Cuff-Link is Going TLS-Only

Published:
By ClAdmin
Category: Announcements Tags: announcement encryption privacy security SSL TLS news support

Consent. Privacy. Security.

These are the three things that help us ensure safety and minimal risk for everyone who uses Cuff-Link. We cannot properly do this while allowing people to connect to the network with insecure [unencrypted] connections. After several months of mulling it over, the decision has been made to go TLS-only [aka SSL-only] by February 1, 2018.

This gives us 3 months to assist people with updating their clients to the correct ports and ticking a few boxes. If your client does not support TLS, you will need a new one. No exceptions will be made.

If you already have TLS/SSL enabled, but you have boxes ticked that say “Accept invalid certificates”, untick them. Our certs are verified with Let’s Encrypt.

Anticipated questions:

Q: Encryption? But I have nothing to hide.
A: Maybe the people you talk to do. Many places in the world frown upon certain activities between consenting adults.
Also:
* https://en.wikipedia.org/wiki/Nothing_to_hide_argument
* https://www.amazon.com/Nothing-Hide-Tradeoff-between-Security/dp/0300172338

Q: Why isn’t it sufficient for only one side to use encryption?
A: Unencrypted messages sent from the IRC server to your IRC client can be easily read by your network operator (spouse, kids, employer, ISP, government, etc.) Such a setup may be used to target the other users who opted to use encryption.
Also:
* https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects

And also, directly affecting those of us who use Cuff-Link due to the nature of our interests and lifestyles:
* https://www.theatlantic.com/politics/archive/2013/11/the-nsas-porn-surveillance-program-not-safe-for-democracy/281914/
* https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/

To connect with TLS:

Server: irc.cuff-link.me
Port: 6697
Check any boxes that say "Use SSL" or "Enable SSL"
** Note: Some clients require you put +6697
A post with some screenshots [will add to this as we can]:
blog.cuff-link.me/2017/10/30/tls-ssl-setup-on-various-clients