API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 31st, 2018
515
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.59 KB | None | 0 0
raw download clone embed print report
  1. ##chanops - A rogue half-baked NSA like "channel operators" snooping channel. I know giving the channel that kind of description might sound extreme and tinfoil like, but this is my own personal opinion. In this rant I will describe some of the issues I have grown to have with the channel. Multiple freenode staff members are in this channel. All of them know about it. None do anything to stop it.
  2.  
  3. When I first joined the channel I quickly learned it was created for various channel operators in large channels on the network to chat about various issues in managing the channel like dealing with trolls as one example. At first I liked the idea of the channel but that has since changed over the time I was in the channel. I am redacting the nicks of people inside the channel for various reasons. The creator of the channel will be called <THE_CREATOR> in this little rant.
  4.  
  5. The center of attention in this rant are the "few" (actually 16) bots called "listeners" by <THE_CREATOR>, that once sat in 1000+ channels from multiple connections ___WITHOUT___ the permission of ~99% of the channels. I will note that a few, less than 1% of the 1000+ channels knew the existence of the "listeners" as some of the channel ops from those channels sat inside the channel and allowed the "listeners" in those channels.
  6.  
  7. <THE_CREATOR> created this guide to the channel: http://107.170.17.75/spying/guild.txt
  8.  
  9. <THE_CREATOR> created some sort of "sales pitch": http://107.170.17.75/spying/chanops.channel.txt
  10.  
  11. -----------------------------
  12.  
  13. What are the "listener"? <THE_CREATOR> created this document as a bit of an explanation: http://107.170.17.75/spying/grumpier.txt
  14.  
  15. Between August 23, 2014 and February 24, 2015 the "listeners" were in a wide variety of channels logging Joins/Parts/Quits/Nicks and the number of times people said anything in the channel.
  16.  
  17. Below is an extremely small sample of channels the "listeners" were in. This is less than 1% of all the channels. I will note that the two IP addresses below show up before August 23, my only theory (too lazy to look at the channel log), is they were in some sort of test run before August 23 which seems to be the "official" launch date. I know that Feb 24, 2015 is the official shutdown date of them being in the 1000+ channels.
  18.  
  19. -- ##apple --
  20. Aug 23 2014 17:38:40 * vukcrni (~lupogriso@li607-220.members.linode.com)
  21. Feb 24 2015 04:04:48 * vukcrni (~lupogriso@li607-220.members.linode.com) Quit
  22.  
  23. -- ##c --
  24. Aug 25 2014 05:51:16 * yarker (~bismilah@li629-190.members.linode.com)
  25. Feb 24 2015 04:04:20 * yarker (~bismilah@li629-190.members.linode.com) Quit
  26.  
  27. -- ##iphone --
  28. Aug 23 2014 17:38:42 * vissborg (~viskestel@li607-220.members.linode.com)
  29. Feb 24 2015 04:04:53 * vissborg (~viskestel@li607-220.members.linode.com) Quit
  30.  
  31. -- ##mac --
  32. Aug 23 2014 17:40:00 * sressot (~bismilah@li629-190.members.linode.com)
  33. Feb 24 2015 04:04:20 * sressot (~bismilah@li629-190.members.linode.com) Quit
  34.  
  35. -- ##psychology --
  36. Aug 23 2014 17:39:10 * swartulv (~lupogriso@li607-220.members.linode.com)
  37. Feb 24 2015 04:04:53 * swartulv (~lupogriso@li607-220.members.linode.com) Quit
  38.  
  39. -- #digitalocean --
  40. Aug 23 2014 17:38:02 * weissschloss (~viskestel@li607-220.members.linode.com)
  41. Feb 24 2015 04:04:54 * weissschloss (~viskestel@li607-220.members.linode.com) Quit
  42.  
  43. -- #pidgin --
  44. Aug 23 2014 17:38:54 * grungier (~bismilah@li629-190.members.linode.com)
  45. Feb 24 2015 04:04:20 * grungier (~bismilah@li629-190.members.linode.com) Quit
  46.  
  47. -- #reddit --
  48. Aug 23 2014 17:39:01 * swartwulf (~lupogriso@li607-220.members.linode.com)
  49. Feb 24 2015 04:04:48 * swartwulf (~lupogriso@li607-220.members.linode.com) Quit
  50.  
  51. -- #vbox --
  52. Aug 23 2014 17:37:51 * grauwulf (~lupogriso@li607-220.members.linode.com)
  53. Feb 24 2015 04:04:48 * grauwulf (~lupogriso@li607-220.members.linode.com) Quit
  54.  
  55. -- #vmware --
  56. Aug 23 2014 17:38:08 * burgobianco (~viskestel@li607-220.members.linode.com)
  57. Feb 24 2015 04:04:48 * burgobianco (~viskestel@li607-220.members.linode.com) Quit
  58.  
  59. -- #zfsonlinux --
  60. Aug 23 2014 17:39:22 * vissborg (~viskestel@li607-220.members.linode.com)
  61. Feb 24 2015 04:04:53 * vissborg (~viskestel@li607-220.members.linode.com) Quit
  62.  
  63. If you are curious if you might have seen one of the "listeners" between Aug 23 2014 and Feb 24 2015, I would suggest you grep your logs and see what shows up.
