Transport / Tor
Onion Version | Requirements | Host-Cloak | Hostname | Port |
---|---|---|---|---|
v3 | SASL | gateway/tor-sasl | dtlbunzs5b7s5sl775quwezleyeplxzicdoh3cnhm7feolxmkfd42nqd.onion | 6667 |
v2 | SASL | gateway/tor-sasl | nakufgztylanf4mw.onion | 6667 |
v3 | none | gateway/tor-anon | ncwkrwxpq2ikcngxq3dy2xctuheniggtqeibvgofixpzvrwpa77tozqd.onion | 6667 |
v2 | none | gateway/tor-anon | 5ogdsfyoqk47ompu.onion | 6667 |
We do allow anonymous access to hackint using Tor's Onion services. SASL authentication is not required, but you will receive another host cloak, that has a better reputation, as it requires you to be in possession of a services account.
Onion services after v0.3.2.1 are capable of using the v3 endpoints, those before need to stick to the v2 endpoints.
We only support plain connections on port 6667 for Onion services, since Tor already end-to-end encrypts the connection. Also proper certificates for .onion
domains are required to have Extended Validation and are therefore prohibitively expensive.
Anonymous Account Registration
We also allow the anonymous creation of services accounts through a proof of work system, where your computer has to solve a mathematical problem, thereby offering a trade-off between abuse and the justified wish for anonymity.
TLS on Onion Services
For most users the end-to-end encryption provided by Onion services will be sufficient. For everyone else we provide TLS on port 6697, to enable true end-to-end encryption in a few cases. It also enables CertFP and SASL external over Tor.
It comes with the limitation, that we cannot serve a proper certificate matching the .onion
hostname. Instead a certificate for a .hackint.org
host will be sent. Please be mindful of your threat model before disabling certificate validation in your client.
One of the cases where this might make sense is in setups like Qubes OS or Whonix, where the Tor traffic may be terminated inside another trust domain, and which would then be forwarded plainly to your client.
Quick setup guide
This guide requires that you have Tor installed locally with the SocksPort exposed at 127.0.0.1:9050.
WeeChat
Configure tor as a socks5 proxy and pick a host from above.
/proxy add tor socks5 127.0.0.1 9050
/server add hackint-tor <hostname>/<port>
/set irc.server.hackint-tor.proxy "tor"
If the host requires SASL authentication, configure it like this:
/set irc.server.hackint-tor.sasl_mechanism PLAIN
/set irc.server.hackint-tor.sasl_username <login>
/set irc.server.hackint-tor.sasl_password <password>
Finally save and connect.
/save
/connect hackint-tor