Blogging while bulletproof - well, bullet-resistant.
May 4, 2010 6:01 AM
Are my security/safety precautions for my secret-ish blog reasonable?
So I'm starting a blog. This isn't a National Security guard-my-identity-from-the-CIA type blog, but it deals with subjects close enough to my working life that it could be a tetch uncomfortable for me if it were a public under-my-name blog. Part of it will require asking questions and gathering comments from other people in my industry.
I'm not sweating blood over the consequences if my identity were ever revealed -- it's nothing illegal or that violates the letter of workplace contracts -- but I'd much rather it be anonymous. These are the steps I've taken so far:
I'm using Opera + Tor from my home (Windows XP), with javascript generally off and cookies on (required for the blog architecture to function). Through Opera + Tor I've signed up for an e-mail address from a large-scale freemail provider, which I plan only to access through Opera + Tor. I also have an info@domainname.org address set up, which I plan to access through Opera + Tor and my host's webmail service. My host offers a WHOIS proxy service, which I have activated, so any WHOIS search on domainname.org will only turn up the host's information.
I will, obviously, only contact people through Opera + Tor + freemail service.
I'm aware that little of this would stand up to, say, legal demands for the WHOIS information to be revealed. I'm comfortable with that. I'm also aware that using a freeblog service like Blogger would add another layer of secrecy, but I like having domainname.org both for aesthetic and personal reasons.
But I'm trying to find a sensible compromise for reasonable anonymity between being totally open and sitting in a parking lot trying to hack into a hotel's wireless Internet with a cell phone I plan to set on fire in 15 minutes. Some things I understand, like the basics of how Tor works and what an IP address is. Where I get lost is understanding how easy it is to track things back if you're the recipient of an e-mail, or how much you can figure out by looking at a blog entry that you haven't written for a blog you don't administer.
I also don't know how dangerous it is, exactly, to use the same host for this domain as I use for my other domains. I pay the host once per year to host a number of project-related domains (5-6) on shared hosting with them; how transparent is who pays for the blog? Are we talking force-of-law to get that information, or could an interested amateur dig that information up fairly easily?
I've read this question and its answers and the linked pages therein, but that was about two years ago, and things change fast online.
So I'm starting a blog. This isn't a National Security guard-my-identity-from-the-CIA type blog, but it deals with subjects close enough to my working life that it could be a tetch uncomfortable for me if it were a public under-my-name blog. Part of it will require asking questions and gathering comments from other people in my industry.
I'm not sweating blood over the consequences if my identity were ever revealed -- it's nothing illegal or that violates the letter of workplace contracts -- but I'd much rather it be anonymous. These are the steps I've taken so far:
I'm using Opera + Tor from my home (Windows XP), with javascript generally off and cookies on (required for the blog architecture to function). Through Opera + Tor I've signed up for an e-mail address from a large-scale freemail provider, which I plan only to access through Opera + Tor. I also have an info@domainname.org address set up, which I plan to access through Opera + Tor and my host's webmail service. My host offers a WHOIS proxy service, which I have activated, so any WHOIS search on domainname.org will only turn up the host's information.
I will, obviously, only contact people through Opera + Tor + freemail service.
I'm aware that little of this would stand up to, say, legal demands for the WHOIS information to be revealed. I'm comfortable with that. I'm also aware that using a freeblog service like Blogger would add another layer of secrecy, but I like having domainname.org both for aesthetic and personal reasons.
But I'm trying to find a sensible compromise for reasonable anonymity between being totally open and sitting in a parking lot trying to hack into a hotel's wireless Internet with a cell phone I plan to set on fire in 15 minutes. Some things I understand, like the basics of how Tor works and what an IP address is. Where I get lost is understanding how easy it is to track things back if you're the recipient of an e-mail, or how much you can figure out by looking at a blog entry that you haven't written for a blog you don't administer.
