ricochet VS orbitdb

This looks like a much more polished alternative to Ricochet: https://github.com/ricochet-im/ricochet

Ricochet seems dead. It's been five years since its last commit to their git repo, and their website's certificate expired last year. This is probably why you can't find much information.

I think something like Ricochet (if it were still actively maintained) could be a good solution.

https://github.com/ricochet-im/ricochet

Every user is their own Tor onion service, so you get E2E encryption and no centralized servers. The whole thing hinges on the security of Tor itself which is probably a safe enough bet.

With that being said, if I had just one piece of advice - try to avoid ostentatious phrases like Speek is by far the most secure way to converse or 100% anonymous. Tor itself is not 100% anonymous, so that should immediately make anyone cautious. One of the things that I admired about the original Ricochet was that the developers never made brazen claims about their software. In fact, quite the opposite.

Check out https://github.com/ricochet-im/ricochet/blob/master/doc/prot.... It is metadata-free. It does not require a centralized server. It uses Tor.

[1] https://cwtch.im/ [2] https://ricochet.im/

Abandoned, unmaintained, deprecated or unreleased: Ricochet, TOR Messenger, Cwtch

ricochet.im website not working (??)

> there isn't a currently easily available obvious way to have private secure conversations.

Ricochet[1] works really well. It uses Tor hidden services to communicate. Your Ricochet ID is your onion address. To add a contact, you input their Ricochet ID and a short message, and Ricochet connects to their onion address and sends a contact request. If the contact request is accepted then you'll each show up as a contact on each other's client and can chat whenever you want.

Tor is really perfect for this, you can't get more private or censorship-resistant than Tor.

The UI is currently not great, but that's not a protocol problem.

The biggest problem with Ricochet is that hardly anyone is using it.

[1] https://ricochet.im/

OrbitDB is not well-funded, but there's fresh work happening recently by some dedicated volunteers: https://github.com/orbitdb/orbitdb/commits/main

I've been thinking it might be practical to build a simple decentralized database, where agents just know each other, so conflict resolution does not need to be so strong and can rely on the social layer.

I think this applies to most databases, but I'm particularly thinking of internal enterprise databases, some social networks, any federated database system, and different devices of a single user

I'm thinking of this features:

1- Append-only?, full history of operations. Deletes / edits do not remove data, they only modify the "active state"

2- Agents are public keys or similar (DIDs?)

3- Operations are signed, and receivers verify if operation is valid, and sender is allowed

4- Operations form a Merkel-DAG (similar to git, they link to the tips of current "active state", like a commit/merge in git)

So far I think I've basically described [OrbitDB](https://github.com/orbitdb/orbit-db)

Consensus is where things get real hard, [OrbitDb seems to use a last-write-wins CRDT](https://news.ycombinator.com/item?id=22920204), and although I don't know the details of orbitDb, I think for many simple use-cases, conflicts can just be resolved on the social layer. But I think we need to provide agents with good tools to resolve conflicts

I'll try my best here with some ideas:

- When merging, we can order operations by their timestamp, if operations enter conflict, raise it to the conflicting agents, or someone with permission to solve them.

If an agent makes public an operation that forks its own history, mark agent as malicious or compromised, alert other agents, this needs resolution on the social layer, you have proof of misconduct, an agent has signed diverging operations

Any operation becomes fully settled if you have proof that all agents of your system have referenced it directly or indirectly through newer operations.

Timestamps can be upgraded by using @opentimestamps to get proof that an operation existed at time X (prevents creation of operations in hindsight). Though this does not prove operation has been made public

Both use OrbitDB: Peer-to-Peer Databases for the Decentralized Web. JavaScript. MIT license. repo

I think a wallet-agnostic memo solution is definitely the way. Having wallets that end up (partly) incompatible is only gonna hurt the UX. Maybe a decentralised DB solution like OrbitDB or GunDB can be the best way forward, although I haven't dove deeply into the docs yet.

Checkout this https://github.com/orbitdb/orbit-db peer-to-peer database for the decentralized Web.