  64.  
  65. -----------------------------
  66.  
  67. On Feb 11, 2015 <REDACTED_FINDER> found the bots due to the incompetence of <THE_CREATOR> to properly hide the bots. <REDACTED_FINDER> reported the bots in #freenode, which caused some rather interesting reactions. At the time of the "listeners" being discovered in multiple channels I was annoyed they had been discovered, as that would seriously limit the bulk data collection on anyone in one of the 1000+ channels. Eventually, I grew to like the fact that the "listeners" were shutdown from almost all the channels.
  68.  
  69.  
  70. <REDACTED_FINDER> I suspect all of the dozen or so clients with the gecos "Grumpy Old Man" are channel public loggers
  71. <REDACTED_FINDER> they're spread all throughout freenode like a paracite
  72. <REDACTED_FINDER> (1) grauwulf!~lupogriso@li607-220.members.linode.com swartwulf!~lupogriso@li607-220.members.linode.com swartulv!~lupogriso@li607-220.members.linode.com vukcrni!~lupogriso@li607-220.members.linode.com (2) grungier!~bismilah@li629-190.members.linode.com sressot!~bismilah@li629-190.members.linode.com yobber!~bismilah@li629-190.members.linode.com yarker!~bismilah@li629-190.members.linode.com
  73.  
  74. Formated:
  75. grauwulf!~lupogriso@li607-220.members.linode.com
  76. swartwulf!~lupogriso@li607-220.members.linode.com
  77. swartulv!~lupogriso@li607-220.members.linode.com
  78. vukcrni!~lupogriso@li607-220.members.linode.com
  79. grungier!~bismilah@li629-190.members.linode.com
  80. sressot!~bismilah@li629-190.members.linode.com
  81. yobber!~bismilah@li629-190.members.linode.com
  82. yarker!~bismilah@li629-190.members.linode.com
  83.  
  84.  
  85. Lets see how what nicks I have seen from those IP addresses.
  86.  
  87. <KindOne> trace host li607-220.members.linode.com
  88. <*aka> li607-220.members.linode.com was also known as: burgobianco, dvorkbjel, gagaunf, grauwulf, grump, grumpier, irenacob, keskese, loupgris, swartulv, swartwulf, viskestel, vissborg, vukcrni, weissschloss, zymurgy, zymurgy1, zymurgy2
  89.  
  90. <KindOne> trace host li629-190.members.linode.com
  91. <*aka> li629-190.members.linode.com was also known as: aulait, bismilah, bismilah_, grump, grumpiest, grungier, hollandais, irenacob, loupgris, piccata, saline, sressot, yarker, yobber, zoobie
  92.  
  93. I know the four lines above make me look hypocritical right here since I'm using a script that kind of does the exact same thing as the listners, but at a hell of a lot smaller scale.
  94.  
  95. -----------------------------
  96.  
  97. Some channels on freenode have public logging that also logs Joins/Parts/Quits, so if you Google the IP addresses of the "listeners" you will also find other channels they was once in. If they are inside the channel right now that means you have a good idea that the channel founders gave permission for the bots to sit in the channel.
  98. https://www.google.com/search?q=li607-220.members.linode.com
  99. https://www.google.com/search?q=li629-190.members.linode.com
  100. I'm sure you get the idea.
  101.  
  102. -----------------------------
  103.  
  104. Lets take a look at the /whois on one of them.
  105. If you noticed, they all share the same realname "Grumpy Old Man".
  106.  
  107. * Generic /whois output.
  108. yarker is ~bismilah@li629-190.members.linode.com * Grumpy Old Man
  109. yarker on #REDACTED
  110. yarker using weber.freenode.net US
  111. yarker has been idle 77hrs 50mins 9secs, signed on Wed Oct 28 08:22:29 2015
  112. yarker is logged in as bismilah
  113. yarker End of /WHOIS list.
  114.  
  115. * My slightly different /whois output format with some client side scripting.
  116. Nick: yarker
  117. Ident: ~bismilah
  118. Host: li629-190.members.linode.com
  119. Name: Grumpy Old Man
  120. Channels: #REDACTED
  121. Total Channels: 1
  122. Server: weber.freenode.net US
  123. Idle: 3days 5hrs 50mins 14secs - Wednesday 28 Oct 2015 08:22:58 -0400 GMT
  124. Connected: 3days 5hrs 50mins 43secs - Wednesday 28 Oct 2015 08:22:29 -0400 GMT
  125. Identified: bismilah
  126. yarker End of /WHOIS list.
  127.  
  128. -----------------------------
  129.  
  130. Lets take a look at the '/msg NickServ info' of some of the nicks these "listeners" use.
  131.  
  132. 1 ...
  133. These seem to be a month before the official launch of the "listeners".
  134.  
  135. <NickServ> Information on lupogriso (account lupogriso):
  136. <NickServ> Registered : Jul 26 20:12:49 2014 (1y 15w 1d ago)
  137. <NickServ> Last seen : (about 60 weeks ago)
  138. <NickServ> User seen : now
  139. <NickServ> Flags : HideMail, Private
  140. <NickServ> lupogriso has enabled nick protection
  141.  
