Wednesday, April 27, 2011

Privacy in the irc world


Hi! Right then. 
Note: This piece is assuming users (you) have at minimal basic irc knowledge.
Go and check out the Introduction for the previous entry on irc commands.


So you've registered a nickname and cruised around a few channels right?
Great!
Now we'll talk privacy.

What users can find out about you, and how to stop them.

First off, if you've just joined irc, the chances are that your ip address is showing and quite possibly ( I see it a bit ) your real name and/or email address can be easily found. From this, malice users can commence port scans, ping your address to hell with broken 'ack' requests and the like, find out your facebook details, and heaps more details to scare the heck out of you. Just remember that when opera prompts you for your 'real name' and 'email' this information is clearly visible to all other users (excluding the domain name of your email address).


The commands that users can use and their meanings.

First we'll start simple.
The /who <nick> command

typing /who stagnate 
Would give you the default information on a nickname.
The outcome of this command will look like this:

#ruby bill CPE-124-177-167-92 irc.opera.com stagnate Hr 0 bob lehcror

#ruby being the channel the user last joined 'bill' being the users 'email address' -

*Note: Users will know that most persons will be using @hotmail, @yandex or any other popular mail servers - so it's not too hard to fill in the gap.

 - that opera asked for. CPE-124-177-167-92 being the users connection (ip address) and 'bob lehcror' being the users 'real name'

More information can be acquired by the /whois command which can be shortened to /w

Not to be missed is the /whowas command, this gives some info on a few of the last connections a nick has made.

Access list

NickServ stuff
There are a few different servers on the network (NicServ, ChanServ, HelpServ, BotServ and MemoServ)


Using NickServ to find info
/msg NickServ info <nick>
This command will bring back info such as; last seen on the network, time and date registered and any options that the nick has configured.

/msg NickServ status <nick>
This give info on the status of the nickname you input. NickServ will give back the status 0 1 2 or 3
0 is off-line
1 I don't know
2 registered but only with the access mask
3 on-line and registered


Client to client protocol
Using the command of /ctcp users can discover what o.s. and irc software you're using, and some other stuff

typing the command /ctcp <nick> version
will give back something like this:

VERSION Opera/9.80 (X11; Linux i686; U; en) Presto/2.7.62 Version/11.01

So a user can find out what operating system, platform and irc client you're using.
This info is fine to share mostly, some irc clients block client to client protocol by default, or have witty replies built in.

The <ping> command and <time> can also be used in /ctcp through the opera irc client.
These will be entered in the same format eg: /ctcp <nickname> time

Note: ctcp queries will bring up results in a new window when using the opera built in irc client. These queries cannot be seen by a general opera user.


DCC

Direct client connection
This allows the sharing of files between users.
In opera this will always prompt you to accept or decline. If you're not sure don't accept!
It's something like: /DCC send <nick> <file>
Just right click the users name you want to send something to in the user list, it's heaps easier.
Note: Some routers will block some ports that DCC use by default and can cause headaches ~. 




Okay, so in summary we can see that other users can see: 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

Your I.P. address
Your real name (If entered)
Part of your email address (If entered)
Any security protocols you may be using (ssh, ect)
Your operating system
Your irc client

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


That's quite a bit of info other users can gain from a few simple commands right??
But relax! There are just not that many irc users out there that can really 'DO' stuff with that info, harmful stuff I mean. Sure. the average user might find your facebook, iptrace you to your suburb if they're lucky. But that's not going to harm you.
So how to block/prevent your personal info being available to everyone?

Masking and preventing access to your information 

Right so you should know by now who to prevent your real name and email address from being shown right? .... Just don't enter them! Problem solved!

To mask your I.P. address the command is:

/mode <your_nick_here> +x

Stopping incoming (and outgoing ctcp requests)
This is where users can find you operating system information and even flood you and force your irc client to disconnect!

/mode <your_nick_here> +T

To stop users sending private messages:
Note: This command doesn't 'stop' the user from sending the messages, it just stops you from reciving them :).

/silence + <nickname>



Synopsis:
Right then, you can now block those curious requests and possible you may be more well equipped in the irc world :).
The NickServ queries can't be blocked, but they really don't matter unless you have a stalker!
If you've even read this far try the command: /msg NickServ access list.
You can even add and delete addresses from your access list! Eg:
/msg NickServ access add *lehcror@127.0.0.1 


*next week: I don't know, maybe a solid banning reference, I haven't seen one of those around for opera...

18 comments:

  1. Haven't visited the irc world in so many years. It's been so long now, I may never return. But this is a really good informative post for those using it or just now trying it out. Good post.

    ReplyDelete
  2. I've never felt the need to mask my IP, will try to remember this in case I would :) thanks

    ReplyDelete
  3. I remember the days when I was all into IRCs back when MSN chat was still open.

    ReplyDelete
  4. Pretty informative. I'd always heard IRC's weren't good in a privacy sense. Just hadn't known *why* until now.

    As to the NYT.

    It's time for the news industry to evolve to a web world. The NYT is clinging to the past in this regard. The fact is, news is not anything special anymore. With the internet, you have millions of people all providing news on any topic you can imagine at no cost to the consumer. Hell, they even profit off of it through ad revenues.

    The basis of the times arguement is that the internet is killing them, and ad revenues just aren't enough to maintain their current quality. Yet, they spent an alleged 40 million dollars to develop this paywall and subscription program. 40 million dollars buys you a lot of news.

    It's time for the Times to understand reality, and cut costs; Not push for more revenue. The market simply won't bear it. In a world of free news, why should anyone pay? They aren't that exclusive and unique. The sooner they get off their high horses and realize this, the better off they'll be.

    ReplyDelete
  5. well thanks man. but i dont have this problem.

    ReplyDelete
  6. I've always been somewhat uncomfortable in IRC. This is good information.

    ReplyDelete
  7. Whoa! My head's spinning ... but will know wher to come for more info!!

    Thanx for visiting my blog - come back anytime for an OZ countryside fix!!

    ReplyDelete
  8. Nice post! I love learning things from blogs (its kind of rare ;) )

    ReplyDelete
  9. Hey man, I appreciate you letting us know all this info. I don't use IRC often, but I can be cautious when I do.

    ReplyDelete
  10. woah that sounds scary but thanks for all that info
    followed
    please check my blog out

    ReplyDelete
  11. Easier just to not use it! lol

    ReplyDelete
  12. these days i just use web irc. it's so much cleaner! and it feels a lot less like 1995 :O

    ReplyDelete
  13. Thanks for this huge guide on IRC

    ReplyDelete
  14. Interesting. I don't use IRC, but it's still neat to see all that info on it.

    ReplyDelete
  15. Wow some good knowledge and advice, I used to use IRC and always just figured it was pretty much anonymous D:

    ReplyDelete