[guardian-dev] Interesting project opportunity: Ricochet on Android

Chris Ballinger chrisballinger at gmail.com
Thu Aug 6 15:27:47 EDT 2015

Ricochet looks really cool and I've been following it from afar for a while.

I'm very excited about something similar to finally address the biggest
single point of weakness/failure for XMPP, which is the fact that you're
often still sending all your communications and contacts to 3rd party XMPP
servers. Right now setting up your own server is reserved for people who
can navigate a Linux command line, buy domain, buy SSL certs, secure the
server, keep it updated, adjust arcane configuration files, etc. We can fix
all that.

Host a minimal Prosody server inside an Android/Java Lua wrapper that runs
behind a .onion to make it universally addressable (even when behind
carrier-grade NAT). Allow easy automated setup / provisioning for client
apps, and you've got something reasonably secure against many of the
problems associated with running servers on 3rd party cloud providers.
Would also be good to disable federation to reduce data leakage, and make
sure users enable Android full disk encryption.

On Thu, Aug 6, 2015 at 10:51 AM, Nathan of Guardian <
nathan at guardianproject.info> wrote:

> If you haven't heard of Ricochet, it is a new-ish peer-to-peer messaging
> system that works over Tor Hidden Services. It is similar to TorChat,
> but seems to work better, is design better, and in general, the team
> behind it has done a better job engaging with the Tor community.
> https://ricochet.im/
> https://github.com/ricochet-im/ricochet
> Now, of course, I'm interested in bringing this service to Android, and
> there a few ways to do so. Here's the open issue on Github discussing
> this:
> https://github.com/ricochet-im/ricochet/issues/115
> The first is to use QT for Android, and cross-compile the entire
> codebase into an APK. I've started on this, and it is a bit of a chore,
> but it should work technically. I think what you'll end up with though
> is not a great user experience.
> The second option is for us to support Ricochet within ChatSecure. We
> have a highly extensible protocol plug-in layer that we have never
> really exploited properly, and I think we can easily plug the Ricochet
> protocol into that. You would even get OTR and OTRDATA running on top of
> it, which would be pretty cool.
> To do this, we either need the Ricochet C++ code to be turned into a JNI
> library, or we need someone to implement the Ricochet protocol in Java:
> https://github.com/ricochet-im/ricochet/blob/master/doc/protocol.md#contact-request-channel
> This is really just an idea I am throwing out there, perhaps worthy of a
> hackathon effort, and I have no real idea where it could go. I am still
> a huge fan of XMPP+OTR+Tor (aka "XMPPSecure+Private") but I would also
> like to see the UI and Usability we have created with ChatSecure
> leverage into other great potential new protocols like Ricochet and Pond
> (oi, that is another project - PondLib Go-to-Android port!).
> Btw, if you want to reach me on Ricochet, I am at:
> ricochet:z3apuhaum7wxrpmw
> --
>   Nathan of Guardian
>   nathan at guardianproject.info
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150806/2d7c052b/attachment.html>

More information about the guardian-dev mailing list