SoylentNews

_NSAKEY writes:

Wired has a story about Ricochet, a new custom IM client by John Brookes which lets users communicate over tor hidden services. From the article:

Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the “to” and “from” headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he’d made Ricochet’s code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

The article goes on to explain how Ricochet got into the spotlight:

Enter Invisible.im, a group formed by Australian security journalist Patrick Gray. Last July, Gray announced that he was working with HD Moore, developer of the Metasploit Framework tool used by security researchers to pen-test systems, and with another respected security professional who goes by his hacker handle The Grugq, to craft a secure, open-source encrypted chat program cobbled together from parts of existing anonymity and messaging systems—such as Prosody, Pidgin and Tor. They wanted a system that was highly secure, user friendly and metadata-free. Gray says his primary motivation was to protect the anonymity of sources who contact journalists.

“At the moment, when sources contact a journalist, they’re going to leave a metadata trail, whether it’s a phone call record or instant message or email record [regardless of whether or not the content of their communication is encrypted],” he says. “And that data is currently accessible to authorities without a warrant.”

When Brooks wrote to say he’d already designed a chat program that eliminated metadata, Gray and his group took a look at the code and quickly dropped their plan to develop their own tool, in favor of working with Brooks to develop his.

“He writes incredible code,” Gray says, “and really thinks like a hacker, even though he doesn’t have a security background.”