Updates? "Is Ricochet Dead?"

Some users claimed on Reddit that Ricochet is dead. That's because the last upload is 2016.
Half of 2017 passed, and it's time to release new version. As a daily ricochet user, I want to ask - what the hell is going on?

Here's some important things(high priority than UI update):

• Layer stronger cryptography on top of hidden services #72 (OTR+TLS encryption)
• HiddenServiceAuth support.
• Update Tor, or detach it from package and use Tor Browser's tor.

Anyone can create a private_key using scallion(or other tool) with GPUs, so it's bad to rely only
on Tor's hidden service protocol. OTR+TLS encryption is necessary to make sure Ricochet is talking to the
right person.

I also want to use HiddenServiceAuth soon. I also want to see multiple profile support, so I
can use onion A to talk with A, onion B to talk with B, C, and so on.

Also, Tor 0.3.x will introduce xxxxxxxxxxxxxxxxxxxxxxxxxxxx(very long).onion soon(late 2017).
Are you ready for this?

[distbit0]

Yeah I would like to see some more development going on with this amazing project. I would definitely consider contributing to this if it was in a language that I know much about. Pls keep developing this amazing project!

If anyone is using Twitter, please let him know this issue.

https://twitter.com/jbrooks_?lang=en

(Twitter blocked Tor registration so no go to me)

[s-rah]

Hi, I don't speak for @special, but I think some context might be useful.

There is currently a bunch of (official|unofficial) work going on in the wider ecosystem - most of it related to factoring out the base library[1] to go to make it more useful as well as porting the main client to go[2].

There are also a few experiments regarding running on mobile[3] and using ricochet and these other libraries for other things besides traditional IM[4].

Most of this wider work has been updated within the last couple of weeks, ricochet is still actively being worked on & used - just not in the most visible places right now.

Some of the features you have pointed to are sitting waiting for someone to come along and design/write them. For most there is a lot of UX work that needs to be done in order for these features (layered crypto, hidden service auth, multiple profiles etc.) to be secure & useable.

In many cases, adding them to the new Go code might be preferable in terms of ease of implementation. That is partly why work is being put into the libraries there, to make new changes to ricochet as easy and as useful as possible. These libraries are also in development right now, and it may take a little while before everything comes together.

So the best thing people can do right now if they want to move these things along is to contribute to the discussions on the feature threads if they have ideas about how those features could work & to submit code/pull requests to the various code bases.

Thanks,
Sarah

[1] https://github.com/s-rah/go-ricochet
[2] https://github.com/ricochet-im/ricochet-go
[3] https://github.com/dballard/goRicochetMobile
[4] https://motherboard.vice.com/en_us/article/wjnwgb/we-anonymously-controlled-a-dildo-through-the-tor-network

[rburchell]

I think @s-rah's given a pretty useful summary already. No, ricochet is not dead. It's just continuing at the pace of the current people working on it. That might not be the fastest pace in the universe at times, but that's just the way life is. If you aren't happy with that pace, the beauty of open source is that you have the freedom to contribute as you see fit.

This includes releases: it may be super easy to rely on the officially provided binaries, but if you don't want to do so for any reason (as you seem to imply), you don't have to do that. Hopefully new ones will come along sooner rather than later, though.

Given that the original topic has been pretty well covered, I'll close this as-is (even though I'm not @special either). If there's concrete feature requests that don't already exist, then please feel free to open them individually.

[burdges]

I think briar basically operates on Tor hidden services if you just want a messenger with a similar threat model on a mobile device.

[odiferousmint]

• Update Tor, or detach it from package and use Tor Browser's tor.

Not a good idea to depend on a browser. I hope that this is not what is being suggested here.