staying anonymous – part 4 irc

IRC – IRC is an interesting beast. Even today, this relic of the Internet is still the best place to socialize and talk with others in a realtime forum that includes more than just 1-to-1 conversation (did I qualify that enough??). But it also suffers from easily giving up your connection information as well as other anti-anonymous attacks. Pretty much anyone can just issue a /whois and they can read back your IP/hostname. Really, nothing is easier or more idly tempting as port scanning some noob on IRC to see who’s home. Note: I have not used silc yet, so I don’t really mention it here.

1) general IRC recon and host masks
When you first log into a new IRC network, do not do so using a nickname that you plan to use. Log in and poke around. Do a /whois on yourself and see what is revealed. Connect a second time with another name and whois yourself. Find web support and the main support channels and poke around to see if the network supports any built-in methods to mask your host and IP. and others may allow you to register your nickname and also request or set up a host mask so that /whois returns only what you want it to return. If that is the case, switch over to your normal nick, register it, and get it masked.

Always use a different nickname when doing tests or when you think your masking is not high enough. While this isn’t done as much as in the past, there are still chat channels that get logged and posted right on websites for posterity.

Keep in mind that even private messages are not necessarily private when you do not own the servers and other people are the admins. You may not be as private as you wish you were.

If you plan any unattended idling, turn off auto-accepting any files or DCC communications and make sure no URLs are automatically opened or captured. Make sure your secondary nickname is not revealing in case you disconnect and reconnect automatically before your old connection has timed out.

2) bouncers and proxies
If you do not have the luxury of masking your host, you can make use of IRC bouncers or proxy connections much like web proxies. Bouncers are pretty much the same thing as a proxy, only harder to find unless you own a box or two somewhere else (or pay for a shell).

You can also use web-based IRC clients such as However, always test these by connecting with a different nick and /whois yourself to see if something is leaking through anyway. These can be a hassle to set up and maintain, so perhaps just familiarize yourself with IRSSI (text-based IRC) and see if you can get a shell that allows IRSSI so you can bounce off that.

Otherwise, use network and wireless connections that are not your own to communicate over IRC. Personally, I prefer using Freenode and masking my host.

3) links, DCC, other notes
Also, don’t click on any and every link in IRC…at least not without your web proxy firmly in place on a safer web browser and connection link. If I had my eye on you, I might try to get you to click a link on my website hoping you would then leave some crumbs in my server logs.

Never accept DCC Chats or Sends. These negotiate as direct connections. If you accept a DCC Chat, the person on the other end will have the ability to see your originating IP, masks or not. You can proxy DCC connections, but I prefer to just not accept them at all as there is really no reason for it when FTP and HTTP have become more than ubiquitous.

More information can be found at If I had found this before writing my post, it sure would have saved me a lot of composing!

3 thoughts on “staying anonymous – part 4 irc

  1. Great writeup!
    I’ve found that Tor, which is slow-but-serviceable for most applications, is pretty usable for IRC. Look up how to configure your client to use it (irssi’s pretty easy), and if you have troubles connecting to the server, be sure to read up on that particular network’s policy on Tor users. Freenode, for example, has a specific server (as a “hidden service”, in Tor terminology) that you must connect to if you’re using Tor.
    As the article says, be careful of other protocols’ traffic as a result of your conversations, especially web usage. Dropping a link into the channel or privmsg with some motivation to view it is one of those things in my bag of tricks that I can almost always rely on working to gather data about a mark. Looking at what channels you’re in, and bringing in seperate clients and nicks into those to keep an eye on and interact with you is also on the table, so watch out with how you hang out in multiple channels!
    Take careful note of who owns the network you’re on, who they hand out ircop status to, and who they allow to bring in additional servers for the network. You’ll quickly realize that someone always may be watching or logging your private communications for future reference.
    I hope these additional comments help someone!

  2. Tor is an excellent idea, and I hadn’t even thought ahead enough to use Tor to connect to a proxy. That’s not a bad idea, and even the slowness of Tor is fine with IRC. I’ve found IRC to be extremely tolerant of latency and even interruptions.

Comments are closed.