Privacy, Anonymity and Security on IRC

Regardless of what we are told or have read, security is an endless race in a double helix of which one haz no stop condition. Can not understand “NO”.

But, software can be made relatively secure, for instance by using a secure channel within a closed IRC community. But when joining open public channels we are out in the open.

Service providers

IRC is insecure, it’s a plaintext protocol. Inside the server, the data is passing in plaintext. This means that sysadmins can read everything we wrote, regardless of the use of protective tools. If it’s a small IRC network, do worry about the ethics of sysadmins. If it’s a Big Network, do worry about government asking about logs (too).

Don’t give away your power

If you permit a Direct Client to Client (DCC) chat session, then know that the person you chat with can make a direct connection to your computer and use your nick to pass files or messages directly, or disconnect or crash your client. Shit happens, and will keep happening. Keep your router firmware and machine codes updated.

Be aware of malware

IRC scripts or invitations to run software programs, including the IRC client software, can have “malicious software” installed within. “Malicious software” not only includes Trojan horses, virusses, worms or intended and unintended backdoors, but also hardcoded messages revealing SOURCE, HOST, and other seemingly “harmless” info.

I was using Pidgin but without any plugins. Plugins are usually just shoutouts of private and hidden information. And then yesterday I discovered that CTCP is no longer a plugin. It is now hardcoded in Pidgin. I could get in the source and change the hardcoded message into something hilarious, but for now I have decided to simply move over to XChat. Clean as a whistle.

No exchanges without protection

Certain commands within IRC can give others direct access to our computer. For example, “/fserve 1 c:\” can give someone access to M$ hard drives. Lucky me I’m on Linux, and am totally and absolutely anonymous, private and secure.

ERROR: StupidityIndexOutOfBoundsException

Even when for peace of mind believing “they” already have all the information, it is important that we keep using protective tools such as firewalls, VPN, I2P, Tor, …

And that we maintain some discipline

  • Do not download any files from anyone unless you trust the sender and know what the file is.
  • For all gods and goddesses on the highest mountain sakes use anti-spyware if you are on M$. As for Linux, I’ve never heard of spyware for Linux, but if you work really hard you may be able to find, install and run some. If you really, really want it.
  • Operating systems and firewalls (and anti-virus software) must be regularly updated.
  • No-one can be told what the matrix is. You have to experience it for yourself. Beware the underwater headquarters of the trout and their bass henchmen. From there they plan their attacks on other continents.

Posted on May 10, 2011, in Users and tagged , , , , , , . Bookmark the permalink. 2 Comments.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s