alfred-gw / torirc

Secure/anonymous IRC-like chat using TOR hidden services
GNU General Public License v2.0
39 stars 11 forks source link

Torirc

Anonymous IRC-like multiuser chat using TOR hidden services, with emphasis in network-analysis protection.

This is a simple client/server chat using TOR hidden services and the python Stem controller library, implemented in a single python file. License is GNU-GPL

Usage

torirc.py [options]

Options:
  -h, --help            show this help message and exit
  -c CONNECT, --connect=CONNECT
                        Acts as client, connect to server
  -s, --server          Acts as server

Example use:

This is a console-only application. You need a recent version of TOR configured and in your path. Also the time of the computer needs to be correct or else TOR won't connect.

In the Server:

~$ sudo -u debian-tor ./torirc.py -s #EXAMPLESRV
[I] Connecting to TOR via Stem
[I] Tor relay is alive. 369347 bytes read, 317787 bytes written.
[C] Tor Version: 0.2.3.22-rc (git-4a0c70a817797420)
[C] Socks port is: 9050
[I] Adding hidden service...
[C] Hostname is x6nz4zuolgq5hhkr.onion
[I] Server Active
[I] Connect with the command "./torirc.py --connect=x6nz4zuolgq5hhkr.onion"

In the Client:

~$./torirc.py  -c x6nz4zuolgq5hhkr.onion
Trying to connect to x6nz4zuolgq5hhkr.onion:11009
clientConnection: Connected to x6nz4zuolgq5hhkr.onion

You will be assigned a randomly generated nick. You need to set your nick with '/nick' and you are good to go. If you want multiple chatrooms, start multiple servers, each one will auto-generate their own hidden-service url.

Objectives

Anonymous/Encrypted chat resistant to:

To reach those objectives the design of torirc follows:

Discussion of choices

Alternatives

Here are alternative software and why I do not like it:

Network analysis protections

This still is experimental software so no strong network-analysis-proof must be assumed. At this moment:

Network analysis is a hard problem and there are hundreds of side-channels that can be used to determine if a user is connected or not. This information can be the difference between life and death for some people, so it's a useful problem to tackle IMHO.

Stem

Latest tor-irc version uses the Stem python library to connect and control TOR, and now it makes uses of the system TOR daemon instead of spawning it's own TOR process. This is more clean but it requires you to install the Stem library and configure the TOR control port. If you do not want to do this, the torirc-nostem.py script doesn't uses Stem, but it's bigger and uglier.