
How to Start an Anonymous Blog - lewisajackson
http://untraceableblog.com/
======
thomasfromcdnjs
Are you sure you didn't leave your feedburner url in the index source.

[http://feeds.feedburner.com/turkeltaub](http://feeds.feedburner.com/turkeltaub)

Which leads to

[https://twitter.com/ethnt](https://twitter.com/ethnt)

(Web Developer and Computer Science Student)

Which leads to the homepage of

[http://ethnt.me/profile/](http://ethnt.me/profile/)

Who doesn't design website templates.

Edit: It is wrong, Github search finds the `turkeltaub`

[https://github.com/search?o=desc&q=turkeltaub&ref=searchresu...](https://github.com/search?o=desc&q=turkeltaub&ref=searchresults&s=indexed&type=Code)

Though here is the github repo link

[https://github.com/untraceableblog/untraceableblog.github.io...](https://github.com/untraceableblog/untraceableblog.github.io/commits/master)

~~~
0x0
You might be on to something, at least both domains are using the same
registrar and whois privacy protection service.

Edit: Here is the ssh pubkey:
[https://github.com/untraceableblog.keys](https://github.com/untraceableblog.keys)

~~~
untraceableblog
Yep, that's my SSH public key. And here's my PGP public key:
[https://gist.github.com/untraceableblog/8683769](https://gist.github.com/untraceableblog/8683769)

------
pilif
While OPs reasoning is sound (though the question of tracing how they spend
their donations still remains open), the thing is that however well you
started, you don't even get afforded one single mistake you can make.

No matter how small the mistake, if you made it, the cat is out of the bag and
you're screwed. No matter whether you notice and correct it - in light of the
current spying climate, you can be certain that your mistake was logged
somewhere.

There's so many things to keep in mind in order to avoid mistakes, I can't
even imagine them all.

Misconfigured your browser to not use tor when posting? Sending the bitcoins
donated to you to somebody who gets compromised later? Disconnecting from tor
without first logging out of StatCounter and then checking your stats?
Plugging your USB-stick into a machine infected with some BIOS malware?

The possibilities are endless and you don't get even a single "extra life" (to
use a gaming term). Screw up only once and you're screwed forever.

It's kinda like software security: It has to be perfect. Even if it's mostly
perfect and only one single vulnerability exists and is known, you're as
screwed as if your software was open like a sieve.

The days of anonymity on the internet are over. Yes, you can build
sufficiently high hurdles to guard against most people, but those that really
want to know, _will_ know in time.

~~~
panarky
It's not like your anonymity is one in a billion. In fact, your security
habits make you stick out like a flashing red light.

Perfect anonymity: 1 in 7e9

Fluent English speaker: 1 in 7e8

Tor user: 1 in 3e6

Tor user today: 1 in 1e5

Fluent English speaker and Tor user today: 2 in 10,000

Fluent English speaker and Tor user today and accessed both Google Translate
and Outlook.com outside Tor today (because Google and Microsoft block Tor exit
nodes): 1 in 1,000

All of the above and purchased a Kingston Digital DataTraveler from Amazon in
the last year: 1 in 10

~~~
jgalt212
sure, there may only be 5,000 fluent English speakers who used Tor today
(number seems low, btw), but you and the NSA have no idea (per NSA docs--away
from Firefox users) who those people are.

Your logic may have found that needle in the haystack, but we don't even know
which haystacks to look in.

And probably bad analogy, b/c not a heavy computer user, but if it took so
long to find bin Laden, I'm sure many others (even heavy computer users) could
hide for much, much longer.

The real risk, like others have said on this board, is one slip up can ruin
you.

~~~
panarky
Your ISP and law enforcement know what IP addresses are using Tor.

[https://www.eff.org/pages/tor-and-https](https://www.eff.org/pages/tor-and-
https)

That's how the Harvard bomb threat guy got busted, because his Tor usage was a
big flashing red light among non-Tor users.

[http://www.washingtonpost.com/blogs/the-
switch/wp/2013/12/18...](http://www.washingtonpost.com/blogs/the-
switch/wp/2013/12/18/tor-is-supposed-to-hide-you-online-in-this-harvard-
students-case-it-did-the-opposite/)

That's how law enforcement knows what haystacks to search.

And since the OP used his own IP address (didn't go to a coffee shop), that
narrows the search by 3 or 4 orders of magnitude.

