Unsupported because it is broken since Whonix ™ 15 despite all efforts to fix it ^[archive].

If you would like to experiment and try to fix it, you can find the archived documentation here.

For alternatives, see Chat. Advanced users can also attempt to install Ricochet Refresh ^[archive] (GitHub ^[archive]), although preliminary tests in Whonix ™ 16 have proven unsuccessful. ^[1]

Introduction[edit]

Ricochet IM is is a portable, P2P, python chat application that is installed in Whonix ™ by default. It is the new successor to the unmaintained TorChat. ^[2] The Ricochet site describes how the application works: ^[3]

Ricochet uses the Tor network to reach your contacts without relying on messaging servers. It creates a hidden service, which is used to rendezvous with your contacts without revealing your location or IP address.
Instead of a username, you get a unique address that looks like ricochet:rs7ce36jsj24ogfw. Other Ricochet users can use this address to send a contact request - asking to be added to your contacts list.
You can see when your contacts are online, and send them messages (and soon, files!). Your list of contacts is only known to your computer - never exposed to servers or network traffic monitoring.
Everything is encrypted end-to-end, so only the intended recipient can decrypt it, and anonymized, so nobody knows where it’s going and where it came from.

In summary, the benefits of Ricochet IM include:

No saving of chat history.
Reliance on Tor onion services for identity creation.
- Encryption and authentication properties therefore match Tor's strength.
The server-less design means no metadata is ever collected.
An OTF sponsored audit in early 2016 only identified a few minor problems (since fixed). ^[4] ^[5]

Whonix ™ Configuration[edit]

This application requires incoming connections through a Tor onion service. Supported Whonix-Gateway ™ modifications are therefore necessary for full functionality; see instructions below.

For better security, consider using Multiple Whonix-Gateway ™ and Multiple Whonix-Workstation ™. In any case, Whonix ™ is the safest choice for running it. ^[6]

Ricochet should be fully functional in Whonix ™. If any problems are encountered, please leave comments on the open Phabricator ticket ^[archive].

Add a Ricochet Python Profile[edit]

In Whonix-Gateway ™ (sys-whonix), onion-grater requires some adjustments.

Extend the onion-grater whitelist in Whonix-Gateway ™ (sys-whonix).

On Whonix-Gateway ™. ^[7] ^[8]

Add onion-grater profile.

sudo onion-grater-add 40_ricochet

sudo onion-grater-add 40_ricochet

Modify Firewall Settings[edit]

In Whonix-Workstation ™ (anon-whonix), the firewall requires some adjustments.

Modify Whonix-Workstation ™ User Firewall Settings

Note: If no changes have yet been made to Whonix ™ Firewall Settings, then the Whonix ™ User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.

If using Qubes-Whonix ™, complete these steps.
In Whonix-Workstation ™ App Qube. Make sure folder /usr/local/etc/whonix_firewall.d exists.

sudo mkdir -p /usr/local/etc/whonix_firewall.d

sudo mkdir -p /usr/local/etc/whonix_firewall.d

Qubes App Launcher (blue/grey "Q") → Whonix-Workstation ™ App Qube (commonly called anon-whonix) → Whonix ™ User Firewall Settings

If using a graphical Whonix-Workstation ™, complete these steps.

Start Menu → Applications → System → User Firewall Settings

If using a terminal-only Whonix-Workstation ™, complete these steps.

Open /usr/local/etc/whonix_firewall.d/50_user.conf with root rights.

sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

For more help, press on Expand on the right.

Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_whonix_workstation_default.conf.

The Whonix ™ Global Firewall Settings File /etc/whonix_firewall.d/30_whonix_workstation_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When {{project_name}} is updated, this
## file may be overwritten.

Also see: Whonix modular flexible .d style configuration folders.

To view the file, follow these instructions.

If using Qubes-Whonix ™, complete these steps.

Qubes App Launcher (blue/grey "Q") → Template: whonix-ws-16 → Whonix Global Firewall Settings

If using a graphical Whonix-Workstation ™, complete these steps.

Start Menu → Applications → Settings → Global Firewall Settings

If using a terminal-only Whonix-Workstation ™, complete these steps.

In Whonix-Workstation ™, open the whonix_firewall configuration file in an editor.

nano /etc/whonix_firewall.d/30_whonix_workstation_default.conf

nano /etc/whonix_firewall.d/30_whonix_workstation_default.conf

Add.

EXTERNAL_OPEN_ALL=true

EXTERNAL_OPEN_ALL=true

Save.

Reload Whonix-Workstation ™ Firewall.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Whonix-Workstation ™ App Qube (commonly named anon-whonix) → Reload Whonix ™ Firewall

If you are using a graphical Whonix-Workstation ™, complete the following steps.

