Ricochet (software): Difference between revisions
correlation attack on Boystown |
|||
Line 23: | Line 23: | ||
Originally called Torsion IM, Ricochet was renamed in June 2014.<ref name="github-issue20">{{cite web|title=The name 'Torsion' is not ideal|url=https://github.com/ricochet-im/ricochet/issues/20|author=Brooks, John|website=GitHub|access-date=13 January 2016|archive-date=7 December 2018|archive-url=https://web.archive.org/web/20181207150413/https://github.com/ricochet-im/ricochet/issues/20|url-status=live}}</ref> Ricochet is a modern alternative to [[TorChat]],<ref name="Hacker10-1">{{cite web|title=Tor proxy anonymous Instant Messenger|url=http://www.hacker10.com/internet-anonymity/tor-proxy-anonymous-instant-messenger-torsion/|website=hacker10.com|author=Hacker10|type=Blog|date=23 March 2014|access-date=13 January 2016|archive-date=11 July 2021|archive-url=https://web.archive.org/web/20210711140040/https://hacker10.com/internet-anonymity/tor-proxy-anonymous-instant-messenger-torsion/|url-status=live}}</ref> which hasn't been updated in several years, and to [[Tor Messenger]], which is discontinued.<ref name="Tor Messenger">{{cite web|title=Tor Messenger Beta Chat over Tor easily|url=https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily|author=sukhbir|publisher=Tor Project|type=Blog|access-date=13 January 2016|archive-date=30 October 2015|archive-url=https://web.archive.org/web/20151030223028/https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily|url-status=live}}</ref> On September 17, 2014, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in a ''[[Wired (magazine)|Wired]]'' article by [[Kim Zetter]].<ref name="WIRED-1"/> Zetter also wrote that Ricochet's future plans included a protocol redesign and file-transfer capabilities.<ref name="WIRED-1"/> The protocol redesign was implemented in April 2015.<ref>{{cite web|last1=Brooks|first1=John|title=Ricochet 1.1.0|url=https://github.com/ricochet-im/ricochet/releases/tag/v1.1.0|website=GitHub|access-date=13 January 2016|date=11 April 2015|archive-date=19 July 2020|archive-url=https://web.archive.org/web/20200719093232/https://github.com/ricochet-im/ricochet/releases/tag/v1.1.0|url-status=live}}</ref> |
Originally called Torsion IM, Ricochet was renamed in June 2014.<ref name="github-issue20">{{cite web|title=The name 'Torsion' is not ideal|url=https://github.com/ricochet-im/ricochet/issues/20|author=Brooks, John|website=GitHub|access-date=13 January 2016|archive-date=7 December 2018|archive-url=https://web.archive.org/web/20181207150413/https://github.com/ricochet-im/ricochet/issues/20|url-status=live}}</ref> Ricochet is a modern alternative to [[TorChat]],<ref name="Hacker10-1">{{cite web|title=Tor proxy anonymous Instant Messenger|url=http://www.hacker10.com/internet-anonymity/tor-proxy-anonymous-instant-messenger-torsion/|website=hacker10.com|author=Hacker10|type=Blog|date=23 March 2014|access-date=13 January 2016|archive-date=11 July 2021|archive-url=https://web.archive.org/web/20210711140040/https://hacker10.com/internet-anonymity/tor-proxy-anonymous-instant-messenger-torsion/|url-status=live}}</ref> which hasn't been updated in several years, and to [[Tor Messenger]], which is discontinued.<ref name="Tor Messenger">{{cite web|title=Tor Messenger Beta Chat over Tor easily|url=https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily|author=sukhbir|publisher=Tor Project|type=Blog|access-date=13 January 2016|archive-date=30 October 2015|archive-url=https://web.archive.org/web/20151030223028/https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily|url-status=live}}</ref> On September 17, 2014, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in a ''[[Wired (magazine)|Wired]]'' article by [[Kim Zetter]].<ref name="WIRED-1"/> Zetter also wrote that Ricochet's future plans included a protocol redesign and file-transfer capabilities.<ref name="WIRED-1"/> The protocol redesign was implemented in April 2015.<ref>{{cite web|last1=Brooks|first1=John|title=Ricochet 1.1.0|url=https://github.com/ricochet-im/ricochet/releases/tag/v1.1.0|website=GitHub|access-date=13 January 2016|date=11 April 2015|archive-date=19 July 2020|archive-url=https://web.archive.org/web/20200719093232/https://github.com/ricochet-im/ricochet/releases/tag/v1.1.0|url-status=live}}</ref> |
||
In February 2016, Ricochet's developers made public a [[security audit]] that had been sponsored by the [[Open Technology Fund]] and carried out by the [[NCC Group]] in November 2015.<ref name="NCC-Group-2016-01">{{cite web|last1=Hertz|first1=Jesse|last2=Jara-Ettinger|first2=Patricio|last3=Manning|first3=Mark|title=Ricochet Security Assessment|url=https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf|publisher=NCC Group|access-date=17 February 2016|date=15 February 2016|archive-date=13 January 2021|archive-url=https://web.archive.org/web/20210113174040/https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf|url-status=live}}</ref> The results of the audit were "reasonably positive".<ref>{{cite web|last1=Baraniuk|first1=Chris|title=Tor: 'Mystery' spike in hidden addresses|url=https://www.bbc.com/news/technology-35614335|website=BBC News|publisher=BBC|access-date=19 February 2016|date=19 February 2016|archive-date=21 February 2016|archive-url=https://web.archive.org/web/20160221001511/http://www.bbc.com/news/technology-35614335|url-status=live}}</ref> The audit identified "multiple areas of improvement" and one vulnerability that could be used to deanonymize users.<ref name="NCC-Group-2016-01"/> According to Brooks, the vulnerability has been fixed |
