's design seems to indicate that if can assume the directory of contacts-> cryptographic identities doesn't leak metadata and you provide enough cover traffic to the Tor network you can provide metadata protection of messaging against a global passive network attacker. From what I've read so far, Richochet seems to something along the same lines.

On Fri, Sep 19, 2014 at 1:38 PM, Tim Bray <tbray at textuality.com<mailto:tbray at textuality.com>> wrote:
A number of things about this one made me kind of uneasy.  The clichéd tone of the article "high-school dropout trumps NSA!"  The complete absence of input from anyone who wasn't a  project insider, and the dissing of competitors who are actually shipping working software. I mentioned on Twitter that a couple of things about the story made my BS filter twitch, and I got slimed by multiple project partisans (nobody I've ever heard of) for being a hater, etc.   I looked at the github repo and if any development is actually happening, it's not there; no commits to the actual code for a couple months.    Now, none of those things in & of itself is reason to dismiss Ricochet, but I have to say my BS filter is doing more than twitching.

On Fri, Sep 19, 2014 at 12:32 PM, =JeffH <Jeff.Hodges at kingsmountain.com<mailto:Jeff.Hodges at kingsmountain.com>> wrote:
this is just fyi/fwiw, I haven't investigated this other than skimming the article..

Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying [ricochet]


also mentioned..


Messaging mailing list
Messaging at moderncrypto.org<mailto:Messaging at moderncrypto.org>

- Tim Bray (If you'd like to send me a private message, see https://keybase.io/timbray)

Messaging mailing list
Messaging at moderncrypto.org<mailto:Messaging at moderncrypto.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140920/84ec610a/attachment.html>

More information about the Messaging mailing list