New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates? "Is Ricochet Dead?" #555

Closed
ghost opened this Issue Aug 19, 2017 · 5 comments

Comments

Projects
None yet
4 participants
@ghost

ghost commented Aug 19, 2017

Some users claimed on Reddit that Ricochet is dead. That's because the last upload is 2016.
Half of 2017 passed, and it's time to release new version. As a daily ricochet user, I want to ask - what the hell is going on?

Here's some important things(high priority than UI update):

  • #72 (OTR+TLS encryption)
  • HiddenServiceAuth support.
  • Update Tor, or detach it from package and use Tor Browser's tor.

Anyone can create a private_key using scallion(or other tool) with GPUs, so it's bad to rely only
on Tor's hidden service protocol. OTR+TLS encryption is necessary to make sure Ricochet is talking to the
right person.

I also want to use HiddenServiceAuth soon. I also want to see multiple profile support, so I
can use onion A to talk with A, onion B to talk with B, C, and so on.

Also, Tor 0.3.x will introduce xxxxxxxxxxxxxxxxxxxxxxxxxxxx(very long).onion soon(late 2017).
Are you ready for this?

@picrypto

This comment has been minimized.

picrypto commented Aug 22, 2017

Yeah I would like to see some more development going on with this amazing project. I would definitely consider contributing to this if it was in a language that I know much about. Pls keep developing this amazing project!

@ghost

This comment has been minimized.

ghost commented Aug 22, 2017

If anyone is using Twitter, please let him know this issue.

https://twitter.com/jbrooks_?lang=en

(Twitter blocked Tor registration so no go to me)

@s-rah

This comment has been minimized.

Member

s-rah commented Aug 22, 2017

Hi, I don't speak for @special, but I think some context might be useful.

There is currently a bunch of (official|unofficial) work going on in the wider ecosystem - most of it related to factoring out the base library[1] to go to make it more useful as well as porting the main client to go[2].

There are also a few experiments regarding running on mobile[3] and using ricochet and these other libraries for other things besides traditional IM[4].

Most of this wider work has been updated within the last couple of weeks, ricochet is still actively being worked on & used - just not in the most visible places right now.

Some of the features you have pointed to are sitting waiting for someone to come along and design/write them. For most there is a lot of UX work that needs to be done in order for these features (layered crypto, hidden service auth, multiple profiles etc.) to be secure & useable.

In many cases, adding them to the new Go code might be preferable in terms of ease of implementation. That is partly why work is being put into the libraries there, to make new changes to ricochet as easy and as useful as possible. These libraries are also in development right now, and it may take a little while before everything comes together.

So the best thing people can do right now if they want to move these things along is to contribute to the discussions on the feature threads if they have ideas about how those features could work & to submit code/pull requests to the various code bases.

Thanks,
Sarah

[1] https://github.com/s-rah/go-ricochet
[2] https://github.com/ricochet-im/ricochet-go
[3] https://github.com/dballard/goRicochetMobile
[4] https://motherboard.vice.com/en_us/article/wjnwgb/we-anonymously-controlled-a-dildo-through-the-tor-network

@rburchell

This comment has been minimized.

Contributor

rburchell commented Aug 22, 2017

I think @s-rah's given a pretty useful summary already. No, ricochet is not dead. It's just continuing at the pace of the current people working on it. That might not be the fastest pace in the universe at times, but that's just the way life is. If you aren't happy with that pace, the beauty of open source is that you have the freedom to contribute as you see fit.

This includes releases: it may be super easy to rely on the officially provided binaries, but if you don't want to do so for any reason (as you seem to imply), you don't have to do that. Hopefully new ones will come along sooner rather than later, though.

Given that the original topic has been pretty well covered, I'll close this as-is (even though I'm not @special either). If there's concrete feature requests that don't already exist, then please feel free to open them individually.

@rburchell rburchell closed this Aug 22, 2017

@burdges

This comment has been minimized.

Contributor

burdges commented Aug 22, 2017

I think briar basically operates on Tor hidden services if you just want a messenger with a similar threat model on a mobile device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment