Libera Chat

New And Upcoming IRCv3 Features

2026-02-11T00:00:00+00:00

It’s been a while since we’ve had new features to announce, but this set of features is particularly special, as it brings Libera.Chat closer to the forefront of IRC development. To check whether your IRC client supports these features, refer either to your client’s documentation or to this IRCv3 client support table.

`message-tags`

Solanum, the IRC server software Libera.Chat uses, has supported tagged messages going to/from clients for years, but only recently gained the ability to send messages containing tags between servers. This is one of the core features of IRCv3, and we’re excited to be able to support it properly. In particular, not having this feature was a blocker for the following features we now also support:

`msgid`

If your client requests the message-tags capability, each message you receive will be tagged with a unique identifier. This makes it possible for clients to unambiguously reference messages. Note that Libera.Chat’s message IDs are not cryptographic signatures of the messages they are attached to. As a result, they cannot be used on their own to validate messages.

`server-time`

Libera.Chat supported server-time before today, but it was of limited use because the timestamp would reflect when the message was sent to you by the server you’re connected to. Now, the timestamp will reflect when the message was processed by the server its sender is connected to. Aside from greatly improving message order consistency between clients, this has the potential to revolutionise the popular IRC game of duck hunt by reducing the advantage provided by the long-standing “connect to the same server as the duck hunt bot” meta.

Client Tags

Client tags are a way for clients to attach additional information to messages or even send all-new kinds of messages without the server having to understand them. They can be thought of as an IRCv3 successor to CTCP.

Libera.Chat allows client tags on a case-by-case basis and validates their values to prevent deviation from their specifications. Currently, Libera.Chat supports just the +typing tag which allows clients to send optional typing notifications. We are also considering allowing the following tags when client support for them improves:

Please let us know if there are any other client tags that you would like Libera.Chat to support.

`batch`

batch allows servers to create logical groups of messages. Right now, the main use for this feature is nicer handling of netsplits and netjoins. If your client requests this capability, QUITs and JOINs that happen as a result of changes in server-to-server connections will be grouped into a batch. This makes it possible to differentiate between mass JOINs due to a server reconnecting and other forms of mass JOINs, which in turn makes it possible for your client to handle a netjoin the same way it handles a netsplit.

`invite-notify`

It’s finally here. If your client requests the invite-notify capability, you will be informed whenever someone is /invited to a channel you’re in. If you’re a channel operator, this means you can keep channel mode +g on and not worry that invites are being abused behind your back.

`echo-message` for services

This is more of a bugfix than a feature. If your client requests echo-message, it will now correctly receive echo messages when sending messages to services (e.g. NickServ, alis).

What’s Next?

While we don’t want to promise anything that isn’t nearly ready for deployment, here are a few notable IRCv3 extensions that staff have at least some interest in implementing, in descending order of likelihood to be supported by Libera.Chat in the near future:

The draft/multiline batch type makes it possible for clients to logically group messages together into a single long (possibly multi-line) message. The module that implements it requires further testing, but support for this could potentially be deployed soon.

labeled-response makes it much easier for clients to always associate particular automatic replies from the server with particular requests. Eventual support for this extension was a big part of the motivation for adding batch support now. However, there’s still more development work that needs to be done before we can support this feature.

Bot mode would be nice to have in principle, but there remain some challenges to resolve around integration with services and getting bots to use it. Further internal staff discussion is needed.

setname would also be nice to have, but we would need to develop a way to prevent one-to-one bridges from using the command. Otherwise, users would be able to override realnames set by bridge, which should include information about the remote user’s account per our guidelines. Additionally, the fallback behaviour has the potential of being quite noisy, and several notable clients (e.g. ZNC as a client) do not support it. Once client support improves, staff may consider adding support for it once we figure out how best to implement the restrictions on bridges.

The good advice

2025-10-25T00:00:00+00:00

First of all, a massive thank you to everyone who donated since our last post. Our income on Liberapay has roughly quadrupled from what it was before the post. We have also had people reach out to us for large one-time monetary and hardware donations. Your support is truly appreciated!

