Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information

 Actions

HexChat: IRC Client

HexChat (IRC Client) chat window

Introduction[edit]

Hexchaticon.png

HexChat [1] is an open source IRC client based on XChat. It includes basic functionality found in IRC clients, like secure connections, multiple server connections, nick completion, a client-to-client protocol, direct client-to-client file transfer and chat, and a plugin system which allows extension of features and further customization. [2] [3]

HexChat in Whonix ™ has been hardened according to The Tor Project's Torrifying HexChat guide. [4] All servers, besides the secure (SSL) version of the Open and Free Technology Community (OFTC) have been removed. [5] It is recommended to add the securely encrypted version of the IRC server, preferably an onion service which uses SSL as a fallback or at best, both. Also see: Torifying HexChat.

Note that the official #Tor channel is on OFTC, but no Whonix ™ developers are active there! Upstream Tor developers do not support Whonix ™. For help with Whonix ™-related issues, see Support.

HexChat Operations[edit]

Start HexChat[edit]

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Workstation ™ AppVM (commonly named anon-whonix) -> HexChat IRC

If you are using a graphical Whonix-Workstation ™, complete the following steps.

Start menu -> Applications -> Internet -> HexChat IRC

Reset the HexChat Identity[edit]


Open a terminal.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Workstation ™ AppVM (commonly named anon-whonix) -> Konsole

If you are using a graphical Whonix with KDE, run.

Start Menu -> Applications -> System -> Konsole

If you are using a graphical Whonix with XFCE, run.

Start Menu -> Xfce Terminal

Run.

hexchat-reset

Done.

SASL[edit]

Some networks and hidden IRC servers (like freenode) require Simple Authentication and Security Layer (SASL) to connect to them.

Setting up SASL is outside the scope of this entry; refer to The Tor Project SASL Authentication instructions.

Privacy Check[edit]

Before joining any channels, run the whois function from the status window.

/whois your-user-name your-user-name

The following example Chat (IRC client) screenshot shows the /whois output for user TNTBOMBOM (/whois TNTBOMBOM TNTBOMBOM).

Figure: IRC /whois Output

HexChat (IRC Client), showing /whois of oneself.

IRC General[edit]

The Ident Protocol [6] is automatically blocked because Whonix-Workstation ™ is firewalled. [7]

The Tor Project Internet Relay Chat page contains general IRC safety techniques and other tips. Another useful resource is the IRC Security page. Key information and advice is provided on:

  • The importance of (additional) encrypted connections:
    • If an onion service is available, then use it. It is also safer to combine additional layers of encryption like SSL, TLS or GPG if possible.
    • If an IRC server uses a self-signed certificate, then explicitly check the SSL/TLS certificate is correct to prevent man-in-the-middle attacks.
  • Avoiding Trojan Horse attacks via malicious, downloaded files.
  • Defense against Denial of Service attacks. [8]
  • Dangers associated with downloaded files.
  • Firewall considerations.
  • The impact of potential back-doors in IRC clients.
  • Circumvention of Tor censorship.
  • End-to-end encryption using OTR and other plugins.
  • Social safety measures to prevent de-anonymization.
  • Other miscellaneous security advice.

Connection Issues[edit]

If a message similar to the following appears.

* Closing Link: 93.115.95.205 (No more connections permitted from your host)
* Disconnected (Remote host closed socket)

This most likely means the connection to the IRC server is working, but the server disconnects because they are not accepting Tor network connections. This is a general Tor censorship problem and unrelated to Whonix; see List Of Services Blocking Tor.

Unfortunately there is no easy solution and each available workaround has pros and cons:

  • Use an IRC alternative if this is feasible; see Chat for options.
  • If possible, use another Tor-friendly IRC network: List of IRC/chat networks that block or support Tor. [9]
  • Check if the IRC network provides a solution for Tor users. For example, freenode provides such a mechanism via a Tor onion service and scripts.
  • Combine Tor with an additional tunnel link to circumvent blocks. [10] A connection to Tor must be made before the tunnel-link (proxy / VPN / SSH): User -> Tor -> proxy / VPN / SSH -> Internet.
  • Use an IRC bouncer; see Internet Relay Chat. In the past, there were no trustworthy and free IRC bouncer services, but this situation may have changed in 2018. IRC bouncers are very affordable, but it is difficult to register and pay anonymously, see: Money.

To follow the associated Whonix ™ development ticket, see: Migrating from IRC OFTC to Tor friendly IRC network.

See Also[edit]

Footnotes[edit]

  1. http://hexchat.org/
  2. https://en.wikipedia.org/wiki/XChat
  3. https://hexchat.github.io/
  4. https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/HexChat
  5. This is an IRC network which provides collaboration services for members of the free software community, anywhere in the world.
  6. https://en.wikipedia.org/wiki/Ident
  7. The Tor Project notes: "In both UNIX and Windows systems, the logged in username becomes the default ident. The ident is seen by most clients during channel join and when performing the /​whois command. It is therefore recommended to fake your ident before you connect to any IRC servers."
  8. Which otherwise can make networked computers disconnect or crash.
  9. Or conduct an Internet search for "Tor-friendly IRC server".
  10. This is a time-consuming and steep learning curve just to solve this issue.

No user support in comments. See Support.

Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Have you read our Documentation, Technical Design and Developer Portal links yet?


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.