The Open Technology Fund (OTF) recently supported a security audit of secure messaging software Ricochet. The results of the audit have been released publicly. The audit, conducted by NCC Group, can be read in full here (pdf).
OTF offers in-kind security audits for all of its supported projects through its Red Team Lab, as well those not funded by OTF, like Ricochet.
A relatively new secure messaging platform, Ricochet takes a novel approach to creating a censorship-resistant communications channel through its use of Tor hidden services to route messages with increased anonymity, privacy, and security. Ricochet is one of many tools pushing the development of Tor hidden services, an increasingly prevalent technology used by sites – such as Facebook , ProPublica, DuckDuckGo, SecureDrop, and OTF-supported GlobaLeaks – to circumvent repressive censorship.
This is particularly of concern for human rights defenders, journalists, and dissidents seeking to express themselves freely online in authoritarian countries.
For more on why OTF believes firmly in the value of public code audits, check out “Code Audits are Good. Making Code Audits Public is Better” by our resident security expert Chad Hurley.
Coverage from Motherboard.