How to connect to DarkIRC

The recent news of the Telegram leader's imprisonment in France highlights the challenges in trusting centralized entities to offer free and secure communication channels. This guide aims to guide a transition towards decentralization, where individuals take charge of their security by operating decentralized nodes and retaining keys to their private communications.

This is a technical guide describing the setup of DarkIRC, the Internet Relay Chat application of the DarkFI project. It is special because it grants us a very high degree of anonymity: it does not rely on the security of a central server.

DarkIRC is the strongest anonymous chat in existence. Nothing else exists like it. However, it may be misused leaking information, or made too difficult to operate. This guide suggests usable and secure ways to set up DarkIRC.

🥀

This guide makes it easy to use DarkIRC, but it compromises some security aspects: each compromise will be marked as a 🥀 wilting flower. Your experience may vary, depending on your threat model.

Be ready for the command line

As with anything in secure computing, some legwork must be done.

If you aren't scared of installing GNU/Linux, opening a terminal, and using it to compile and configure some software, then you'll find this guide easy. If you lack basic knowledge of a UNIX "shell" terminal then I recommend studying this introduction to the command line and other similar sources found online: it is certainly a good investment of your time!

🌐 Set up your VPS

🥀

You can skip this section if you are simply trying DarkIRC on your physical computer, but beware that when you switch it off you will lose messages including those sent to you. Plus anyone in its possession could access your secret keys, DarkIRC identity, and private messages if logged.

For our setup, we use a Virtual Private Server (VPS) that is always online and is rather easy to set up and experiment with. We will make it as secure as possible and presume it is not used by anyone else but you. Try to do it yourself and not rely on help from others.

Typically, a VPS will cost $5 on most third-party providers and should come pre-installed with the Debian GNU/Linux operating system (OS). Among the most popular and affordable providers are AWS EC2, Hetzner, OVH, DigitalOcean and Linode.

🥀

Choose carefully your poison here, because, if asked, these third-party providers will give cops in Europe or the USA full access to all your information. To stay anonymous look for a VPS on Monero Market and never share any private information with them.

Some VPS providers will offer you a range of options about the size of the machine (CPU, RAM, storage...) and the OS to install on it. Just chose the smallest size, which will be enough for DarkIRC, and chose to have Debian installed on it.

🥀

Debian is not a rock-solid OS because it runs systemd which is a buggy piece of 💩crap. To increase the security of the OS you should migrate it immediately to Devuan, which is rather easy.

Use SSH to log in as root into the machine (or Putty if you still use Windows) and install an easy terminal setup with completion.

Optional: pimp your terminal with Jaromil's dotfiles

If you like to use my dotfiles, just do:

apt install curl make direnv
curl -L jaromil.dyne.org/dotfiles.sh | sh -
cd ~/.dotfiles && make

If you are using my dotfiles then also install some handy tools and proper UTF-8 support with two simple commands.

cd ~/.dotfiles && ./install/apt
cd ~/.dotfiles && ./install/locale

If you want to do it by yourself, then again pick your poison, knowing my dotfile sources are here and you can take them as a reference for your own.

Once this is done, log out and log in again to activate the shell power-up.

When you are logged in as root, install some base packages on the VPS:

DEBIAN_FRONTEND=noninteractive \
apt-get install -y -q --no-install-recommends --no-install-suggests \ 
 daemontools vim-nox nano git sudo software-properties-common \
 apt-transport-https libsqlcipher-dev iproute2 psmisc net-tools locales \
 bash-completion bsdextrautils curl wget

Type this into the terminal to install a minimal set of tools needed.

🔐 Secure access to the VPS

Secure Shell (SSH) is the protocol used to securely connect to a VPS from a remote terminal. The OpenSSH software implements it and conceals all traffic to the VPS, but it is never a good idea to use a root password as authentication, because it can (and will) be cracked.

🥀

At the very least you should immediately apt install sshguard to protect the VPS from brute force attacks against SSH.

I recommend you find out how to create an SSH private/public key pair on your machine using OpenSSH or Putty, then copy the public key and paste it into the VPS:

cat << EOF > ~/.ssh/authorized_keys
[paste your public key here with CTRL-V]
EOF

Make sure you paste your public key, not the private one!

Also, make sure that the OpenSSH daemon on the VPS is configured properly. To do that you have to change its configuration file:

cat << EOF > /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin prohibit-password
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM no
X11Forwarding no
PrintMotd no
AcceptEnv LANG LC_*
EOF

Reconfigure OpenSSH for better security and no password login

👹 Create a separate user for DarkIRC

It is never a good idea to run anything as root on your VPS, so we will create a "darkirc" virtual user which will be the one running our setup. To do so type:

adduser darkirc

Then give it a password easy to type (no need for a strong one here, since we protect access with SSH) and keep bashing enter on any other question. 💥Done.

