32 years of irc, same trap, same practice, higher motives. Talk on bitnet was safer and email can be safe, but chatrooms and forums is asking for trouble.
Assumptions: You use linux or other unix, you install binary packages, you have questions that need immediate answers.
Question1: where do you go?
How do you get there
Answer1: where the distro you use lists (web site) as places of contact
If it says Irc, freenode (owned by a London Stock Exchange “security technologies” corporation) channel #..name..of…distro… channel, then ask.
Question 3: What do you use to get to freenode irc server?
Answer: I am Luke, the intergalactic dumb shit, I do what they tell me. I look at the repository, there might be hexchat or polari or irssi or more, it doesn’t matter, I download and install the most “popular” software, run it, enter the server, go to the room, ask my question, get my answer, go about my business. No biggie!
Question 4: Does your distro offer you suggestions on how to protect yourself before you expose yourself to harm?
Answer 4: Harm, what harm?
Question 5: If you check your own nickname or others in there, there are some personal information on who you are and where are you logging in from. Every psychopath passive aggressive hacking lunatic is in that server with you. What you reveal to them is your fault. Shouldn’t you cover your identity up before you get exposed? Everytime you enter a room an announcement is made revealing some info on who you are. Some are parked there all day, never talk much, and they are logging all who enter and all who exit. Is your IP your true IP connection to the internet?
Answer 5: The distro didn’t suggest I should take measures before I reach their channel and talk to them, so I never thought about it, because I am not too experienced on irc. And yes, my true IP was revealed in the whois: of my nickname.
Question 6: Wait Luke, you are not a Gentoo user, or Kiss, or some other distro that builds a system by compiling package by package, line by line, everything that is installed (even if you were, don’t lie, you didn’t read that code line by line or it would have taken you half a lifetime to install i3 and a terminal). And you tell us you don’t care? Just a line of code compiled into that huge binary you run, may be able to divert a secret unused unmonitored port of your internet connection into a tty with root access and you don’t care? Anyone who knows this can be root in your system and you wouldn’t ever know it. Don’t you care?
Answer 6 by question 7: But who would know and why would they want to target me?
Answer 7 and question 8: Ok, let’s say I am an evil mentally deranged hacker who want to harm people, steal, destroy, alter their data. I make a distro, it is easy, all you need is some server space and copy a ton of stuff other people have done and honor their license, add some of your little software in it, advertise a channel on freenode, gather daily IPs from innocent users, like you Luke, and simply get into their pc and have administrative rights. They can even add more code to send alerts about when it is you are connecting to your bank, bitcoin wallet, or whatever else you do. Shouldn’t you worry?
A-Q 9: But since most linux distros offer this for a long time and thousands use it, shouldn’t it be widely known that there is a risk?
Q-A9: Yes, thousands use it, but protect their identity and cover their real IP. You could try tor proxy for getting to Irc servers but not with freenode. Freenode daily gets a list of all exit nodes and hubs and blocks all such IPs from its server. The other way is to “hire” a VPN and/or socks5 proxy server to use. Have you done so?
A-Q 10: No, not yet, I didn’t know, I don’t know if I can afford it!..But why would Linux distros select something so dangerous and not warn users about the use, or why would Freenode who caters to such clients not allow open/free proxy service in their server?
Q-A 10: Because Luke, Freenode is run by proxy characters, not even real names, but the company that owns them is on the stock exchange, it is led by old hackers, and “SELLS” vpn and socks5 (just like tor but not free) proxy service. If you get attacked a few times and your system turns into a dummy terminal for some hacker’s contraption, you learn to go purchase some non-free services the company sells. On why linux distros support this? Because it is convenient maybe, it is offered free for them, they know how to protect themselves …. and simply we don’t know why they would and not provide you with advise on how to protect yourself from such harmful behavior. But, ever since the start of freenode the model was a strict “corporate” safe, work no play, profile that appealed to businesses. It had nothing to do with the old have fun for the night, wipe the disk in a 200W speaker, reinstall and play again the next day. freenode is a business-like communication network.
A-Q 11: Is there a way that I can use some proxy that is free, trustworthy, open-source, and still be able to get into freenode without paying tolls to this mysterious hacker business that is run by anonymous hacker names of darknet? And why doesn’t each distro have their own little server for their own few users and members that they can control and be responsible for, but delegate this responsibility to this shadowy corporate entity called freenode?
Final Answer/Question: We don’t have all the answers, we make no distro, we have never encouraged anyone to use this treachery, we make no money promoting this freenode corporation (actually KAPE inc.), and we would like to have an answer to this Question.
WELCOME TO THE NEW SYSDFREE.wordpress.com
Enough with that crap by fungalnet, presenting here ready made answers to popular questions. We have decided to reverse the roles to get the community active, since fungalnet failed.
We provide the right questions and expect the reading community to provide answers and convince us that we are wrong, or convince everyone there is a better way. Questions, and more questions, don’t expect any easy answers here.
So what is it going to be Luke? I know there have to be more questions based on this one, statistics based on repository hits, forum entries, email headers, it is not just irc. It is a good place to start the discussion. We are all about discussion here, no answer is ever final as long as there is ONE person that is still not convinced but still presents us with the right question. If you don’t ask the right question you are most likely going to get the wrong answer.