mIRC Home    About    Download    Register    News    Help

Print Thread
Basic privacy questions using BNC and/or Tor #195927 06/03/08 02:40 AM
Joined: Jun 2007
Posts: 10
P
Paros Offline OP
Pikka bird
OP Offline
Pikka bird
P
Joined: Jun 2007
Posts: 10
Hello.

Here's the problem:

Consider a member of an online discussion board registered there with the common username/password method, and after providing a real email address to receive the confirmation link for registration.

The owner of the discussion board also operates a private IRC network. As the owner of both the IRC network and the online forum it is trivial for the owner to cross reference IP numbers of people who post on the forum and/or who join in their chat rooms, and identify a person if they both post and log in their chats.

Would a BNC account on a server somewhere or using the Tor network with mIRC be a sufficient cover of the person's IP when they log in the private IRC network? (not hide it when posting on the forum, just when in the IRC chatrooms)

If you use a BNC account and log in to EFNet for example then other chatters in the same room can only see the BNC server's IP when they do a whois on your nick, but does a private network's owner have any other capability to identify a connection's IP when a BNC account is used, or when the Tor network is used in combination with mIRC?

Does mIRC have any network related settings that will divulge the user's real IP number even if the connection is done through a BNC or Tor?

Thanks for any replies or help with this question. This is only a privacy concern and not any attempt to avoid detection for inappropriate activities.

Re: Basic privacy questions using BNC and/or Tor [Re: Paros] #195930 06/03/08 06:03 AM
Joined: Jan 2003
Posts: 1,063
D
Doqnach Offline
Hoopy frood
Offline
Hoopy frood
D
Joined: Jan 2003
Posts: 1,063
unless you have some script giving out the information, another user can't get ahold of your real IP. also a private network owner will only see your BNC since that IS your point of origin from what IRC is concerned.


If it ain't broken, don't fix it!
Re: Basic privacy questions using BNC and/or Tor [Re: Paros] #195931 06/03/08 06:48 AM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Quote:
does a private network's owner have any other capability to identify a connection's IP when a BNC account is used

No.

Quote:
Does mIRC have any network related settings that will divulge the user's real IP number even if the connection is done through a BNC or Tor

Yes and no.

No, mIRC will never intentionally reveal any IP information about the client connected-- that information is purely held by the server.

However, there are some things that as an IRC client user you should be aware of, and this goes for any client across the board: using DCC functionality on IRC requires a "Direct Connection" from a user to you-- this means revealing some end-point IP address for the remote user to connect to. This may be your BNC/Tor IP, but due to configuration in many IRC clients, this may be your real IP. Be careful when using DCC over BNC/Tor if privacy is an issue to you.

mIRC allows the user to configure the client to use a specific IP address for DCC requests. It does this via the "Lookup Method" which is found in Alt-O -> Connect -> Local Info. You can also change this via command line with the /localinfo command. Lookup method should always be set to [x] Server (type /localinfo -u) otherwise you run the risk of having mIRC divulge your IP.

Keep in mind that the /localinfo command may still not leave you completely secure if you use specific BNC software that forwards your real IP for DCC requests. This is usually used to get DCC working over BNC but if privacy is a concern you should check that your BNC software has this feature disabled, if it exists.

The summary is that you should really not worry about mIRC divulging any host information as it stores nearly none (besides what is used for direct connections), but rather your BNC/proxy software. Finally remember that the server only knows the IP address that you connect as with the BNC/Tor host; while the IRC protocol theoretically has a slot in the connection handshake to specify a host, it's rarely used in modern IRCd's-- they usually just go by the IP/hostname of the host machine that initiated the TCP connection to the server and collect/ask for no other host info.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: Basic privacy questions using BNC and/or Tor [Re: argv0] #195936 06/03/08 09:08 AM
Joined: Jun 2007
Posts: 10
P
Paros Offline OP
Pikka bird
OP Offline
Pikka bird
P
Joined: Jun 2007
Posts: 10
Thank you both for your help.

argv(), since you brought up the DCC issue:

I was aware that doing file transfers of any kind or making any direct connection with another PC, like a DCC one, may have to involve the real IPs even when a BNC or Tor node is used.

However, my question again would be about the owner or network operator of the IRC network. If I start a DCC chat with another chatter or exchange files then I take the risk of the other person knowing my real IP if they're looking for it. What I don't know is how much information about these connections is available to the network operator.