I also don't know how dangerous it is, exactly, to use the same host for this domain as I use for my other domains. I pay the host once per year to host a number of project-related domains (5-6) on shared hosting with them; how transparent is who pays for the blog? Are we talking force-of-law to get that information, or could an interested amateur dig that information up fairly easily?
I've read this question and its answers and the linked pages therein, but that was about two years ago, and things change fast online.
Opera + Tor is probably overkill for what you're doing; since you are using cookies and are not using privoxy, you're only protecting yourself from the case where your host gets hacked.
There are two easy ways to find out who you are through a freemail account and/or a blog. One is cross-site scripting. You have javascript disabled; this will cover most cases. The second is linking a remote image in an email or a blog comment, e.g.: I put an image in an email I send you or in your blog comment that is hosted on my website, and then check where the request for it came from.
So, my suggestion is for you to: disable javascript, use private browsing mode in your browser of choice, disable anything but text in comments, and read your email in plain text, not HTML. If you're going to use Tor, use privoxy.
posted by bfranklin at 6:52 AM on May 4, 2010
There are two easy ways to find out who you are through a freemail account and/or a blog. One is cross-site scripting. You have javascript disabled; this will cover most cases. The second is linking a remote image in an email or a blog comment, e.g.: I put an image in an email I send you or in your blog comment that is hosted on my website, and then check where the request for it came from.
So, my suggestion is for you to: disable javascript, use private browsing mode in your browser of choice, disable anything but text in comments, and read your email in plain text, not HTML. If you're going to use Tor, use privoxy.
posted by bfranklin at 6:52 AM on May 4, 2010
I agree that Tor is kind of a waste. You are going to be exposed by someone you talk to in person, not by someone compromising your ISP and sniffing your traffic.
posted by jrockway at 7:00 AM on May 4, 2010
posted by jrockway at 7:00 AM on May 4, 2010
At the end of the day, you have to understand this: this is the internet. As much as you might wish otherwise, you are absolutely not anonymous. Someone who wants to find out who you are bad enough will be able to. Eventually. Maybe through super-awesome sleuthing. Maybe through a slip up in your protocol.
How easy it is to track the recipient of the email is difficult to answer without knowing which host. Gmail, for example, doesn't pass along user IPs to the recipient of the email, and doesn't load images unless you tell it to (eliminating the option of a web bug picking up your IP). In that respect, if you're using gmail, Opera/Tor might even be overkill. If you're using a less-private email service, Opera/Tor might be 100% mandatory. But, in the end, email headers with the sender's IP and web bugs are the two things to worry about on the email front, outside of your actual content, which (if not written carefully) can contribute to finding out your identity.
As for blogs, they get basically the same information. They'll get your IP, some browser information, and whatever cookies they leave. If someone really wanted to keep an eye on you, they could do it with flash cookies, which tend (last I checked) to be cross-browser, but they're still only going to get your IP and even that would take a lot of work and would require you to visit the site without opera/tor. The thing to be weary of is clicking on links from the admin side of your site without some sort of anonymizing system in place (opera/tor in your case), as that is often a sure-fire give-away that this-particular-user is the admin of that-there-blog.
If you want to maximize your anonymity (keeping in mind the above point), you should not do any browsing at all related to this project unproxied, in your regular browser. Your blog posts should not contain any personal information whatsoever. Not off-handedly. Not slightly altered. Not at all. No "I was on vacation" or anything like that. If you have a personal blog, you need to take care that your posting habits (time, day of week, frequency, etc.) do not sync up. Someone who happens to read both might notice "Hey, Sam was on vacation last week and neither of those blogs had posts... hmmm...". If it's possible, take whatever computer you'll be working on, and setup a completely new login that only has opera, always connects to tor, and do all of your work on THAT ACCOUNT. That will help prevent slipups where you post something somewhere with the wrong account. (Note, counter to what bfranklin suggested: using Opera/Tor for all of your browsing related to this project will insulate your IP from cookies and web bugs. Cookies are browser specific, and web bugs work on the basis of cookies and IPs and such things that will be irrelevant if you are religiously using Opera/Tor)
One last thing, then I'll shut up: the flip-side to my initial warning that everyone can find out who you are is this: who is going to care enough? The answer may be "EVERYBODY", but often it is not. Some people will be curious, they'll google your username, email, check your IP against known IPs that they have, and if that doesn't lead them anywhere, they'll stop. You might have some issues like Brandon Blatcher pointed out, and you should be prepared for them, but it sounds like you're planning to do as much as you can to stave off the date when you will eventually be unmasked if you write anything of consequence.
