Jump to content

Making a safe chatroom on your pc for multiple participants


AXANO

Recommended Posts

So,

I want to make a safe chatroom that uses the terminal or command line on my kali linux pc for multiple participants that is unspyable with something like SSH connection.

At the moment I use netcat (nc -l <porttolisten>) but other users cant communicate with each other only with the server.

Any suggestions??

Link to comment
Share on other sites

That still requires a definition of "decent level security". What are you trying to secure, against what, what other protections do you have in place, loads of questions.

If we say "yes that's safe" then he sets it up, clicks a link someone sends him and gets infected by malware were we wrong to say it was safe?

Link to comment
Share on other sites

Does it matter if you were wrong? You could simply give him all the information you have such as "it is relatively safe assuming you do X and Y". I believe it is better to attempt to answer his question and give all the information rather than just simply asking him to further refine his question. If we do that no one will ask questions, they will write multiple paragraphs and still have someone tear apart their words.

Link to comment
Share on other sites

I disagree, getting people to ask specific questions helps them work out what is important to then and what they actually want to know. Other things can come out of discussions after that.

Without at least some idea about what safe means pages could be given to answers that are completely irrelevant, confusing or simply wrong.

Link to comment
Share on other sites

I don't disagree with you but IMO to leave it at only a question doesn't really help them either. I see it a lot around here where a typical response to someone's question is just another question without any information along with it. I think a better response would be to ask the question and then follow up with why you are asking it and what type of answers you are looking for from the person. Chances are if they are asking for advice on security they don't understand enough of it in the first place. This way they will be guided to the answers you want them to find. Just saying "define safe" doesn't really help him. I know I've answered questions this way in the past but after asking some of my own and receiving these types of answers I realized they aren't very helpful.

Link to comment
Share on other sites

with safe i mean to be able to chat without anybody knowing from who is the message sent and to who , so more precisely i want the origin and the destination of my messages to be undetectable , and it is for use through the internet. The main idea is connecting on a random IRC server through the TOR network with a random nick on a random channel and having the reciever connecting on that random server and channel

Edited by AXANO
Link to comment
Share on other sites

Do you want to hide the person who sent the message - who - or the IP that sent the message - the origin and destination? They are two different things. If you send through Tor (correctly) then your source IP would be hidden but if you use the same nickname in lots of places then the who - you - wouldn't be hidden.

The inverse, if you created a unique, random nickname but connected from your home IP then people could see your IP but wouldn't know the person behind it as "fredxx888a" wouldn't be linked directly to anything else.

Most IRC services allow you to mask your IP address if you register your nickname so that would help.

Who are you trying to hide from? That is a big factor in deciding how much effort to go to. Your spouse/parents - don't do very much. The NSA - you won't win.

One last thing, if you are thinking about anonymisation, there is lot beyond just hiding your IP address. I tracked someone down once through just the way he signed off on messages (the yours sincerely type bit) and look at how Sabu got caught. To be anonymous takes a lot more than just hiding IPs.

Link to comment
Share on other sites

Well in fact i use the TOR network plus every time i connect i use a random generated string of a standard nummer of chars I want to hide as much as possible. what do you mean with "if you are thinking about anonymisation, there is lot beyond just hiding your IP address"?

Link to comment
Share on other sites

Look up the story of how Sabu from LulzSec got caught, it is something along the lines of he once connected to an IRC channel without turning on his protections, years later that was found and linked back to him.

You also have to think about if you buy something online then the credit card or paypal account is linked to that session and so that session is the probably linked to a bank and so back to you.

Look at Evercookies - http://samy.pl/evercookie/

If you use Twitter or FB and you connect to any of your real life friends then it is probably quite easy to work out who you are based on groupings.

If you post a photo completely anonymously but then a friend sees it and republishes it saying that it is you, you are exposed.

Depending on your proposed attacker, being anonymous is very hard, one slip and its all gone. Don't think you are so good you'll never make a mistake, everyone is human and mistakes happen, again, ask Sabu, he was good and had a very good reason not to make mistakes but still did.

Link to comment
Share on other sites

You bring up some very good points, digininja. If you want to remain truly anonymous then you can't have any personal attachments (whether friends or accounts) with which you associate while behind that mask. The concept is simple but practice is much more difficult since everything is tracked these days.

Link to comment
Share on other sites

I would agree you would have much more protection than if you didn't apply these techniques. If you want to be more secure you should consider using a paid VPN service along with Tor.

Also, you would need to follow the practices that Tor recommends when using its browser. There are many things you need to do in order to have more protection and privacy. These rules are posted on the Tor project website.

Edit 2:

If you go the paid VPN route you should also attempt to pay anonymously with bitcoin or through some other means. Private Internet Access allows you to pay in many different formats but keep in mind it matters how to transfer money to those currencies. If you pay for VPN access via gift cards but paid for those gift cards with your personal credit card it can be traced back to you.

Edited by sud0nick
Link to comment
Share on other sites

So to make a summary

1. use public network + constantly change networks

2. use TOR network

3. use VPN.

4. use non-microsoft based OSes

5. use a pc where you have never used personal info

6. spoof MAC

Is that enough to chat anonymously and if not what could somebody do to still identify you????

Link to comment
Share on other sites

Who are you trying to protect against? Are you planning to talk about things which would make you a suspect and make people want to try to track you down?

As I said, it depends on who you are protecting against and what other precautions you are taking. If you...

shutdown anything else which could make network connections

use a fresh browser instance that has nothing cached

only connect to IRC

you only say the minimum that needs to be said and say things in a way that can't be tied to you

Then you will have a certain level of security, you would need to decide if that is decent or not. You might increase your level by travelling to a different city each time you connect and rotating your Wifi MAC address, you may reduce it as there are more cameras and probably only you heading to all those distinct places in the relevant times.

Just by using this forum and discussing trying to hide things you have exposed some information, if you have asked similar questions on any other forums then the two accounts could be tied together even if you were connecting to both in anonymous ways from distinct locations. I'd say the security services in your country are at present on a higher level of alert than normal so are probably putting in more effort to tracking things like this so monitoring may have already started.

Link to comment
Share on other sites

If you go the paid VPN route you should also attempt to pay anonymously with bitcoin or through some other means. Private Internet Access allows you to pay in many different formats but keep in mind it matters how to transfer money to those currencies. If you pay for VPN access via gift cards but paid for those gift cards with your personal credit card it can be traced back to you.

Tinfoil hat says that if you buy those cards in store with cash then their CCTV will reveal your identity.

Loads of levels to consider.

Link to comment
Share on other sites

Tinfoil hat says that if you buy those cards in store with cash then their CCTV will reveal your identity.

Loads of levels to consider.

Even though the tin foil hat does nothing itself, the sheer act of putting it on makes you think of better ways to secure yourself. :cool:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...