~~~
jgalt212
> Your ISP and law enforcement know what IP addresses are using Tor.

Does anyone have a reasonable estimate on what per cent of Tor entry nodes are
known to ISP's, law enforcement, and the NSA?

~~~
aaron42net
Around 100% for anyone using the normal Tor browser bundle.

Tor is designed to hide who you are talking to, not the fact that you are
using Tor. IPs and other metadata about normal Tor relays are published
publicly by the network and are used by the client to build circuits through
the network.

There is a special form of hidden entry node called a bridge that is designed
for use in censorship-happy countries like China, but using them is a manual
process that isn't the default. Traffic through bridges is a very low
percentage of overall Tor usage.

------
snowwrestler
Here's how I'd improve the security.

1) Forget USB drives, they are a nightmare. In fact, forget any writable
medium. Get an old laptop and take out the HD. Boot it from a live CD. Use
only this machine to edit your blog.

2) Make your passwords complex and write them down on a piece of paper hidden
somewhere. Don't host them in any digital form anywhere. You're much more
likely to screw up the digital stuff than get pipe-wrenched.

3) Forget bitcoin or any other funding mechanism. Just pay for your computer
yourself and use a free blog hosting company. Don't buy a domain, just use
domain.wordpress.com or whatever. Don't let money touch the blog at all ever.

4) Don't collect stats on your blog. What do you need them for?

5) Do all your posting from public WiFi points like coffee shops. (Buy your
coffee with cash.)

To go deeper, consider the pattern of your traceable activities. Don't deny
who you obviously are. For instance if you see one of your blog posts on
Reddit, HN, Facebook, etc., click through and read it from your regular
computer. After all it is probably a topic that you're demonstrably interested
in, and the point is to pretend that you've never seen that post before.

~~~
lifeformed
Wouldn't #5 let attackers narrow you down to your city?

~~~
jsnk
This is probably where Tor would come in handy. Onion route to somewhere in
Thailand or somewhere.

~~~
snowwrestler
Yup, I did not mean to exclude Tor with my suggestions above.

------
mapmeld
> if I wrote a series of blog posts in the coming years, you could maybe
> analyize timestamps to determine my time zone. However, the compiled site
> shows only the date

When I set up a pseudonym GitHub, I was shocked to find a script that linked
the two accounts. The first giveaway is using the same languages. Not as much
of a problem with a blog. The second was commit patterns and timestamps.

This is the blog's commits, where you can find an e-mail and timestamps:
[https://github.com/untraceableblog/untraceableblog.github.io...](https://github.com/untraceableblog/untraceableblog.github.io/commits/master)
You know the timestamps are accurate because Tor needs a valid system clock to
keep a good connection.

Solution: I developed a gem 'GitFog' to randomly backdate my commits up to 48
hours in the past. More about that here:
[https://github.com/msjoinder/gitfog/](https://github.com/msjoinder/gitfog/)

~~~
icebraining
_You know the timestamps are accurate because Tor needs a valid system clock
to keep a good connection._

No, you suspect they're accurate, but you have no way of knowing whether the
author was connected to Tor when the commits were made.

That said, GitFog sounds like a useful tool!

------
pornel
Bitcoin blockchain is public and can be partially de-anonymized.

Everybody will see addresses where you spend your donated bitcoins:

[http://blockchain.info/address/1NkM7WekyZe6KoHYoyWX8s2YZXZjU...](http://blockchain.info/address/1NkM7WekyZe6KoHYoyWX8s2YZXZjU2bhHy)

Similarly anybody who receives bitcoins spent by IT Itch will be able to see
addresses where they got bitcoins from, and that may include bitcoin address
of the person you bought bitcoins from.

I guess that mass blockchain de-anonimization may be a big business (or NSA
side-project) in the future, so I suggest "laundering" bitcoins for anonymity
too (find somebody who will swap wallets with you, so you get coins with
completely irrelevant history and no trace of that swap in the blockchain).