And now for a followup from our last post. TL;DR: the legal firm we’ve engaged has sent us a memo indicating that in their opinion we can reasonably argue we do not have sufficient links to the UK for the Online Safety Act to be applicable to us. They also believe we would be at low risk of attempted enforcement action even if Ofcom does consider us to be in-scope for the OSA. We will continue to ensure that this is the case by keeping internal estimates of our UK user base and by continuing with our current efforts to keep Libera.Chat reasonably safe. We have no plans to institute any ID requirements for the forseeable future.

If that’s all you wanted to know, then feel free to stop here. However, we feel it’s in the best interest of online communities like ours for us to summarise the advice we were given in hopes that it will be useful to others. This is not legal advice from us to you. This advice was provided to Libera Chat as an assessment of our specific case. We accept no responsibility if you decide to apply advice given to us to your own online service.

Why does this even matter?

You might be asking why we’ve even bothered to get legal advice on this matter. Libera Chat (the non-profit that runs the Libera.Chat IRC network) is based in Sweden. Our bank is Swedish, and we do not rely on any UK-based payment providers. We have a few servers in the UK, but they can be migrated on short notice. In other words, the British government has relatively little authority over us. The most damaging action they can reasonably take is to instruct internet service providers in the UK to deny access to us.

Relatedly, some online communities have decided that they want to minimise the authority the British government has over them. In response to critical analyses of the OSA pointing out its potential for regulatory overreach, some online communities have taken the understandable precaution of entirely blocking access from known UK IP addresses, thus cutting off any reasonable argument that they somehow have links to the UK (more on that later).

The end result is the same: a denial of service to people in the UK solely because of the country they live in. It’s not an insurmountable barrier to access in either case, but it shouldn’t be necessary for individuals in the UK to look into censorship-defeating proxies just to engage with free software developers and peer-directed projects that choose to have a community on our IRC network. It doesn’t serve our users, it doesn’t serve our communities, and it doesn’t serve the UK open source movement. Therefore, it’s in everyone’s best interest for us look into what’s necessary to keep things from getting to the point where users in the UK cannot access Libera.Chat, and that means getting guidance on the OSA.

Who does the OSA apply to?

As the OSA is fairly vague in its definitions, Ofcom has significant latitude in deciding where the thresholds are for whether an organisation meets certain criteria or not. Ofcom also hasn’t been forthcoming with its opinions on where those thresholds are, so there are relatively few hard guarantees about the applicability of the OSA. Still, there is a strong argument that while we definitely meet one of the criteria for the OSA to apply to us, we do not meet the other.

The OSA applies to online service providers that provide a regulated service and have links to the UK. We unarguably provide a regulated service because Libera.Chat is a so-called U2U service, i.e. it “allows ‘user-generated content’ to be encountered by another user of the service”. This is an incredibly broad class of services. Some exceptions are made for user content that is posted in relation to service content (e.g. the comment section of a blog) and a few other service types, but none of them reasonably apply to us. Every chat service, forum, federated social media server, or code forge counts as a regulated service, and therefore meets one of the criteria for the OSA to apply to them.

So be it. What about our links to the UK? To quote the memo:

An online service provider has “links to the UK” for the purposes of the OSA if any one or more of the following apply:

the service has a “significant number of UK users”

UK users form a “target market” of the service; or

the service is capable of being used by individuals in the UK, and there are reasonable grounds to believe that there is a material risk of significant harm to individuals in the UK presented by the content generated by the service.

One factor that does not automatically give us links to the UK is the fact that we have staff members in the UK. Curiously, employees of the service provider who do not engage with that service as users are actually excluded for the purposes of determining whether a service has a “significant number of UK users”. Our staffers are also users, but our UK staffers make up an insignificant portion of our user base.

Speaking of which, the memo implies that “significance” in this context is interpreted as being relative to the population of the UK, not relative to the user base of the service. We have seen risk assessments that take the other interpretation and consider their UK user base to be “significant” because it makes up a large portion of their overall user base, but the advice we received suggests we should not use this interpretation. The exact fraction of the UK’s online population that must use a given service to be considered “significant” is unknown, but based on our counsel’s observations of Ofcom’s previous regulatory actions, it appears to be much higher than our internal estimates of how large our UK user base is.