  142. <NickServ> Information on grauwulf (account lupogriso):
  143. <NickServ> Registered : Jul 26 20:47:35 2014 (1y 15w 1d ago)
  144. <NickServ> User reg. : Jul 26 20:12:49 2014 (1y 15w 1d ago)
  145. <NickServ> Last seen : now
  146. <NickServ> Flags : HideMail, Private
  147. <NickServ> lupogriso has enabled nick protection
  148.  
  149. <NickServ> Information on swartulv (account lupogriso):
  150. <NickServ> Registered : Jul 26 20:50:02 2014 (1y 15w 1d ago)
  151. <NickServ> User reg. : Jul 26 20:12:49 2014 (1y 15w 1d ago)
  152. <NickServ> Last seen : now
  153. <NickServ> Flags : HideMail, Private
  154. <NickServ> lupogriso has enabled nick protection
  155. <NickServ> *** End of Info ***
  156.  
  157. <NickServ> Information on swartwulf (account lupogriso):
  158. <NickServ> Registered : Jul 26 20:46:51 2014 (1y 15w 1d ago)
  159. <NickServ> User reg. : Jul 26 20:12:49 2014 (1y 15w 1d ago)
  160. <NickServ> Last seen : now
  161. <NickServ> Flags : HideMail, Private
  162. <NickServ> lupogriso has enabled nick protection
  163. <NickServ> *** End of Info ***
  164.  
  165. <NickServ> Information on vukcrni (account lupogriso):
  166. <NickServ> Registered : Jul 26 20:49:08 2014 (1y 15w 1d ago)
  167. <NickServ> User reg. : Jul 26 20:12:49 2014 (1y 15w 1d ago)
  168. <NickServ> Last seen : now
  169. <NickServ> Flags : HideMail, Private
  170. <NickServ> lupogriso has enabled nick protection
  171. <NickServ> *** End of Info ***
  172.  
  173. 2 ...
  174. <NickServ> Information on viskestel (account viskestel):
  175. <NickServ> Registered : Jul 26 20:38:56 2014 (1y 15w 1d ago)
  176. <NickServ> Last seen : (about 23 weeks ago)
  177. <NickServ> User seen : now
  178. <NickServ> Flags : HideMail, Private
  179. <NickServ> viskestel has enabled nick protection
  180. <NickServ> *** End of Info ***
  181.  
  182. <NickServ> Information on burgobianco (account viskestel):
  183. <NickServ> Registered : Jul 26 20:59:11 2014 (1y 15w 1d ago)
  184. <NickServ> User reg. : Jul 26 20:38:56 2014 (1y 15w 1d ago)
  185. <NickServ> Last seen : now
  186. <NickServ> Flags : HideMail, Private
  187. <NickServ> viskestel has enabled nick protection
  188.  
  189. <NickServ> Information on dvorkbjel (account viskestel):
  190. <NickServ> Registered : Jul 26 20:55:18 2014 (1y 15w 1d ago)
  191. <NickServ> User reg. : Jul 26 20:38:56 2014 (1y 15w 1d ago)
  192. <NickServ> Last seen : now
  193. <NickServ> Flags : HideMail, Private
  194. <NickServ> viskestel has enabled nick protection
  195. <NickServ> *** End of Info ***
  196.  
  197. <NickServ> Information on vissborg (account viskestel):
  198. <NickServ> Registered : Jul 26 20:56:21 2014 (1y 15w 1d ago)
  199. <NickServ> User reg. : Jul 26 20:38:56 2014 (1y 15w 1d ago)
  200. <NickServ> Last seen : now
  201. <NickServ> Flags : HideMail, Private
  202. <NickServ> viskestel has enabled nick protection
  203. <NickServ> *** End of Info ***
  204.  
  205. <NickServ> Information on weissschloss (account viskestel):
  206. <NickServ> Registered : Jul 26 20:57:07 2014 (1y 15w 1d ago)
  207. <NickServ> User reg. : Jul 26 20:38:56 2014 (1y 15w 1d ago)
  208. <NickServ> Last seen : now
  209. <NickServ> Flags : HideMail, Private
  210. <NickServ> viskestel has enabled nick protection
  211. <NickServ> *** End of Info ***
  212.  
  213. 3 ...
  214. <NickServ> Information on irenacob (account irenacob):
  215. <NickServ> Registered : Jun 14 23:22:46 2014 (1y 21w 1d ago)
  216. <NickServ> Last seen : now
  217. <NickServ> Flags : HideMail, Private
  218. <NickServ> irenacob has enabled nick protection
  219. <NickServ> *** End of Info ***
  220.  
  221. <NickServ> Information on aulait (account irenacob):
  222. <NickServ> Registered : Jul 26 21:10:17 2014 (1y 15w 1d ago)
  223. <NickServ> User reg. : Jun 14 23:22:46 2014 (1y 21w 1d ago)
  224. <NickServ> Last seen : now
  225. <NickServ> Flags : HideMail, Private
  226. <NickServ> irenacob has enabled nick protection
  227.  
  228. <NickServ> Information on hollandais (account irenacob):
  229. <NickServ> Registered : Jul 26 21:07:06 2014 (1y 15w 1d ago)
  230. <NickServ> User reg. : Jun 14 23:22:46 2014 (1y 21w 1d ago)
  231. <NickServ> Last seen : now
  232. <NickServ> Flags : HideMail, Private
  233. <NickServ> irenacob has enabled nick protection
  234. <NickServ> *** End of Info ***
  235.  
