Copyright (c) 2014, 2016, 2017 M. Teufel
Unlimited redistribution and modification of this document is allowed provided that the above copyright notice and this permission notice remains in tact.
If you are reading this, you probably asked for a (unaffiliated) cloak on freenode because you wanted to hide your IP or hostname.
This text is here to tell you that cloaks and vHosts don't hide your IP very well. Cloaks on freenode show your (lack of) affiliation with a project or a group being hosted on freenode.
There are many reasons how a cloak can leak your IP:
- Your IP will still show up when a freenode staffer does a
- Your IP will still show up when you don't identify using SASL, and don't have the cloak when joining channels. Even if your client is configured to wait before joining, a user can still get your IP with
- Your IP will still show up when you use SASL/NickServ authentication, but the services (NickServ, SaslServ) are down or on another side of a splitted network.
- Your IP will still show up when you click on a link or accept a DCC file transfer.
- If a normal user really wants to get your IP, it is still possible to use services or the IRCd to get your IP (not a bug).
How to prevent these leaks:
- Use freenode's Tor hidden service or a VPN.
- If you just care about your private IP, but not about the IP of a VPS, you can also run a private bouncer to prevent the leaks.
Both ways won't prevent you from clicking a link or accepting a DCC file transfer which will still leak your IP.
If you still have questions on this, ask a staffer or a helper in
Feel free to send a private message or a memo to mt on freenode about any corrections on this gist.