The “target market” criterion is meant to capture services with a low number of UK users that target the UK specifically. While our target market (people interested in using an IRC-based platform for discussing free software or other peer-directed projects) is inclusive of UK users, it isn’t specifically for them. Our network is predominantly English-speaking, but we do not promote, direct, or tailor our service to UK users in particular.

Finally, there is no atypical material risk of significant harm to individuals in the UK presented by the messages on Libera.Chat. We block spam and client exploits. We are proactive in ensuring that our network’s acceptable use policy is upheld. We do not tolerate incitement to violence, doxxing, or defamation. And finally, we do not provide file hosting that can be used to distribute pornographic or sexual abuse media, though when we sought legal advice from the firm, we acknowledged the existence of DCC as a commonly-supported mechanism for transferring files using an IRC network to establish a peer-to-peer connection.

In the coming weeks, we will be finalising a statement similar to this risk assessment that we can provide to Ofcom should we ever be contacted by them about the OSA.

What if the OSA does apply to us?

While it is our opinion that the OSA does not apply to us, Ofcom might disagree, and appealing that disagreement would likely involve further legal expenses. So, what is the risk that Ofcom would decide to try to impose fines or other regulatory penalties on us?

For the time being, services like ours do not appear to be Ofcom’s priority. Currently, according to our legal sources, the focus appears to be file and image hosts that are at high risk of being used to transmit sexually-explicit depictions of minors. IRC has been used as a way to facilitate piracy, but those days are generally in the past thanks to more attractive options. Even if they weren’t, using Libera.Chat for this purpose is risky. We prefer to exercise the minimum power necessary to keep the network clean, but that doesn’t mean we don’t have the tools necessary to proactively stop the network from being used for piracy or CSAM distribution.

We have also been reassured that Ofcom is very likely to contact us with concerns before attempting any sort of action against us. There are some classes of concerns that we would certainly be willing to hear out, and we do prefer a constructive approach to problem resolution where possible. We’re confident that there isn’t anything for them to be reasonably concerned about, but we are willing to engage with good-faith reports of potential abuse of our service.

Will Libera.Chat ever require my ID?

We have no plans to require users to provide us with proof of identity and will take every reasonable measure to avoid requiring it. The justification for us to compromise the privacy of our users given the content we forbid on Libera.Chat is not adequate, and the risk of material harm should an identity verification mechanism compromise our users’ privacy far outweighs the plausible harms caused by not having such a system. Such violations of privacy aren’t hypothetical; another chat platform recently was affected by a data breach that potentially exposed the legal identities of tens of thousands of its users.

That said, it’s conceivable that legislation will be created that could apply to us and could force us to identify or spy on our users. If that happens, we will evaluate our options once drafts of such legislation reach a point where they can conceivably pass. Until then, we hope that the general public will remain vocally opposed to such attempts at overreach. Popular opposition stalled Chat Control earlier this month. There will probably always be efforts to compromise the free internet, but their success is not inevitable.

The price of good advice

2025-10-01T00:00:00+00:00

Hello,

You may have noticed that things on the Internet are getting a bit dire lately, particularly in terms of legislation that makes running services like Libera.Chat way more complicated than they should be. This means we need to understand what we as a network are up against, especially since several of you have approached staff asking us related questions that we currently cannot answer. Between existing legislation such as the UK’s Online Safety Act, and prospective measures like the EU’s Chat Control, we are facing a bunch of new bureaucracy to navigate, and none of us are trained for that.

After reaching out to multiple contacts, a bunch of prep work on our side, and some back and forth with a firm that has some tech-related background, we have finally arranged some actual legal advice. While this has taken far longer than we’d have liked, part of the delay has also been our hesitation to spend any money on this. At our last MGM, we agreed that this is unfortunately what we need to do, to the tune of £1920.

While we are very fortunate that our finances allow us to afford this one bill, it is… only one bill. Regulations infringing on the neutrality of online services, and the right to privacy online, are not going to stop with the OSA, or with Chat Control. Laws like this multiply. It is very likely that this is not the last time we need to cough up perfectly good money to buy advice about the latest government overreach.

