search

blueprint-freespeech / ricochet-refresh

Anonymous peer-to-peer instant messaging
https://www.ricochetrefresh.net
Other
157 stars 27 forks source link

A few things I don't understand #168

Closed dln949 closed 11 months ago

dln949 commented 1 year ago

I couldn't find documentation, I hope it is okay to ask this here.

1) When I first start Ricochet_Refresh after installing it, it gave me an ID#. Is that good for only the current session of Ricochet, but when I restart Ricochet I should expect to get a new number? Or, is that good for only the current session of the computer, but when I restart my computer i would get a new number? Or, is it forever good for just this computer? Or is it for me to use at any time on any device?

2) Simply quitting Ricochet ends the Tor hidden service on my computer, is that correct?

3) What happens with a message I send if the intended recipient isn't online with Ricochet until a couple hours later - A) And I am still online with Ricochet?
B) And I am no longer online with Ricochet?

4) When I use Ricochet should I first stop all other internet activity on my computer? It is not clear to me if having non-TOR connections active on my computer at the same time Ricochet is active compromises the security or privacy or anonymity of either Ricochet or of other active non-TOR applications.

odiferousmint commented 1 year ago

I couldn't find documentation, I hope it is okay to ask this here.

  1. When I first start Ricochet_Refresh after installing it, it gave me an ID#. Is that good for only the current session of Ricochet, but when I restart Ricochet I should expect to get a new number? Or, is that good for only the current session of the computer, but when I restart my computer i would get a new number? Or, is it forever good for just this computer? Or is it for me to use at any time on any device?
  2. Simply quitting Ricochet ends the Tor hidden service on my computer, is that correct?
  3. What happens with a message I send if the intended recipient isn't online with Ricochet until a couple hours later - A) And I am still online with Ricochet? B) And I am no longer online with Ricochet?
  4. When I use Ricochet should I first stop all other internet activity on my computer? It is not clear to me if having non-TOR connections active on my computer at the same time Ricochet is active compromises the security or privacy or anonymity of either Ricochet or of other active non-TOR applications.

  1. Your Ricochet ID remains the same (intended) unless you delete ~/.config/ricochet-refresh/ricochet.json.

  2. Yes, Ricochet has its own Tor bundled. Upon quitting the application, that instance of Tor will end.

  3. I am unsure about leaving offline messages.

  4. It would not make a difference. You do not have to stop all other Internet activity.

wyot1 commented 1 year ago

3 A) It will attempt to deliver it as long as you have it running. Of course it's highly inefficient energy wise, but some people just leave the PC running. B) As soon as you close it, it's gone.

You can tell by the slightly gray background turning more opaque.

pospeselr commented 11 months ago

I couldn't find documentation, I hope it is okay to ask this here.

When I first start Ricochet_Refresh after installing it, it gave me an ID#. Is that good for only the current session of Ricochet, but when I restart Ricochet I should expect to get a new number? Or, is that good for only the current session of the computer, but when I restart my computer i would get a new number? Or, is it forever good for just this computer? Or is it for me to use at any time on any device?

As mentioned before, your Ricochet ID persist and is stored in your Ricochet-Refresh config json (where exactly depends on you platform). You can also have multiple profiles by specifying the profile directory with the first command-line argument:

$ ricochet-refresh /path/to/profile
Simply quitting Ricochet ends the Tor hidden service on my computer, is that correct?

Correct, the tor daemon's running state is tied to the parent Ricochet-Refresh process. 

What happens with a message I send if the intended recipient isn't online with Ricochet until a couple hours later -
A) And I am still online with Ricochet?

In this case the message should be delivered once the user comes online, provide you haven't shutdown Ricochet-Refresh in the interim.

B) And I am no longer online with Ricochet?

In this case the message is gone, Ricochet-Refresh has no offline-messaging capability.

When I use Ricochet should I first stop all other internet activity on my computer? It is not clear to me if having non-TOR connections active on my computer at the same time Ricochet is active compromises the security or privacy or anonymity of either Ricochet or of other active non-TOR applications.

Generally speaking, Ricochet-Refresh can happily run alongside other non-tor/clearnet applications. However, there are linkability concerns associated with running Ricochet-Refresh. Suppose for example you are always connected to an IRC server at the same time as you are running Ricochet-Refresh, and further suppose your adversary knows both your IRC handle and your Ricochet-Refresh ID. Further suppose you have a habit of shutting down your laptop to go to bed at night. With enough instances of observing your Ricochet-Refresh and your IRC online status, an adversary could correlate or 'link' these accounts together.

This sort of linkability concern isn't unique to Ricochet-Refresh (and will be somewhat mitigated by switching to a gosling based backend) but depending on your use case and the above scenario being in your threat model, you may want to avoid using Ricochet-Refresh alongside other trackable services.

You can read more on this sort of issue in https://github.com/blueprint-freespeech/ricochet-refresh/issues/73