Anonymous
2024-09-25 18:50:20 UTC
Statement from Ricochet-Refresh Regarding The Recent Stories in German
Media About Alleged Timing Attacks Affecting Our Users
Wednesday 18 September 2024
Several German media news outlets have run a story about
law enforcement agencies allegedly breaking the anonymity provided by
Tor and, with it, Ricochet-Refresh.
We would like to answer some questions on the matter to clarify the
facts from the hype.
1. Are you aware of cases where Ricochet users were de-anonymised? If
so, how? We are not aware of any cases where users of the current
version of Ricochet-Refresh have been de-anonymised. (Including this
alleged case, since no evidence of such was provided to us).
The reported attacks occurred 2019-2021, and we have substantially
updated the software to improve security since that time.
Some technical details from our end:
In particular, the vanguards-lite feature was introduced to
Ricochet-Refresh in version 3.0.12 in June of 2022, after upgrading to
the tor 0.4.7 series. Without being provided with the details of the
reported attack, we can not say definitively this feature would have
stopped it. However, we do know vanguards were introduced in part to
make this general class of attacks more difficult to pull off. Since
then, we have continued releasing regular updates which include
security updates from our upstream dependencies (including Tor).
2. What are these 'timing' attacks? Could they be applied to anonymous
communications? Do they breach the confidentiality of an online
conversation? Again, we have no proven details of the attack and it's
hard to respond to an incident when you can't see the documentation.
'Timing' attacks have been around for a while, nothing new there. They
can in theory unmask the identity of an anonymous end-user, but they do
not break open the content of a secret conversation. Generally the
attacker in this situation would need vast resources and enormous legal
powers to be successful - only the kind that a state could access.
The field of cybersecurity rarely offers absolute guarantees. If you
want to be perfectly private, you need to disconnect entirely from the
digital world. That's not a very practical solution for most people.
So you winnow down risk as far as possible. It's illogical to say
'because there is some very small risk, we should stop using technology
to protect ourselves'. Instead, the best choice is to opt for free,
open-source software like Ricochet-Refresh, which by design, gives you
enormously more privacy and anonymity than the vast majority of other
tools.
3. Is it at all possible for Ricochet-Refresh users to protect
themselves against such 'timing analyses'? If so, how? Ricochet-Refresh
is one of the safest ways to communicate online. The vast majority of
people using Ricochet-Refresh do not need to do anything to protect
themselves against timing analysis attacks.
In the overwhelming majority of cases, an attacker will not be able to
find someone's identity because they do not have these kinds of very
large resources.
As a purely precautionary measure, we suggest end-users who face
powerful attackers should limit the number of people to whom they
distribute their Ricochet-Refresh ID. In the context of
Ricochet-Refresh, most theoretical and practical attacks are only
possible if the adversary knows the ID of the target they are
attempting to de-anonymise
Note that the content of the message stays secret in the attack
scenarios described to us by the journalist who wrote the story.
4. Do you continue to improve Ricochet-Refresh' security?
We do. We provide monthly(ish) Ricochet-Refresh releases when upstream
dependencies (e.g. Tor, openssl, qt, etc) publish security updates.
Beyond that, we have also been researching and developing an improved
back-end which should make 'timing analysis' attacks much more
difficult by providing the user the ability to control their online
visibility to unauthorised peers.
5. Is it safe to continue using Ricochet? Why?
Note: Ricochet is not the same as Ricochet-Refresh. Ricochet has been
retired because it relies on legacy technology that no longer exists in
the Tor Network.
Yes. People should continue using Ricochet-Refresh with a high degree
of confidence. It is still one of the most private and secure ways to
communicate online.
The protocol is completely peer-to-peer and the client is open-source;
there is no account registration, no servers hosting your data, and no
centralised organisations or infrastructure to attack. A person's
account data is stored locally on their own computer and their
communications are only sent to the intended recipients. These
communications are private and secure by default because they are
end-to-end encrypted.
Media About Alleged Timing Attacks Affecting Our Users
Wednesday 18 September 2024
Several German media news outlets have run a story about
law enforcement agencies allegedly breaking the anonymity provided by
Tor and, with it, Ricochet-Refresh.
We would like to answer some questions on the matter to clarify the
facts from the hype.
1. Are you aware of cases where Ricochet users were de-anonymised? If
so, how? We are not aware of any cases where users of the current
version of Ricochet-Refresh have been de-anonymised. (Including this
alleged case, since no evidence of such was provided to us).
The reported attacks occurred 2019-2021, and we have substantially
updated the software to improve security since that time.
Some technical details from our end:
In particular, the vanguards-lite feature was introduced to
Ricochet-Refresh in version 3.0.12 in June of 2022, after upgrading to
the tor 0.4.7 series. Without being provided with the details of the
reported attack, we can not say definitively this feature would have
stopped it. However, we do know vanguards were introduced in part to
make this general class of attacks more difficult to pull off. Since
then, we have continued releasing regular updates which include
security updates from our upstream dependencies (including Tor).
2. What are these 'timing' attacks? Could they be applied to anonymous
communications? Do they breach the confidentiality of an online
conversation? Again, we have no proven details of the attack and it's
hard to respond to an incident when you can't see the documentation.
'Timing' attacks have been around for a while, nothing new there. They
can in theory unmask the identity of an anonymous end-user, but they do
not break open the content of a secret conversation. Generally the
attacker in this situation would need vast resources and enormous legal
powers to be successful - only the kind that a state could access.
The field of cybersecurity rarely offers absolute guarantees. If you
want to be perfectly private, you need to disconnect entirely from the
digital world. That's not a very practical solution for most people.
So you winnow down risk as far as possible. It's illogical to say
'because there is some very small risk, we should stop using technology
to protect ourselves'. Instead, the best choice is to opt for free,
open-source software like Ricochet-Refresh, which by design, gives you
enormously more privacy and anonymity than the vast majority of other
tools.
3. Is it at all possible for Ricochet-Refresh users to protect
themselves against such 'timing analyses'? If so, how? Ricochet-Refresh
is one of the safest ways to communicate online. The vast majority of
people using Ricochet-Refresh do not need to do anything to protect
themselves against timing analysis attacks.
In the overwhelming majority of cases, an attacker will not be able to
find someone's identity because they do not have these kinds of very
large resources.
As a purely precautionary measure, we suggest end-users who face
powerful attackers should limit the number of people to whom they
distribute their Ricochet-Refresh ID. In the context of
Ricochet-Refresh, most theoretical and practical attacks are only
possible if the adversary knows the ID of the target they are
attempting to de-anonymise
Note that the content of the message stays secret in the attack
scenarios described to us by the journalist who wrote the story.
4. Do you continue to improve Ricochet-Refresh' security?
We do. We provide monthly(ish) Ricochet-Refresh releases when upstream
dependencies (e.g. Tor, openssl, qt, etc) publish security updates.
Beyond that, we have also been researching and developing an improved
back-end which should make 'timing analysis' attacks much more
difficult by providing the user the ability to control their online
visibility to unauthorised peers.
5. Is it safe to continue using Ricochet? Why?
Note: Ricochet is not the same as Ricochet-Refresh. Ricochet has been
retired because it relies on legacy technology that no longer exists in
the Tor Network.
Yes. People should continue using Ricochet-Refresh with a high degree
of confidence. It is still one of the most private and secure ways to
communicate online.
The protocol is completely peer-to-peer and the client is open-source;
there is no account registration, no servers hosting your data, and no
centralised organisations or infrastructure to attack. A person's
account data is stored locally on their own computer and their
communications are only sent to the intended recipients. These
communications are private and secure by default because they are
end-to-end encrypted.