Page MenuHomePhabricator

Migrating from IRC OFTC to Tor friendly IRC network
Open, NormalPublic

Description

OFTC while welcoming Tor users is mostly unavailable because of blocks against abuse. Our official support channel has become mostly useless.

I propose choosing a different network from this page and moving to it:

https://trac.torproject.org/projects/tor/wiki/doc/BlockingIrc
(Networking that try to provide normal access to Tor and remove K-lines)

Some networks have an Onion Service dedicated to Tor users.
Anonymous access should be possible and not pseudo-anonymity measures like SASL.

Should coordinate with Qubes.
migrate "unofficial" IRC channel to tor-friendly network:
https://github.com/QubesOS/qubes-issues/issues/1571

The Tor Project bug report:
move away from OFTC to new functional, Tor-friendly IRC network
https://trac.torproject.org/projects/tor/ticket/18002

Details

Impact
High

Event Timeline

HulaHoop created this task.Jun 22 2015, 2:52 PM
HulaHoop updated the task description. (Show Details)
HulaHoop raised the priority of this task from to Needs Triage.
HulaHoop assigned this task to Patrick.
HulaHoop set Impact to Normal.
HulaHoop added a subscriber: HulaHoop.
HulaHoop updated the task description. (Show Details)Jun 22 2015, 2:54 PM
Patrick renamed this task from Migrating from OFTC to Migrating from IRC OFTC to Tor friendly IRC network.Jun 22 2015, 3:37 PM
Patrick triaged this task as High priority.
Patrick added subscribers: nrgaway, marmarek.
Patrick added subscribers: mfc, MemoryLost.
Patrick lowered the priority of this task from High to Normal.
Patrick changed Impact from Normal to High.

Ideally the new network would also offer an additional webchat (web gateway to it's irc network) as OFTC offered.

This small list of Tor friendly IRC networks gets even smaller, because networks are listed there, which don't provide a great service to Tor users. Namely freenode and OFTC.

Any recommendations which IRC network we should pick?

DarkScience has a dedicated Onion Service.

Patrick added a subscriber: bnvk.Jul 10 2015, 3:53 PM

OFTC actually allows Tor connections via any IRC client. Actual limitation is that you can't connect by the webchat.

So far there is not much IRC networks that allows Tor. Outside of OFTC, I also use Agora (Anarplex).

Agora offer a webchat (https://anarplex.net/webirc/) and allows connection from Tor (via clearnet address or .onion). As already discussed before, the downside of it is that users are forced to join #agora on connect.... However this is not a major problem IMHO.

FROM https://anarplex.net/agorairc/connect.html:

Connect from the Clearnet
Connect directly (via Chatzilla, etc.): ircs://agora.anarplex.net:14716/#agora.

Host: agora.anarplex.net
Port: 14716

Connecting requires SSL, the certificate might be expired (which is not a problem unless you sell SSL certificates).
Connect to Tor hidden service
Connect directly (via Chatzilla, etc.): irc://cfyfz6afpgfeirst.onion:6667/#agora.

Host: cfyfz6afpgfeirst.onion
Port: 6667

Connection is already encrypted by Tor, so do NOT enable additional SSL for the connection.

IronSoldier added a comment.EditedAug 30 2015, 5:26 AM

Other option would be to run our own IRC server with strict rules (Access to only Whonix channel, mandatory registration (match with forum registration database ?)

It would requests some server ressources and a bit of time but it can be done...

Official #Tor is still on OTFC. Currently OTFC works for Tor users. Let's see.

Next time it does not work, can you please bring this up on tor-talk about #Tor? @HulaHoop

Hi IronSoldier! I haven't seen you around for a while.

Did you put your Strategic Intelligence Network site online again?

I put up a guide on using syncthing with Onion services after you told me you were looking for easy ways to sync site mirrors:

https://www.whonix.org/w/index.php?title=Hidden_Services_Guides#Syncthing_with_OnionCat


Before, OFTC blocked all Torrified IRC client connections from webchat and dedicated clients but recently they've permanently blocked anonymous webchat on their site and left IRC clients alone.

Good suggestions IronSoldier.

@Patrick I'll post on Tor talk if it happens again.

In T361#6605, @Patrick wrote:

Official #Tor is still on OTFC. Currently OTFC works for Tor users. Let's see.

