Hacker News new | past | comments | ask | show | jobs | submit login

I generally support end-to-end encryption for everything, but I'm not sure that it makes sense in the context of IRC. IRC networks are usually public, so anyone could join your channel and listen in, even with end-to-end encryption. It seems like E2E would make for a lot of complexity and overhead without tangibly increasing the privacy of the users.



Before E2EE was used in IM clients, IRC already had IRC over TLS, and also OTR (which was also used in Gaim/Pidgin).

On IRC, IRC over TLS doesn't have the same threat model as E2EE. With IRC over TLS, the server(s) can read the data plaintext. With proper E2EE (not the marketing version) that's not the case; only clients can read the data. I'm talking about actual data/content here; not metadata.


> IRC networks are usually public, so anyone could join your channel and listen in, even with end-to-end encryption.

Yep, and all they'd see is encrypted garbage, unless they have encryption keys, if the messages are end-to-end encrypted. That's the whole point.

There are ways to do this on IRC (e.g. libfish), but no idea how that crypto actually stacks up by todays standards.


> and all they'd see is encrypted garbage, unless they have encryption keys, if the messages are end-to-end encrypted.

Yep, and they would have the encryption keys, for most channels, if the channels are to remain public, no?


There are private IRC channels (password protected or invite-only) as well as private messages.


Hence the "usually" public, I presume. While this doesn't invalidate your point that IRC could use E2E encryption, I personally only use IRC for communication on public channels, where it would be largely pointless, unless you're assuming a really paranoid threat model, in which case public group conversation is probably not a good idea anyway.


There's dcc chat, but then you trust the network in general in place of the irc network.

Fortunately, there's OTR, but client support is limited.

I wish the new ircstandarization efforts did work something out about e2e, at least for private messages.


exactly this

if it's public: who cares, and if it isn't: why are people trusting random IRC server admins

especially when there have previously been leaks from places like EFNet where admins have been caught running tcpdump or ircsniff.pl


> why are people trusting random IRC server admins

e2ee means that you do not have to trust anyone

> if it's public: who cares

IRC also lacks end to end authentication, the server owner can pretend to be you.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: