Ricochet
Developer	Invisible.im
Initial release	June 2014[1]
Final release	1.1.4  / 7 November 2016
Repository	github.com/blueprint-freespeech/refresh-site
Written in	C++
Operating system	Windows,OS X,Linux,FreeBSD
License	BSD-3-Clause[2]
Website	ricochet.im

Ricochet orRicochet IM is afree software,multi-platform,instant messaging software project originally developed by John Brooks^[3] and later adopted as the official instant messaging client project of the Invisible.im group.^[4] A goal of the Invisible.im group is to help people maintain privacy by developing a "metadata free" instant messaging client.^[5]

Originally called Torsion IM, Ricochet was renamed in June 2014.^[1] Ricochet is a modern alternative toTorChat,^[6] which hasn't been updated in several years, and toTor Messenger, which is discontinued.^[7] On September 17, 2014, it was announced that the Invisible.im group would be working with Brooks on further development of Ricochet in aWired article byKim Zetter.^[3] Zetter also wrote that Ricochet's future plans included a protocol redesign and file-transfer capabilities.^[3] The protocol redesign was implemented in April 2015.^[8]

In February 2016, Ricochet's developers made public asecurity audit that had been sponsored by theOpen Technology Fund and carried out by theNCC Group in November 2015.^[9] The results of the audit were "reasonably positive".^[10] The audit identified "multiple areas of improvement" and one vulnerability that could be used to deanonymize users.^[9] According to Brooks, the vulnerability has been fixed as of 2016.^[11]

Ricochet is a decentralized instant messenger, meaning there is no server to connect to and share metadata with.^[6] Further, usingTor, Ricochet starts aTor hidden service locally on a person's computer and can communicate only with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network. A userscreen name (example:ricochet:hslmfsg47dmcqctb) is auto-generated upon first starting Ricochet; the first half of the screen name is the word "ricochet", with the second half being the address of the Tor hidden service. Before two Ricochet users can talk, at least one of them must privately or publicly share their unique screen name in some way.

• Ricochet does not reveal user IP addresses or physical locations because it uses Tor.^[3]
• Message content is cryptographically authenticated and private.^[9]
• There is no need to register anywhere in order to use Ricochet, particularly with a fixed server.^[6]
• Contact list information is stored locally, and it would be very difficult for passive surveillance techniques to determine whom the user is chatting with.^[3]
• Ricochet does not save chat history. When the user closes a conversation, the chat log is not recoverable.
• The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.^[3][6]
• Ricochet is aportable application, users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.^[6]

From 2019 to 2021, Ricochet was used by the admins (as well as an undercover investigator) of the child porn onion siteBoystown. To identify the perpetrators, German police used acorrelation analysis attack. By sending Ricochet messages to perpetrators and monitoring several hundred Tor nodes for simultaneous traffic of the correct size, authorities were able to identify intermediate Tor nodes and then also the perpetrator's entry nodes, revealing the perpetrators'IP addresses.^[12]

• Comparison of instant messaging clients
• Jami
• Tox (protocol)

• Ricochet onGitHub
• ricochet-refresh onGitHub
• https://www.ricochetrefresh.net

• Free instant messaging clients
• Free security software
• Software using the BSD license
• Tor (anonymity network)

• CS1 maint: numeric names: authors list
• Articles with short description
• Short description is different from Wikidata