  236. <NickServ> Information on piccata (account irenacob):
  237. <NickServ> Registered : Jul 26 21:02:56 2014 (1y 15w 1d ago)
  238. <NickServ> User reg. : Jun 14 23:22:46 2014 (1y 21w 1d ago)
  239. <NickServ> Last seen : now
  240. <NickServ> Flags : HideMail, Private
  241. <NickServ> irenacob has enabled nick protection
  242. <NickServ> *** End of Info ***
  243.  
  244. <NickServ> Information on saline (account irenacob):
  245. <NickServ> Registered : Jul 26 21:08:56 2014 (1y 15w 1d ago)
  246. <NickServ> User reg. : Jun 14 23:22:46 2014 (1y 21w 1d ago)
  247. <NickServ> Last seen : now
  248. <NickServ> Flags : HideMail, Private
  249. <NickServ> irenacob has enabled nick protection
  250. <NickServ> *** End of Info ***
  251.  
  252. 4 ...
  253. Why are the following nicks registered back in 2013? Almost a year before sitting in 1000+ channels.
  254.  
  255. <NickServ> Information on bismilah (account bismilah):
  256. <NickServ> Registered : Oct 29 08:19:37 2013 (2y 1w 4d ago)
  257. <NickServ> Last addr : ~bismilah@li629-190.members.linode.com
  258. <NickServ> Last seen : Nov 01 16:21:05 2015 (1w 1d 14h ago)
  259. <NickServ> User seen : now
  260. <NickServ> Flags : HideMail
  261. <NickServ> *** End of Info ***
  262.  
  263. <NickServ> Information on grungier (account bismilah):
  264. <NickServ> Registered : Jul 26 21:19:27 2014 (1y 15w 1d ago)
  265. <NickServ> User reg. : Oct 29 08:19:37 2013 (2y 1w 4d ago)
  266. <NickServ> Last addr : ~bismilah@li629-190.members.linode.com
  267. <NickServ> Last seen : now
  268. <NickServ> Flags : HideMail
  269. <NickServ> *** End of Info ***
  270.  
  271. <NickServ> Information on sressot (account bismilah):
  272. <NickServ> Registered : Jul 26 21:15:02 2014 (1y 15w 1d ago)
  273. <NickServ> User reg. : Oct 29 08:19:37 2013 (2y 1w 4d ago)
  274. <NickServ> Last addr : ~bismilah@li629-190.members.linode.com
  275. <NickServ> Last seen : now
  276. <NickServ> Flags : HideMail
  277. <NickServ> *** End of Info ***
  278.  
  279. <NickServ> Information on yarker (account bismilah):
  280. <NickServ> Registered : Jul 26 21:17:53 2014 (1y 15w 1d ago)
  281. <NickServ> User reg. : Oct 29 08:19:37 2013 (2y 1w 4d ago)
  282. <NickServ> Last addr : ~bismilah@li629-190.members.linode.com
  283. <NickServ> Last seen : now
  284. <NickServ> Flags : HideMail
  285. <NickServ> *** End of Info ***
  286.  
  287. <NickServ> Information on yobber (account bismilah):
  288. <NickServ> Registered : Jul 26 21:13:40 2014 (1y 15w 1d ago)
  289. <NickServ> User reg. : Oct 29 08:19:37 2013 (2y 1w 5d ago)
  290. <NickServ> Last addr : ~bismilah@li629-190.members.linode.com
  291. <NickServ> Last seen : now
  292. <NickServ> Flags : HideMail
  293. <NickServ> *** End of Info ***
  294.  
  295. 5 ...
  296. What the hell? 2010!?
  297.  
  298. <NickServ> Information on zymurgy (account zymurgy):
  299. <NickServ> Registered : Aug 14 18:49:31 2010 (5y 12w 4d ago)
  300. <NickServ> Last addr : ~zymurgy@li629-190.members.linode.com
  301. <NickServ> Last seen : now
  302. <NickServ> Flags : HideMail
  303. <NickServ> *** End of Info ***
  304.  
  305. <NickServ> Information on grump (account zymurgy):
  306. <NickServ> Registered : Sep 29 21:29:26 2013 (2y 5w 6d ago)
  307. <NickServ> User reg. : Aug 14 18:49:31 2010 (5y 12w 4d ago)
  308. <NickServ> Last addr : ~zymurgy@li629-190.members.linode.com
  309. <NickServ> Last seen : now
  310. <NickServ> Flags : HideMail
  311. <NickServ> *** End of Info ***
  312.  
  313. 5 sets of NickServ accounts? How many of these accounts do you have?
  314. 22 nicks really? Nicks are not like pokemon, you do not need to collect them all.
  315. Most likely a few more, but I think this is a good enough sample.
  316. Wonder if you used any of them for ban evasions. /sarcasm.
  317.  
  318. -----------------------------
  319.  
  320. Remember when <REDACTED_FINDER> found the "listeners" and reported the information in #freenode? That caused some freenode staff joined the channel and they got a quick rundown of what ##chanops is and what the "listeners" are doing.
  321.  
  322. Feb 15, 2015
  323.  
