Ricochet Messenger Review
Ricochet is an anonymous messaging app that uses the Tor network. They describe themselves as “…a different approach to instant messaging that doesn’t trust anyone.” For those who already use Tor for privacy or are interested in encrypted messaging, this can be a useful alternative to other messengers like Signal.
Ricochet GitHub URL
How Ricochet Works
Ricochet uses the Tor network to speak with your contacts, as opposed to a central messaging server. When starting a conversation with someone, the app creates a hidden service, through which you can reach your contacts without revealing your location or identity. It’s not unlike the purpose of browsing the web through Tor itself.
Rather than a username, Ricochet gives you a unique identifier, such as “ricochet:rs7ce36jsj24ogfw,” through which other users can contact you. When another user wants to send you a “contact request” (i.e. ask to be added to your contact list), this is the address they’ll use. Thus, when you communicate with someone through Ricochet, their identity consists of cryptographic hashes, much like the characters in Tor URLs (e.g. “xtmyl24o3cc7oc22.onion”).
One advantage that Ricochet has, in this sense, is that your contact list is only known to your machine, and not outside servers or network traffic surveillance.
In this instance, pricing is irrelevant, because Ricochet is free and open source software. Its funding comes from donations and sponsors, such as Blueprint for Free Speech, a nonprofit organization, and the invisible.im project, both of whom support freedom of expression in the IT industry.
Because it is open source, they are looking for people to contribute to its code and make improvements, so feel free to help out if this is your area of expertise.
Ricochet is available for Windows, Mac, and Linux OS’s. On their homepage, there are links to download versions for each of these operating systems. Alternately, you can build it from source, if you’re the coder type and want to customize it. In that case, visit its GitHub repository, linked to above.
As explained above, Ricochet keeps your messaging anonymous by using the Tor network. Each of your contacts is identified via a Tor hidden service. Just to clarify, you don’t need to run the Tor Browser in order to use Ricochet; it will connect to the Tor network by itself.
Just as when you use the Tor Browser, Ricochet has different options for connecting to the network. Under its Preferences link (which is a little gear icon), you can configure how Ricochet connects to Tor:
If you live in an area where Tor is unrestricted, simply click the “Connect” button, and you should be able to connect to the Tor network without problems. On the other hand, if you live in an area where Tor (or the internet in general) is restricted, click the “Configure” button.
From there, you can configure how you connect to Tor:
Choose a proxy type (e.g. SOCKS5), an IP address (e.g. 127.0.0.1), and a port (e.g. 9150). Then, under the section that reads “Does this computer’s Internet connection go through a firewall that only allows connections to certain ports?,” you can list specific ports if that applies to the situation. Please note that this is not necessary unless the firewall is restricting your connection.
Below this, it reads “If this computer’s Internet connection is censored, you will need to obtain and use bridge relays.” Bridge relays are Tor relays that aren’t listed in the main Tor directory. If you live in a country with strict internet filtering, you can use these bridge relays to connect to the Tor network. In the box underneath the aforementioned message, enter the IP addresses of the bridge relays you wish to use, one per line, and then click “Connect.” You should now be able to get Ricochet to connect to Tor (in theory).
Of course, if you’re fortunate enough not to have to use bridges or pluggable transports, then you can skip all this information.
Ricochet User Interface
As you can see, Ricochet has a very simple, basic interface, which to some may be a disadvantage. Compared to other messengers, it doesn’t have much “flare,” but that isn’t really its purpose.
In other words, you can’t use things like emojis or different fonts, nor does it have the ability to upload profile pictures or things like that. At the very least, you can enable audio notifications so that you’re aware when you receive a new message. To sum up, its visual aspects aren’t its strong suit, but in terms of encryption and privacy, it works quite well.
Comparison with Other Messengers
There are several other messengers available that use various forms of encryption, but each works a bit differently, and not all are decentralized. One that is somewhat similar is Tox, which, like Ricochet, is decentralized and also conceals your identity from all except friends.
As on Ricochet, when you add a friend on Tox, their ID consists of cryptographic hashes, like this: 56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE51855D34D34D37CB5. You can then customize the name as you wish. The same is true of Ricochet; once you add a friend by their crypto-identifier, you can rename them so they’re easier to recognize.
One difference with Tox, however, is that it requires the use of bootstrap nodes in order for each client to recover a list of other clients who are currently connected to the pool. With Ricochet, you only need your contacts ID.
Although some might compare Ricochet to messengers like Signal, Signal is a bit different, in that it is produced by Open Whisper Systems (and therefore relies on a central authority). Given that some companies have been forced to release customer data to law enforcement, or have been hacked and lost private information, a messenger like Ricochet seems ideal.
Plus, most mainstream messengers (including Signal) require a centralized server. In the case of Ricochet, you are both the server and the client at the same time, as counterintuitive as that might seem (i.e. every user is a server). Furthermore, messengers that rely on a central server can collect metadata about their users, meaning that if they were forced to hand over information about them, it would be easy to do so.
On the other hand, in the case of Ricochet, because all of its traffic goes through the Tor network, it would be extremely difficult to collect any such metadata. To sum up, in terms of anonymity, Ricochet outperforms its competitors in several aspects, even if it doesn’t look as appealing.
If you need support with Ricochet, you must contact its developers via the issue tracker on GitHub. While this may seem unconventional to some, it actually is quite helpful, as it is an ongoing project, and the developers have an interest in solving any issues that may come up. It’s also a good place to suggest new features or other ideas that you may have.
Pros and Cons
- Better privacy and anonymity than most messaging apps
- Uses the Tor network
- Can be used in countries with strict internet censorship
- Relies only on a P2P connection
- Very basic user interface, without much personalization
- Lacks a variety of features
- Still in alpha stage and may have bugs
Ricochet is one of the most secure messengers available at present, due to the fact that it is decentralized, uses the Tor network, and communicates via a Tor hidden service. While it may not have some of the personalization features of other messengers, iit far exceeds the others in terms of anonymity.