So, as awkward as this is, we are asking for your help.

If you value the service Libera.Chat provides, please consider a contribution towards the cost of this bill. Doing so ensures that we have enough reserves for followup costs or future crises, either of this nature or otherwise. Folks in Chat Control countries, please also reach out to your representatives and (diplomatically!) tell them what is at risk.

We are committed to being transparent about the outcome of this situation, and hope that other similar services can benefit from our effort and expense.

OSUOSL is worth saving

2025-04-30T00:00:00+00:00

Hey everyone,

It’s been a bit of a bloggy month here, but this one is critically important.

The Oregon State University Open Source Lab (OSUOSL, or OSL) has reached out to inform the open source world that that the lab is in dire jeopardy.

This is bad.

It is a matter of fact that Libera.Chat simply would not be what we are, were it not for OSUOSL. While they are not currently a sponsor, they were a sponsor on the network we descend from. As you can see in slide 16 of this slideshow, they were a very generous sponsor. We thank them for that, and stand with them now in their moment of need.

To this day, they continue to sponsor projects we depend on. They sponsor the Debian project, which our infrastructure runs on. They sponsor OFTC, which Debian uses for support and collaboraton. They host a huge number of other projects which we either rely on, or ourselves support with infrastructure.

The amount of support that OSUOSL has provided to open source communities over the years is so unbelieveably vast. It is almost certain that something which you personally rely on either relies, or formerly relied, on OSUOSL. This may be direct support, or via support of something upstream. You may think this is hyperbole, but it is not.

If you love open source software and free culture projects as much as we do, and wish to ensure that OSUOSL can continue to nurture the ecosystem in the future, please consider using your preferred social media platform to either signal boost their call for help or post with the #osuosl tag to offer your heartfelt support.

Are your channels visible enough?

2025-04-18T00:00:00+00:00

Hello!

When setting up Libera Chat, we made several decisions about defaults in the interest of respecting privacy. One of these changes was setting channel mode s on by default for all new channels. Having channel mode s set by default means that a channel is in “secret mode” when it is first created, allowing founders to choose when and if their channels are ready to be publicly promoted to other people. We recognise that not all channels should be public, even in otherwise open and transparent projects.

Naturally, there are consequences to a channel staying a secret. For example, people will not find your project if they use standard channel search utilities to look for topics. That means that if your main channel is secret, your project could be missing out on getting the attention of new users or contributors, and that is a shame.

We have noticed that a number of projects’ main channels have not removed this mode, or perhaps “temporarily” set it back on to avoid being discovered by spam bots that we struggled with in the early months of the network. As we all know, nothing is more permanent than a temporary fix. This brings us to the purpose of this outreach: to encourage you to check that your channels are all set up with the correct level of visibility. To make this process easy, we have just rolled out some helpful features:

Everyone has access to the new LISTMODES command. Using /msg ChanServ LISTMODES will provide an overview of the current modes and MLOCK for all channels that you have ChanServ privileges in.
Group Contacts will see a reminder of the secret status for all channels in their namespaces when using the existing /msg ChanServ LISTGROUPCHANS command. (SECRET) is now shown for channels with mode s set.
Channel founders will now receive a notification at channel registration time that their new channel is currently in secret mode, and how they can change that.

Everyone can help with this, even without privileges in any channels. Most clients let you check what modes a channel has set with /mode, for example /mode #libera. Depending on your client and whether you are currently in the channel, the modes will either be displayed in the channel itself, or in the server window for the network, where the MOTD goes. Politely encouraging the operators of your favorite project channels to check this post will help a lot.

Once any misconfigured channels have been identified, disabling secret mode is easy; simply /mode #yourchannel -s. If the mode change gets reverted, you may also need to update the mode lock, which is configured using /msg ChanServ SET #channel MLOCK [new mode string].

We do understand that you may still have concerns about allowing your channels to be visible again, which is why we have worked hard behind the scenes on a variety of network-level abuse mitigation tools. Our ability to respond to incidents has improved a lot since those exciting early months, and we believe that the rewards of visibility now outweigh the risks.