If it's a network like EFNet for example, I wouldn't care if an EFNet network operator could see my IP even behind a BNC account when I start a DCC chat with another chatter or under any other circumstance. What I do want to verify though is whether or not this information is available to the network op because in that case the op of the private IRC network could be able to do this too, which is what I'm trying to avoid.

I guess the same question would apply for channel operators too but I am under the impression that channel operators would not have access to this information, would they? For example, if A starts a DCC chat or file transfer with B (both in the same channel of course), does a channel op know that A and B are communicating via DCC?

Thanks again for the helpful information.

Re: Basic privacy questions using BNC and/or Tor [Re: Paros] #195941 06/03/08 02:29 PM
Joined: Dec 2002
Posts: 2,010
R
RoCk Offline
Hoopy frood
Offline
Hoopy frood
R
Joined: Dec 2002
Posts: 2,010

The only way someone (on IRC) other than the intended recipient of the chat request would be able to get your IP from the chat request is if they spy on private messages. When you send someone a chat request, mIRC sends the request via the IRC server, your IP and listening port is contained in this message. I don't really know of any servers or networks that spy on private messages this way, but then how would we know? The only IRCd I heard has done anything like this is Unreal IRCd. I seem to recall they had a spy module, I'm not sure exactly what it spied on, but private messages would be the logical guess.

Re: Basic privacy questions using BNC and/or Tor [Re: RoCk] #195956 07/03/08 12:33 AM
Joined: Aug 2004
Posts: 7,252
R
RusselB Offline
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
After reviewing all of the modules currently supported for UnrealIRCd, I would like to state that there is no spy module currently supported, and, I believe, the current coding of UnrealIRCd prevents the usage of the old spy module.

Re: Basic privacy questions using BNC and/or Tor [Re: RusselB] #195973 07/03/08 06:54 AM
Joined: Jun 2007
Posts: 10
P
Paros Offline OP
Pikka bird
OP Offline
Pikka bird
P
Joined: Jun 2007
Posts: 10
From the Unreal website, the current stable release is 3.2.6. The private server in the situation I described also happens to be Unreal 3.2.6.

RusselB, is that the version you're referring to?

So, I take it that if there is no DCC or any other direct connection with anyone else in the network other than regular chatting, then a BNC or a Tor node used with mIRC would be enough to keep one's IP private (using the settings mentioned above in another post). If that still is not the case then please enlighten the newbie.

Is there anything related to this issue that I can determine from the initial network settings and values that show up before the MOTD when I connect to the server? For example, if any questionable module is installed and is listed in the starting settings/values.

Thanks everyone for your help.

Re: Basic privacy questions using BNC and/or Tor [Re: Paros] #195980 07/03/08 01:03 PM
Joined: Dec 2002
Posts: 2,010
R
RoCk Offline
Hoopy frood
Offline
Hoopy frood
R
Joined: Dec 2002
Posts: 2,010

I would say that as long as you're using a BNC, and you don't initiate any DCC's (chat/send), and you don't give out your IP address yourself, then there is no way that anyone else can get your IP address.

Re: Basic privacy questions using BNC and/or Tor [Re: RoCk] #196013 07/03/08 08:40 PM
Joined: Jun 2007
Posts: 10
P
Paros Offline OP
Pikka bird
OP Offline
Pikka bird
P
Joined: Jun 2007
Posts: 10
Originally Posted By: RoCk

I would say that as long as you're using a BNC, and you don't initiate any DCC's (chat/send), and you don't give out your IP address yourself, then there is no way that anyone else can get your IP address.


Thanks for the clarification.

Re: Basic privacy questions using BNC and/or Tor [Re: RoCk] #196024 08/03/08 01:16 AM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
That's incorrect and misleading. You do not need to initiate a send for someone to get your IP from a DCC connection..

If you initiate a send you will indeed be giving your IP out to the remote user over IRC-- however, if you accept a DCC SEND/CHAT request, you will be directly connecting to the remote host-- this is even more dangerous, as they can log the IP of the incoming connection and it will likely not be over the BNC/Tor proxy. The IRC network will not see your IP in this case but the remote user will.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: Basic privacy questions using BNC and/or Tor [Re: argv0] #196026 08/03/08 01:33 AM
Joined: Dec 2002
Posts: 2,010
R
RoCk Offline
Hoopy frood
Offline
Hoopy frood
R
Joined: Dec 2002
Posts: 2,010

My bad. Very true and I knew that. I should have said as long as he doesn't participate in any DCC sessions. Thanks for correcting me.