Transport / Tor
| Onion Version | Requirements | Host-Cloak | Hostname | Port |
|---|---|---|---|---|
| v3 | SASL | gateway/tor-sasl | dtlbunzs5b7s5sl775quwezleyeplxzicdoh3cnhm7feolxmkfd42nqd.onion | 6667 |
| v3 | none | gateway/tor-anon | ncwkrwxpq2ikcngxq3dy2xctuheniggtqeibvgofixpzvrwpa77tozqd.onion | 6667 |
We do allow anonymous access to hackint using Tor's Onion v3 services. SASL authentication is not required, but you will receive another host cloak, that has a better reputation, as it requires you to be in possession of a services account.
We only support plain connections on port 6667 for Onion services, since Tor already end-to-end encrypts the connection. Also proper certificates for .onion domains are required to have Extended Validation and are therefore prohibitively expensive.
Shutdown of Onion v2 service endpoints
Onion v2 endpoints were shut down via an upgrade of Tor that occured on 2021/11/24. The timeline set by the Tor project disabled v2 services in all versions released after 2021/10/15.
Please migrate to our Onion v3 services.
Anonymous Account Registration
We also allow the anonymous creation of services accounts through a proof of work system, where your computer has to solve a mathematical problem, thereby offering a trade-off between abuse and the justified wish for anonymity.
TLS on Onion Services
For most users the end-to-end encryption provided by Onion services will be sufficient. For everyone else we provide TLS on port 6697, to enable true end-to-end encryption in a few cases. It also enables CertFP and SASL external over Tor.
It comes with the limitation, that we cannot serve a proper certificate matching the .onion hostname. Instead a certificate for a .hackint.org host will be sent. Please be mindful of your threat model before disabling certificate validation in your client.
One of the cases where this might make sense is in setups like Qubes OS or Whonix, where the Tor traffic may be terminated inside another trust domain, and which would then be forwarded plainly to your client.
Quick setup guide
This guide requires that you have Tor installed locally with the SocksPort exposed at 127.0.0.1:9050.
WeeChat
Configure tor as a socks5 proxy and pick a host from above.
/proxy add tor socks5 127.0.0.1 9050
/server add hackint-tor <hostname>/<port>
/set irc.server.hackint-tor.proxy "tor"If the host requires SASL authentication, configure it like this:
/set irc.server.hackint-tor.sasl_mechanism PLAIN
/set irc.server.hackint-tor.sasl_username <login>
/set irc.server.hackint-tor.sasl_password <password>Finally save and connect.
/save
/connect hackint-tor