Ask HN: How to create an anonymous site?

Much like security, you pick your countermeasures in advance in the hopes of raising the cost of an attacker to penetrating your security. You're not anonymous. You're anonymous to an adversary with a given amount of technical/legal/intelligence/etc resources to bring to bear on deanonimizing you.

People will probably give you links which describe adequate methods for securing you against adversaries without $1,000 or equivalent amounts of brainsweat. If that's your adversary, there. May you execute properly.

If your theorized adversary is a nation state, pick another adversary. You're guaranteed to lose that fight in the long run. If you bid the price of your identity up to $5 million, they will counter with "We routinely pay that to kill mosquitoes" and mean that entirely literally.

Don't.

More specifically, if you truly care for anonymity, you won't be using a plain DNS+Web site. Instead, you should go for Freenet [1] or a Tor-hosted website [2].

[1] https://freenetproject.org/

[2] https://www.torproject.org/docs/tor-hidden-service.html.en

Here are a couple of interesting links:

http://untraceableblog.com/

http://voidnull.sdf.org/

To answer your questions - you can buy domain for bitcoins and use some free hosting like Wordpress or Github Pages.

Besides the technical measures in the other comments, there are a bunch of other tricks that might be useful. (Please don't take this as advice, but just as a thought experiment! If I were writing a spy novel, these are some things my characters would do.)

Find a homeless person, and ask him/her to register a bank account in exchange for some cash or a meal. Use that account to set up your website anonymously. You'll find that you need to dirten money if running such an operation - reverse laundering or taking "clean" money and putting it untracably into the business. Such a proxy account is a vital ingredient.

Don't rely on Tor alone. It might be completely subverted, you wouldn't know until it's too late. Buy access to a botnet and route your stuff over it.

Have multiple servers. If you have one single server, its easy to trace. Either by brute force: the ISPs disconnect/slow down 50% of customers for a split second, depending on wheter your site went down or not they know in which half you are, repeat until they find you. There are much more sophisticated techniques that don't require active interference. But if you have at least two or three identical servers at different locations, it makes it a lot harder to catch you. Don't forget tamper-proofing your servers.

Have trustworthy accomplices. Generally, the less people you tell what you are doing, the better. But if you have a close circle of people you can really trust, it becomes much easier to pull this off. You can work from multiple locations, give each other alibis, etc..

Build fake personas. Don't just take a pseudonym, but create fake identities. Keep records on their interests, their motivations, what you disclosed about them. The purpose is to throw investigators off. You should be aware of techniques used by them, such as behavioral analysis, stilistic analysis, etc.. Working with accomplices can help alot in creating these fake identities and concealing your own (e.g. writing style).

Go somewhere safe. If possible, move your servers, or even yourself, somewhere where what you are doing is not punishable, or the authorities can be bribed.

This list could go on for ever... I'm not sure how practical many of these ideas are, but one thing is clear, you'll need a certain amount of "criminal energy" to pull this off - no matter whether your intentions are criminal or not. (Disclaimer: I'm too pussy to actually have done any of the above, so it may or may not work :-))

1. Buy BTC with cash

2. Buy a domain with BTC via Tor

3. Buy hosting with BTC via Tor

4. Do not accidentally leak your identity in one of million possible ways

#1-3 are pretty easy, but #4 is next to impossible. If nobody cares about you there might be some small room for error. But generally it takes one smallest mistake and you are ultimately busted.

The untraceableblog.com below is a great resource.

However, in the end, there is always text analysis though that can give your identity away, which the untraceable blog does not address.

That's why you possibly need a ghost writer that you provide with a script or a robot audio recording if you want to go 100% sure. You need to be able to trust your ghostwriter a 100% though then. :)

I would go with a Tor [1] hidden service or an EepSite on I2P [2].

Both are easy to setup and are accessible by anyone using "inproxies" such as onion.to or i2p.us.

Another advantage is that you can host the sites anywhere even behind a firewall or a NAT as long as the computer it's hosted on can run Tor or I2P.

I personally have a preference for I2P, since this is its main purpose while Tor's hidden services are not the primary purpose of Tor (which is to anonymize users on the clearnet).

[1] https://www.torproject.org/

[2] https://geti2p.net/

Take this as a start: http://grugq.github.io/presentations/Keynote_The_Grugq_-_OPS...

Maybe someone with experience of such hosting? Like: http://www.nearlyfreespeech.net

I should add: Goes under US Law, so forget pirating or illegal content.

I think most answers here are over thinking it; I do not think he wants a website that can defeat the NSA, just one where the service provider could get subpoenaed and not lead them to him.

So, just buy webhosting with Bitcoin at somewhere that does not require contact details.

e.g.

http://www.orangewebsite.com/

http://bitcoinwebhosting.net/

Sign up at the local library to cloak that IP then use tor after that if you think you will have a dedicated adversary.

It is not as much creating an anonymous website as it is about protecting the users (keeping their anonymity) and their content (from prying eyes). A service can be in plain sight, but if it employs the correct (often needed - extreme) practices, it can provide its users with this level of confidence. I happen to be a Co-Founder of such a service :-) www.anongrid.com is an extremely secure and anonymous content sharing service. still in its infancy but you're welcome to check it out and see what I mean.

If you need to ask these questions you are not qualified to run such a site, or at least not to ask anyone else to trust that you are not going to screw up when setting it up or at some point in the future and break anonymity. The more you move away from "free speech" to avoiding regulation and toward criminal activity the greater the chance that someone out there will actually try to see how good you really are, and then your whole house of cards will fall down. Seriously, don't.

Use subdomain on any known websites like http://anonymous.wordpress.com ?

Depending on what you're trying to accomplish, couldn't you drop content on the blockchain? Not a traditional website, but relatively anonymous (depending on how you move the coin), and more importantly, it can't be seized or taken down (kinda scary when you think about the potentially implications for everyone who downloads the blockchain)

Launching and maintaining fully anon site is close to impossible. And maybe not worth a hassle depending on your purpose of course.

Instead - register Twitter nick and link your tweets to pastebin or similar repository where you'd post something worthy of reading.

Use Tor for all above.

if you host it yourself, don't forget to clean up your access logs. you might want to actually fill them with invalid data, rather than completely deleting them.

What is really hard is to have a secure (SSL) anonymous website with a valid SSL Cert.

For how long? Get a dyndns pro account, laptop(s) and host the site from multiple coffee shops. I didn't give this much thought, internet advice eh.