LizardIRC/tor

From LizardWiki, FastLizard4's wiki and website
< LizardIRC
Revision as of 20:57, 2 May 2016 by FastLizard4 (Talk | contribs) (Fix 404s to freenode)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Tor is a software suite that essentially anonymizes Internet traffic, protecting the user's identity. It's handy software with a multitude of legitimate uses, contrary to what the media at large would sometimes have you believe, and LizardIRC welcomes Tor users. However, to help prevent abuse, LizardIRC takes freenode's approach to Tor - to connect using Tor, one must use SASL authentication to log in to their NickServ account at connect time. This page will explain how to set up your NickServ account and how to connect to the LizardIRC hidden service.

Configuration

First, you'll need an IRC client capable of SASL authentication. Freenode maintains such a list here, including instructions on setting up SASL (but you won't need those instructions just yet). Next, you'll need to configure your IRC client to use Tor and LizardIRC's hidden service.

There are essentially two ways to do this, using Tor's SOCKS5 proxy, or using Tor's mapaddress feature.

Tor by default listens for SOCKS5 proxy connections on localhost port 9050. So, unless you've changed Tor's SOCKS5 configuration, all you need to do is open your IRC client's network settings and specify a proxy server on hostname localhost, port 9050, type SOCKS5. Then, you would add a network named "LizardIRC" to your IRC client, and specify the network's address as zmekl5rflkiv3cfu.onion, using port 6667 for plaintext or 6697 for SSL.

Alternatively, to use the mapaddress feature (which is recommended for irssi), open your torrc configuration file and add, to the bottom, a line that looks like this:

mapaddress 10.40.40.40 zmekl5rflkiv3cfu.onion

Then, after restarting Tor, you would add a network named "LizardIRC" to your IRC client, and specify the network's address as 10.40.40.40, or whatever you entered as the mapped IP address in your torrc config file.

Get a NickServ Account

If you already have a NickServ account on LizardIRC, skip this step.

Tor users, to prevent abuse, are required to authenticate to a NickServ account before connecting via Tor. Fortunately, this can be done via the LizardIRC Network Services Web Interface (though you can also connect to IRC in the clear once to create your NickServ account). However you create your account, to ensure maximum privacy, you should:

  1. Not join any channels while in the clear
  2. Create a Gmail email address just for LizardIRC (actually, you can use pretty much any provider, just don't use Hotmail/Outlook.com and check your spam folder)

The Services Web Interface should work fine over Tor, so you aren't at risk of exposing your IP address that way. However, if you connect to IRC in the clear to create your account, Network Staff may see your real IP (but, as long as you don't join any channels, no one else will). Don't worry about that, though - Network Staff are sworn to a blood oath of secrecy. Likewise, don't worry about Network Staff looking up your NickServ email address - we are obligated to do no evil by the aforementioned blood oath. But, if you're nervous, please feel free to use a temporary email address - it just has to be valid to create the account (and to receive password resets should you ever forget your password).

Once your account is created, you should be able to connect to IRC by Tor, even before verifying your email address.

Optional: Review Tor's IRC Documentation

To ensure maximum privacy and security, please consider reviewing Tor's IRC documentation, which has more specific instructions for hardening some IRC clients, as well as useful information regarding Tor and IRC.

Connecting to LizardIRC Via Tor

Now that you have your NickServ username and password, go back to freenode's SASL guide (here's the link again) to learn how to configure your client to send your username and password to LizardIRC via SASL.

Assuming you set up your client properly to use the Tor hidden service for LizardIRC, and set up your authentication correctly, you should now be able to connect to LizardIRC!

Before joining any channels, you should run this command to ensure your email address is hidden from all other users of the network:

/msg NickServ SET HIDEMAIL ON

For more privacy, such as hiding when NickServ has last seen you log in, you can run:

/msg NickServ SET PRIVATE ON

And, of course, verify your email address by running the command sent to you via email.