Addressing Burnout

2025-04-01T00:00:00+00:00

Update: This was our April 1st 2025 prank. It was a reminder that burnout is real, especially in volunteer efforts, and that it has no easy answers. This is also a protest about the social burden created by LLMs - often trained using questionable ethics - including on the quality of support resources. And sometimes with the ultimate goal of replacing real human interactions that make communities like ours so special. <3

Hello Libera.Chat users,

There’s no easy way to say this, so here it is: staff are burned out. Many of us are facing heightened pressures at work which leave us with insufficient time and energy to maintain Libera.Chat. This has been a problem for a while now, but this year we are finally choosing to acknowledge it and evaluate potential solutions.

Upon review, we found that a significant portion of staff time is consumed by answering support queries in #libera. As a channel that is often visited by newcomers to the network, many of the questions tend to be similar in nature. We’re thankful for the community of helpers in #libera who help us help you help us all, but there are some support matters which the helpers simply lack the privileges to assist with.

In order to reduce support load, we have decided to do a trial run of LLM-based support scripts. Historically we have been reluctant to make use of machine learning in our tooling, but we’re not unreasonable, and the latest large language models are capable of replacing subject matter experts, just like every generation of LLMs since GPT3. We have been assured by key figures in the software development industry that long-standing issues with hallucinations have been worked out and that the amount of effort needed for human review is now an order of magnitude less than the amount of effort needed for a human to do those same tasks in the first place.

Using state-of-the-art technology allows us to provide the models with full access to privileged staff interfaces without facing risks from adversarial inputs or prompt injection, so that they can even assist you in tasks that would previously have required a staff member to manually issue privileged commands. To alleviate any worries about disruptive or harmful actions taken by the LLM scripts, we have implemented a system of checks and balances where several different LLMs will be keeping tabs on each other by conversing in a private IRC channel inhabited purely by LLM staff members. Going forward, we hope to implement automated testing where LLM-powered guests will message the support scripts and evaluate the resulting actions.

Staffers running these scripts will have auto-generated responses prefixed with [LLM] in compliance with our LLM etiquette. These scripts will only reply to certain private messages and messages in #libera. Please note that we will be running these LLMs under tight resource constraints for ethical reasons. Additionally, they are trained exclusively on our staff members’ collective brainwaves, and absolutely no user data or logs have been processed by the model nor will be collected. As a result, these scripts will exhibit delayed responses, may occasionally not respond at all, and will sometimes generate contradictory nonsense. Despite this, we believe that using our new in-house model, APRIL v01, is the best option to ensure the availability of support on Libera.Chat.

After ensuring the scripts are functional, some members of staff have expressed an intent to take a short break from their usual duties. If you wish to learn more about APRIL and discuss the use of LLMs in this context, please join us in our computer-aided enrichment center, #libera-april.

A belated state of the network

2025-02-17T00:00:00+00:00

Happy 2025 everyone!

We’re now a month and a half into the new year (and a quarter of the way into this century?!) and realized that we are overdue for a periodic state of the network.

After a tumultuous 2023 where we parted ways with the official Matrix bridge, 2024 was much quieter on the bridges front. Over the course of the year, many projects and communities stood up their own Matrix bridges. This has proven to be a far more stable and sustainable arrangement, and we sincerely appreciate their work and cooperation.

In July we were looped into a coordinated security response, involving various networks and IRC software maintainers, to mitigate a potentially nasty exploit. We appreciated the collaboration of our peers on other networks in ensuring that the word got out, and hope to use this incident as guidance for responding to similar incidents in the future.

Sable development is also continuing, albeit slowly. We are of course interested in welcoming new contributors to the project, so if you’re curious, check out the repository and drop into #libera-dev.

We also managed to deliver some long-awaited improvements to our current stack for our users:

Account auto-cloaking. On a rather infamous day at the start of April, we finally delivered auto-cloaking upon registration verification.
Deprecated certificate expiry verification. As of early July, we no longer check the expiration of certificates used for logging in. Now you won’t get locked out if you forget to make a new certificate in time.

To celebrate the arrival of the auto-cloaking feature, we also had some fun with a temporary rebranding of the network. If you missed out on the limited-time novelty cloak, you can still get a meowmento of the prank with our freewear.org merch! Every purchase of merch from that freewear.org page generates a donation to help the network remain sustainable. We also have a liberapay if you want to help us without buying gear.