  324. <REDACTED_FREENODE_STAFF_1> So, I have been away most of the weekend and came back to a long an detailed conversation about a channel of people who're effectively logging ~1,000 channels with a small collection of bots for the purpose of what can only be described as witch hunting. Anyone care to give me a couple of line explanation about what this is all about?
  325.  
  326. <REDACTED_FREENODE_STAFF_2> How is joining 16 bots to 1k~ channels any better than those public logging bots. Both don't have the express permission of the channel owner(s) nor do the users in these channels know what's being said is being reported elsewhere.
  327.  
  328. 16 bots * CHANLIMIT=#:120 = If all the bots were each in separate channels that would mean the "listeners" could be in a maximum of 1920 channels if they took advantage of the CHANLIMIT. Nevertheless, they were nowhere near the CHANLIMIT.
  329.  
  330. Thankfully, freenode staff did NOT approve of the "listeners" being in all the channels. The "listeners" are now 'opt-in' so they need permission of channel owners to join the channels. However, the damage is done as they were in 1000+ channels without asking for permission from the channel owners. How can we trust the "listeners" if they were in 1000+ channels without permission?
  331.  
  332. The unrelated "those public logging bots" would take ~5-10 random lines of conversations from channels, alter the nicks of who typed the line and alter the nicks of who they was replying to, unless a comma or colon was after the nick (I forget). Then put the text on a webpage and all you had to do was Google a line or two out of the channel and hope it showed up somewhere. The site no longer exists.
  333.  
  334. freenode staff know the existence of one of the "listeners" in #freenode as one of them gave explicit permission that it's okay.
  335.  
  336. -----------------------------
  337.  
  338. Lets do some math. freenode has ~55,000 channels at the time of this rant. Just to be fair, I am going to pretend that number is 60,000. I am going to pretend that the "listeners" were only in 1,000 channels, just to keep the math simple.
  339.  
  340. 60,000 channels on the network and 1,000 channels had these "listeners" in them. That is 1.6667% of the entire network. The top 1.6667% of the network had these "listeners".
  341.  
  342. If you want to get somewhat more realistic that number is around ~1.8% if you were to use ~55,000 channels at the time of this rant.
  343.  
  344. -----------------------------
  345.  
  346. Some random snippets from <THE_CREATOR>.
  347.  
  348. Nov 1 2014
  349. <THE_CREATOR> The listeners themselves are currently in 1033 channels, done from about 1064 about when the gang went up.
  350.  
  351. Nov 29 2014
  352. <THE_CREATOR> Each of the listeners, sixteen of them, are in roughly 65 channels.
  353.  
  354. Sep 20 2015
  355. <THE_CREATOR> REDACTED, I once had a listener in each of nearly 1100 channels.
  356. <THE_CREATOR> I'm not inclined to deploy them again. The level of my frustration has limits. However, if I *were* to deploy them again, they'd be a LOT harder to spot.
  357.  
  358. I do not like the "not inclined" as an answer.
  359.  
  360. -----------------------------
  361.  
  362. Let's talk about what /exactly/ these "listeners" do.
  363. One of the "listeners" called "grumpier" sits in the ##chanops channel and handles all the date from the "listeners" and lets us look at various things.
  364.  
  365. <KindOne> $help
  366. <grumpier> nicks <nick> nicks associated with hosts associated with given nick
  367. <grumpier> host <host> nicks associated with a given host
  368. <grumpier> hosts <nick> hosts associated with given nick
  369. <grumpier> hostchans <host> channels associated with given host
  370. <grumpier> whereis <nick> channels associated with given nick
  371. <grumpier> xwhereis <nick> channels associated with hosts associated with given nick
  372. <grumpier> sharedchans <nick1> <nick2> channels shared by two given nicks
  373. <grumpier> explain <nick1> <nick2> hosts associated with two given nicks
  374. <grumpier> intersect <chan> <chan> <chan> all nicks common to three (or more) channels
  375.  
  376.  
  377. <KindOne> $nicks KindOne
  378. <grumpier> Nicks for kindone: clippy, epicone, evilone, evilone_, kindone, kindone-, kindone^, kindone_, kindone|, kindthree, kindtwo, meanone, scrooge
  379.  
  380. <KindOne> $host 255.255.255.255
  381. <grumpier> Nicks for 255.255.255.255: idiot45, idiot404, idiot453
  382.  
  383. <KindOne> $hosts KindOne
  384. <grumpier> Hosts for kindone : colchester-lug/silly-fool/donut, ... and a bunch of other hosts here...
  385.  
  386. <KindOne> $hostchans 107.170.17.75
  387. <grumpier> Channels for 107.170.17.75: #freenode ##chat
  388.  
  389. <KindOne> $whereis REDACTED
  390. <grumpier> Channels for REDACTED (extended): #freenode, #defocus, ##linux
  391.  
  392. <KindOne> $xwhereis REDACTED
  393. <grumpier> Channels for REDACTED (extended): #freenode, #defocus
  394.  
  395. <KindOne> $sharedchans idiot1 idiot2
  396. <grumpier> Channels for idiot1 and idiot2: #freenode
  397.  
  398. <KindOne> $explain idiot1 idiot2
  399. <grumpier> Hosts for idiot1 and idiot2: 255.255.255.0
  400.  
