Is IRC safe? I have a channel as my main form of communication with friends. Some people do local logging but I know who everyone is. Ironically I plan to use IRCcloud or IRCanywhere. Self hosting of online tools should be made much easier. I plan to self-host email but it seems like a pain.
As a joke, my roommate at university logged into a IRC channel with the nickname and said:
[01:59.16] * Stakkato (tricky_t@128.42.86.9) has joined #C++
[01:59.17] * ChanServ sets mode: +o Stakkato
[01:59.21] <Stakkato> look i made drudgereport headlines!
[01:59.26] <Stakkato> http://www.drudgereport.com
[02:01.09] * Stakkato (tricky_t@128.42.86.9) Quit (Quit: )
It was #C++ on DALnet, a small channel of mostly regular members, in 2005. Fast forward a while -- I don't recall how long, maybe a few weeks or months -- and my friend is contacted by the FBI. A member of FBI Houston Cyber Task Force (Houston being our city of residence at the time). The investigator began asking very vague, obscure questions. Eventually my friend and I piece together the subject of the FBI's line of inquiry: that specific IRC conversation. My roommate was completely up front with them about the IRC joke, and that was the end of it. I still have copies of the email conversations from @ic.fbi.gov, where some correspondence took place.
I suppose there is a chance that an informant reported the joke to the FBI, but due to the specifics of the situation, I think it is likely that the text conversation above was caught in a a general FBI dragnet of some kind (IRC server, ISP, etc.) and logged for eventual investigation. It did not seem to be a serious line of investigation by the FBI - more of a "follow all leads" situation. Someone had run a 'grep' for 'stakkato' and my friend's IP address showed up.
That was the day when it became clear to me that everything in plaintext transiting the Internet is probably available to the FBI. At the time it was shocking; even though the conversation happened over a public network, it was surprising to me that the conversation was actually logged and later found. I hesitate to share this story, but I hope it illustrates in harsh relief the probable capabilities of incentivized investigators. Keep in mind this was 2005 - investigative capabilities have surely grown since then.
If you're worried about group-chat security, I suggest http://silcnet.org/ , especially if it's just you and your friends. SILC provides client-to-client trust, meaning as long as you trust the protocol you can be assured your communications aren't being watched even if the server or hosting provider is compromised.
If you self-host IRC and use SSL you'll (probably) at least have the luxury of knowing when someone initiates a proceeding to acquire logs, although there's still the risk of someone going to your hosting provider or datacenter and compromising your server physically.
A hosted IRC service seems like a bad idea overall; in addition to the Justice Department's ability to compel them to watch you (just like with Facebook Chat), there's no way for you to know if they're compromised by another third party.
reply