posted by toomuchpete at 7:02 AM on May 4, 2010
How easy it is to track the recipient of the email is difficult to answer without knowing which host. Gmail, for example, doesn't pass along user IPs to the recipient of the email, and doesn't load images unless you tell it to (eliminating the option of a web bug picking up your IP). In that respect, if you're using gmail, Opera/Tor might even be overkill. If you're using a less-private email service, Opera/Tor might be 100% mandatory. But, in the end, email headers with the sender's IP and web bugs are the two things to worry about on the email front, outside of your actual content, which (if not written carefully) can contribute to finding out your identity.
As for blogs, they get basically the same information. They'll get your IP, some browser information, and whatever cookies they leave. If someone really wanted to keep an eye on you, they could do it with flash cookies, which tend (last I checked) to be cross-browser, but they're still only going to get your IP and even that would take a lot of work and would require you to visit the site without opera/tor. The thing to be weary of is clicking on links from the admin side of your site without some sort of anonymizing system in place (opera/tor in your case), as that is often a sure-fire give-away that this-particular-user is the admin of that-there-blog.
If you want to maximize your anonymity (keeping in mind the above point), you should not do any browsing at all related to this project unproxied, in your regular browser. Your blog posts should not contain any personal information whatsoever. Not off-handedly. Not slightly altered. Not at all. No "I was on vacation" or anything like that. If you have a personal blog, you need to take care that your posting habits (time, day of week, frequency, etc.) do not sync up. Someone who happens to read both might notice "Hey, Sam was on vacation last week and neither of those blogs had posts... hmmm...". If it's possible, take whatever computer you'll be working on, and setup a completely new login that only has opera, always connects to tor, and do all of your work on THAT ACCOUNT. That will help prevent slipups where you post something somewhere with the wrong account. (Note, counter to what bfranklin suggested: using Opera/Tor for all of your browsing related to this project will insulate your IP from cookies and web bugs. Cookies are browser specific, and web bugs work on the basis of cookies and IPs and such things that will be irrelevant if you are religiously using Opera/Tor)
One last thing, then I'll shut up: the flip-side to my initial warning that everyone can find out who you are is this: who is going to care enough? The answer may be "EVERYBODY", but often it is not. Some people will be curious, they'll google your username, email, check your IP against known IPs that they have, and if that doesn't lead them anywhere, they'll stop. You might have some issues like Brandon Blatcher pointed out, and you should be prepared for them, but it sounds like you're planning to do as much as you can to stave off the date when you will eventually be unmasked if you write anything of consequence.
posted by toomuchpete at 7:02 AM on May 4, 2010
PS: The point of Tor here, folks, is not to avoid traffic sniffing. it's to hide the IP address, which is a really good idea for this particular situation. It's usually pretty easy to take a look at an "anonymous" comment, check the IP against past comments, and find out who made it. If the OP is planning on being involved in this particular community both anonymously and with his/her regular persona, Tor is an absolute must.
posted by toomuchpete at 7:04 AM on May 4, 2010
posted by toomuchpete at 7:04 AM on May 4, 2010
If f there was a gap between when you registered the domain and when you enabled the proxy service then your WHOIS contact info was most likely scraped and archived by a data re-seller. Just one thing to watch out for.
posted by ChrisHartley at 7:53 AM on May 4, 2010
posted by ChrisHartley at 7:53 AM on May 4, 2010
I think you've gone above and beyond the technical precautions necessary. The bigger risk now, as toomuchpete suggested, is that you will slip up and reveal your identity yourself. Even if you avoid writing in the first person and referencing any personal information, your word choice and sentence structure may give you away. If you've had anything published under your name previously, online or off, you may have established enough of a linguistic fingerprint for someone to ID your style. Not that it's a foolproof way of getting positive matches. You might be able to through it off-track with some thorough editing and always writing with a thesaurus in hand.
