ricochet
ricochet copied to clipboard
ricochet-im
mobile version(s)
It would be extremely good to have the ricochet IM on both of the main mobile platforms (android, IOS) as more and more people are ditching traditional computers for tablets and such.
It's absolutely possible to make versions of Ricochet for mobile. It's not my immediate priority, but here are some notes:
In general, I'm skeptical of how well hidden services will function on mobile without some work on the tor side. I think we'll see issues with excessive wakeups, high bandwidth usage, and frequent connection dropping. It should still be usable, though, and those problems can be fixed.
#99 is relevant, because people using it on mobile probably want to use it from other systems as well.
Android
Look at the Guardian Project's work with Tor on Android. They've done the porting and tricks necessary to get it working.
The least-work implementation would be to build Ricochet using Qt for Android, and add a mobile-friendly UI.
iOS
More difficult to get Tor running, but people have done it. Qt can run for iOS as well, but the opensource version has issues with the app store. A non-Qt implementation would probably go over better.
Sailfish
Straightforward porting, Tor can be used just like it is on desktop. Just needs a UI.
I have no immediate plans to start working on this. If anyone wants to try, get in touch if I can help answer questions and solve problems.
If you can break out Ricochet into a libRicochet, we could easily add support for it into ChatSecure UI on both Android and iOS.
@n8fr8 Can you comment about @special's point about hidden services in general on mobile? Are they practical, given mobile's unique constraints?
https://copperhead.co/android/ and https://f-droid.org just partnered up to produce a hardened Android experience. Works on a lot of Nexus hardware.
If you could make an Android version and get it in the F-Droid store, you might be able to get it installed as a default communications app in Copperhead.
how about an html5 service running on your own desktop richochet with port forwarding for your phone. need to deal with dynamic ip, but that's been solved before. cert for connection auth..
Im not going even try recochet without mobile and web version. Forget about contributing part.
Hope you can decipher this message properly and change your priorities.
As a sidenote: consider traffic a big problem when you design an android (mobile) port. Antox fights with constant bugreports about "battery drain" and "high traffic" and "slow device", which are all, in fact, the result of distributed always-on traffic. If you realise at the beginning that these are baseline facts, communicate it and users expect it then you may survive the zombie^H^H^H^H^Hbugreporter attack. ;-)
Hidden service functionality in available and working in Orbot now. Not sure of what that means for this topic.
Also for iOS there's now Onion Browser which uses the Tor.framework. Again, if the project can be separated in a core module (libRicochet) and a graphical one as @n8fr8 says it may be way easier to port to iOS, Android and others.
It's not my immediate priority
nowadays most people find it more convenient to communicate by using their mobile devices instead of a portable laptop or a fixed desktop. if a communication project focuses on mobile, almost nobody will miss it's unavailability on desktop os. but if that project focuses on desktop version, almost nobody will use it at all
https://github.com/ricochet-im/ricochet/issues/115#issuecomment-100551556 is still the latest status as far as I'm aware.
There is also Briar which has some very good developers working on it. Briar also works over the LAN and Bluetooth.
There was a talk about it at congress: https://media.ccc.de/v/34c3-8937-briar
There is also Briar which has some very good developers working on it. Briar also works over the LAN and Bluetooth.
We're not looking for alternative software, but for a mobile version.
Why not a PWA instead of multiple native apps, having the cost of maintenance per OS?
You could have a a PWA run against your desktop at home with full encryption.. the Ricichet client itself doesn't need to be in the phone.
Honestly implementing that will render the anonymity provided by Ricochet completely useless. This requires a wealth of elements. You will need to expose a service from your home system bypassing NAT at you home system as well as possibly CGN. I can't stress enough how much extra effort this will require compared with implementing a true standalone version for mobile platforms.
(my future looking 2 cents)
A 'true', 'native' app may actually be detrimental to privacy.
Seeing the direction legislation is going, the path of least resistance for mobile phone manufacturers (and mobile OS companies) will be, upon lawful government request, to capture conversations using:
- keylogging (on the way in) before it enters the app. exposing the sender who uses the mobile app
- graphics subsystem text drawing primitives interception (on the way out) exposing even a sender using the desktop app if the message is rendered on the screen of a compromised mobile app user.
If that happens, the privacy preserving qualities of ricochet will be negated, or at least would have to be clarified with a disclaimer "Do not (you or your interlocutor) use this on mobile devices if you expect your phone to be susceptible to law enforcement data requests now or in future"
Some additional warning before sending the first message in a conversation, saying "your interlocutor is on a mobile device, proceed?" would help.
Granted, keylogging is also a problem with desktop OSes, but there, one has at least the choice to opt for a fully opensource OS like linux. Then for more paranoid people, one can switch it up one notch with a privacy preserving opensource OS, such as QubesOS and TailsOS. And for the real paranoid, one can use the OS on top of a TPM-less machine with open firmware. The rabbit hole goes deep, but at least one has options
For mobile, there is only the as-yet unreleased Librem. no options
For mobile, there is only the as-yet unreleased Librem.
@lestephane Have you looked into Replicant? It is a fully free software Android distribution that meets GNU FSDG. It has been around for years and runs on several devices.
As Replicant is stripped out of all proprietary components that are common on the Android stack (GPU driver too), you can be pretty sure there are no keyloggers or graphics interception in it.
