Using IRC in a post-Snowden world
Why we should move away from public IRC networks
Even for things as simple as discussing the furniture of our office space we should not let our discussions go straight into XKEYSCORE. On mailing lists there is a rough chance of staying on topic but in chatrooms it is inevitable to also chat about private things, disclose information about our friends. Things that by human rights charters we are not allowed to share with Big Brother. We didn't break the Internet, but we have a responsibility to take measures, anyway.
On public IRC networks surveillance is likely to happen. Even if all participants use TLS to connect to the servers, most of the IRC servers in the network will see a copy of each spoken message. Even so-called private messages travel the backbone and stop by a lot of servers, so OTR is good - but still helpless about your metadata and about the public exchanges you have about where to go in the evening or how you got distracted from work. Excellent food for the JTRIG and KARMA POLICE agency programs.
With so much interesting and competent content going in and out of popular IRC networks it is naive to expect that agencies have neither broken into any of the servers (one is mostly sufficient - depending on the tree structure - to scoop up most of what happens on the entire network), nor have they set-up a MITM attack by which servers are confronted with falsified certificates and likely silently engage in fully surveilled interaction. I would surprised if any ircd were to do certificate pinning, probably just like most XMPP implementations it doesn't even check the validity of the certificate. It is therefore really really easy for a global attacker to get a complete view of the communications happening on an IRC network. Let alone that any individual operator of the servers can himself be targeted by KARMA POLICE or JTRIG.
Chat server networks were built on trust, and trust is a very erosive concept. We must conclude these networks are securitywise a failure. Both in the case of XMPP and even more so with IRC. That's why PSYC has discontinued to pursue the federation architecture and is trying to hop on top of distributed routing systems. See PSYC2 for the details. Maybe we will fix up Tor federation, but even that would only be a stop-gap measure.
It's really not that hard and there is nothing so public about a chatroom that it deserves forever storage, forever being available as material that can be used against us and offers zero space for true social interaction - unless we want to shoot ourselves in the foot and disclose private social things to the insolent constitution-disrespectful authorities.
Where can we go to have a private chat?
In a post-Snowden world, where can we go to quietly idle and occasionally chat like we have done for decades? There are two answers. On isolated servers, if you have a reason to trust the server, or on a distributed chat system. Unfortunately the latter are still in dire conditions. See the secushare comparison for that.
It should go without saying that using any commercial offering such as Whatsapp or Facebook is likely worse than using an IRC network. Maybe Telegram chatrooms are at least safe from the Western authorities.. so for once it is somebody else snooping on you.
Is IRC Safe From Bulk Collection?
The IRC protocol as such isn't any better or worse than other unencrypted-by-default protocols as long as you keep your hands off the interserver connectivity features. So any isolated IRC is fine, just as any isolated PSYC server. Maybe PSYC offers a few more practical features.
It is rather unlikely an agency would make an extra effort in targeting a solitary server that is doing its job for a tiny mostly harmless community – unless you placed it in a hosting center that gets scooped in its entirety anyway. Should the server have obvious vulnerabilities, then it is still a welcome target for systematic intrusions such as HACIENDA, but if it is a well-kept up to date free software system it is strategically very unreasonable to use up a 0-day vulnerability or backdoor just for a few conversations more – especially if the targeted community features competent hackers that might just recognize the method employed and document it publicly, thus making the 0-day invaluable for future use.
So it really doesn't make as much sense to attack a small community of hackers as it totally makes sense to collect a public IRC network's low-hanging fruit.
The Good and the Bad about IRC Technology
The problems related to IRC technology are very well described in RFC 1324 (A Discussion on Computer Network Conferencing). You can read on in Functionality and Problems of Systems for Synchronous Conferencing. See also the PSYC whitepaper and several other documents in the tech area of the PSYC site.
In essence, IRC has scalability, security and addressability problems related to the volatileness of user and channel data. Notice also the one big positive aspect of IRC, it has a notion of multicasting. See also Centralistic for a comparison of IRC with other chat technologies.
No more IRC-style netsplits on PSYC
... at least not like this.. http://www.bash.org/?124895
It's different with PSYC: If an Internet link breaks it will affect those people who are on that link, but it will not tear down a whole network. The difference is, IRC sends the traffic through certain servers, causing itself bottlenecks of higher traffic were PSYC creates multicast networks for each context, thus the load is spread more evenly across the involved nodes.
While on IRC, the hub network servers are fine targets for bored attackers, who mean to harm just one context of people (place, channel, chatroom, whatever you want to call it), but actually affect the entire network, on PSYC bored attackers can still attack a server concerning a certain context, but that won't impress the rest of the PSYC network.
