This is not intended to be a guide to hiding from the legal aspects of using IRC. This is to help you protect yourself on IRC against scammers, stalkers, and worse.
Also, these are guidelines – they aren't really rules. However, I'm going to call them rules because that makes me seem more important.
The single most important thing you can do is be aware that there are many people on IRC who are not who they seem to be. That nice girl you talked to? She could be a 45 year old truck driver in Bulgaria. That lovely older gentleman you laughed with? He could be a scammer trying to find out where you live. The poor college student who is taking care of her sick mother? She could be setting you up for a money scam.
There are many people on IRC who are perfectly friendly and have good intentions. The problem is, you never *really* know who someone is “in real life”. This guide will help you protect yourself against the bad ones.
Note: I use FranTech/BuyVM for my DDOS-protected IRC Shell and web hosting. (Affiliate link).
Keep your private information private
1st rule: Never give anyone your personal info! Don't tell them your real name, location, anything. Don't talk about your family except in the most general of terms. Don't mention specific restaurants unless they are large chains. Don't name your kid's schools. With a few bits of information, a scammer or stalker can use Social Media and other sources to fill in the gaps.
You should realize that nicknames mean nothing. You can change your nickname at will – just type /nick newnick. That's it. You are now a “new person”.
The only way to attempt to identify someone is by looking at their internet address. You can see someone's internet address by typing /whois nickname. This outputs a basic user record like this:
XXX^ is ~XXXXXXXXX@adsl-27.109.242.XXX.tellas.gr * New Now Know How
[17:53] XXX^ on #channelA #channelB
[17:53] XXX^ using *.undernet.org The Undernet Underworld
[17:53] XXX^ has been idle 18hrs 28mins 6secs, signed on Wed Feb 23 23:25:07 2022
I've masked some personal info using “XXX”. You might think that the host address highlighted above would tell you who that is. In some cases it will. But, that can be spoofed. So can the ident – the part in front of the @. Any of that can be faked. It would take a search warrant (or subpoena) and an investigation to actually find out who that is/was.
Hide your real IP Address
2nd Rule: Protect your own identity. Use IP masking tools. Read on to see how to use them.
You want to protect your actual IP address or host address, because some vindictive people may try to carry out denial-of-service style attacks. If they can't see your actual IP/host, they can't attack it.
Undernet's Host Masking Service
The easiest way to protect your own identity on Undernet is to use their Host masking service. It's very easy. Simply register at https://cservice.undernet.org. Choose your username wisely – it will be with you for a long time, and lots of people will see it.
Once you are registered, when you come back onto IRC, you'll send a /msg to X to log in – it looks like this:
/msg X@channels.undernet.org login username password
You will get a reply saying you have successfully logged in as “username”.
Then, type /mode yournick +x
Note: setting mode +x is entirely optional. You will still be logged in as a registered user, and will be able to enter +r channels, and chat.
That's it. Now your host address looks like this, instead of being a raw IP address or host name:
yourident@yourlogin.users.undernet.org
Now, no one except IRC Operators and IRC Admins can see where you are from, what ISP you use, nothing. By the way, IRC Operators in this instance means the people that run the Undernet, not channel operators. They can't see anything either.
Online IRC Interfaces
You can use online services to connect to IRC, like IRCCloud (https://www.irccloud.com/) or KiwiiIRC (https://kiwiirc.com). Undernet has it's own web-based chat service, but it uses your own IP address, so it doesn't fit this specific need. These services assign you one of their hostnames or IP addresses and a unique identifier. Your IP address is effectively hidden.
Note: Don't use mibbit.com without a VPN. Mibbit exposes your IP in your whois, like this:
cb1cf6bd@ircip1.mibbit.com * 203.28.246.189
Use a VPN – Virtual Private Network
Another way is to use a VPN service, like Nord VPN, ExpressVPN, or others. These will give you an IP address through the VPN, so yours is protected. You'll need to remember to start your VPN on your machine (PC, phone, etc) before connecting to IRC.
