Best way to set up a risky blog?

36 points by 1024core ↗ HN
Suppose I want to set up a blog where I can document abuses of power, cases of corruption, etc. without risk of getting doxxed, as these people will stop at nothing to stifle such content.

What are my options?

37 comments

[ 3.1 ms ] story [ 87.1 ms ] thread
Might want to explore decentralized blogging options like paragraph.xyz or mirror.xyz . Are you looking to monetize on these platforms as well?
Well, I think a Tor hidden service is probably the ideal for hosting it. Making it so users have to go through that system rather than accessing it via the clearnet makes it less likely your adversary can easily figure out where it's hosted and who the hosting company is.

I'd also recommend using a secure/disposal operating system like Tails, using the Tor browser with the default settings at all times, changing your writing style as much as possible and using an identity that's only used for the blog in question, and never used to access the clearnet/on any other service you can think of.

Also, try and make sure the identity used is as plausible as possible. Maybe create a fake photo with AI and a fake but realistic sounding name and description to go with it, then use those to create a fake online footprint. An obvious pseudonym makes people want to find out who it is, while a realistic name and identity makes them think they've identified the person behind it.

But of course, it really all depends on who exactly your enemies are. Normal people and companies have a lot less in the way of resources for tracking someone down than government agencies. It takes a lot less opsec work to fool say, Burger King than it does the NSA.

Funny enough, this guide that was posted a few days ago on Hacker News might be exactly what you need:

https://github.com/zolagonano/a-ninjas-handbook

> Making it so users have to go through that system

The problem with that is then the regular people (the voters, mainly) can't find it an educate themselves. Which then defeats the purpose.

Consider your hosting locations and local laws as well
without risk of getting doxxed

If you think you have found that, you are kidding yourself. Powerful people have incentives to hire experienced and motivated professionals and the lawyers, guns, and money to do so. Odds are you wont be the smartest person in the room. Good luck.

I know I'm not the smartest person in the room, but I imagine if, for example, I use the local public library's internet to update it (and do it remotely by sitting outside the library, and switch locations at random) then my chances of getting busted are low. Of course, nothing is 100% safe, but neither is crossing the street.
Probably $100 wouldn't be enough to track you down. Maybe $1000 wouldn't. But how about $10,000? Or $100,000?

Once you make enough trouble that using the library wifi might affect your risk, you've made enough trouble that it doesn't.

I'm hoping these people don't have the $100K. We are talking about city/county-level corruption, shenanigans in the school district, etc.
Talk to local journalists. They would have ways of establishing the credibility of any evidence you have.

If you really want to set up a blog, why not just an email address under any name and a free Wordpress blog?

The mayor says to the police chief, find out who is doing this. Maybe a detective talks to the head librarian. Maybe the detective sets up a trail cam across the street. There's way more than $100k worth of resources available and full time employees with forty hour paychecks to work on it.

There might be more rewarding hobbies than discovering that the world works in the same fairly predictable ways it always has. If this is really your mission in life, you need bulldog lawyers not technology.

Hope is not a plan.

They caught Ross Ulbricht (Silk Road founder) at a public library.

To be fair, he was kind of an idiot when it came to security. But there are ways of knowing who is using public wifi at different times.

If this is a matter of national security, realistically, you probably should not do this. If it's sensitive enough, the government(s) involved WILL expend infinite resources to track you down and chase you across the world like they did with Snowden, Manning, and Assange. Don't kid yourself that using software X will make you invisible. Almost all public cybersec resources are only "good enough" against a poorly-resourced adversary, not against most state actors, and especially not against the US government and its allies.

State actors have plenty of resources at their disposal for revealing your identity, ranging from the perfectly legal (wiretaps, national security letters, etc.) to the questionable (making allied intelligence agencies do their dirty work, using loopholes to do warrantless wiretapping at a mass scale, monitoring Tor exit nodes, etc.), to the outright murdery (good luck if you personally piss off the Russians or Israelis).

Even if you leak it to a reputable journalistic outfit, you're betting that a reporter will value your freedom over their own. They can and have been compelled to leak their sources under enough pressure, and it takes a rare hero to stand up against that sort of governmental abuse of power.

You really, really shouldn't do this if you value your safety. If you absolutely must get the information out, deliver it to some media agency anonymously, preferably without a digital record or paper trail.