~~~
leobelle
As he said in the post he got his bitcoins face to face. Unless the person he
met knew him, knowing the blockchain is useless.

~~~
dllthomas
You are _never_ leaking _less_ than you think. There is information in the
bitcoin chain. It is not _likely_ to be useful without pairing it with other
information (and there are ways to make that harder), but I'd be more than
hesitant to say "useless" \- and certainly leery of betting my freedom or
significant amounts of my privacy on it. That said, it is clearly better
against _at least some_ threats than other available payment systems, in terms
of anonymity.

------
uptown
If you're referencing a CDN for your javascript, chances are somebody at your
CDN provider can match your identity up against other data. For instance,
since he's serving jquery from a Google CDN, couldn't Google match the call to
load JQuery from an administrative page on his blog with an IP address to his
GMail account (assuming he has one)?

~~~
leobelle
No that wouldn't work at all. You could thwart this just with an incognito
browser and plugins disabled.

~~~
uptown
How does an incognito browser hide your IP address?

~~~
leobelle
I thought tor was assumed. I meant with an incognito/private browser while
using tor.

~~~
uptown
What about your browser's "signature"? I know this tool's veracity has been
debated, but your web browser is still very "leaky" even in incognito mode.

[https://panopticlick.eff.org/](https://panopticlick.eff.org/)

------
steven2012
I would probably try to track down the bitcoin used to purchase the URL. It
might be anonymous to buy, but certainly the seller might not be as careful as
the blog author. If the seller could be tracked down, then you would have a
good idea of which city the person lived in.

Then, if you really cared, you could set up malicious Tor nodes in hopes of
getting traffic from that particular user. I only have a superficial knowledge
of the Tor protocol, but I imagine if you set up a malicious first Tor node (a
node that takes the initial incoming request from a Tor browser), you could
track all the IP addresses, and mark any of them coming from that particular
city. You wouldn't know what the person was seeing, but I imagine you could
tell if there was activity on that particular IP address.

From there, you could do some sort of analysis on the blog, and see if any
updates correlate to traffic you see from that city based in the IP addresses
that had activity at that particular time. Since the US has about 400k users
in total, I would harbor a guess that maybe the top city might have 100k users
max, and then if you could whittle down based on time, you should be able to
narrow it down to 100 users. Then you start knocking on doors.

The luxury organizations like the government have is that they can take their
time and wait for you to make a mistake.

~~~
kalleth
Forgive me for being potentially obvious, but can't you trace every single
bitcoin transaction ever?

So you can go from:

Domain seller -> "Anonymous persons bitcoin address" -> Bitcoin address of the
person who sold him those BTC.

You then find _that_ person (as i'm pretty sure they're not so focused on
anonymity) and wrench-attack a description of this guy and location + time of
the meet from _him_ (and also the e-mail he sent to arrange it -- tone, etc).

CCTV camera footage of the meet/people in that area at the time, etc. Home and
dry.

~~~
mr_luc
Not if he uses a mixer to pay you the bitcoins, no.

Blockchain.info has a fantastic almost-free one.

------
jdmitch
> _One problem is that Google can see my original messages, and the NSA can
> probably see them too. If I wanted to avoid it, I could post some anonymous
> translation jobs and pay the translaters via Bitcoin._

Wouldn't this then make it almost trivial for Google or the NSA to find you
with textual analysis by matching what is pasted in translate with any other
writing sample you've done? So the OP isn't really concerned about anonymity
from Google or NSA at all... amiright?

