I'd rather not appeal to authority or social graphs to decide what's worth using.
Pond and Ricochet both use Tor, but they are very different. Pond has a server, while Ricochet does not. Pond uses the Axolotl Ratchet. Here's how Ricochet is designed: https://github.com/ricochet-im/ricochet/blob/master/doc/design.md It's great that someone is working on some highly anonymous chat, and I hope the project matures and that we can all learn something from it, but I don't think this or any peer to peer system is practical for mass adoption. Most people want to be able to send a message at any time, then turn off their device. And nobody wants to lose incoming messages just because they go offline for a short while. ________________________________ From: Messaging <[email protected]> on behalf of [email protected] <[email protected]> Sent: Friday, September 19, 2014 4:31 PM To: Tim Bray Cc: messaging Subject: Re: [messaging] fyi: metadata-eliminating tor-based chat program: Ricochet The person who goes the by pseudonym "the grunq" is very knowledgeable member of the security community based on his excellent blog, twitter account and social graph. His contribution to and endorsement of this project seems to be the reason to take it seriously. I haven't taken a close look at the protocol yet but I expect it would be reasonably well informed by the prior efforts in this space. Pond's design seems to indicate that if can assume the directory of contacts-> cryptographic identities doesn't leak metadata and you provide enough cover traffic to the Tor network you can provide metadata protection of messaging against a global passive network attacker. From what I've read so far, Richochet seems to something along the same lines. On Fri, Sep 19, 2014 at 1:38 PM, Tim Bray <[email protected]<mailto:[email protected]>> wrote: A number of things about this one made me kind of uneasy. The clichéd tone of the article "high-school dropout trumps NSA!" The complete absence of input from anyone who wasn't a project insider, and the dissing of competitors who are actually shipping working software. I mentioned on Twitter that a couple of things about the story made my BS filter twitch, and I got slimed by multiple project partisans (nobody I've ever heard of) for being a hater, etc. I looked at the github repo and if any development is actually happening, it's not there; no commits to the actual code for a couple months. Now, none of those things in & of itself is reason to dismiss Ricochet, but I have to say my BS filter is doing more than twitching. On Fri, Sep 19, 2014 at 12:32 PM, =JeffH <[email protected]<mailto:[email protected]>> wrote: this is just fyi/fwiw, I haven't investigated this other than skimming the article.. Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying [ricochet] http://www.wired.com/2014/09/new-encrypted-chat-program-thwarts-nsa-eliminating-metadata https://github.com/ricochet-im/ricochet also mentioned.. Wickr Tox TorChat _______________________________________________ Messaging mailing list [email protected]<mailto:[email protected]> https://moderncrypto.org/mailman/listinfo/messaging -- - Tim Bray (If you'd like to send me a private message, see https://keybase.io/timbray) _______________________________________________ Messaging mailing list [email protected]<mailto:[email protected]> https://moderncrypto.org/mailman/listinfo/messaging
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