- That didn't make sense, yet? Okay let's go into details. IRC shares a large database of user and channel data among all servers of a network. When a link breaks, all data from that route becomes invalid and needs to be retransmitted when reconnecting the server, causing load to the entire network. In PSYC, this kind of data is static - when a server disappears, communications to that server are disturbed, but all other communications are fine. Also, there is no need for large syncing, once the server is restored. XMPP has the same kind of approach here, with the same advantages over IRC, but it also does not multicast, therefore running into other scalability problems described on the Jabber page, where IRC performs better. PSYC takes the good aspects of both. See the netsplit page for more words on the same subject.
Update 2015: This rendition is accurate on both the old federated PSYC as in the new distributed PSYC2 model.
IRC is oligarchic, not federated
In the foreword to the book IRC hacks, Jarkko Oikarinen, inventor of IRC, writes:
"It was and still is the possibility to network individual chat programs (IRC servers) to one another, thus forming a worldwide, distributed, and decentralized chat network. The ability to network, without maintaining a central location of control, has been the key for success for IRC, WWW, USENET News, and many other systems."
It may technically be correct to say IRC is decentralized, but politically it is not. To maintain order on the network, to protect conference control in chatrooms (channels) and in modern IRC networks, to protect user identity, every single IRC server needs to trust every other IRC server on the same network, completely. This implies that an IRC network must be implemented by an organization of people who trust each other not to abuse their administrative rights to exercise random and unaccountable executive powers on the network. This shortcoming is one of the reasons why the single all-encompassing IRC network for the world could not be achieved. The other is the technical scalability problem of IRC, making it impossible even for an organization like the United Nations to be in charge of such an endeavour. NNTP, the protocol at the fundament of USENet, has the same political prerequisite, causing it to turn into a wild west forum in the 90s, then leading to the irrelevance it has today. Unfortunately, IRC is at a similar level of irrelevance when compared to the huge centralistic IM systems. So the only true success story in the listing above is the web, which is indeed decentralized, both technically and politically, but it isn't distributed – except for the cloud systems.
The IRC Syntax
Since IRC uses a function-call like syntax, parameters have no names, they only have an order. You can always only add things at the end of the list to extend the syntax. Various protocol dialects even do this in differing ways, thus becoming incompatible to each other. PSYC has solved this elegantly with the psyctext and variables syntax! We could have used XML or JSON, but... there are plenty of reasons not to do that. :°)
Identity on IRC
Jutut's document on how to idle on IRC explains how changing your nickname is bad, because you are changing your identity and can no longer be reached. This is a fundamental problem with IRC that can be partially addressed with NickServ, but to be sure you are seen by the people that should see you, you have to stick to your nickname.
PSYC only allows for nickname changes within chatrooms with enabled masquerade. Ironically, IRC clients cannot see these changes, as they would become unable to send you private messages if we forwarded them such nickname changes. IRC has no notion of purely cosmetic nicknames. So in order to have a consistent user experience, we have disabled the /nick command in the psyced emulation of IRC.
History of Bitnet and IRC in a 1992 retrospective, unfortunately held in german (See also BITNET). The articles are taken from Terra's Chalisti, an organ of the CCC of the late 80s. Except for Terra the CCC was generally not very interested in the Internet in those days. Pattex was more exciting. cute posting from 1989. Ausserdem: Wettrüsten im IRC auf Sociology.
NickServ taken down after Jupiter killed it
An important episode in the history of IRC was when the very first NickServ was killed by an operator who then renamed himself into NickServ and made fun of everyone who sent him passwords. Just recently (2006) the same incident happened again on freenode.
The thread shows how the 1991 public wanted NickServ back and wasn't at all happy with the policy of nicknames not being owned. The thread also mentions the IRC War that had taken place before and led to the separation of the EFnet from the free IRC later also termed Anarchy-Net by the EFnet people.
Historic operator discussion after NickServ was shutdown: http://my.pages.de/pub/net/irc/logs/nickserv_wallops.gz
This also leads to the next discussion on getting rid of nicknames in the protocol:
WiZ wanted user@host-Notation
This interesting thread on owning nicknames mentions that WiZ (= Jarkko Oikarinen, originally writer of IRC) wanted to upgrade IRC identifications from nicknames to user@host syntax. Wumpus added, that clients would have to manage the nickspace for the user then and even I had a hard time imagining an IRC without nicknames at the time. Troy went on to extend the protocol to provide for nickname suggestions to clients. Too bad nobody ever coded this. Wumpus went on wisely recognizing that the /names command would turn out unusable in future IRC considering its growth rate. Finally Alan D suggests an /expand command which essentially does what our /alias command does, only on server side.
