

Ask HN: How to keep our readers safe and anonymous? - thej

We run a politically sensitive website. Users can submit complaints anonymously. We have done things like<p>- No logging of ip in our app
- No access log on apache
- No 3rd party javascript
- No third party flash embeds<p>I am still not very sure. What else can I do keep my users really safe and anonymous.
======
bigiain
Who are you trying to keep them safe from?

You, that app owner? That's easy enough to convince yourself you're doing
"enough".

Whoever runs your app's hardware/network? That's harder - if you let other
people have access to the hardware, you've lost the game. Traffic analysis on
the network give a lot away too, even if you trust SSL sufficiently to secure
the content of the communication.

The police? That's harder - what're you (or your colo/cloudprovidor/isp) gonna
do if guys with guns show up at the door?

The "government" (choose whichever FBI/CIA/NSA/TLA)? Ummm, good luck with
_that_.

One thing you're not going to be able to do is protect them from themselves.
Nothing you can do about internet idiots swaggering around with an "Oh, yeah?
Wanna come round _here_ and say that?" attitude.

------
seven
Teach them how to use Tor.

<https://www.torproject.org/>

