Submitted by SirGrant on Sun, 03/18/2012 - 11:35
Revision of Freenode with Tor from Thu, 08/09/2012 - 06:32
The revisions let you track differences between multiple versions of a post.
The goal of this manual is to allow you to connect to the Freenode IRC server using Tor. This could be because a user wishes to remain anonymous or is in an area where Freenode is blocked. This is an intermediate level manual and assumes you are comfortable with using the terminal (or at minimum copy and pasting commands) and understand the basics of Tor.
Warnings
Warning: Connecting to Freenode using these directions eliminates the primary benefit of Tor. You will not be anonymous. What you will be able to do is bypass censorship. Tor users will only appear anonymous to other users and identification is still possible. If anonymity is required users should consider other IRC networks.Benefits
- End to end encryption: via Tor Hidden Service preventing traffic from being observed by third-parties (e.g. ISPs, IT Staff) while on the wire.
- IP spoofing: Tor will prevent FreeNode and users on the FreeNode network from determining the current IP address users are currently connecting from.
Risks
- Concern: The SASL plug-in XChat uses saves your password in clear-text in your XChat configuration folder.
- Countermeasure: Encrypt your hard drive or home directory to prevent someone from accessing your password.
- Countermeasure: Do not re-use the password for other programs.
- Countermeasure: Change your password often or if you feel your identity has been compromised, abandon that identity.
- Concern: To register and verify your nick on freenode you must provide an email address. This email address could potentially link the user to their nick.
- Countermeasure: Use a "dummy" email address for verifying the nick. Use tor as well when setting up this "dummy" email address so your IP will not be linked to the email account.
- Register their nick in a location as far away as possible from their normal location. Register in a public location (e.g. coffee shop, library, university). If possible register in an area with lots of tor users (e.g. a large city) because if you are the only tor user in your area it may be easier to track you down.
- Connect to FreeNode using their SSL service to prevent snooping.
- Change your password once you return to your normal location in case it was compromised in public.
- Do not use your regular email address when registering. Use tor and your browser to create a dummy email address for email verification.
Required Software
Optional Software
- xchat-otr: OTR encryption plugin for xchat
Prerequisites
- A registered and verified freenode nick. This is REQUIRED!
Sample Account
For the example used here we will use a sample account with the following information:- Username: TrisquelwithTor
- Password: GNULinuxLibre
Full Instructions
- Install required and optional software:
$ sudo apt-get -y install libcrypt-blowfish-perl libcrypt-dh-perl libcrypt-openssl-bignum-perl tor xchat xchat-otr
- Download SASL authentication plug-in (GPL):
$ cd ~/.xchat2 $ wget http://lwsitu.com/xchat/cap_sasl_xchat.pl
- (Recommended): Change connection timeout on SASL plugin:
$ sed 's/my $AUTHENTICATION_TIMEOUT = 5;/my $AUTHENTICATION_TIMEOUT = 45;/g' ~/.xchat2/cap_sasl_xchat.pl -i
- Open XChat and the Network list screen should display. Fill in the Nick name, User name, and Real name fields. Then select the FreeNode network and click Edit to configure the network settings.
- Edit the server address to the IRC hidden service p4fsi4ockecnea7l.onion. Input the password for your registered freenode nick in the Server password field. Lastly, select select Character set "UTF-8 (Unicode). You may also select additional options such as auto-joining channels and automatic connection.
- At the Network list select FreeNode and click "Connect"
- In the input field enter the SASL information required:
/SASL set FreeNode TrisquelwithTor GNULinuxLibre DH-BLOWFISH
- Save the SASL information. This retains your SASL information so you do not have to enter it every time. (Optional)
/SASL save
- In the XChat preferences set the Proxy Server information to use tor with the following information
Hostname: localhost Port: 9050 Type: Socks5 Use Proxy For: All Connections
- At this point XChat may attempt to connect and experience a OpenSSL error. Restart XChat and connect to FreeNode and XChat will connect using Tor. You can verify that you are using Tor by running the command "whois" on your nick.
Additional Information
Revisions
03/18/2012 - 11:35
08/02/2012 - 07:55
08/10/2013 - 11:29
06/02/2021 - 16:10