~~~
bo1024
I don't think identifying someone via textual analysis of a few hundred words
is "almost trivial". In fact it seems really, really difficult...suppose your
were the NSA and had obtained this sample from Google. Where would you start?

~~~
grecy
I'd ask Google what the IP address was that accessed the analytic page

------
fchollet
The author of the 2008 Bitcoin whitepaper was identified through textual
analysis of his writing. JK Rowling was also identified as the author of a
pseudonymously published novel using the same methods.

One important step towards real anonymity would to completely anonymize your
writing style. Make sure the distribution of stop words in your writing is
absolutely banal. Make sure to not use your favorite expressions, that can be
found in your previous writing. Etc. Algorithmically measure your style before
posting, and make sure it is non-identifiable.

~~~
shawabawa3
I had a thought for if I ever wanted to write something completely
anonymously: run the text through google translate and back. That should
hopefully butcher all identifying features of the text.

edit: oops, should have read the whole post.

~~~
endianswap
That's exactly what the author did here...

------
gesman
Too complicated. Just search for hosting companies that offer free plans with
basic wordpress hosting.

Then use Tor to register and manage it. The only catch - you'd have to use
their domain, like:

yournickname.hostercompany.com

But who cares - you can get your free, fully anon place to throw up :)

~~~
bkmartin
But do any of them take bitcoin?

~~~
gesman
"Free hosting plan" means it will cost zero (0.00000000) bitcoins.

All of them accept it.

------
christiangenco
This is fascinating, and rather scary that it's _this_ hard to publish
something on the internet anonymously, and not even be guaranteed that the NSA
couldn't find you if they really wanted to.

~~~
dublinben
It's not though. Anyone can fire up Tor and create a pastebin document.

------
mattcwilson
Is the "ref" portion of the Amazon url for the USB drive traceable?

If so, it's also found on this forum, posted by "turk", in reference to a
different USB drive make/model.

[http://www.nsaneforums.com/topic/198758-usb-flash-drive-
sugg...](http://www.nsaneforums.com/topic/198758-usb-flash-drive-suggestions/)

(Looks like the comment was edited to use a different link, but the original
was quoted in the next comment down)

~~~
martinml
You're probably thinking of "tag". The "ref" parameter doesn't have anything
to do with Amazon's affiliate program (which is what I understand you're
talking about).

~~~
mattcwilson
Yup. zgbs is the correlator for "Best Sellers", and 3151491 seems to be thumb
drives.

[http://www.amazon.com/Best-Sellers-Electronics-USB-Flash-
Dri...](http://www.amazon.com/Best-Sellers-Electronics-USB-Flash-
Drives/zgbs/electronics/3151491)

------
GigabyteCoin
The fact that he admits to providing false domain registration information on
a .com domain is enough to have his domain revoked by ICANN if I am not
mistaken.

------
taybin
The hidden encrypted partition might make things worse for everyone:
[https://defuse.ca/truecrypt-plausible-deniability-useless-
by...](https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-
theory.htm)

They'll just keep hitting you with the wrench until you give them the second
password. Sucks if you don't actually have a second encrypted partition.

~~~
leobelle
Does Truecrypt have the capability to provide a password that ruins the
secret? You could give your tormentors a password that once used deletes or
makes the protected content permanently inaccessible and yeah they'll still
beat you to death, but now they can never have what they wanted from you.

~~~
tripa
If it had, the tormentors would just back up the drive before attempting to
access the data.

~~~
leobelle
Good point, that would totally circumvent this, and a read-only system would
too.

------
joshfraser
The key things I would add are:

\- buy a new laptop that has never been used to sign into any services that
know your true identity

\- get rid of the camera and microphone

\- never connect to the internet from your own network or locations you
frequent

\- rotate randomly through public wifi spots and use a long range wifi antenna
whenever possible

\- obsessively monitor your network traffic so you know if your true IP is
ever compromised so you can change your behavior in time

------
ronaldx
> counter this by running all my posts through Google Translate.

This is smart, except... Google presumably records your translations, likely
linking them with your Google account (and - even if not - could easily look
up which translations led to your blog).

So, textual analysis is not quite dead, and you may have given away your
anonymity by taking this measure.