  401. <KindOne> $intersect #freenode #foobar ##chat
  402. <grumpier> Nicks common to #freenode,#foobar,##chat: idiot1 idiot2 idiot3
  403.  
  404. The "grumpier" also creates some rather more interesting data.
  405.  
  406. The next command is not documented in the $help.
  407. These files would be uploaded to <THE_CREATOR>'s server for ~5 minutes then deleted. If I were to run the command on myself, I would get something like this. I am sure you can get the idea what it could possibly have on you.
  408.  
  409. These commands were sent at different times I was inside the channel.
  410.  
  411. <KindOne> %info KindOne
  412. <grumpier> kindone: http://107.170.17.75/spying/1416773431.txt
  413.  
  414. <KindOne> %info KindOne
  415. <grumpier> kindone: http://107.170.17.75/spying/1420348569.EX.txt
  416.  
  417. <KindOne> %info KindOne
  418. <grumpier> kindone: http://107.170.17.75/spying/1443843205.EX.txt
  419.  
  420. The example output from above is just a single drop of water in the Olympic sized pool. I'm sure you can get an idea on what they may or maynot have on you.
  421. These "listeners" were in 1000+ channels for 6 months.
  422.  
  423. Do we really need all this shit?
  424.  
  425. Yeah, I am in a fuck ton of channels in those %info links, but I kind of purged some of them.
  426.  
  427. Curious as to how these bots collect info? http://107.170.17.75/spying/listener.raw.log.txt
  428.  
  429. That listener.raw.log.txt file, that data could be viewed over plain text in a browser or irc client on one of the IP's of the "listeners". Really <THE_CREATOR>... are you that fucking stupid to put that shit over plain text, for well over a year... YOU IDIOT.
  430.  
  431. -----------------------------
  432.  
  433. Aug 24 2014 around ~ 24 hours after the official launch, all these nicks/hosts/accounts must have been from those "test runs" as I don't even see how that much is even possible within ~24 hours.
  434. <THE_CREATOR> 577771 distinct nicks, 1528189 distinct hosts, 44096 distinct accounts so far in the DB.
  435.  
  436. Sep 05 2014
  437. <THE_CREATOR> I have: 686210 nicks, 416224 users, 1729146 hosts and 71633 accounts among 2371534 nick!user@hosts in 2458504 total records.
  438. <THE_CREATOR> This is why <REDACTED> can seem a bit unresponsive. That's a lot to sort through.
  439.  
  440. Dec 14 2014
  441. <THE_CREATOR> I currently have 3692188 unique nick!user@host user records.
  442.  
  443. -----------------------------
  444.  
  445. I am guilty of something that is a hell of a lot minor in the channel. I created my own little bot for the channel that would basically do a /list, work its way down the list doing "mode #channel bq" storing bans/quiets for every channel with 3+ users. My little bot __NEVER__ joined channels, feel free to grep your logs for the IP address of this server. My bot would write all bans/quiets matching whatever you told it into a .txt file like above and post a link to that info into the channel. After running my little bot for a few months or whatever I got tired of it since it only showed bans/quiets and never had context as to why the bans/quiets existed in the first place. In my defense, which might be extremely weak, is that the ban/quiet lists are public and that anyone can view it without having to join channels. My little bot might of had some questionable behavior, but it was nowhere near the nefarious level of <THE_CREATOR>'s "listeners" just blindly joining channels without the channel ops permission. My bot has been used less than 30 times in the channel vs <THE_CREATOR>, his bot has used 7500+ times at the time of this rant.
  446.  
  447. Context is important, and a ban/quiet DB doesn't provide that.
  448.  
  449. -----------------------------
  450.  
  451. Another little toy <THE_CREATOR> created in the channel is some sort of script that crawls all the channel access lists. Kind of like my little bot since that info is public.
  452.  
  453. <THE_CREATOR> the access list scanner client still has about two thousand channels to go, gonna take quite a while.
  454.  
  455. <THE_CREATOR> I have nothing on <BRAND_NEW_FREENODE_STAFFER>, either, for channel access flags in any of 5766 channels.
  456. Silly toy trying to find out what channels with 10+ users the brand new staffer has access in by the account name.
  457.  
  458. -----------------------------
  459.  
  460. What do I have to do with this and why am I telling you this information?
  461.  
  462. 1, I thought the channel was good at first then after a year of sitting in the channel I kind of started hating it and that just slowly started increasing over time and here we are.
  463. 2, The "listeners" listening in on everything you say or do in a channel. Joins/Parts/Quits/Nicks all logged.
  464. Yes, we can have some client side for personal use, but almost everyone (including me) was using the data collected from the "listeners" indiscriminately in the channel to try to figure out who is who, playing a game of detective to try to understand everything about whomever we were targeting at that time.
  465. Nice of bot to show my total number of lines they have seen me say. I do not think many channels would like a stats bot.
  466. As far as I can tell the data is never purged. I wonder how much data it will have in 10 years. I cannot even imagine how much of that data from the very beginning is now useless.
  467. All this data will be worthless; the chances of false positives will increase over time.
  468. 3, The source code of the "listeners" was never put online for others to verify/see what it does.
