IRC over Tor

Instant Messaging  Anonymous IRCv3 server on a Tor v3 onion address. No registration required. No IP logging. No identity required to chat.

About this server

This is an Ergo IRC daemon — a modern IRCv3 server written in Go, memory-safe, actively maintained, and configurable for privacy-first operation. It is not our software: we run an instance and support the project.

The server is reachable exclusively via a Tor v3 hidden service. There is no clearnet address. Your IP address is never visible to the server, and the server holds no data that could identify you. We have also published a proposal on forum.nym.net inviting operators to open IRCv3 ports 6667 and 6696 more broadly — we think the infrastructure is worth sustaining.

Connection details

Onion address

2xz3ngedsne2ngd3blpgnrqmeitffnzsnjacdjinu63yi5tjcyfitbid.onion

Ports

Port 6667 — plain IRC (no TLS — transport encryption provided by Tor)
Port 6696 — IRC with TLS 1.3 (recommended for IRC clients that support it)

On port 6696, the server certificate is self-signed — no certificate authority issues certs for .onion domains. Enable TLS and accept self-signed certificates in your client. On port 6667, no TLS is used at the IRC layer; the Tor circuit itself provides transport encryption.

Web client (Gamja)

Access directly from Tor Browser — no IRC client needed:
2xz3ngedsne2ngd3blpgnrqmeitffnzsnjacdjinu63yi5tjcyfitbid.onion/gamja/

Enter a nickname and connect immediately. No registration, no certificate, fully anonymous.

Two ways to connect

Option 1 — Web client (anonymous, instant)

Open Tor Browser, navigate to the Gamja address above, pick a nickname, chat. No setup, no account, no persistent identity. Best for occasional or one-off use.

Option 2 — IRC client + certificate (persistent identity)

Your TLS client certificate becomes your identity. One-time setup binds the certificate fingerprint to a nickname via NickServ. After that, connecting with the certificate authenticates you automatically — no password, no email, no further commands.

Certificate setup (one time)

Generate a P-384 keypair and self-signed certificate:

openssl ecparam -name secp384r1 -genkey -noout -out irc.key
openssl req -new -x509 -key irc.key -out irc.crt -days 3650 -subj "/CN=yournick"
cat irc.key irc.crt > irc.pem

Then in your IRC client:

  1. Set the client certificate to irc.pem
  2. Enable SSL, set login method to SASL EXTERNAL
  3. Accept self-signed server certificate
  4. Connect and run once: /msg NickServ REGISTER * *

That single command binds your certificate fingerprint to your nickname. No password (*), no email (*) — cryptographic identity only. From then on, just connect: SASL EXTERNAL handles authentication silently.

Privacy architecture

Defense in depth encryption

TLS 1.3 runs on top of Tor's circuit encryption — two independent layers. AEAD ciphers only: ChaCha20-Poly1305 and AES-256-GCM. If one layer were somehow compromised, the other still protects you.

Zero IP logging

Server config: lookup-hostnames: false. No IP addresses are resolved or stored. Tor hides your IP from the server; the server config ensures nothing identifiable is retained even from localhost connections.

IP cloaking

All visible hostnames shown in the channel are one-way cryptographic hashes (*.user.anon). The transformation is irreversible — the original address cannot be recovered from the hash.

Ephemeral history

Messages are stored in RAM only. Maximum retention: 1 hour or until server restart. persistent: false — nothing is written to disk.

No metadata collection

metadata: enabled: false. No connection patterns, no timestamps beyond immediate delivery, no user metadata stored.

Silent logging

Server logs exclude all user data: -userinput -useroutput -localconnect -localconnect-ip. Only critical operational errors are logged. Nothing about your session.

No email registration

email-verification: enabled: false. NickServ registration accepts * * — certificate fingerprint is the only credential.

What we cannot do

  • See your real IP address — Tor hidden service, no clearnet path
  • Read your messages — end-to-end encrypted Tor circuit
  • Recover deleted history — RAM only, no disk persistence
  • Link your sessions — no tracking, no fingerprinting
  • Comply with data requests — no data to provide

Technical details

Server software

Ergo — modern IRC daemon written in Go. Full IRCv3 compliance, memory-safe, privacy-first defaults, rehashable config at runtime. Source code: github.com/ergochat/ergo.

Encryption stack

  • Layer 1 (Tor): Curve25519 key exchange, AES-256 circuit encryption, 3+ relay hops
  • Layer 2 (TLS 1.3): ECDHE key exchange, ChaCha20-Poly1305 or AES-256-GCM, perfect forward secrecy
  • Authentication: SASL EXTERNAL with ECDSA P-384 client certificates

Recommended clients

  • Desktop: HexChat, WeeChat, Halloy
  • Terminal: WeeChat, irssi (via torsocks or oniux)
  • Mobile: Revolution IRC (Android)
  • Web: Gamja — available directly on this server via Tor Browser

Open Tor Browser and connect immediately — no account, no setup, fully anonymous. Pick a nickname and start talking.

Open Web Chat (Tor Browser) →    Server homepage →