Hacker News new | past | comments | ask | show | jobs | submit login

Cloaks aren't reliable and there are a few tricks to uncloak a user anyway.



I think this is getting aside of the topic of what privacy really is for most people. IRC by default does not encourage endless selfies or oversharing that the modern social networks promote.

I've never seen an ircd cloak instruction page misrepresent what they can and cannot do. While protecting IP addresses is important (which the GDPR also believes in), I think it's also important to not lose perspective of the bigger dangers out there right now such as default user behaviour and conditioning. For example, IRC has never led to huge numbers of people publicly humiliating themselves by bitching about their employers, etc.


Tricks? Can you elaborate?

Like what outside of taking the scope outside of the IRC client (external link, etc)

An IRC cloak is programmed into the ircd itself ensuring that ones IP address is not exposed. I don’t think you can just hack that. If you use the external link trick, everyone is susceptible to that no matter what app/platform they use unless you use a VPN or Tor.


That depends on the ircd, but on Freenode you could decloak using the services to ban the user from channel using IP ranges and see if they trigger (I think. It has been a few years since I this trick used, and it might've not even been bans). Extremely inefficient, but if you have a bouncer with auto rejoin on...

In any case there are some really obsessed people who probably know a hundred ways to take over your channels at the very least. Seeing some of these people do their thing is one of the reasons why I steer clear of IRC these days.


Channel takeovers aren't really a thing on modern networks with good services.

The Freenode decloak trick still works, though.


Speaking as a freenode staffer:

1) There are a number of ways to decloak somebody purely via irc/ircd fuckery - though it's liable to require several minutes of dedicated effort to do so.

2) There's a non-zero likelihood that if you try any of those ways we will spot you and k-line you.

3) That likelihood is not a guarantee, so when cloaking people we always make sure to warn them first that cloaks aren't 100% reliable and if users really want to protect their IP address they want a VPS, a VPN, or tor.

4) No, I'm not going to be any less vague about 1, just because it's not actually hard doesn't mean I want to encourage it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: