Privacy, Anonymity and Security on IRC
But, software can be made relatively secure, for instance by using a secure channel within a closed IRC community. But when joining open public channels we are out in the open.
IRC is insecure, it’s a plaintext protocol. Inside the server, the data is passing in plaintext. This means that sysadmins can read everything we wrote, regardless of the use of protective tools. If it’s a small IRC network, do worry about the ethics of sysadmins. If it’s a Big Network, do worry about government asking about logs (too).
Don’t give away your power
If you permit a Direct Client to Client (DCC) chat session, then know that the person you chat with can make a direct connection to your computer and use your nick to pass files or messages directly, or disconnect or crash your client. Shit happens, and will keep happening. Keep your router firmware and machine codes updated.
Be aware of malware
IRC scripts or invitations to run software programs, including the IRC client software, can have “malicious software” installed within. “Malicious software” not only includes Trojan horses, virusses, worms or intended and unintended backdoors, but also hardcoded messages revealing SOURCE, HOST, and other seemingly “harmless” info.
I was using Pidgin but without any plugins. Plugins are usually just shoutouts of private and hidden information. And then yesterday I discovered that CTCP is no longer a plugin. It is now hardcoded in Pidgin. I could get in the source and change the hardcoded message into something hilarious, but for now I have decided to simply move over to XChat. Clean as a whistle.
No exchanges without protection
Certain commands within IRC can give others direct access to our computer. For example, “/fserve 1 c:\” can give someone access to M$ hard drives. Lucky me I’m on Linux, and am totally and absolutely anonymous, private and secure.
Even when for peace of mind believing “they” already have all the information, it is important that we keep using protective tools such as firewalls, VPN, I2P, Tor, …
And that we maintain some discipline
- Do not download any files from anyone unless you trust the sender and know what the file is.
- For all gods and goddesses on the highest mountain sakes use anti-spyware if you are on M$. As for Linux, I’ve never heard of spyware for Linux, but if you work really hard you may be able to find, install and run some. If you really, really want it.
- Operating systems and firewalls (and anti-virus software) must be regularly updated.
- No-one can be told what the matrix is. You have to experience it for yourself. Beware the underwater headquarters of the trout and their bass henchmen. From there they plan their attacks on other continents.
- Anonymous infighting: IRC servers compromised, IP addresses dumped, claims of coup and counter-coup (boingboing.net)
- Can I get files from the IRC via my android phone? (ask.metafilter.com)
- Anonymous IRC servers hacked by a splinter group (geek.com)
- IRC chatlog of PSN hackers (xeer2000.com)
- Opening the Hive (skydancingblog.com)
- CLiki : IRC (cliki.net)