Next time it does not work, can you please bring this up on tor-talk about #Tor? @HulaHoop

In T361#6607, @HulaHoop wrote:

@Patrick I'll post on Tor talk if it happens again.

If this is still an issue, now would be a good time.

Patrick updated the task description. (Show Details)Jan 5 2016, 2:14 PM

Other option would be to run our own IRC server with strict rules (Access to only Whonix channel, mandatory registration (match with forum registration database ?)

It would requests some server ressources and a bit of time but it can be done...

I don' think we want to host our own server. That's problematic legal wise. (If users abuse using the private messaging function.) Better left to dedicated projects. The nice thing about public IRC is the synergy effects. People hanging out in multiple channels.

Agora offer a webchat (https://anarplex.net/webirc/) and allows connection from Tor (via clearnet address or .onion). As already discussed before, the downside of it is that users are forced to join #agora on connect....

Not great. But if Qubes, Torproject and Tails do not mind about this, I would not mind either.


move away from OFTC to new functional, Tor-friendly IRC network:
https://trac.torproject.org/projects/tor/ticket/18002

Sorry for the delay... Even after having changed my email, Phabricator still sends email to my old one that I review about once a month....

Another option that I start to prefer over IRC is XMPP (aka jabber). We can run an XMPP Multi-User Chat (MUC) room.

Riseup.net is offering that : https://help.riseup.net/en/chat#connecting-to-multi-user-chatrooms

So whoever can join that chat room, registration can be done using about any providers (The ones I know that are privacy oriented : openxmpp.com, jabber.calyxinstitute.org, riseup.net)

SecureChat use jabber.calyxinstitute.org to create burner identity... I guess it can easily be done with a client like pidgin...

IronSoldier added a subscriber: IronSoldier.

If you go down the XMPP path please install anything but libpurple.

I would recommend pidgin. It offer OTR (Off-The-Record) pluggin, is multi-protocol (XMPP, IRC, ICQ...) and Tails used a hardened version restricting protocol to IRC and XMPP only.

The regular version of pidgin is easy to install from debian repos (apt-get install pidgin pidgin-otr). It may need a bit of adaptation for xchat/mirc users but once you get it is not that much complicated.

@IronSoldier my comment was vague and I don't want to digress from the thread topic.

Its been mentioned in security circles that the XMPP library libpurple which Pidgin and other opensource IM programs are based is full of 0days - many remotely exploitable.

Our best bet is gajim or Adam Langley's xmpp-client once a gui is written for it (written in type safe languages)

mfc added a comment.Jan 28 2016, 12:04 PM

HulaHoop (HulaHoop):

HulaHoop added a comment.

@IronSoldier my comment was vague and I don't want to digress from the thread topic.

Its been mentioned in security circles that the XMPP library libpurple which Pidgin and other opensource IM programs are based is full of 0days - many remotely exploitable.

Our best bet is gajim or Adam Langley's xmpp-client once a gui is written for it (written in type safe languages)

TASK DETAIL

https://phabricator.whonix.org/T361

EMAIL PREFERENCES

https://phabricator.whonix.org/settings/panel/emailpreferences/

To: Patrick, HulaHoop
Cc: IronSoldier, bnvk, fortasse, JasonJAyalaP, crackman, Linostar, wax, joanna, MemoryLost, mfc, marmarek, nrgaway, Patrick, troubadour, HulaHoop, WhonixQubes

This is a discussion of servers not clients, please keep it on topic.

I don't think XMPP chats are practical for various reasons which I elaborated here:
https://github.com/QubesOS/qubes-issues/issues/1571#issuecomment-16866697

I would consider XMPP chat not a solution to this ticket but consider it a new feature. If you want to create such a XMPP chat room, please create a new ticket (if useful). Feel free to go for XMPP chat. Probably good idea. Let's give it a test run. We could mention it on https://www.whonix.org/wiki/Support and if it's useful for some users why not.

Patrick removed Patrick as the assignee of this task.Apr 27 2016, 7:47 PM
lynX added a subscriber: lynX.May 12 2016, 12:02 PM

I would not recommend using a public IRC network for the reasons discussed in http://about.psyc.eu/IRC. The reasoning also applies to XMPP chatrooms as all of its traffic goes through federation, so XMPP is usually even worse.

Patrick updated the task description. (Show Details)Jul 3 2016, 2:40 AM