Start Menu → Applications → System → Reload Whonix ™ Firewall

If you are using a terminal-only Whonix-Workstation ™, run.

sudo whonix_firewall

sudo whonix_firewall

Start Ricochet[edit]

In Whonix-Workstation ™ (anon-whonix), launch ricochet either through the start menu or from the command line.

ricochet

ricochet

Backup/Restore Ricochet ID[edit]

Ricochet identities are ephemeral by design, meaning on program restart, a new identity will be generated and the last one with the added contacts will be lost. This is safer as long lived identities are easier to track over time. However one can preserve a certain username string and re-use it.

Backup ricochet.json in the config directory path below which contains the private key under identity in serviceKey. ^[9]

You need to replace /path/to/backup/location with the actual location of your backup folder.

cp /home/user/.local/share/Ricochet/ricochet/ricochet.json /path/to/backup/location

cp /home/user/.local/share/Ricochet/ricochet/ricochet.json /path/to/backup/location

For now this is enough. Alternatively you could also backup the whole folder /home/user/.local/share/Ricochet.

cp -r /home/user/.local/share/Ricochet /path/to/backup/location

cp -r /home/user/.local/share/Ricochet /path/to/backup/location

Footnotes[edit]

↑ Ricochet Refresh fails to complete the Tor bootstrapping process.
↑ https://github.com/ricochet-im/ricochet/issues/30 ^[archive]
↑ https://ricochet.im/ ^[archive]
↑ https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf ^[archive]
↑ https://en.wikipedia.org/wiki/Ricochet_(software) ^[archive]
↑
Security considerations:
- By using Whonix ™, additional protections are in place for greater security.
- This application requires access to Tor's control protocol.
- In the Whonix ™ context, Tor's control protocol has dangerous features. The Tor control command GETINFO address reveals the real, external IP of the Tor client.
- Whonix ™ provides onion-grater, a Tor Control Port Filter Proxy - filtering dangerous Tor Control Port commands.
- When this application is run inside Whonix ™ with an onion-grater whitelist extension, this will limit application rights to Tor control protocol access only. Non-whitelisted Tor control commands such as GETINFO address are rejected by onion-grater in these circumstances.
- During the application's normal operations it should not attempt to use dangerous Tor control commands such as GETINFO address. In the event the application or Whonix-Workstation ™ are compromised, this command would be rejected.
- In comparison, if the application is run on a non-Tor focused operating system like Debian, it will have unlimited access to Tor's control protocol (a less secure configuration).
- If the (non-)Whonix platform is used to host onion services, then running applications are more vulnerable to attacks against the Tor network compared to when Tor is solely used as a client; see also Onion Services Security.
In conclusion, Whonix ™ is the safest and correct choice for running this application.
↑ Using /usr/local/etc/onion-grater-merger.d/ because that onion-grater settings folder is persistent in Qubes-Whonix ™ TemplateBased ProxyVMs i.e. Whonix-Gateway ™ (commonly called sys-whonix). Non-Qubes-Whonix ™ users could also utilize /etc/onion-grater-merger.d/. Qubes-Whonix ™ users could also utilize /etc/onion-grater-merger.d/ but then /etc/onion-grater-merger.d/ must be made persistent, which means doing this procedure inside the Whonix-Gateway ™ TemplateVM (commonly called whonix-gw-16) and then restarting the Whonix-Gateway ™ ProxyVM or using bind-dirs ^[archive]. Both techniques are more complicated than simply using /usr/local/etc/onion-grater-merger.d/, since it is persistent either way. Further, it even allows multiple Whonix-Gateway ™ ProxyVMs based on the same Whonix-Gateway ™ TemplateVM; for example, one Whonix-Gateway ™ ProxyVM extending and relaxing onion-grater's whitelist and the other Whonix-Gateway ™ ProxyVM having the default onion-grater whitelist which is more restrictive.
↑
Previously manual instructions. No longer needed. onion-grater-add automates that.
```
sudo mkdir -p /usr/local/etc/onion-grater-merger.d/
```
sudo mkdir -p /usr/local/etc/onion-grater-merger.d/
Symlink the onion-grater profile to the onion-grater settings folder.
```
sudo ln -s {{{filename_new}}}.yml /usr/local/etc/onion-grater-merger.d/
```
sudo ln -s {{{filename_new}}}.yml /usr/local/etc/onion-grater-merger.d/
Restart onion-grater.
```
sudo service onion-grater restart
```
sudo service onion-grater restart
↑ https://github.com/ricochet-im/ricochet/issues/577 ^[archive]