~~~
Sir_Cmpwn
What if, instead, you limited yourself to some number of the most common
English words?

~~~
tbirdz
One idea might be to spell check your writing using a modified English
(simple) dictionary. This modified dictionary would only contain the most
common and simplest english word, allowing you to easily prune out words that
would reveal your fluency in the language.

------
ChrisNorstrom
Question 1): What's the difference between using Tor and
[http://www.hidemyass.com/proxy/](http://www.hidemyass.com/proxy/) 's Pro VPN
option?

Question 2): Can't you buy a domain name and hosting using
[https://www.nearlyfreespeech.net/about/mailing](https://www.nearlyfreespeech.net/about/mailing)
and mailing in an anonymous cashier's check / postal money order?

Question 3): Why not just (using Tor/VPN/Proxy) sign up for a Tumblr or
Wordpress Blog anonymously and only logging in or editing the blog when using
Tor/Proxy/VPN?

Where there is a need and a poor solution, there is an opportunity for a
startup. Anyone want to join up and contemplate starting "TABlog" Truly
Anonymous Blogging platform?

~~~
untraceableblog
1) Trust. I trust the Tor developers and nodes much more than HideMyAss, which
is a single point of failure.

2) Looks like a good suggestion, I'll have to check that out if I ever start a
Tor hidden service.

3) The main factors are having control over the HTML, and differentiating the
site from just another wordpress blog. Anyone can start a Wordpress blog using
Tor, and that wouldn't make a very interesting blog post.

This was done mostly as an excercise and experiment. If the goal were just to
publish sensitive articles, I would use a free blogging platform.

------
gesman
PS: I agree with blockchain bummer - it's actually much harder to anonymize
the fact of your bitcoin ownership and much easier to trace illicit bitcoin
purchase back to you, than most people think.

------
debt
Another idea would be to start a service which accepts blog posts through
snail mail. The service asks that you add a unique string of numbers and
letters to identify youself to the service. Someone on the other simply ocr's
your blog post letter and posts it under the requested pseudonym which also
matches the secret unique identifier. It's a simple username/password
authentication via mail in each post.

Just dont add a return address and you're solid.

------
lewisajackson
Googling "untraceableblog" shows there is a tumblr with the same name:

[http://untraceableblog.tumblr.com/](http://untraceableblog.tumblr.com/)

Whilst this may be nothing and I'm sure he/she wouldn't leave a trail like
this, I thought it worth noting. This tumblr user has gone out of their
recently to delete all of their past posts (even those made last month) and
leave just one.

------
lispsil
problem is your local isp sees you using Tor, so have to run tails in a VM and
on the host tunnel all traffic through Jondo or something.

~~~
icebraining
Lots of people use Tor, that doesn't tell them much.

~~~
steven2012
The student who made a fake bomb threat at Harvard was tracked down because he
used Tor on campus.

~~~
endianswap
He was what, one of six who was using Tor at the time and cracked almost
instantly when questioned.

~~~
Crito
One of six is pretty damn good, and that is before you even consider other
factors (such as, how many of those six had a final in one of those buildings
at that time.)

------
1angryhacker
got you! Mr Lewis A Jackson!

~~~
christiangenco
Hah, I was thinking the exact same thing. Hopefully he didn't mess up the
easiest part.

~~~
lewisajackson
It wasn't me haha, I just found the article interesting

~~~
oskarth
More relevant: where did you find the article?

~~~
lewisajackson
Reddit. Bitcoin subreddit.

[http://www.reddit.com/r/Bitcoin/comments/1wd0wx/how_bitcoin_...](http://www.reddit.com/r/Bitcoin/comments/1wd0wx/how_bitcoin_helped_me_start_a_completely/)

------
kzsee3
why not a 2 part blog - accept scanned or mailed in documents. Scan it in and
post as blog. Now you will be truly anonymous.

------
lowglow
I tried building something similar with
[http://valleyanon.com/](http://valleyanon.com/) but for whatever reason, it
never caught on. I don't know if people _really_ care about anonymity enough
to consider it as a separate service.

------
cik
It's definitely an interesting case. There's a general problem online
nowadays, of enabling people to host truly anonymous information - allowing
them to be free to protest.

