What does HackerNews think of ricochet?

I think something like Ricochet (if it were still actively maintained) could be a good solution.

https://github.com/ricochet-im/ricochet

Every user is their own Tor onion service, so you get E2E encryption and no centralized servers. The whole thing hinges on the security of Tor itself which is probably a safe enough bet.

I do not think that OP was referring to implementing it the same, or even in a similar way, but to use a username/password pair. OP is free to correct me if I am wrong though.

In any case, elimination of metadata done right is the way Ricochet[1] does it. The recipient can calculate the sender's contact ID based on the public key, and authenticate it by verifying the signature on the request. This proves that the sender can publish the hidden service represented by their contact ID. You can read more about it here: https://github.com/ricochet-im/ricochet/blob/master/doc/desi...!

[1] https://github.com/ricochet-im/ricochet (maintained fork: https://github.com/blueprint-freespeech/ricochet-refresh)

> I wish the page had screenshots.

The Github page has one: https://github.com/ricochet-im/ricochet/

> As far as I can see currently the only widely used, secure protocols are Matrix and XMPP with OMEMO.

secure != metadata free

Have you never been paid to 'audit' the code and/or architecture of a company's operations? It's not my forte, but I assumed some process of the sort was occurring.

Anyway, beyond OTF, do you have any opinion on Ricochet (the project theoretically under discussion), it seems to be a project with admirable goals and an interesting take (though I'm not interested in 'real-time' messaging):

https://github.com/ricochet-im/ricochet