I recommend ALWAYS using a VPN, whether you use a bouncer (ZNC, PsyBNC, BNC, or other) or you use an online service, and even if you use Undernet's IP masking service. Without a VPN, anyone on servers between you and the IRC server can see what you are typing. If you want to learn how they do that, just look up “packet sniffing” on Google. This includes your own ISP. A VPN encrypts all communication between your machine and the final destination server, and it uses an assigned IP address/host so no one on the final server knows who you are (without a court order/subpoena).
I use ExpressVPN. It has a reasonable cost and is very easy to use. It's also stable and reliable, and very fast.
I've also used IPVanish and PureVPN. I had speed and connection issues with both, and they didn't work well on my mobile devices or my media player. ExpressVPN works everywhere.
For Linux users, I've heard that PIA VPN works very well, but have no personal experience with it.
IRC Bouncers – ZNC, BNC, PsyBNC, etc.
I mentioned using an IRC Bouncer – this is outside the scope of IRC for beginners, so I'll keep this short. A Bouncer is software that runs on a server between you and the IRC networks. The Bouncer connects to the IRC servers, and you connect to the Bouncer with your IRC client.
The good thing about Bouncers (in some cases it's a good thing) is that your nickname stays online 24/7 (unless the bouncer's connection gets dropped, of course). When you sign back on, you will see things as you left them, and will be able to scroll back through your chat windows and catch up on the conversations, etc. You can also set up and use Virtual Domains, which will give you unique host addresses or IPs.
The bad thing about Bouncers is that they are relatively complex to install, configure and maintain. You will need to find hosting space that allows IRC software, and you will likely need to do the install and configuration yourself. I use a FranTech/BuyVM KVM Shell and they work perfectly, though it's an unmanaged service and you will need to be handy with Linux to get everything set up and working, including compiling software and configuring DNS, and so on. The good thing is that FranTech‘s support is absolutely amazing. They will help you with anything assuming they have the time. Do NOT expect them to configure everything for you. As I said, it's an unmanaged service.
Never Accept File Transfers or Click Links
3rd Rule: Never accept file transfers from someone you don't know
Never accept a DCC send request from someone you don't know well. DCC is a protocol used for sending and receiving files. DCC stands for Direct Computer to Computer – it bypasses the IRC server completely. Scammers may try to send you trojans or viruses, or scripts that will let them take over your IRC client or computer. They could also be sending illegal images or videos. Stay far away.
You can simply ignore DCC send and chat requests, or turn them off completely. I set my client (mIRC) to ignore all DCC requests, and then I switch it on as needed – it's very easy and quick to do. It's very rare that I need to transfer files this way, but it does come up.
The same warning comes with clicking links that people post in channel. Unless you recognize the hosting server address you have no clue what you are downloading or loading into your browser. For some bizarre reason, some people are obsessed with sharing pictures of their junk. Not the antiques of low value they have in their garages – that might be interesting. No, I mean pictures of their nether regions. Look – maybe you like that, I don't know. And I'm not kink-shaming here. Just be careful.
Another reason to be careful with links – some people get off on sharing child porn, rape and/or snuff porn images. Technically, if you click that link, you are downloading that image to your computer or mobile device, and could be legally liable for that action. If you really want to see that stuff, please turn off the computer and seek help immediately – that ain't right!
If you have read this far, you can see how it's nearly impossible to know who could be sending you files, or what they may contain. Only accept files or click links from someone you know, can identify on IRC, and would be expecting to receive files from.
Anti-Virus Software
4th rule: keep your anti-virus software turned on, and up to date
This is very important. You never know whether an IRC client has bugs or issues that can be exploited by scammers/hackers. If a nefarious file gets onto your system, you absolutely need to have good malware/virus protection in place. This applies to accepting DCC requests for file transfers or even just clicking links. Ever heard of ransomware? Viruses? Trojans? Malware? IRC is full of easy targets for those criminals, so beware.