
IRC.com outlines its roadmap - prawnsalad
https://www.irc.com/
======
ryanlol
Snoonet people seem to be heavily involved with IRC.com stuff, which isn't
very surprising considering Andrew bought snoonet. In the past there have been
some very credible accusations[1] from ex-snoonet operators claiming that
snoonet operators spy on users messages.

I don't know if I'd trust IRC.com.

[1]
[https://bpaste.net/show/932b93fc2dce](https://bpaste.net/show/932b93fc2dce)

    
    
      <rdv[swag]> ENOUGH
      <rdv[swag]> THIS IS MY NETWORK AND I WILL RUN IT THE WAY I WANT TO RUN IT
      <rdv[swag]> YOU CAN ALL QUIT FOR ALL I CARE
    

PIA decided to hire this person _AFTER_ other network staff called him out for
spying on users.

Oh and PIAs support site and customer DB were compromised using a
deserialization vulnerability in kayako. They never bothered to publicly
acknowledge this, clearly a very "privacy oriented" business.

Kayako seems to have taken down their page detailing this particular
vulnerability. Their helpdesk product used to store users sessions as
serialized objects in user-controlled cookies, allowing attackers to execute
arbitrary code by just sticking an appropriate php object into their cookies.

Any automated auditing tool would've immediately discovered this bug, so
clearly PIA just didn't bother.

The cookie looked like this, it's impossible to miss the serialized php
object:

    
    
      Set-Cookie: SWIFT_client=a%3A1%3A%7Bs%3A15%3A%22templategroupid%22%3Bs%3A1%3A%221%22%3B%7D; expires=Wed, 28-Dec-2016 23:24:13 GMT; path=/; httponly
    

But hey, maybe their new CTO - Mark Karpeles - runs a tighter ship ;P

~~~
SaberUK
Full disclosure: i'm being paid to work on InspIRCd for use on the IRC.com
network. This is my personal opinion not an official statement on behalf of my
employer.

The IRC server software used by Snoonet, InspIRCd, does not contain any
functionality for message interception (it doesn't even tell server operators
the contents of a message that has matched a spam filter) and at least on the
infrastructure I have access to Snoonet does not have any message interception
capability either.

~~~
ryanlol
As an InspIRCd developer you must also be aware that it only takes minutes for
anyone to patch an IRC daemon to log chats. I don't think the lack of such a
feature in core inspircd indicates anything.

~~~
SaberUK
Whilst that is true as I have explicitly stated there is no intercept
capability on the infrastructure that I have access to. If you're willing to
believe some completely unverifiable logs dumped on a paste site over someone
with access to IRC.com infrastructure then i'm not really sure what I can say
to convince you otherwise.

You can use OTR for private IRC chats and an IRCv3 contributor is currently
working on an end-to-end encryption system suitable for use in IRC channels so
if you're concerned about your privacy you are welcome to use those.

------
craftyguy
What's the "IRC Foundation"? As a long-time IRC user, this sounds like a scam
after reading through the the 'article', I don't know what exactly they are
doing besides throwing all the buzzwords and trendy web design out there.

On the other hand, I want to give the benefit of the doubt that they are
somehow improving the IRC protocol in some meaningful way.

~~~
ekc
The IRC Foundation, as it says on the linked page, doesn't exist yet. That's a
goal of irc.com to do.

irc.com is a domain purchased by Andrew Lee of Private Internet Access last
year. Formerly, irc.com had a letter written from him about his goals hosted
on it:

[https://web.archive.org/web/20180622180151/https://irc.com/](https://web.archive.org/web/20180622180151/https://irc.com/)

~~~
usr1106
The letter is still on the site, click on "Let's take IRC further" in the
upper right corner.

At the bottom of the page opening there is a link to "London Trust Media
Holdings":

Some of the brands listed:

* Private Internet Access

* Linux Journal

* freenode

* snoonet

and others