Personally, I hope his/her posting sparks a conversation about internet
anonymity, or the lack thereof.

~~~
diminoten
Protest where?

There are no public grounds on the Internet. Even if there were, there aren't
any public ways to get to those public grounds.

------
Stef911
whois 185.31.17.133

% This is the RIPE Database query service.

% The objects are in RPSL format.

% % The RIPE Database is subject to Terms and Conditions.

% See [http://www.ripe.net/db/support/db-terms-
conditions.pdf](http://www.ripe.net/db/support/db-terms-conditions.pdf)

% Note: this output has been filtered.

% To receive output for a database update, use the "-B" flag.

% Information related to '185.31.17.0 - 185.31.17.255'

% Abuse contact for '185.31.17.0 - 185.31.17.255' is 'abuse@fastly.com'

inetnum: 185.31.17.0 - 185.31.17.255

netname: FASTLY-EU-IPV4-2

descr: Fastly Frankfurt 1 Operations

country: de

admin-c: AB28187-RIPE

tech-c: AB28187-RIPE

status: ASSIGNED PA

mnt-by: FASTLY

source: RIPE # Filtered

person: Artur Bergman

address: 501 Folsom St.

address: San Francisco CA

phone: +1.415.568.8829

nic-hdl: AB28187-RIPE

mnt-by: FASTLY

source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.70.1
(WHOIS1)

------
rikkus
Dave's always doing this, and he always gets uncovered. Knock it off, Dave.

------
stevedekorte
[http://www.darklogs.com](http://www.darklogs.com) which uses bitmessage may
be a significantly safer anonymous blogging service.

------
elchief
I hope you bought your laptop with cash, far away from home.

------
mrfusion
Would it be better to use namecoin for the domain name?

~~~
ktorn
Probably, and since untraceableblog.bit already points to his host's IP
address, all that's needed is for him to configure that domain on the github
side (and probably also untraceableblog.bit.pe for folks without .bit
resolution).

~~~
mrfusion
What does the .bit.pe address do?

~~~
ktorn
It's just a proxy for the .bit domain since most users cannot access .bit
sites directly (not yet anyway).

For example, if you cannot access [http://explorer.bit](http://explorer.bit)
then you can just add .pe to the URL and access
[http://explorer.bit.pe](http://explorer.bit.pe)

~~~
mrfusion
So someone in the namecoin project registered bit.pe?

And they just have a server running that passes the requests through?

~~~
ktorn
Not sure who did it, but yes.

------
ta223
Here's how I'd trace him:

1) get access to the request logs of third-party includes on his page

2) look for requests made just before the page is published publicly

~~~
untraceableblog
All requests are made through Tor. The Tails OS is configured to allow
absolutely nothing through the clear internet.

------
arthurcolle
I can't imagine that using Microsoft's outlook.com email service is the best
avenue to anonymize one's blog posts.

~~~
untraceableblog
Interestingly enough, outlook.com is the only free email service that let me
sign up over Tor. I access it securely, and it's just for verification
purposes. Every service needs an email address.

------
galapago
At least, his email is visible in every commit:

> untraceableblog@outlook.com

------
vrikis
Aren't the NSA a huge investor in TOR? ... I get what OP is trying to do, but
in reality, since you're still using other people's pipes and fibre, you will
never reach true anonymity, no matter what you try...

------
elwell
Unless your name actually is Lewis A. Jackson

------
davidbates
Jason, I know its you.

------
leoplct
Your username on HN is not so anonymous, Jackson Lewis.

------
af3
why not just post to github pages with github.io domain?

~~~
sharth
He/She/They are actually using github pages, but with a custom domain.

~~~
Blahah
af3's point is that you can avoid the risk of assuming bitcoin is anonymous by
not buying a domain name at all...

~~~
af3
yes.

------
diminoten
Guy's European, possibly British.

Random guess based on "couldn't be fucked" and "you might have assumed that
English was my second language".

Also, the guy the author met could ID the author.