Also be careful if writing about privileged information. If you're exposing secrets that only you and a handful of others know, you're as anonymous as John Hancock. You may do well to couch those things in language like "we can speculate that...", "some careful research suggests...", or "an anonymous tipster has revealed..." to distance yourself from the appearance of firsthand knowledge.
Also, stick with a default, unmodified blog theme. If there's any evidence that you've designed the site custom, or hacked the comments form, or whatever, you may inadvertently reveal yourself as someone with a degree of technical/stylistic knowledge. Depending on your circumstance, this could also go a long way toward outing yourself.
Finally, make a point of dropping regular red herrings into your text. Drop fake personal information, change unimportant details wherever possible. If you live near the beach, casually mention hiking in the mountains, or vice versa. Consider blogging under a pseudonym that suggests a particular ethnicity or culture (that you are not part of) and occasionally borrow vocabulary from that group's dialect. If you're relating a story about another anonymous person ("I was talking with a coworker and he said...") change the gender to "she said...". Maybe even identify yourself by the opposite gender, though your word choice will likely expose that ruse after a while.
posted by The Winsome Parker Lewis at 8:00 AM on May 4, 2010
Also be careful if writing about privileged information. If you're exposing secrets that only you and a handful of others know, you're as anonymous as John Hancock. You may do well to couch those things in language like "we can speculate that...", "some careful research suggests...", or "an anonymous tipster has revealed..." to distance yourself from the appearance of firsthand knowledge.
Also, stick with a default, unmodified blog theme. If there's any evidence that you've designed the site custom, or hacked the comments form, or whatever, you may inadvertently reveal yourself as someone with a degree of technical/stylistic knowledge. Depending on your circumstance, this could also go a long way toward outing yourself.
Finally, make a point of dropping regular red herrings into your text. Drop fake personal information, change unimportant details wherever possible. If you live near the beach, casually mention hiking in the mountains, or vice versa. Consider blogging under a pseudonym that suggests a particular ethnicity or culture (that you are not part of) and occasionally borrow vocabulary from that group's dialect. If you're relating a story about another anonymous person ("I was talking with a coworker and he said...") change the gender to "she said...". Maybe even identify yourself by the opposite gender, though your word choice will likely expose that ruse after a while.
posted by The Winsome Parker Lewis at 8:00 AM on May 4, 2010
I pay the host once per year to host a number of project-related domains (5-6) on shared hosting with them; how transparent is who pays for the blog? Are we talking force-of-law to get that information, or could an interested amateur dig that information up fairly easily?
It's trivial to tell that two sites are on the same host. It's also possible to get a list of all the domains hosted by a shared host (though this info is harder to get and usually requires paying for an account with a reverse IP lookup service but this is still public data) I'd say this is your biggest exposure vector. I mean, sure, there's always a chance that two people used the same host by coincidence but for someone that's trying to out an identity this would stick out like a sore thumb.
posted by Rhomboid at 8:29 AM on May 4, 2010
It's trivial to tell that two sites are on the same host. It's also possible to get a list of all the domains hosted by a shared host (though this info is harder to get and usually requires paying for an account with a reverse IP lookup service but this is still public data) I'd say this is your biggest exposure vector. I mean, sure, there's always a chance that two people used the same host by coincidence but for someone that's trying to out an identity this would stick out like a sore thumb.
posted by Rhomboid at 8:29 AM on May 4, 2010
@toomuchpete: Poster is starting her own blog with anonymity as a concern. Not a stretch to assume that only poster will have admin privileges, and as such, the ability to see the IP of who posted. Ergo, tor is only necessary if the host gets hacked.