In February 2016, Ricochet's developers made public a [[security audit]] that had been sponsored by the [[Open Technology Fund]] and carried out by the [[NCC Group]] in November 2015.<ref name="NCC-Group-2016-01">{{cite web|last1=Hertz|first1=Jesse|last2=Jara-Ettinger|first2=Patricio|last3=Manning|first3=Mark|title=Ricochet Security Assessment|url=https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf|publisher=NCC Group|access-date=17 February 2016|date=15 February 2016|archive-date=13 January 2021|archive-url=https://web.archive.org/web/20210113174040/https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf|url-status=live}}</ref> The results of the audit were "reasonably positive".<ref>{{cite web|last1=Baraniuk|first1=Chris|title=Tor: 'Mystery' spike in hidden addresses|url=https://www.bbc.com/news/technology-35614335|website=BBC News|publisher=BBC|access-date=19 February 2016|date=19 February 2016|archive-date=21 February 2016|archive-url=https://web.archive.org/web/20160221001511/http://www.bbc.com/news/technology-35614335|url-status=live}}</ref> The audit identified "multiple areas of improvement" and one vulnerability that could be used to deanonymize users.<ref name="NCC-Group-2016-01"/> According to Brooks, the vulnerability has been fixed as of 2016.<ref>{{cite web|last1=Cox|first1=Joseph|title='Ricochet', the Messenger That Beats Metadata, Passes Security Audit|url=http://motherboard.vice.com/read/ricochet-encrypted-messenger-tackles-metadata-problem-head-on|website=Motherboard|publisher=Vice Media LLC|access-date=17 February 2016|date=17 February 2016|archive-date=23 January 2017|archive-url=https://web.archive.org/web/20170123013927/https://motherboard.vice.com/read/ricochet-encrypted-messenger-tackles-metadata-problem-head-on|url-status=live}}</ref> |
||
==Technology== |
==Technology== |
||
Line 37: | Line 37: | ||
* Ricochet is a [[portable application]], users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.<ref name="Hacker10-1"/> |
* Ricochet is a [[portable application]], users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.<ref name="Hacker10-1"/> |
||
== Correlation attack == |
|||
From 2019 to 2021, Ricochet was used by the admins (as well as an undercover investigator) of the child porn onion site [[Boystown (website)|Boystown]]. To identify the perpetrators, German police used a [[Timing attack|correlation analysis attack]]. By sending Ricochet messages to perpetrators and monitoring several hundred Tor nodes for simultaneous traffic of the correct size, authorities were able to identify intermediate Tor nodes and then also the perpetrator's entry nodes, revealing the perpetrators' [[IP address|IP addresses]].<ref name=":1x">{{Cite web |last=Dölle |first=Mirko |date=2024-09-19 |title=Boystown investigations: Catching criminals on the darknet with a stopwatch |url=https://www.heise.de/en/news/Boystown-investigations-Catching-criminals-on-the-darknet-with-a-stopwatch-9904534.html |access-date=2024-10-05 |website=heise online |language=en}}</ref> |
|||
==See also== |
==See also== |
||
* [[Comparison of instant messaging clients]] |
* [[Comparison of instant messaging clients]] |
Latest revision as of 15:30, 5 October 2024
Developer(s) | Blueprint for Free Speech |
---|---|
Initial release | June 2014[1] |
Stable release | |
Repository | |
Written in | C++ |
Operating system | Windows, OS X, Linux, FreeBSD |
License | BSD-3-Clause[4] |
Website | www |
Ricochet or Ricochet IM is a free software, multi-platform, instant messaging software project originally developed by John Brooks[5] and later adopted as the official instant messaging client project of the Invisible.im group.[6] A goal of the Invisible.im group is to help people maintain privacy by developing a "metadata free" instant messaging client.[7]
History
[edit]Originally called Torsion IM, Ricochet was renamed in June 2014.[1] Ricochet is a modern alternative to TorChat,[8] which hasn't been updated in several years, and to Tor Messenger, which is discontinued.[9] On September 17, 2014, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in a Wired article by Kim Zetter.[5] Zetter also wrote that Ricochet's future plans included a protocol redesign and file-transfer capabilities.[5] The protocol redesign was implemented in April 2015.[10]
In February 2016, Ricochet's developers made public a security audit that had been sponsored by the Open Technology Fund and carried out by the NCC Group in November 2015.[11] The results of the audit were "reasonably positive".[12] The audit identified "multiple areas of improvement" and one vulnerability that could be used to deanonymize users.[11] According to Brooks, the vulnerability has been fixed as of 2016.[13]
Technology
[edit]Ricochet is a decentralized instant messenger, meaning there is no server to connect to and share metadata with.[8] Further, using Tor, Ricochet starts a Tor hidden service locally on a person's computer and can communicate only with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network. A user screen name (example: ricochet:hslmfsg47dmcqctb
) is auto-generated upon first starting Ricochet; the first half of the screen name is the word "ricochet", with the second half being the address of the Tor hidden service. Before two Ricochet users can talk, at least one of them must privately or publicly share their unique screen name in some way.
