Use Ricochet Refresh IM on qubes os
Ricochet-Refresh on Qubes OS – Full Guide
This guide covers setting up Ricochet-Refresh on Qubes OS with:
- Persistent .onion address
- Using
sys-whonixonly (avoiding Tor-over-Tor) - Changing your identity safely
Step 1: Decide Your Qubes Architecture
| Component | Qube Type | Notes |
|---|---|---|
| Tor network | sys-whonix | Whonix Gateway handles all Tor traffic |
| Ricochet-Refresh App | AppVM based on Whonix or Debian Template | Isolated from other AppVMs |
| Persistent storage | Dedicated Data Qube (e.g., ricochet-data) | Stores profile folder to preserve .onion address |
Step 2: Create a Ricochet AppVM
- Open Qube Manager → “Create Qube”.
- Set:
- Name:
ricochet-app - Template:
whonix-ws-XXX(or Debian) - Networking:
sys-whonix - Storage: default
- Name:
- Create the Qube.
Step 3: Create a Persistent Data Qube
- Open Qube Manager → “Create Qube”.
- Set:
- Name:
ricochet-data - Type: Standalone or Persistent AppVM
- Storage: default
- Name:
- This Qube will store your Ricochet-Refresh profile folder, keeping your identity persistent.
Step 4: Download & Prepare Ricochet-Refresh
- Open
ricochet-appVM. - Download the Ricochet-Refresh AppImage from ricochetrefresh.net.
- Make it executable and run:
chmod +x Ricochet-Refresh-*.AppImage
./Ricochet-Refresh-*.AppImageStep 5: Disable Embedded Tor (Avoid Tor-over-Tor)
- Locate the config folder:
~/.local/share/ricochet-refresh/ - Edit (or create)
ricochet-refresh.confand add:
-[tor] embedded=false proxy=socks5://127.0.0.1:9050embedded=falsedisables Ricochet's internal Tor -proxy=socks5://127.0.0.1:9050uses sys-whonix Tor
Step 6: Set Up Persistent Profile Storage
- Create a folder in the persistent Qube:
qvm-run ricochet-data 'mkdir -p ~/ricochet-refresh' - Move the profile folder after first run:
qvm-copy-to-vm ricochet-data ~/.local/share/ricochet-refresh/ - Delete the AppVM’s local copy:
rm -rf ~/.local/share/ricochet-refresh - Create a symlink so Ricochet always reads from persistent storage:
ln -s /home/user/ricochet-data/ricochet-refresh ~/.local/share/ricochet-refresh
Step 7: Launch Ricochet-Refresh
./Ricochet-Refresh-*.AppImageYour .onion address and contacts are preserved. All traffic goes through sys-whonix Tor only.
---Step 8: Changing Your Identity
Option A: Fresh Identity (New .onion address)
- Quit Ricochet-Refresh.
- Delete or move the profile folder:
rm -rf ~/.local/share/ricochet-refresh # or backup mv ~/.local/share/ricochet-refresh ~/.local/share/ricochet-refresh-backup - Restart Ricochet-Refresh — a new .onion address is generated.
- If using a persistent Qube, copy the new profile into it and update the symlink:
qvm-copy-to-vm ricochet-data ~/.local/share/ricochet-refresh ln -sf /home/user/ricochet-data/ricochet-refresh ~/.local/share/ricochet-refresh
Option B: Keep Contacts but Change Identity
- Back up contacts:
cp ~/.local/share/ricochet-refresh/contacts.json ~/contacts-backup.json - Delete the profile folder to generate a new identity (see Option A).
- Copy back contacts:
cp ~/contacts-backup.json ~/.local/share/ricochet-refresh/ - Restart Ricochet-Refresh. Contacts remain, but your new .onion address is active.
Step 9: Backup Recommendations
- Backup the persistent folder externally (USB encrypted or secure storage).
- VM snapshots can add extra safety.
- Never expose the private key — anyone with access can impersonate your .onion address.
Step 10: Security Notes
- Always route Ricochet traffic through
sys-whonix. - Never connect the AppVM directly to
sys-net. - Persistent Qube isolation keeps your identity safe even if the AppVM is compromised.
- Disabling embedded Tor prevents Tor-over-Tor.
Result: A secure, persistent Ricochet-Refresh setup on Qubes OS, using only sys-whonix Tor, preserving your .onion address and contacts, and allowing safe identity changes.
Comments
Post a Comment