~~~
80386
Went there to check if Twitch was listed. Twitch chat runs on IRC, or at least
can be connected to with an IRC client - are they involved with the ecosystem?

~~~
prawnsalad
Twitch have their own custom IRC servers and not part of IRC.com/London trust
media. They have been watching out on the IRCv3 group to ensure they implement
IRC correctly though in the past.

------
em-bee
IRC is, and always was a walled garden. yes, IRC servers can be distributed,
but they can't be federated. IRC hails from a time of the internet when it was
so small that everyone pretty much could trust everyone else. someone who
controls one IRC server is more or less able to control the entire network.

if there are IRC servers that can't be trusted, they can't join the network,
and hence will form a network of their own. there are dozens of networks out
there (hundreds if you include smaller ones), and each one is an island. if i
am on a different IRC network than you, then we can not talk to each other.

the only worthwhile improvement of IRC would be to turn it into a federated
protocol to rival XMPP or other alternatives. i am not sure that is even
possible though, but i wish it is, and i wish that this is where irc.com will
be going.

i do look forward to see IRC brought into the modern age.

~~~
devwastaken
I don't think it can be. Everything irc does is better done centralized. The
big problem is leaking of user iP's. Ip's regardless of how they work
technically are treated by police and courts as a unique identifier. As sad as
it may be, Discord thrives far more than IRC ever did for that very good
reason. All content has to be proxied, and that costs big bucks.

One way around it would be to stick to embedding of content only from a small
number of known sites, but even then things like YouTube can still show
geography of viewers iirc. Plus if those sites get tired of your bandwidth
they can just block you, no negotiation of money if you don't have big bucks.

But regardless of how it's done, when you host your own actual server, you're
now liable. You're identifiable, and In the U.S. identity is all that's
required for any civil case, which could be thrown at you by anyone for any
reason. When you host yourself you're taking on legal liability for your
users, too, such as underage users that get access to pornography through it.

------
dustfinger
> But we still need to make it much easier for the general public to use.
> People understand WhatsApp and Messenger, not servers, ports and commands.

Please don't do that. I like the fact the IRC is controllable in plain text
via commands. Also, what is wrong with knowing about servers and ports? Why is
it that IRC should be changed to appeal to the masses?

~~~
dewey
Because 99% of the people don’t know what a port is. If they want to rethink
the way things work and make the protocol more attractive you have to rethink
some assumptions that were maybe correct in the early days.

Nobody is going to stop you from just using the “old” protocols. Maybe it’s
even backwards compatible in the way that right now you can also add port 80
to a URL but you don’t have to.

~~~
Shorel
And when I was in high school 99% of people didn't know what a disk drive was,
much less something fancy at the time like a pen drive.

Now everyone including grandmothers knows what a pen drive is.

And people are using a chat application 99% of the time. Anything they need to
know to chat with their friends, they will learn, fast.

IRC did not die because it used ports and servers. That actually had nothing
to do with its decline.

IRC was replaced by something without the feudal structure of founders, SOps,
and Ops, and the medieval control they had over normal users, muting and
kicking people off channels all the time.

It was a social issue, not a technical one.

------
giancarlostoro
My current favorite ircd is ngircd. Super easy to install with just an apt-get
install away. I usually hide everyones IPs on it cause nobody should just
randomly know everybody elses IP. My only issue is making an IP count
exception for connection bouncers. I had a server wide bouncer setup for a
good number of my users.

~~~
SaberUK
As the maintainer of InspIRCd i'm biased towards it but ngircd is a pretty
solid piece of software if you only want something which is simple and easy to
set up without a bunch of fuss.

I have to look through the source code of other IRC server implementations
regularly when checking for cross-server compatibility and looking through
ngircd's source code is always a pleasure. Its extremely well written and easy
to follow unlike the irc2-based IRC server implementations (UnrealIRCd, etc)
which usually are a pain to find out what they're even doing.

------
wut42
They say they're sponsoring an IRCd, which one it is ? InspIRCd ?

~~~
prawnsalad
Yes, currently we’re putting full time dev resources into Inspircd to bring it
up to date with newer IRCv3 features so that we can showcase what IRC is
capable of these days. Once the Foundation has been setup further down the
line then we plan to open that up to other projects.

~~~
wut42
Awesome :)