User creation looks a bit like this. Don't break your keyboard when bashing enter!

Now you can do su - darkirc and provide your password to work as that user.

🏗️ Build DarkIRC from the source code

Our friends at DarkFI do not want you to trust anyone to build software for you, so you'll have to build it by yourself. Fortunately, it is not so hard, but be prepared to wait a bit before it is done and be ready to grab a cup of tea 🍵 or a beer 🍺.

All the build instructions here should be executed as darkirc user.

First, install Rust and Cargo using "rustup" and not from Debian packages.

curl https://sh.rustup.rs -sSf > rustup.sh
sh rustup.sh -y --no-modify-path

Install the Rust toolchain for the current user.

After installing the Rust toolchain, you need to log out and log in again.

At last download the DarkFI source code which also contains DarkIRC and build:

cd /usr/src && git clone https://codeberg.org/darkrenaissance/darkfi
cd darkfi
make darkirc

Get ready to wait now! you'll see a colorful log on your screen.

After waiting for quite a while, you should see something like this:

Congratulations! 🍾 You have successfully built DarkIRC on your server and you are now at this point of the DarkFI book.

🎭 Enter DarkIRC

To finally connect to the DarkIRC network we will use Tmux and WeeChat.

Tmux is used to keep your session persistent so that when you are away and disconnect SSH, DarkIRC will keep running on your VPS and collect message logs for you to read later.

WeeChat is the Internet Relay Client (IRC) whose User Experience (UX) is based on a Text-based User Interface (TUI). Any interaction with a TUI is mediated by the keyboard, your mouse won't be useful except for cut & paste of links and text.

In the future, I will explain how to connect a Graphical User Interface (GUI) based IRC client, but mastering the TUI approach will afford you greater control over your setup.

You can now SSH into your server, switch users with su - darkirc and password, and start launching the tmux command. Your terminal will change a bit and you'll still have a prompt. Now launch DarkIRC:

./darkfi/darkirc

You will see information about it booting, connecting to the peer-to-peer network, and accepting connections. Look for the success message:

[EVENTGRAPH] DAG synced successfully!

This message in logs means SUCCESS! 🎉

At this point open a new window inside tmux by pressing simultaneously Ctrl-b and then the key c : this is a combo telling Tmux to keep running DarkIRC in the current window and open a new one to run more applications.

Finally, launch weechat and you will see it taking over this window with its interface. Now we need to tell WeeChat to connect to DarkIRC.

/server add darkfi localhost/6667 -notls -autoconnect

Then choose the nickname you want to be known on DarkIRC.

🥀

Beware your nickname is the only information you share about yourself when you write to other people. Don't use your name or other known nicknames if you want to stay anonymous on DarkIRC.

The WeeChat command to set your DarkIRC nicknames is:

/set irc.server.darkirc.nicks "nickname,nick_alternative,in_case_first_is_taken"

Multiple comma-separated nicknames are supported in case one is already used by others

You are all set now, ready to connect. Just do /save and then /quit, then restart weechat in the same Tmux window.

The main window of WeeChat should now look like this at the start

On the left pane, you have a list of public channels you have automatically joined and through which you can move by pressing ESC then their number, or Ctrl-n (next) and Ctrl-p (previous).

🥀

Be cautious: the default DarkIRC channels are public, meaning anything you post can be read, archived, and republished by anyone. Avoid sharing any private information or anything that could reveal your identity behind the chosen nickname.

At this point you can disconnect SSH at any time: just close the window, do not issue the /quit command to WeeChat. Your VPS will keep running and archiving DarkIRC messages, and it will also highlight channels where your nickname has been mentioned. To reconnect you need to follow 3 simple steps:

Log in via SSH
Execute su - darkirc and type your easy password
Attach your Tmux running session with tmux a

You will find DarkIRC set up in the same running state where you left it, plus all the messages that have been sent to the channels, which you can scroll through using PgUp and PgDn.

🤌🏽 Question & Answers

If you arrive up until here, congratulations! 🎉 you are welcome to say hello in the #random public channel and share any feedback about this guide, things to be improved, or questions you have. If you want to make sure I read your messages, mention jaromil at least once in your message block.

Work in progress

This is just the first episode of my DarkFI guide! Subscribe for the next ones up:

How to use DarkIRC
DarkIRC from a mobile GUI
Advanced privacy measures for DarkIRC
... suggestions?

See you in the dark forest! 🌚