  469. Multiple people in the channel asked, but it never happened.
  470. What do you have to hide <THE_CREATOR>?
  471. You have had these "listeners" for how long and you never put it online for the users inside the channel to see?
  472. Who gives a damn if the code will make you go blind from the shit quality?
  473.  
  474. Sep 07 2014
  475. <REDACTED_USER> Also is it open source yet?
  476. // <THE_CREATOR> talking about stuff, then a minute or two later...
  477. <REDACTED_USER> Is it open source yet?
  478. // Dodged that question.
  479. // ...
  480. // Few hours later that day...
  481. <REDACTED_USER> or if it was open source ;)
  482. <THE_CREATOR> It's fully my intention to make the source available. Humble as it is, call it a kind of legacy.
  483.  
  484. Sep 21, 2014
  485. <REDACTED_USER> <THE_CREATOR>: is your source released yet? :0
  486. <THE_CREATOR> Nope.
  487.  
  488. Nov 03 2014
  489. <REDACTED> THE_CREATOR: Where's the source
  490. <THE_CREATOR> Yea, I know, I keep saying I'll package it up. I keep pokiing at it, still looking at how to add more stuff and haven't taken out all the hard-coded references to stuff yet.
  491.  
  492. Feb 24 2015
  493. <REDACTED_USER> <THE_CREATOR>: care to share the db and the source? :-)
  494. // Never responded.
  495.  
  496. Feb 16 2015
  497. <THE_CREATOR> At the moment, I'm the only one involved with its creation and maintenance, although it *is* my intention to open source
  498.  
  499. I am sure more examples exist in the channel, but this is enough.
  500.  
  501. You dodge releasing the source code as if you were Neo dodges bullets. https://www.youtube.com/watch?v=voQD3_FPb2w
  502.  
  503. Even I asked for the source code in PM and that never happened.
  504.  
  505. Nov 10 2014
  506. <KindOne> the source code to your bots online somewhere?
  507. <THE_CREATOR> Nope.
  508. <THE_CREATOR> I just now saw your PM. I'm not being combattive, aggressive or anything, just curious: what would your interest be?
  509. <KindOne> curiosity, figure out how it works
  510.  
  511. You have had over a year to put the damned code online somewhere for everyone in the channel to have a peak at it and see what it does. Your reasons are not good enough to warrant all this stalling.
  512.  
  513. Nov 01 2014
  514. <THE_CREATOR> The listeners don't even log.
  515. Talk is cheap. Show me the code. - Linus Torvalds.
  516.  
  517. How hard is it to find/replace any passwords and put the source code up on the server your "listners" upload those lovely .txt %info files?
  518.  
  519. Hi <THE_CREATOR>, it looks like you are trying to upload a copy of the listeners somewhere, let me help you with that!
  520.  
  521. cp -r /home/username/listners /home/username/listeners-nopasswords
  522. cd listners-nopasswords
  523. rm /home/username/listeners-nopasswords/super-secret-database-file-on-half-of-freenode.db
  524. nano -w passwords.txt
  525. CTRL+W
  526. CTRL+R
  527. P4$$W0RD
  528. hunter2
  529. CTRL+X
  530. Y
  531. tar -cf listeners-nopasswords.tar $( find . )
  532. mv listeners-nopasswords.tar /some/folder/where/we/can/download/it
  533.  
  534. How hard was that?
  535. Disclamer: My *nix skills are at the "knowing just enough to be dangerous" stages, so I know for a fact those commands can be simplified by a lot, but I am lazy.
  536.  
  537. Maybe learn how to use git and put it online somewhere for us to clone it.
  538.  
  539. If you are going to spy on 1000+ channels, you should at least share the source code to the others in the channel.
  540.  
  541. My little dumb ban/quiet list crawler I was talking about, I posted a link to an early copy of the vile quality code in the channel.
  542.  
  543. 4, Some of the people inside the channel annoyed me a lot.
  544. I picked the most annoying one in the bunch when he was chatting to me about something. His grammar skills are worse than mine are and fails to quote lines of text when questioning certain events. It is almost impossible to understand him at times as to what is he talking about.
  545.  
  546.  
  547. Example: I have added commentary.
  548.  
  549. <ANNOYING> KindOne, who told you the bit you shared in ##chat
  550. <KindOne> huh?
  551. <KindOne> IDIOT, no idea what you are talking about, I have the memory of a gold fish
  552. // *HINT* A paste of what you are talking about would be nice...
  553. <ANNOYING> KindOne, the part about ##chat ops telling you off
  554. <ANNOYING> who was that
  555. // What the hell are you talking about? Fucking pastebin it already. I cannot remember what I was doing five minutes ago.
  556. <ANNOYING> KindOne, did that telling off happen in this channel
  557. <KindOne> I still don't understand you, trying to understand you has always been annoying
  558. // You must think we are all inside your head and that we know EXACTLY what you are talking about all the time.
  559. <KindOne> maybe if you give examples I might remember or whatever, I can't remember every little thing I type
  560. // HINT PASTEBIN...
  561. <ANNOYING> KindOne, is that meant for me
  562. <KindOne> clearly
  563. <ANNOYING> KindOne, you said in ##chat that the chat ops told you off, who was it, where did it happen
  564. <ANNOYING> thats seems a crystal clear question, dont know why the confusion
  565. // No the fuck it does not. Fucking pastebin what the hell you are talking about.