Additionally, I never said that opera + tor wouldn't protect against identifying poster; I said a lack of javascript and private browsing mode would be almost as effective. Neither of these are foolproof either; I can think of a couple ways to attack both, but now we're getting to a point of diminishing returns.
posted by bfranklin at 8:30 AM on May 4, 2010
Additionally, I never said that opera + tor wouldn't protect against identifying poster; I said a lack of javascript and private browsing mode would be almost as effective. Neither of these are foolproof either; I can think of a couple ways to attack both, but now we're getting to a point of diminishing returns.
posted by bfranklin at 8:30 AM on May 4, 2010
And this goes for your registrar as well -- despite the fact that you're using proxy contact information, the name of the registrar is still available. You don't need any billing information to infer that two sites in the same related field using the same registrar and the same host are probably run by the same person.
posted by Rhomboid at 8:40 AM on May 4, 2010
posted by Rhomboid at 8:40 AM on May 4, 2010
Either you trust your web host or you don't.
You pay the hosting bills for your domainname.org don't you? If so they know who you are. So why bother obfuscating your personal IP address when accessing your own web host - where you pay with your own credit card?
Even worse than that - as others have pointed out, if your domain doesn't have a unique IP address, they'll be able to do a whois & see what other domains are hosted on that IP address.
As others have pointed out, with this level of paranoia, you're far more likely to give yourself away with what you talk about than anything else. While I do give quite a bit less credence to the "I can tell from his writing patterns" theory (unless you have a highly idiosyncratic writing style - is "tetch" a word?), I do give some credence to the "This guy blogs about the same stuff my coworker writes about" theory.
posted by MesoFilter at 8:47 AM on May 4, 2010
You pay the hosting bills for your domainname.org don't you? If so they know who you are. So why bother obfuscating your personal IP address when accessing your own web host - where you pay with your own credit card?
Even worse than that - as others have pointed out, if your domain doesn't have a unique IP address, they'll be able to do a whois & see what other domains are hosted on that IP address.
As others have pointed out, with this level of paranoia, you're far more likely to give yourself away with what you talk about than anything else. While I do give quite a bit less credence to the "I can tell from his writing patterns" theory (unless you have a highly idiosyncratic writing style - is "tetch" a word?), I do give some credence to the "This guy blogs about the same stuff my coworker writes about" theory.
posted by MesoFilter at 8:47 AM on May 4, 2010
See also this:
Is it time to defend our rights?
Long story short - Microsoft gets Network Solutions to turn off this guy's website for an alleged copyright violation. Even the US Government hasn't taken his site down (though he posts sensitive documents), but this corporation with its army of lawyers was able to achieve something he could not.
Your insistence on having a vanity domain is - from a technical point of view - your downfall.
I remember this forum poster who posted inside stories from a bank. His downfall? Accidentally responding to something while logged in with his other account.
posted by MesoFilter at 8:53 AM on May 4, 2010
Is it time to defend our rights?
Long story short - Microsoft gets Network Solutions to turn off this guy's website for an alleged copyright violation. Even the US Government hasn't taken his site down (though he posts sensitive documents), but this corporation with its army of lawyers was able to achieve something he could not.
Your insistence on having a vanity domain is - from a technical point of view - your downfall.
I remember this forum poster who posted inside stories from a bank. His downfall? Accidentally responding to something while logged in with his other account.
posted by MesoFilter at 8:53 AM on May 4, 2010
Here's the forum poster outing himself:
Chinchilla 1.4
posted by MesoFilter at 9:02 AM on May 4, 2010
Chinchilla 1.4
How did that happen? I posted as myself and came up as Wall Street Programmer? Maybe the IP subnet is the same?So you really are your own worst enemy. The same way most "hackers" gain access to your account by using common passwords ("123456" etc.) or by watching your fingers as you type or pretending to be from your bank - your technical security issues are far, far less of a concern than your human behavior.
