> This of course does imply that you need to trust you contacts aren't cops.
What happens if you find it out after the fact? Just regenerate everything and re-add friends? How much would it compromise though to have a friend that turns out to be a cop?
It does not, but work is happening in a (currently local) alpha branch on this. Unfortunately it is not a simple task and is more akin to a complete re-write in scope.
> What happens if you find it out after the fact? Just regenerate everything and re-add friends?
Currently your only recourse is to stop using your compromised id, create a new one, and re-add all your trusted contacts.
> How much would it compromise though to have a friend that turns out to be a cop?
It depends. Are you the kind of target with actual intelligence agencies interested in unmasking you?
We presume that similar finger-printing attacks are still possible but harder than they were in 2020 due to upstream changes in tor and the tor network. However, in principle cyber-stalking and the power to somehow own (i.e. run your own, hack, tap, subpoena, etc) guard nodes (and luck so that your target goes through these guard nodes) are all you need to do guard discovery. And once one knows the target's guard, you 'just' need to figure out who the guard is talking to and from there the target can be de-anonyimised.
If you find out one of your contacts is malicious and you cut off their access then you're 'fine' going forward presuming they didn't already compromise you. They would essentially have to completely start over (i.e. discover your new identity, get you to add them as a friend, wait for you to go through a friendly guard node, etc).
--
One thing that is important to bring in perspective here is that it is not easy to do this and it does take significant resources/attention to do. It takes luck, time, and particular positioning in/around the tor network (e.g. running malicious relays, dragnet surveillance, etc). The lesson to take here isn't 'oh shit ricochet/tor/whatever is broken use something else instead'.
These types of events get a lot of media attention and focus on the failures without anyone pointing out 'hey yeah everything else is non-anonymous by default'. If the target had been using AIM or something this wouldn't show up on anyone's radar because of course that shit is broken (how many times now has leakers of military secrets on Discord been identified and prosecuted?).
For the majority of users that don't have a line item in the NSA's budget dedicated to hunting them down, Ricochet-Refresh and tor in general are fine and will keep you anonymous (presuming you don't dox yourself XD). And, even if the feds are out to get you, you're still 'fine' using Ricochet-Refresh (based on what we know) so long as you keep your onion-service id secret and shared with only trusted people.
You guys should make it easier to donate (GitHub, link to patreon, liberapay, etc.). I cannot find an obvious way to do so with low effort or not much friction.
Ricochet-Refresh and Gosling are maintained by Blueprint For Free Speech (an Australia+Germany-based non-profit), and it looks like we've a donation page here:
Thank you a lot for the write up!
> This of course does imply that you need to trust you contacts aren't cops.
What happens if you find it out after the fact? Just regenerate everything and re-add friends? How much would it compromise though to have a friend that turns out to be a cop?