Ricochet: An encrypted, anonymous IM client built on Tor hidden services

Reading over some of the specifications - I really like this approach - I think this is probably the closest I have seen to a truly distributed approach to IM at the protocol layer.<p>If anyone would like to try the chat interface my address is ricochet:qn6uo4cmsrfv4kzq

Sadly I2P is missing such a maintained messenger. I am only aware of this working, but abandoned one: <a href="http:&#x2F;&#x2F;echelon.i2p.xyz&#x2F;qti2pmessenger&#x2F;" rel="nofollow">http:&#x2F;&#x2F;echelon.i2p.xyz&#x2F;qti2pmessenger&#x2F;</a>

This did pretty much the same thing: <a href="https:&#x2F;&#x2F;github.com&#x2F;prof7bit&#x2F;TorChat" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;prof7bit&#x2F;TorChat</a><p>Had a good OS X client. Seems it has been abandoned though.

Reminds me a lot of the Tox project, a peer-to-peer encrypted skype&#x2F;IRC&#x2F;IM replacement: <a href="https:&#x2F;&#x2F;github.com&#x2F;irungentoo&#x2F;toxcore" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;irungentoo&#x2F;toxcore</a> Tox optionally supports Tor: <a href="https:&#x2F;&#x2F;wiki.tox.im&#x2F;Tox_over_Tor_%28ToT%29" rel="nofollow">https:&#x2F;&#x2F;wiki.tox.im&#x2F;Tox_over_Tor_%28ToT%29</a>

One non-fatal point but something to be aware of with this approach; the list of hidden service addresses isn&#x27;t itself hidden, and these servers are easy to fingerprint. So it&#x27;s trivial to discover the list of all Ricochet identities, and also know when they are online (so over time perhaps who is talking to who).<p>Also, Tor hidden services are not necessarily designed for the case of a single address coming online and offline repeatedly. I don&#x27;t think there are specific known exploits for that case other than the timing issues, but the other thing that comes to mind is cycling through too many guard nodes over time.

I wonder if this design would allow group chat as well, not just p2p?

I have spend a lot of time looking for some cool discussion stuff built over Tor! It looks like it.<p>If someone is looking for another address to add just to test this<p>ricochet:pp7kgrom5nhcox3y

Can someone explain how to verify the .asc signature file for this? I&#x27;m not familiar with pgp.

Great work, but without mobile app &amp; push notification it&#x27;s just another IM over Tor.

I downloaded and ran your precompiled x86-64 binaries .. It kept hanging with message &quot;May 25 11:52:06.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 14)&quot;<p>It is not usable too. Tried sending request to ricochet:qn6uo4cmsrfv4kzq<p>It refused to move beyond Request:Pending connection<p>Man i hate these security software soooo much.