There are several encrypted messaging apps for mobile and desktop platforms that shipped with “The Most Secure” tagline but ends up in de-anonymizing the real identity of its users in some or the other way.
In fact, very few encrypted messaging apps available today deal with the core problem of Metadata.
The majority of apps offer end-to-end encryption that kept the content of your messages away from prying eyes, but your metadata will still be accessible to them, which is enough to know who you really are, and who you’re talking to.
But, one messenger app stands out of the crowd by providing superb anonymity to its users, and it is dubbed as “Ricochet
Ricochet is a peer-to-peer instant messaging system available for Windows, Mac, and Linux and you can trust it as the app has already cleared its first professional security audit
carried out by cyber security company NCC Group
What’s so Promising about Ricochet?
Unlike other encrypted messaging clients, Ricochet makes use of TOR hidden services in an effort to maintain its users’ anonymity.
With the help of hidden services, a user’s traffic never leaves The Onion Router (TOR) network, which makes it much harder for prying eyes or any attacker to see where the traffic is going or coming from.
Peer-to-Peer Connection: No Servers! No Operators!
Ricochet does not trust anyone in maintaining the privacy of its users; thus, the developers have implemented their app with no server or operator support that could be compromised exposing your personal details.
“The concept with Ricochet is: how can we do messaging without any server in the middle—without trusting anything to forward your messages to your contacts” John Brooks (Ricochet program’s maintainer) stated.”That turns out to be exactly one of the problems that hidden services can solve: to contact someone, without anybody in the middle knowing who you are or who you’re contacting.”
Here’s How Ricochet Works
Ricochet supports cross-platform and is very easy to use even for non-technical users.
Your Username: A Unique .Onion Address
Every Ricochet client hosts a Tor hidden service, and once you sign up for Ricochet, that is actually your Ricochet ID: a unique .onion address.
Only the one with this .onion address can contact you and send messages, which means the contacts connect to you through Tor and not through any intermediate server, making it extremely harder for anyone to know your real identity from your address.
Ricochet Creates Huge Spike in Hidden Addresses
Security researcher Alan Woodward has noticed an unprecedented spike in the number of unique .onion hidden addresses on the Tor network in month of February.The Statistics
shared by the Tor project shows that the number of unique .onion sites has increased by more than 25,000 within 2-3 days.
Researcher believed that this sudden rise could be due to the popularity of Ricochet that creates unique .onion address for every registered user.
Your Messages: End-to-End Encrypted By Default
Besides this, Ricochet also encrypts the contents of your messages by default.
So, to start chatting with someone over Ricochet, you should first know his/her unique Ricochet ID that is being auto-generated at the time of the Ricochet Installation.
Moreover, once the connection is terminated by either the sender or the receiver, the remaining one would not be able to communicate or send messages to the other.
Ricochet Takes Your Security Seriously
The audit by NCC Group discovered a security flaw that could be exploited to deanonymize users, but the good news is that the issue has been resolved in the latest release, Ricochet 1.1.2.
The security vulnerability was independently discovered by a member of the Ricochet community.
Ricochet has been around since 2014 and is now far secured than any other existing encrypted messaging apps. But the app is still in the dogfooding stage, as Brooks referred to the “Be Careful
on the project’s official website:
“Ricochet is an experiment. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software.”
Brooks has already made the option to report the vulnerabilities publicly.
Currently, the app runs on the desktop platform including Windows, Mac, and Linux, and we could expect the mobile version of the app in coming future.
As for now, Brooks is looking to get funding from open source community for the further development of Ricochet itself, such as implementing a file-sharing feature.