Hi, I was wondering whether using Mibbit (www.mibbit.com) along with an anonymization service like JonDo (https://www.jondos.de/en/jondonym) can guarantee anonymity. Mibbit is a webchat that doesn't use Java, nor Flash; it exploits instead Ajax (so JavaScript + server side code). Can this be a solution for privacy? Many thanks!!! M.
No. This will not be anonymous. It relies on trusting server side code, which is the weakness of JonDoNyms implementation. Ajax is simply javascript. Javascript and other code you allow to run on your machine from a website can potentially deanonymize you. You may want to try IRC with anonymity already built into the server: agora.anarplex.net, SSL port 14716
Thank you... I have also found a recent post about this server here. But who guarantees that it is really anonymous? We have to trust it... M.
You could also try encrypting your IRC text, so that intermediaries [eg. the server(s)] can't read it either, by using something like FiSH. It doesn't guarantee anonymity, but it helps to safeguard your privacy which will in turn give adversaries less information about you to use.
Thanks. So, if I understand it correctly (I'm not an expert), it is never possible to achieve full anonimity; which means that neither the ISP nor others can retrieve my information -- that is, the IRC server/channel I am conneccetd to and what I'm writing. I don't frequent "particular" chat rooms, but the "big brother" idea annoys me somewaht... Thanks again M.
The theory is that if you encrypt your communications using something like FiSH then neither the IRC server nor your ISP can see what you're talking about. IRC servers that use SSL only hide the traffic from your ISP. The IRC server [and thus anyone with administrative access to it] still sees your plaintext conversations. Therefore, if you were to rely only upon an SSL connection to the IRC server to make your conversations private then you would have to trust the IRC server operators not to compromise your privacy. Using FiSH means that only your intended conversation participants should be able to see what you say. It should be noted that FiSH is only useful if the people you speak to also use it. If they don't wish to use it then you'll have to fall back to an IRC server that enforces SSL [such as the one Steve mentioned above]. If an IRC server allows both SSL [ie. encrypted] and non-SSL connections then everyone in an IRC channel has to connect via SSL for communications to be considered "secure", assuming that the IRC server is trusted. Even if only one person is using an unencrypted connection then that allows the conversation in the channel to be much more easily compromised. That said, encrypting your conversation doesn't do anything for anonymity as such since you're still making a traceable connection to the IRC server. Therefore, it is possible to find out who you are but not what you are talking about.
Many thanks. So, to sum up: - If, with any client (e.g. Mirc) I use an SSL connection with a server supporting it (and so do also all those with whom I am chatting), the content of my conversation is invisible to my ISP but visible to the server (I have to trust it) - If I use any server but the conversation is encrypted, neither the ISP nor the server administrators can see it (provided that all those with whom I am chatting are using encryption) - If I use a webchat such as mibbit and an anonymization service such as JonDo, my conversation is invisible to the ISP but the JavaScript code may access information about my identity and communicate it to the mibbit administrators (moreover, JonDo servers may retain some information) Am I right? THANK YOU M.
Got it in one, however i'd always believed that any one trying to be anonymous online would use a shell account and use a BNC to connect to a irc network. Basically you buy an linux account much like a dos prompt, install a program that runs in the background that behaves as a proxy between you and the irc network. So you basically both the irc server and your isp will not see what your doing, so long as it is encrypted. however i have not done this myself, anyone have any comment if it works that way?
Thank you.. but I'm not sure to have understood your suggestion. A BNC is a bouncer, isn't it? (e.g. http://download.cnet.com/ProBNC-IRC-Bouncer/3000-2150_4-10073901.html?tag=mncol). What do you mean by "you buy an linux account much like a dos prompt"? How does this relate to the bouncer? Thanks M.
You'd be better off simply using an SSH tunnel or VPN via an anonymity provider to anonymize your connection to the IRC server. Most BNCs are attributable to a specific user due to the shell account they're running from. They're useful for hiding your IP from other people on the server but not useful for truly anonymizing yourself if someone with authority were to request your details from the shell provider. Basically, a BNC is a way of "bouncing" your connection to the IRC server through a secondary shell provider. A shell provider is called such because they create a shell account on a Linux server that you can then connect to using a terminal application like PuTTY. This provides you with a command line interface to the Linux server [which is what fuzzylogic was referring to]. A BNC is a program that can then be installed within this account and used to connect to IRC. At its most basic level, a BNC is a proxy for IRC. BNCs [eg. psyBNC] can provide much greater functionality than that, though, but that's out of the scope of this discussion since most functions have nothing to do with privacy or anonymity. psyBNC, specifically, has an encryption feature similar to the FiSH add-on mentioned earlier. Other users must also be using this feature for it to work, though.
Ehm... sorry... practically, what does it mean "using an SSH tunnel or VPN via an anonymity provider"? (I am not an expert...) Thank you!!! M.
SSH tunnels and VPNs are services provided to help anonymize your online activities by allowing your traffic to appear as if it has come from somewhere else [ie. the provider] rather than your own connection. There are many different providers that provide a range of services and have different ways of attempting to guarantee your anonymity.
Really a last question: what about cgi:irc? (of course, for those servers for which it is available). Unlike mibbit, in this case we have only client-side code, so, using an anonymization service (Tor, if JonDo is not trustable), it shouldn't be possible to obtain the IP... is it true? Thanks again M.
Anonymous IRC options do exist. Have you considered checking out I2P? I2P offers anonymous IRC, it's a pseudonymous overlay network and no IP addresses are seen by admins or users due to the way the network is configured. http://www.i2p2.de/
