Anonymous IRC-like multiuser chat using TOR hidden services, with emphasis in network-analysis protection.
This is a simple client/server chat using TOR hidden services and the python Stem controller library, implemented in a single python file. License is GNU-GPL
torirc.py [options]
Options:
-h, --help show this help message and exit
-c CONNECT, --connect=CONNECT
Acts as client, connect to server
-s, --server Acts as server
This is a console-only application. You need a recent version of TOR configured and in your path. Also the time of the computer needs to be correct or else TOR won't connect.
In the Server:
~$ sudo -u debian-tor ./torirc.py -s #EXAMPLESRV
[I] Connecting to TOR via Stem
[I] Tor relay is alive. 369347 bytes read, 317787 bytes written.
[C] Tor Version: 0.2.3.22-rc (git-4a0c70a817797420)
[C] Socks port is: 9050
[I] Adding hidden service...
[C] Hostname is x6nz4zuolgq5hhkr.onion
[I] Server Active
[I] Connect with the command "./torirc.py --connect=x6nz4zuolgq5hhkr.onion"
In the Client:
~$./torirc.py -c x6nz4zuolgq5hhkr.onion
Trying to connect to x6nz4zuolgq5hhkr.onion:11009
clientConnection: Connected to x6nz4zuolgq5hhkr.onion
You will be assigned a randomly generated nick. You need to set your nick with '/nick' and you are good to go. If you want multiple chatrooms, start multiple servers, each one will auto-generate their own hidden-service url.
Anonymous/Encrypted chat resistant to:
To reach those objectives the design of torirc follows:
Python: I selected python because it's what I know, and the interpreter is relatively small. Second choice would have been Java, but the JRE is too big and cumbersome. Also Python usually comes installed in most Linux distros. Also TOR has Stem, a very nice python-controller lib.
TOR: big ugly chunk of C code that I do not trust entirely, but at this time is the only software that provides the functionality that I need, that is, hidden services and onion routing. Also, the current version of torirc doesn't have his own cryptography routines and uses TOR for it, but this may change in the future.
Here are alternative software and why I do not like it:
IRC over tor: This is the best alternative, but only if you don't use any public server. Anyway this is vulnerable to exploits as IRC servers and clients tend to be huge pieces of C code. Also Network analysis is trivial with this protocol.
MSN/Gtalk/Pidgin: Horrible choices, huge codebases, hundreds of libraries riddled with bugs, vulnerable to exploits, central server sees all your (often plaintext) messages, etc. Some plugins like OTR fix some shortcomings, but network analysis is also trivial.
Silc: They wrote their own crypto, that's a big mistake. Also, it's written in C. I do believe they also don't protect against network analysis.
torchat: Nice alternative but only P2P, latest versions started to creep with unsafe functionality like emoticons, etc.
This still is experimental software so no strong network-analysis-proof must be assumed. At this moment:
Network analysis is a hard problem and there are hundreds of side-channels that can be used to determine if a user is connected or not. This information can be the difference between life and death for some people, so it's a useful problem to tackle IMHO.
Latest tor-irc version uses the Stem python library to connect and control TOR, and now it makes uses of the system TOR daemon instead of spawning it's own TOR process. This is more clean but it requires you to install the Stem library and configure the TOR control port. If you do not want to do this, the torirc-nostem.py script doesn't uses Stem, but it's bigger and uglier.