While most of our resources are donated, some are not. This includes costs that ensure we will remain an independent and non-commercial platform. In this current social media climate, we think that is very important and likewise encourage the use and support of other community-run social protocols. Like numerous other projects, we have retired our use of Twitter/X and Facebook, now posting only to the Fediverse and Bluesky.

Establishing an etiquette for LLM use on Libera.Chat

2024-11-22T00:00:00+00:00

Greetings fellow humans!

For better or for worse, controversially perhaps, we are now immersed in an online landscape laden with LLMs.

This may be a fact that brings you great joy. However, not everyone feels the same way about LLMs. Some folks dislike them for privacy or ethical reasons. Some people just don’t feel good about talking to LLMs without knowing. We want folks in all camps to feel welcome on Libera.Chat.

We believe that the best way to make this happen is to ensure that people are not caught unaware. As such, building on the principles of our public logging policy, staff would appreciate cooperation with these simple guidelines:

LLMs are allowed on Libera.Chat. They may both take input from Libera.Chat and output responses to Libera.Chat.
Training LLMs on channel content or logs is subject to the public logging policy and therefore requires permission before that content can be used for training.
As soon as possible, people should be made aware if they are interacting with, or their activity is being seen by, a LLM. Consider using line prefixes, channel topics, or channel entry messages.
People who operate interactive LLM scripts or bots in channels they don’t run must obtain permission from the channel founders and operators.
LLM scripts and bots are not exempt from our network policies. People running LLM scripts and bots are responsible for what they output.
Other people may be responsible for what a LLM script or bot outputs based on their prompts.

While these guidelines are not final, nor enshrined as network policy with exception of training LLMs on channel content, we do have a broad prohibition on antisocial behaviour. We encourage folks to consider whether their application of LLMs is reasonably prosocial or antisocial.

Retiring CertFP Expiration Verification

2024-07-09T00:00:00+00:00

Here is some good news for folks who use CertFP to log in to NickServ: we have rolled out a change that means SaslServ will no longer reject expired certificates when used for identifying to accounts.

Why are we doing this? We don’t have a rotation policy on passwords, which are generally less secure, so it makes no sense for certificates to have one. Meanwhile, certificate expiries are quite disruptive, particularly for folks who use our tor hidden service which does not allow other forms of authentication. Respecting the expiry of the certificate provides no benefit but does cause annoyance for both users and staff.

We do still recommend that you practice good certificate hygiene, such as cycling your certificates, using unique certificates for each network, and keeping your CERT LIST clean.

PSA: Critical vulnerability in ZNC’s modtcl

2024-07-03T00:00:00+00:00

TL;DR - If you are using a version of modtcl that is NOT from ZNC 1.9.1 (distribution versions may differ) or newer, update or unload it immediately.

In coordination with other IRC networks and ZNC providers, we’re sending out a global notice today about a vulnerability in a non-default core ZNC module, modtcl. Please unload this module until it can be upgraded to a patched version. You can unload this module by running /quote ZNC unloadmod modtcl.

Modtcl in ZNC versions prior to 1.9.1 contains an injection vulnerability (CVE-2024-39844) that allows channel operators to run arbitrary TCL code on ZNC instances present in their channel. This exploit can be used to compromise NickServ accounts, channels, or the system user account that is running ZNC.

Luckily, modtcl is not loaded by default. To check if you have modtcl loaded, run /quote ZNC listmods to see the list of loaded modules. If you have access to the ZNC’s config file, you may additionally search for the line LoadModule = modtcl.

Prior to this announcement, to protect folks who are idle, Libera’s servers were patched to reduce the impact of this vulnerability on Libera. Our mitigation will result in some kick messages being blanked out. Other networks have undertaken their own mitigations as they see fit. Please ask them directly if you have questions.

We appreciate your help in ensuring that everyone gets updated as soon as possible! We encourage you to contact ZNC-using friends who are idle. Please also keep us informed in #libera-hotline about folks trying to take advantage of this vulnerability.