Privacy benefits
[edit]- Ricochet does not reveal user IP addresses or physical locations because it uses Tor.[5]
- Message content is cryptographically authenticated and private.[11]
- There is no need to register anywhere in order to use Ricochet, particularly with a fixed server.[8]
- Contact list information is stored locally, and it would be very difficult for passive surveillance techniques to determine whom the user is chatting with.[5]
- Ricochet does not save chat history. When the user closes a conversation, the chat log is not recoverable.
- The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.[5][8]
- Ricochet is a portable application, users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.[8]
Correlation attack
[edit]From 2019 to 2021, Ricochet was used by the admins (as well as an undercover investigator) of the child porn onion site Boystown. To identify the perpetrators, German police used a correlation analysis attack. By sending Ricochet messages to perpetrators and monitoring several hundred Tor nodes for simultaneous traffic of the correct size, authorities were able to identify intermediate Tor nodes and then also the perpetrator's entry nodes, revealing the perpetrators' IP addresses.[14]
See also
[edit]References
[edit]- ^ a b Brooks, John. "The name 'Torsion' is not ideal". GitHub. Archived from the original on 7 December 2018. Retrieved 13 January 2016.
- ^ https://github.com/ricochet-im/ricochet/releases.
{{cite web}}
: Missing or empty|title=
(help) - ^ "Release 1.1.4". 7 November 2016. Retrieved 15 March 2018.
- ^ Brooks, John. "Ricochet / LICENSE". GitHub. Archived from the original on 7 September 2021. Retrieved 7 September 2021.
- ^ a b c d e f Zetter, Kim (17 September 2014). "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". Wired. Condé Nast. Retrieved 2 November 2014.
- ^ Invisible.im Team (17 September 2014). "2014-09-17: Update from the Invisible.im Team". invisible.im (Press release). Archived from the original on 9 January 2016. Retrieved 13 January 2016.
- ^ ricochet-im. "ricochet-im/ricochet". GitHub. Archived from the original on 27 October 2014. Retrieved 2 November 2014.
- ^ a b c d e Hacker10 (23 March 2014). "Tor proxy anonymous Instant Messenger". hacker10.com (Blog). Archived from the original on 11 July 2021. Retrieved 13 January 2016.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - ^ sukhbir. "Tor Messenger Beta Chat over Tor easily" (Blog). Tor Project. Archived from the original on 30 October 2015. Retrieved 13 January 2016.
- ^ Brooks, John (11 April 2015). "Ricochet 1.1.0". GitHub. Archived from the original on 19 July 2020. Retrieved 13 January 2016.
- ^ a b c Hertz, Jesse; Jara-Ettinger, Patricio; Manning, Mark (15 February 2016). "Ricochet Security Assessment" (PDF). NCC Group. Archived (PDF) from the original on 13 January 2021. Retrieved 17 February 2016.
- ^ Baraniuk, Chris (19 February 2016). "Tor: 'Mystery' spike in hidden addresses". BBC News. BBC. Archived from the original on 21 February 2016. Retrieved 19 February 2016.
- ^ Cox, Joseph (17 February 2016). "'Ricochet', the Messenger That Beats Metadata, Passes Security Audit". Motherboard. Vice Media LLC. Archived from the original on 23 January 2017. Retrieved 17 February 2016.
- ^ Dölle, Mirko (2024-09-19). "Boystown investigations: Catching criminals on the darknet with a stopwatch". heise online. Retrieved 2024-10-05.