  566. // Oh wait... this?
  567. <KindOne> [20:36:39] <KindOne> <REDACTED>: ##chat ops told me I was immature and needed to grow up. Guess who's not allowed in my tree house anymore.
  568. <KindOne> that?
  569. <KindOne> stole it from /r/jokes along with the rest of the jokes, I just changed the first two words
  570. <ANNOYING> yeah that
  571.  
  572. ... if you are going to reference something, make a fucking pastebin of it or paste the line of text in question.
  573. ... and I told him off and took my half-baked rage part/quit from that channel.
  574.  
  575. Let's look at how much simpler it could have gone if you quoted exactly what I said.
  576.  
  577. <ANNOYING> <KindOne> <REDACTED>: ##chat ops told me I was immature and needed to grow up. Guess who's not allowed in my tree house anymore.
  578. <ANNOYING> KindOne: What is this and where did it happen?
  579. <KindOne> stole it from /r/jokes along with the rest of the jokes, I just changed the first two words
  580.  
  581. Work on your fucking communication skills, thankfully we cannot read your mind.
  582.  
  583. Dear <ANNOYING>, if you want to reference something from somewhere else, please paste the lines of text in question so we do not have to play a game of 20 questions. I really hate that game. You must think everyone has perfect recall memory with everything he or she has ever read, heard, or seen. I'm sorry, but we don't take NZT-48. https://en.wikipedia.org/wiki/Limitless
  584.  
  585. As far as the other users that annoyed me, forget it as they are not as bad as the example above, unless you combine them. Always whining about you know who, doing you know what.
  586.  
  587. 5, The channel is useless.
  588. We (including myself) have become dependent on the "listeners" that are used indiscriminately for targeting people and banning them. I am guilty of this, as I have used the <grumpier> ~125-150 times according to my IRC log from the creation of the "listeners" until Oct 28 2015, the day of my rage quit.
  589. I have seen some people only use it once or twice and one user, <ANNOYING> on the other hand has used the "listners" 2,600+ times; wonder why he needs to use it that much.
  590. Guess someone should watch Minority Report (film). https://en.wikipedia.org/wiki/Minority_Report_%28film%29
  591. Remember when I said it has been used 7500+ times? Well, ~2,600 out of ~7,500 is ~34%. 34% by ONE person, <ANNOYING>. I guess I should also suggest this movie. https://en.wikipedia.org/wiki/Trollhunter
  592.  
  593.  
  594. 6, I should have reported the existence of these "listeners" as soon as I learned about them being in 1000+ channels, but at the time I thought it was nice... oh well. We cannot change that.
  595.  
  596. 7, I'm going to misquote the movie "Dark Knight" about the channel/listeners.
  597.  
  598. BATMAN: Beautiful. Isn't it?
  599. FOX: Beautiful. Unethical. Dangerous. You've turned every channel in the network into a microphone...
  600. BATMAN: And troll finder.
  601. FOX: Like the stalker.pl script in irssi. You took the scripts concept and applied it to every channel on the network. With half the network feeding your listeners you can listen in all of the channels. This is wrong.
  602. BATMNAN: I've got to find this troll, FOX.
  603. FOX: But at what cost?
  604. BATMAN: The database is ##chanops restricted. The users inside the channel can only access it.
  605. FOX: This is too much power for one channel.
  606. BATMAN: That's why I gave it to ##chanops. Only they can use it.
  607. FOX: Spying on 80,000+ users on freenode was not in my job description.
  608.  
  609.  
  610. https://www.youtube.com/watch?v=Kr7AONv3FSg
  611.  
  612.  
  613. 8, I want the remaining few "listeners" shutdown. They should have never been created in the first place.
  614.  
  615. 9, We should use our own judgement, not those of a "listener". Why are the "listeners" being used as the judge and jury with the channel op being the person that decides if he or she wants to be the executioner?
  616.  
  617. -----------------------------
  618.  
  619. This rant might seem a bit biased because it is one sided. I am only quoting few random lines of text from the channel out of the 128,000+ lines of text (including the <grumpier>) in my IRC log. Some of you reading this rant might like the idea of the channel, but I do not.
  620. Yeah, I know it sounds paranoid and tinfoil'ish, but I can understand why you would think that.
  621.  
  622. -----------------------------
  623.  
  624. To anyone who is inside ##chanops reading this silly little rant:
  625.  
  626. I will NOT share my channel log anywhere.
  627. I will NOT share the output of the $commands and %info on other users. (I only downloaded the %info on myself.)
  628. I will NOT share the nicks of whoever is inside the channel... unless that nick pisses me off.
  629.  
  630. -----------------------------
  631.  
  632. All the links of .txt files in this rant:
  633.  
  634. http://107.170.17.75/spying/1416773431.txt
  635. http://107.170.17.75/spying/1420348569.EX.txt
  636. http://107.170.17.75/spying/1443843205.EX.txt
  637. http://107.170.17.75/spying/chanops.channel.txt
  638. http://107.170.17.75/spying/grumpier.txt
  639. http://107.170.17.75/spying/guild.txt
  640. http://107.170.17.75/spying/listener.raw.log.txt
  641.  
  642. -----------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!