
'Ricochet', the Messenger That Beats Metadata, Passes Security Audit - LeoPanthera
http://motherboard.vice.com/read/ricochet-encrypted-messenger-tackles-metadata-problem-head-on
======
tptacek
Jesse Hertz, one of the authors of the audit report and presumably the lead of
the project, is fantastic. But this is an extremely silly story. Random
messaging apps have security audits like these all the time. What does it mean
to "pass" one? I don't know, and I cofounded the team Jesse works for!

The more interesting story here is about OTF. OTF is an offshoot of Radio Free
Asia and is funded directly by Congress. For the past 5 years or so, they've
been funding audits of _all_ the open source crypto applications, from Signal
to Cryptocat (don't use Cryptocat).

I'm surprised I don't hear nice things about OTF more often. They're doing
more to improve consumer crypto security than a lot of other organizations.

~~~
narrowrail
Have you never been paid to 'audit' the code and/or architecture of a
company's operations? It's not my forte, but I assumed some process of the
sort was occurring.

Anyway, beyond OTF, do you have any opinion on Ricochet (the project
theoretically under discussion), it seems to be a project with admirable goals
and an interesting take (though I'm not interested in 'real-time' messaging):

[https://github.com/ricochet-im/ricochet](https://github.com/ricochet-
im/ricochet)

------
newman314
I'll repeat what I've said previously which is I'm still hoping for an app
that combines the features of Ricochet, Signal and Burner with multi platform
support.

That would be my dream app.

~~~
anon4
And one that doesn't use my phone number as a user name.

~~~
akerro
And doesn't send metadata by Googles/any other corporation networks.

~~~
mikecb
Who else builds networks?

~~~
droffel
I believe that it could theoretically be built as a Decentralized Application
using the Ethereum platform.

Disclaimer: I own Bitcoin and Monero. I do not currently own any Ethereum, and
have no vested interest in its success.

~~~
mikecb
How does ethereum run without AT&T, Deuthche, NTT, Telefonica, Verizon, etc.

You're always on someone else's network.

------
mtgx
It may pass security audit, but Tor hidden services haven't proven to be a
highly secure system and the Tor Project itself wants to overhaul it.

------
atrudeau
Does Apple allow software that uses Tor on the App Store?

~~~
dingarkous
[https://itunes.apple.com/us/app/onion-
browser/id519296448?mt...](https://itunes.apple.com/us/app/onion-
browser/id519296448?mt=8&at=10l9R4)