FAQs and Troubleshooting

I'm unable to connect to the hidden service!
This is probably a problem on your end. Ensure that Tor is running on your computer, that you have properly set up your IRC client to use Tor's SOCKS5 proxy or Tor's mapaddress feature, and that you are connecting to the correct hidden service (.onion address). If all these are correctly set up, try simply restarting Tor as it may be a transient issue.
Is there any way to identify Tor users on LizardIRC?
Yes. Tor users will have an ident of "tor-sasl" and a cloak starting with "tor-sasl/". If their NickServ account already had a cloak associated with it, the cloak becomes prefixed with "tor-sasl/" when they are using Tor, and non-cloaked accounts have a cloak of the form "tor-sasl/account-name".
Can I ban all Tor users from my channels?
Yes, you can. Should you do it? No. There are extremely few situations where banning all of Tor from your channels would be useful, at least for longer than a few minutes. But, if you must, it is recommended that you use the ban mask *!tor-sasl@* instead of something like *!*@tor-sasl/*, since cloaks can become "undone" in certain cases.
Note that even if your tor-sasl cloak becomes undone, your privacy is still not at risk (see next question).
Help! The IRC server is showing an IP address for me!
See next question
Why does the server think I/Tor users are connecting from 96.126.96.9 or ridley.fastlizard4.org?
The Tor hidden service endpoint runs on ridley.fastlizard4.org, which is the same server as the LizardIRC server ridley.lizardirc.org. Likewise, as far as the IRCd is concerned, Tor users are connecting from ridley to IRC, so ridley's IP address is displayed by the IRCd. You may see this instead of the prettier "tor-sasl/" cloak in a few different circumstances, such as when SASLServ messages you to tell you that someone has authenticated using your user account, when you WHOIS yourself, or if your cloak for whatever reason comes undone. However, since ridley is a public-facing server, this prevents no privacy risk to you, and you are still identified as a tor user by the "tor-sasl" ident.
I get a message like this when I try to connect to the hidden service, * Closing link: (~user@ridley.fastlizard4.org) [Tor users, please authenticate to a NickServ account using SASL.]
You are connecting to the proper hidden service, but you are either not sending SASL authentication, or the authentication is failing for some reason. If you haven't created a NickServ account on LizardIRC, you'll need to do so (see above). If you have one, ensure that you've entered the correct password into your IRC client's configuration, and that your IRC client is set up correctly. If you're using HexChat, try using the Python plugin noted above, if you haven't already.
I get an error like this when I try to connect to LizardIRC, * Closing link: (unknown@46.149.23.63) [Z-Lined: You are listed in EFNet RBL, probably because you are running an open proxy or are using a Tor exit node. Tor users, please use the hidden service - see https://fl4.org/torirc for instructions. Visit http://rbl.efnetrbl.org/?i=46.149.23.63 for info.], or * Closing link: (unknown@173.254.216.66) [Z-Lined: Tor exit server detected. Please use LizardIRC's Tor hidden service - see https://fl4.org/torirc for instructions. Please visit http://www.sectoor.de/tor.php?ip=173.254.216.66&network=lizardirc for more information.]
This error could mean a couple of things:
  1. You are running a Tor exit node on your computer, and/or,
  2. You are attempting to connect to the network's "in-the-clear" address using Tor
In either case, this error is solved by using the Tor hidden service to connect to LizardIRC, which the instructions above explain how to do. If you are set up to use the hidden service but still get these errors, double check your configuration, as your IRC client is still contacting the "in-the-clear" addresses.
I get an error like * Connection failed (SSL handshake timed out) or * Connection failed (Registration timeout)
These are caused by the inherent slowness of the Tor protocol; simply try reconnecting again.
How do I know I've successfully connected by Tor?
Upon successful SASL authentication and connection via Tor hidden service, you'll get a notice from NetOpsBot like this: -NetOpsBot- Welcome to LizardIRC! You have successfully connected using tor to the LizardIRC hidden service, and have authenticated to NickServ.