Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A Quick Guide for Anonymous and Pseudonymous irc

##Weechat+Arch Linux+Tor ###A Quick Guide for Anonymous and Pseudonymous irc I'm going to assume you know what irc is, and generally how it works. If you haven't gotten that far watch a youtube video and try out some of the commands on an irc webclient somewhere. On Arch Linux to install Weechat you can run sudo pacman -S weechat or you can download it from the official website at http://weechat.net/download/.

You can also install Tor from the official repositories, but If you are going to be making multiple connections to irc networks and you want to keep your identities seperate, I would recommend installing the Tor Browser Bundle as well. This should be done from the Tor website, and you should check the GnuPG signature on the package before running it. The key they have been using to sign the packages with for the months that I have been verifying it is Erinn Clark's, and the fingerprint is 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659. It is a good idea to store that key so you will notice in the future if it gets changed.

Your next step is to set up tor proxys to send your irc traffic through. Start and enable Tor at boot with systemctl enable tor.service and systemctl start tor.service. To enable the proxy from the Tor Browser Bundle, you merely have to start the browser. The Tor Browser bundle serves a socks5 proxy to localhost:9150 and the Tor system service that you enabled serves at port 9050. I would check out the Arch Wiki to see if there's anything in your torrc file that you want to change. For instance I made the tor user "tor" so that root wasn't doing all of my irc magic (I think).

Now on to Weechat. I'm going to give you basic instructions to configure Weechat for Tor, and show you example commands for an irc network but your milage will vary depending on where you are connecting to. For instance some servers offer hidden services for Tor users but block Tor exit nodes, some allow Tor exit nodes but only for registered users connecting over Sasl.

Start up Weechat with weechat in your terminal.

Now we are going to slightly customize the interface and enable the mouse

/set weechat.bar.title.size_max 2

/set weechat.bar.input.size_max 3

/mouse enable

Next we are going to install two scripts that I find Weechat is impossible to use without, a script to add a scrollable list of irc channels and networks, and a script to colorize the text that makes it easier to read.

/script install buffers.pl

/script install colorize_lines.pl

Here are my settings for a beep.pl script for notifications when you get messages:

/script install beep.pl

/set plugins.var.perl.beep.beep_command_dcc "beep -f 400"

/set plugins.var.perl.beep.beep_command_highlight "beep -f 500"

/set plugins.var.perl.beep.beep_command_pv "beep -f 600"

These keybindings allow you to scroll quickly left or right with ctrl+arrow:

/key bind meta2-1;5D /input move_previous_word

/key bind meta2-1;5C /input move_next_word

Here you can choose to globally set the default sasl encryption mechanism:

/set irc.server_default.sasl_mechanism dh-blowfish

Now it's time to add the two Tor proxies you have available

/proxy add tor socks5 127.0.0.1 9050

/proxy add torbrowser socks5 127.0.0.1 9150

That gives you two proxies you can use on any of your servers. This will be set after you add a new server with /set irc.server.servername.proxy tor(or torbrowser)

The syntax for adding a server is /server add servername irc.serveraddress.net/port (-ssl)

I'm going to show an example config with the irc network Freenode.

For this to work, you must already have a nick registered on the network! Some networks have web clients you can connect to for doing this, and you can also make a clearnet connection in Weechat with /connect irc.freenode.net for example. If you do not know how to register a nick, type /msg nickserv help register. If you are unsure whether the network will be logging your ip, play it safe and connect either through a vpn or from a public wifi hotspot far away for this initial register.

The first step is to secure your password in Weechat's "secured data" feature.

/secure

/secure set freenodepassword fapopopajj9309-04o9gj-0j-faFASGAPOKAKPOKFASPK#)@)W)K0kfsa)K#0k_0as0_0

##Freenode

/server add freenode frxleqtzgvwkv7oz.onion/6697 -ssl

/set irc.server.freenode.nicks ----(your preregistered nick)

/set irc.server.freenode.ssl_verify off

/set irc.server.freenode.addresses "frxleqtzgvwkv7oz.onion/6697,p567hbjdstqvg7xw.onion/6697,2hktdmgt6bg2hjuc.onion/6697,l4wvhvf666nifnpg.onion/6697"

/set irc.server freenode.proxy tor

/set irc.server.freenode.ssl_dhkey_size 1024

/set irc.server.freenode.autojoin "#archlinux,##crypto"(here you can add channels you want to join upon connecting to the network. You will find a few more later with the /list command.

/set irc.server.freenode.sasl_username(put your nick here)

/set irc.server.freenode.sasl_password "${sec.data.freenodepassword}"(you set this up earlier, see secure passwords)

You should now have a working connecting to Freenode, encrypted all the way around. Your ip address is hidden from Freenode and your isp cannot see where you are connecting to, and your connection to Freenode is encrypted with ssl and authenticated with sasl, so the Tor exit node cannot interfere or monitor your activity.

You now know the basic commands for getting connected to a server. Notice how we set the proxy for Freenode to be Tor instead of the Tor Browser Bundle. I would recommend saving the Tor Browser Bundle for a more... delicate identity. For instance the Cyberguerrilla or Anonops irc networks. The great thing about the Tor Browser Bundle is that you can click New Identity in the browser to reset your Tor connections, which is great for switching between identities.

I generally don't recommend connecting with all of your identities to networks at the same time. Also, if you're paranoid enough, you can do one or more of the following:

Run weechat from a seperate user on your linux machine for each separate nick

Run weechat -d .anon/ or something like that to use separate configs for each nick, for sanitation

Keep the passwords and usernames for your networks in secured data so irc.server.servername.nicks looks something like "${sec.data.servernick}"

If you do this, as long as you remember to clean your logs and double-check for identifying fragments in ~/.weechat, you can even back up your configuration files to Github or somewhere safely enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment