Using Ricochet IM inside Whonix

From Whonix
Jump to navigation Jump to search

Unsupported because it is broken since Whonix 15 despite all efforts to fix

If you would like to experiment and try to fix it, you can find the archived documentation here.

For alternatives, see Chat. Advanced users can also attempt to install Ricochet (, although preliminary tests in Whonix 16 have proven unsuccessful. [1]


Ricochet IM is is a portable, P2P, python chat application that is installed in Whonix by default. It is the new successor to the unmaintained TorChat. [2] The Ricochet site describes how the application works: [3]

Ricochet uses the Tor network to reach your contacts without relying on messaging servers. It creates a hidden service, which is used to rendezvous with your contacts without revealing your location or IP address.

Instead of a username, you get a unique address that looks like ricochet:rs7ce36jsj24ogfw. Other Ricochet users can use this address to send a contact request - asking to be added to your contacts list.

You can see when your contacts are online, and send them messages (and soon, files!). Your list of contacts is only known to your computer - never exposed to servers or network traffic monitoring.

Everything is encrypted end-to-end, so only the intended recipient can decrypt it, and anonymized, so nobody knows where it’s going and where it came from.

In summary, the benefits of Ricochet IM include:

  • No saving of chat history.
  • Reliance on Tor onion services for identity creation.
    • Encryption and authentication properties therefore match Tor's strength.
  • The server-less design means no metadata is ever collected.
  • An OTF sponsored audit in early 2016 only identified a few minor problems (since fixed). [4] [5]

Whonix Configuration[edit]

This application requires incoming connections through a Tor onion service. Supported Whonix-Gateway modifications are therefore necessary for full functionality; see instructions below.

For better security, consider using Multiple Whonix-Gateway and Multiple Whonix-Workstation. In any case, Whonix is the safest choice for running it. [6]

Ricochet should be fully functional in Whonix. If any problems are encountered, please leave comments on the open Phabricator

Add a Ricochet Python Profile[edit]

In Whonix-Gateway (sys-whonix), onion-grater requires some adjustments.

Extend the onion-grater whitelist in Whonix-Gateway (sys-whonix).

On Whonix-Gateway.

Add onion-grater profile.

sudo onion-grater-add 40_ricochet

Modify Firewall Settings[edit]

In Whonix-Workstation (anon-whonix), the firewall requires some adjustments.

Modify Whonix-Workstation User Firewall Settings

Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.

If using Qubes-Whonix, complete these steps.
In Whonix-Workstation App Qube. Make sure folder /usr/local/etc/whonix_firewall.d exists.

sudo mkdir -p /usr/local/etc/whonix_firewall.d

Qubes App Launcher (blue/grey "Q")Whonix-Workstation App Qube (commonly called anon-whonix)Whonix User Firewall Settings

If using a graphical Whonix-Workstation, complete these steps.

Start MenuApplicationsSystemUser Firewall Settings

If using a terminal-only Whonix-Workstation, complete these steps.

Open file /usr/local/etc/whonix_firewall.d/50_user.conf with root rights.

sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

For more help, press on Expand on the right.

Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_whonix_workstation_default.conf.

The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_whonix_workstation_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When {{project_name_short}} is updated, this
## file may be overwritten.

Also see: Whonix modular flexible .d style configuration folders.

To view the file, follow these instructions.

If using Qubes-Whonix, complete these steps.

Qubes App Launcher (blue/grey "Q")Template: whonix-workstation-17Whonix Global Firewall Settings

If using a graphical Whonix-Workstation, complete these steps.

Start MenuApplicationsSettingsGlobal Firewall Settings

If using a terminal-only Whonix-Workstation, complete these steps.

In Whonix-Workstation, open the whonix_firewall configuration file in an editor. nano /etc/whonix_firewall.d/30_whonix_workstation_default.conf




Reload Whonix-Workstation Firewall.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation App Qube (commonly named anon-whonix)Reload Whonix Firewall

If you are using a graphical Whonix-Workstation, complete the following steps.

Start MenuApplicationsSystemReload Whonix Firewall

If you are using a terminal-only Whonix-Workstation, run. sudo whonix_firewall

Start Ricochet[edit]

In Whonix-Workstation (anon-whonix), launch ricochet either through the start menu or from the command line.


Backup/Restore Ricochet ID[edit]

Ricochet identities are ephemeral by design, meaning on program restart, a new identity will be generated and the last one with the added contacts will be lost. This is safer as long lived identities are easier to track over time. However one can preserve a certain username string and re-use it.

Backup ricochet.json in the config directory path below which contains the private key under identity in serviceKey. [7]

You need to replace /path/to/backup/location with the actual location of your backup folder.

cp /home/user/.local/share/Ricochet/ricochet/ricochet.json /path/to/backup/location

For now this is enough. Alternatively you could also backup the whole folder /home/user/.local/share/Ricochet.

cp -r /home/user/.local/share/Ricochet /path/to/backup/location


  1. Ricochet Refresh fails to complete the Tor bootstrapping process.
  6. Security considerations:
    • By using Whonix, additional protections are in place for greater security.
    • This application requires access to Tor's control protocol.
    • In the Whonix context, Tor's control protocol has dangerous features. The Tor control command GETINFO address reveals the real, external IP of the Tor client.
    • Whonix provides onion-grater, a Tor Control Port Filter Proxy - filtering dangerous Tor Control Port commands.
    • When this application is run inside Whonix-Gateway with an onion-grater whitelist extension, this will limit Whonix-Workstation application rights to Tor control protocol access only. Non-whitelisted Tor control commands such as GETINFO address are rejected by onion-grater in these circumstances. In the event Whonix-Workstation, it can't determine its own IP address via requesting to Tor Controller, as onion-grater filters the reply.
    • In comparison, if the application is run on a non-Tor focused operating system like Debian, it will have unlimited access to Tor's control protocol (a less secure configuration).
    • If the (non-)Whonix platform is used to host onion services, then running applications are more vulnerable to attacks against the Tor network compared to when Tor is solely used as a client; see also Onion Services Security.
    In conclusion, Whonix is the safest and correct choice for running this application.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!