Or, geopolitically, you can also choose to leak to an enemy of whatever entity you're concerned about, and hope that they will protect you. (e.g. if you're leaking national security matters, go to a non-allied adversary and ask for asylum from their embassy... after making sure that country does not have extradition agreements with your own).

There is no risk-free way to do this.

> If this is a matter of national security, realistically, you probably should not do this

Thank you for the concern, I understand where you're coming from; but fortunately, it's nothing that glamorous.

It is about low-level corruption (think county/city level) and things like nepotism, bad contracts, wastage of resources, etc.

Why not go see the local DA and tell them about it instead ?
I might be naive, but what if you buy a burner phone/notebook on the flea market, wait a couple months, then use a public WiFi with some precautions (no cameras around, leave your phone home) to post the content? Maybe I'm severely underestimating current capabilities, but I have a hard time imagining how I could possibly be found out.
As long as you don't leave any digital footprints, that might be good enough for many situations? A local politician probably doesn't have the resources to track you down from that one instance.

But just some examples...

- Where are you going to post something where it's both anonymous (to protect you) but also verifiable (so the person receiving it can authenticate you)?

- Has, or will, that laptop ever be used for anything else? Can someone with enough power fingerprint it (MAC address, browser fingerprint, etc.) and eventually correlate it to you?

- Are you sure it's not scanning for wifi while asleep to check for updates, etc., possibly leaving a log in other routers / street view cars etc. along the way?

- Once the information is posted, do you need to further communicate with your audience? If so, you'll be doing so under higher risk. They'll know which IP address it came from, thereby narrowing it down to an ISP and probably a city, if not the exact library or cafe or whatever. Then that entire spot can be placed under surveillance. They can slowly try to rule out likely individuals.

- If the router logged your laptop's real MAC address, they might be able to identify the vendor and the person they first sold it to, who under interrogation might reveal they sold it to a person who looked like so and so.

Best case scenario maybe you buy a one time use burner laptop, hike to a different state, buy nothing along the way, connect to a public wifi there one time only, post anonymously, and then burn and bury that laptop in some forest. That'd be much harder to track down than, for example, someone who need to maintain a line of communication with a journalist over a few weeks while also trying to keep their normal life. And someone with a family is probably less likely to attempt the more extreme measures.

It just depends on who you expect your adversary to be. If you're just trying to post mean things about a local politician, probably you're safe with the most basic protections. Probably you can just go to the local media and even if they reveal who you are, the impact will be limited.

If it's national secrets you're revealing, well, they'll try a lot harder to track you down, both technologically and socially.

Start by keeping the server-side on real co-lo servers in countries the FBI can't reach and having absolutely perfect security and financial (crypto) hygiene. Don't expose it directly to the internet, but proxy it around, eventually serving it on Tor.

Probably want to use Tails or Qubes OS on a single-purpose laptop used only on public WiFi without a real MAC address or CCTV, and without taking your personal mobile phone with you (or always keep it in a RF blocker pouch).

If you don't want to host anything, consider what already exists like SecureDrop.

https://securedrop.org/directory/

I mean first off, make a throwaway on HN when you ask about it instead of a decade old account with (probably) a lot of fingerprintable information
Personally I think the best idea for this would be Nostr. It's a client relay protocol that just relays messages.

So what you do is, always from behind Tor, generate a key (called an nsec in the nostr world), begin publishing messages. Publish to as many relays as possible. You don't have to host anything (unless you want to run your own relay, then you run into the problems you're worried about), your identity is just a key, so you can always prove it's you. If you publish to enough relays sufficiently distributed across the continents you're basically censorship proof. There are even paid relays that guarantee availability of your messages that are paid in bitcoin (and a few that take Monero) if you're really trying to make sure you're protected from censorship.

To me, if your goal is just to release information, this is the most headache free way to do it. No hosting, no DNS, no picking a jurisdiction, none of that, just setting up Tor and generating a private key and signing messages and broadcasting them out.

This sounds like a worse, less secure and robust version of I2P, where all of this is automated with random changes of hops every 10 minutes and a lot of random traffic propagating through everyone.
The goal is to publish things 1) anonymously, 2) without being censored.

If you publish via tor and never fuck up and connect outside of tor, you're anonymous.

If you publish to a lot of relays, it's almost impossible to remove.

