That this was not a concern during the protocol's design is apparent. Because IRC nicknames are ephemera, knowing the nickname says nothing about the person. To work around this, IRC reveals the IP address of the user. Now you have an identifier that is somewhat less ephemeral than the nickname. An identifier that is subject to spoofing and other forms of change without notice, such as walking to another computer. To work around this, there is the Identification Protocol, better known as identd.
In this scheme, the IRC server asks the ident daemon (identd(8)) on the connecting host who is connecting. The connecting host says, jdoe, and the IRC says, OK.
We now have three identifiers: the nickname, the IP address, and who the identd at that address says you are. But what if the ident daemon lies to you? Most IRC clients are configured to lie. We have three untrustworthy identifiers, none of which actually identifies the person connecting.
And unfortunately, given the denizens of IRC, the IP address provides a target.
Two means were developed to work around this latter problem. The first is to obfuscate the IP address so that it still provides a consistent identifier, but does not reveal the actual address. The second is to bounce your connection to the IRC server through a proxy, usually an unsecured anonymous proxy misconfigured by an unsuspecting DSL subscriber.
So how do you identify someone on IRC?
If you limit who can use the service, based on their IP address, and can narrow down the potential number of people connecting, then it becomes possible for the system administrator — not the users — to identify, with some precision, the perp. This is possible, not because of anything in IRC, but because one can correlate data from an additional sources: RADIUS records.
This is complicated by proxies.
But how do you know that the luser you speak to today is the same luser you spoke to yesterday?
NickServ attempts to address that problem, by providing a means for registering a nickname so that someone else cannot use it.