Using Ricochet IM inside Whonix ™
If you would like to experiment and try to fix it, you can find the archived documentation here.
For alternatives, see Chat.
Ricochet IM is is a portable, P2P, python chat application that is installed in Whonix ™ by default. It is the new successor to the unmaintained TorChat.  The Ricochet site describes how the application works: 
Ricochet uses the Tor network to reach your contacts without relying on messaging servers. It creates a hidden service, which is used to rendezvous with your contacts without revealing your location or IP address.
Instead of a username, you get a unique address that looks like ricochet:rs7ce36jsj24ogfw. Other Ricochet users can use this address to send a contact request - asking to be added to your contacts list.
You can see when your contacts are online, and send them messages (and soon, files!). Your list of contacts is only known to your computer - never exposed to servers or network traffic monitoring.
Everything is encrypted end-to-end, so only the intended recipient can decrypt it, and anonymized, so nobody knows where it’s going and where it came from.
In summary, the benefits of Ricochet IM include:
- No saving of chat history.
- Reliance on Tor onion services for identity creation.
- Encryption and authentication properties therefore match Tor's strength.
- The server-less design means no metadata is ever collected.
- An OTF sponsored audit in early 2016 only identified a few minor problems (since fixed).  
Whonix ™ Configuration
Add a Ricochet Python Profile
In Whonix-Gateway ™ (
sys-whonix), onion-grater requires some adjustments.
Extend onion-grater Whitelist
Modify Firewall Settings
In Whonix-Workstation ™ (
anon-whonix), the firewall requires some adjustments.
Modify Whonix-Workstation ™ User Firewall Settings
Reload Whonix-Workstation ™ Firewall.
In Whonix-Workstation ™ (
anon-whonix), launch ricochet either through the start menu or from the command line.
Backup/Restore Ricochet ID
Ricochet identities are ephemeral by design, meaning on program restart, a new identity will be generated and the last one with the added contacts will be lost. This is safer as long lived identities are easier to track over time. However one can preserve a certain username string and re-use it.
ricochet.json in the config directory path below which contains the private key under
You need to replace
/path/to/backup/location with the actual location of your backup folder.
cp /home/user/.local/share/Ricochet/ricochet/ricochet.json /path/to/backup/location
For now this is enough. Alternatively you could also backup the whole folder
cp -r /home/user/.local/share/Ricochet /path/to/backup/location
- https://github.com/ricochet-im/ricochet/issues/30 [archive]
- https://ricochet.im/ [archive]
- https://ricochet.im/files/ricochet-ncc-audit-2016-01.pdf [archive]
- https://en.wikipedia.org/wiki/Ricochet_(software) [archive]
- By using Whonix ™, additional protections are in place for greater security.
- This application requires access to Tor's control protocol.
- In the Whonix ™ context, Tor's control protocol has dangerous features. The Tor control command GETINFO address reveals the real, external IP of the Tor client.
- Whonix ™ provides onion-grater, a Tor Control Port Filter Proxy - filtering dangerous Tor Control Port commands.
- When this application is run inside Whonix ™ with an onion-grater whitelist extension, this will limit application rights to Tor control protocol access only. Non-whitelisted Tor control commands such as GETINFO address are rejected by onion-grater in these circumstances.
- During the application's normal operations it should not attempt to use dangerous Tor control commands such as GETINFO address. In the event the application or Whonix-Workstation ™ are compromised, this command would be rejected.
- In comparison, if the application is run on a non-Tor focused operating system like Debian, it will have unlimited access to Tor's control protocol (a less secure configuration).
- If the (non-)Whonix platform is used to host onion services, then running applications are more vulnerable to attacks against the Tor network compared to when Tor is solely used as a client; see also Onion Services Security.
/usr/local/etc/onion-grater-merger.d/because that onion-grater settings folder is persistent in Qubes-Whonix ™ TemplateBased ProxyVMs i.e. Whonix-Gateway ™ (commonly called
sys-whonix). Non-Qubes-Whonix ™ users could also utilize
/etc/onion-grater-merger.d/. Qubes-Whonix ™ users could also utilize
/etc/onion-grater-merger.d/must be made persistent, which means doing this procedure inside the Whonix-Gateway ™ TemplateVM (commonly called
whonix-gw-15) and then restarting the Whonix-Gateway ™ ProxyVM or using bind-dirs [archive]. Both techniques are more complicated than simply using
/usr/local/etc/onion-grater-merger.d/, since it is persistent either way. Further, it even allows multiple Whonix-Gateway ™ ProxyVMs based on the same Whonix-Gateway ™ TemplateVM; for example, one Whonix-Gateway ™ ProxyVM extending and relaxing onion-grater's whitelist and the other Whonix-Gateway ™ ProxyVM having the default onion-grater whitelist which is more restrictive.
- https://github.com/ricochet-im/ricochet/issues/577 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)