What youre saying is tor is less secure than i2p. Maybe. But if you don't have to store your blog on a server you rent or that's in your garage, you're way less likely to be eventually identified. There's no overhead to keeping your messages available, and you don't have to remain connected to the internet for them to be available. It is significantly more robust than hosting a server behind i2p.

Depending on the size and popularity of your data, you could also use torrents on i2p. AFAIK distributed storage solutions also exist there. Alternatively, Freenet could help, too.
Torrents require seeding in perpetuity. One screw up and your IP is known by every peer.
There are no ip addresses in i2p.
To torrent you need an IP. You have to exit the i2p network via an exit node. You're seeding, and if somehow you continue seeding and get disconnected from i2p, everyone will see your IP address.
This is not true. I2PSnark BitTorrent client never makes a connection to a peer over any other network, as written in the official docs: https://geti2p.net/en/about/software.

In other words, I2P has its own torrent servers and network, which never reveals any ip addresses.

(comment deleted)
There's probably something to be said for getting an old laptop just to use for that stuff with a made up identity on, and nothing of your real identity on that machine. Then connect to the web in some random internet cafe, maybe use tor, get a hotmail account, and maybe a regular free blogging account like wordpress.com.

Be careful to have nothing in common in terms of usernames, passwords etc with your normal identity.

If you look how other people got caught it was often things like reusing a name from their other identity like with Ross Albright

>Investigators were given a major break when, eight months later, “Altoid” made another posting on Bitcoin Talk, stating he was looking for “an IT pro in the Bitcoin community” to hire in connection with “a venture backed Bitcoin startup company.” The posting asked interested parties to contact rossulbricht@gmail.com.

And Satoshi seems to have used his real birthday on a forum and some other things.

First of all, don't use AI for a picture or lie about who you are. Just post under a pseudonym, while making it clear that yes, it is a pseudonym. Giving a human touch to it is a nice idea, but if it gets found out - which it might be - people will immediately distrust what you say.

Second, you probably have two major concerns: hosting and staying anonymous. Hosting is relatively easy, and there's a surprisingly good guide at Anna's Blog, run by the people behind Anna's Archive (a pirate library, and as such with legal troubles). See https://annas-archive.se/blog/how-to-run-a-shadow-library.ht....

Three, even if your website isn't through Tor, you should still mostly be doing stuff on Tor. If you want to have an email, you can use ProtonMail or some other secure(r) email service. (ProtonMail's free plan isn't the best, but it should do. They also have a free VPN.)

That could help with hosting. Staying anonymous but trusted is harder, since people tend not to trust anonymous things. However, a good idea would be to create a common, realistic-sounding pseudonym (again, make it clear it's not your real name). Also make it strange for you. If you are, for instance, Buddhist, you could choose a pseudonym that makes it seem like you're Christian. If you're Nigerian, you could choose a pseudonym that makes it seem like you're American. (If you are going the nationality route, I recommend using a VPN to make it seem like your traffic is coming from that country.)

A specific section of the Ninja's Handbook might be quite helpful for you: https://zolagonano.github.io/a-ninjas-handbook/chapter_7.htm.... I'd also recommend testing how unique you are with https://coveryourtracks.eff.org/, which provides both a summary and a more detailed analysis of the most unique points in your browser.

Good luck!

I think you will find the best resources here.

International Consortium of Investigative Journalists

https://www.icij.org/

Many journalists in this category also use Ghost for their website which is open-source but I am not sure about other security features

https://ghost.org/

I have also been thinking about setting op some kind of wiki on tor. To include documents and full names etc to throw over some bad people and practices. (and anecdotal stories)
well, the hosting is most troublesome. people need to be able to find the blog so it needs to have a domain which means it must have a public record pointing to an ip address which belongs to a server, owned by some company, that runs it for you. so even if you find a company that does not require some kind of id check to host your website(very few actually do it so it's fine), they can track you via payments to said company for said services, unless it is in cash, which is unheard of. or crypto, which i doubt exists or will exist for long(i mean ability to pay to said company, not crypto itself).

next, even if you run your own server, there are logs in the datacenter that can record your ip and times when you access it, so authoring the content is problematic. you can use tor or vpn and that should suffice. though vpn is not reliable by any means and tor is the way to go in this case.

after all, main thing is to physically be in a country that is not subject of your content and is not friendly to the country that is subject of your content.