This forum does funky stuff sometimes...
posted by MesoFilter at 9:02 AM on May 4, 2010
I think history has shown by this point that the only way an anonymous blog can remain anonymous is if no-one cares enough to try to figure out who the writer is.
I can't bring to mind a single case where an anonyblog came to widespread attention that didn't end with the author being outed.
Your precautions go a long way towards making it less likely that someone with just a little idle curiosity will uncover your identity, but they won't stop the determined masses.
So, I guess, my advice is make sure that you are okay with either obscurity or public knowledge of your identity. Because you're basically guaranteed to get one or the other.
posted by 256 at 10:01 AM on May 4, 2010
I can't bring to mind a single case where an anonyblog came to widespread attention that didn't end with the author being outed.
Your precautions go a long way towards making it less likely that someone with just a little idle curiosity will uncover your identity, but they won't stop the determined masses.
So, I guess, my advice is make sure that you are okay with either obscurity or public knowledge of your identity. Because you're basically guaranteed to get one or the other.
posted by 256 at 10:01 AM on May 4, 2010
Poster is starting her own blog with anonymity as a concern. Not a stretch to assume that only poster will have admin privileges, and as such, the ability to see the IP of who posted.
Yes, but you're ignoring the fact that having a blog for purposes like the OP described is nigh pointless if you aren't going to also link to other blogs and comment on their posts. Doing any of that without Tor and a fresh browser (chrome incognito would work too) is silly. I'd also suggest that even going into the admin panel is silly, as most blog admin panels these days display incoming links, links to the home pages of commenters, etc, and it is really easy to look at those links and forget your precautions because "oooh! what did they write about me???" or to just accidentally click on the link, which would then show the target URL, at the very least, your IP, and probably a referrer to the admin dashboard. As you pointed out, that admin dashboard is typically only accessible to a select number of people, making errant clicks a sure-fire way to leak an IP (or more).
Maintaining anonymity while participating in a community nearly requires an end-to-end solution, not a bunch of spot-fixes at the areas of greatest exposure.
posted by toomuchpete at 11:30 AM on May 4, 2010
Yes, but you're ignoring the fact that having a blog for purposes like the OP described is nigh pointless if you aren't going to also link to other blogs and comment on their posts. Doing any of that without Tor and a fresh browser (chrome incognito would work too) is silly. I'd also suggest that even going into the admin panel is silly, as most blog admin panels these days display incoming links, links to the home pages of commenters, etc, and it is really easy to look at those links and forget your precautions because "oooh! what did they write about me???" or to just accidentally click on the link, which would then show the target URL, at the very least, your IP, and probably a referrer to the admin dashboard. As you pointed out, that admin dashboard is typically only accessible to a select number of people, making errant clicks a sure-fire way to leak an IP (or more).
Maintaining anonymity while participating in a community nearly requires an end-to-end solution, not a bunch of spot-fixes at the areas of greatest exposure.
posted by toomuchpete at 11:30 AM on May 4, 2010
> chrome incognito would work too
chrome incognito doesn't get rid of "flash cookies."
posted by MesoFilter at 7:15 PM on May 4, 2010
chrome incognito doesn't get rid of "flash cookies."
posted by MesoFilter at 7:15 PM on May 4, 2010
« Older How to verify/falsify PETA's claims? | How much do you depend on your extended family?... Newer »
This thread is closed to new comments.
Then by definition it won't and can't be anonymous. I realize you're taking steps to be anonymous with Tor and what not, but if you're talking to people in the same industry as you, then someone will figure out that's you. You need to plan for when that moment arrives.
All your technical solutions won't mean a thing to that person who just has a natural eye for noticing writing styles or the other person who puts two and two together about similar questions or interests. In fact, I wouldn't be surprised if it turns into a game to find out who you are because you're trying so hard to be anonymous.
Plan on being unmasked at some point, before you start doing this and decide whether you can deal with that.
posted by Brandon Blatcher at 6:47 AM on May 4, 2010