[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Freenode's (irc) Tor Catch 22? Two hidden services = zero?

Freenode's website lists two tor hidden services for their IRC network:

Their hidden server #1 (public): irc://mejokbp2brhw4omd.onion/
Their hidden server #2 (gpg): irc://5t7o4shdbhotfuzp.onion/

Their hidden server #1 is for the general public using tor, while server #2 is
for those who go through the process of using gpg and being identified with your
key for server #2.

Two servers, one public and one which requires a few hoops to jump through prior to use, this all sounds well doesn't it?

Until you attempt to *use* either server, that is.

Login attempt #1: their public tor hidden service (server #1):
Try once, twice, try all day and it drops your connection with a message of signing up for their hidden service #2 for gpg users.

Weird, so while their website lists their hidden service #1, it's actually non-functional with a message dropping your connection informing you of their gpg hidden service. With the desire to login to freenode using tor, I continue this quest by attempting to sign into their hidden server #2 in order to register an account for their gpg service. A glimmer of hope for a few seconds, until it drops me with a sour "bad password" message.

I attempted to login with tor on one of their public non-hidden service servers and it didn't matter which public server I tried, it dropped the connection because tor is banned on their public servers.

So here's the rub:

In order to use their gpg hidden service you must apply first as instructed near the bottom of the page at: http://freenode.net/irc_servers.shtml

But in order to start the process for gpg application, you must first *register* an account on freenode. Since the first public hidden service kicks you and won't allow you to register an account, the second gpg hidden service kicks you because you haven't been approved for an account, and finally, attempts to login to their public freenode servers with tor fail. This makes it impossible to login with tor on any of their servers and generate an account with which to apply for freenode's gpg hidden service. Unless you sign into their public servers without using tor or by some other means where you would likely be giving away your private details through an insecured medium.

Why do they retain the hidden service #1 just to kick users? Why don't they allow you to sign in and create an account and either disallow access to all channels (so you may only make an account to sign up for gpg tor) or allow you to register an account and create a sandbox for these tor users in one channel such as #gpg-torsignups? This would allow users to sign into their hidden service #1 and create an account securely in contrast to right now where no one can securely create an account for a gpg tor application.

Isn't this sort of a catch 22? Why do they mention hidden services on their website at all? I don't see any SSL enabled public servers on their list. So one would have to login to an unsecured server in order to register for a hidden service/gpg? This sounds all wrong, or am I missing something?
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/