/wallops was a bad idea
The WALLOPS (write to all operators) command was introduced for ircers to quickly be able to cry for help. It became an exclusive operator-only chat channel with a lot of envy from non-operators who wanted to take part in the discussions. It also had the inverse effect of operators prefering not to wear operatorship just to avoid receiving those messages. On one legendary occasion in January 1991 a wild wallops discussion led to a completely absurd KILL war of operators where everyone was shooting everyone else. The log of it is a quite amusing read: http://my.pages.de/pub/net/irc/logs/killfeast.gz Also the kill paths give you an insight into the topology of the IRC network back then.
The Battle Of Eris - The War Of IRC
At the beginning there was only one IRC network: The IRC.
Several people in the original IRC network thought IRC should remain open, that everyone who wants to chat should, if desired, be able to do that under his own administration, with his own IRC server - they essentially subscribed to the principle of federation and thought IRC should fix its protocol to support that rather than stop free minds to run their own IRC servers.
Unfortunately some people only wanted to run servers for vanity reasons, acquiring operator powers on the IRC by connecting to an open server, then showing off. Nothing really serious, IRC was a terrifically peaceful place in those days. However, IRC had a technological problem there, and social and political repercussions followed.
eris.Berkeley.EDU is the machine that became symbolic of this tragic development, as its administration firmly decided to leave open C/N lines for anyone to connect an IRC server anywhere in the world. In fact there had been several open servers in the early days (like irc.belwue.de), eris was just the last one to fall.
After lengthy discussions on the 'open server issue' on operlist, the mailing list for IRC operators, a group of administrators decided to eject open servers from the IRC network. The new 'Q' line (quarantine) was thus implemented into ircd, specifically with the purpose of rejecting eris.
But what really triggered the war was the publication of killer.c. The inventor of the IRC himself, Jarkko Oikarinen, wrote up a bunch of lines of code to display how easy it would be, to break apart an IRC network with open servers.
Everybody knew how easy it would be, but nobody ever wanted to disrupt IRC like that, not even the vanity operators or any other supposedly evil hacker. Introducing the Q-lines was a preemptive strike against IRC terrorism that didn't exist. IRC could have waited until things would have gotten that bad before taking drastic measures.
Now that this code was published, one IRC administrator took it, fixed it, and executed it. What followed was the biggest disruption in IRC service the IRC had seen until that day. Soon the newly invented Q lines were activated by a small group of administrators.
For several weeks the IRC network was to a large extent unreliable as the Q-enhanced servers would disconnect any server who dared to introduce eris into the network and administrators who felt abused by this political decision tried to connect eris back into the network. They felt like a piece of Internet freedom was breaking away.
In fact the Q-line was peripheral in the war. The real battleground was the huge majority of servers who didn't care whether they were on an open or closed IRC network. The few administrators with a political opinion, either on the open or closed side, would repeatedly disconnect them from the opposing network and connect them to theirs. In other words, the war was fought by a bunch of operators using /squit and /connect commands.
Some of the administrators decided not to go along and stayed with the original IRC network. Since that didn't suit the EFnet policies to admit the original IRC network to be the original IRC network, they also rewrote history and named it ANet as in Anarchy-Net. The actual administrators of the original IRC never chose that name themselves, but they admittedly adopted it for the sake of distinguishing the two sides.
With brute force the majority of people however were taken to EFnet. The new political policies of it soon led to new IRC networks, Undernet and DALnet, as many weren't willing to accept somebody else's oligarchic rule.
Technologically, open IRC networks aren't manageable - so IRC had to adapt - either by rewriting the software, which was the path I took with PSYC, or by splitting into several closed networks, which was the way IRC took.
I suppose the path to EFnet could have been a peaceful one of democratic agreement, and probably with the first serious abuse of the so-called open-server servers it would have happened, instead the change came unnecessarily soon and without a warning.
Read IRC History as seen by Vegard to see the same history as seen through the eyes of an EFnet administrator.
Sir Wumpus and the return of Eris
After the war, the Q-lines especially invented for eris.Berkeley.EDU stayed up and occasionally an operator would try to connect it back.. http://my.pages.de/pub/net/irc/logs/sir-wumpus.wallops-chat.gz
- Wow, that brings back memories! -- Sir Wumpus
- Outdated, historic or less interesting bits of this page have been moved to Archive:IRC
- http://www.alien.net.au/irc/irc2numerics.html - Documentation of the proliferation of IRC numerics and inherent collisions.
- http://www.irc-plus.org - 2007 initiative for new IRC standards. See also IRCPLUS.
- de:IRC - Mehr Geschwätz auf deutsch.
- See also the IRC category.