
Ask HN: Starting an Anonymous Blog in 2019? - mvanga
Hey folks,<p>I&#x27;m asking because I&#x27;m curious how one would go about doing something like this in 2019. What are the things you need to think about, and what measures would one need to take to ensure continued anonymity over time. In particular, I&#x27;m curious about just information transfer, like a simple, not-for-profit blog.<p>Since the threat model can get pretty vague, I guess I&#x27;m thinking about two main scenarios:<p>1. Easier case: how to prevent being de-anonymized by curious individuals and specific corporations (e.g., multiple ISP&#x27;s colluding together may be able to de-anonymize you, but for example a specific company like Google can&#x27;t).<p>2. Harder case: ensuring anonymity even from state-level actors.<p>Thanks!
======
cik
Well, if you're willing to accept my paranoia - here's what I did for a
reasonable test. Again, it's only a start - there's more fun and paranoia to
be had. At the end of the day it's about having an identity, not a blog.

1\. Buy a credit card in cash from somewhere without cameras.

2\. Use that credit card to buy a phone number through many of the real voip
providers.

3\. Buy a used laptop on CL/Kijiji in cash, making sure the pickup is
someone's house. Bonus points if you make a friend do it.

4\. Go to a Starbucks with your new laptop, sign up for gmail or protonmail
using your new phone number.

5\. Nuke your laptop and reinstall. It's a burner. Make sure you change the
MAC address, just for profit.

6\. Sign up for free VPN (500MB start) with something like TunnelBear, using
your new email address.

7\. Connect to your VPN from the laptop. Now use TOR.

8\. Remember that credit card? Time to buy another one - this time so that you
can pre-fund Amazon credits (or DO). They'll both accept prepaid credit cards.

9\. Blog, do your thing - but only ever publish from a dedicated VM on the
laptop. Make sure you're using firefox (or something else) in your VM to test
your blog - through the SOCKS proxy you establish (ssh -D) to the host.

10/11\. Nuke and rebuild VM and machine at will.

12\. Every ~3 months, do a Kijiji exchange for a new laptop.

The above is in no way foolproof. But it's a reasonable start. For the record
I don't consider this anonymous or paranoid enough.

~~~
apeace
Is #2 even possible? Which phone providers accept prepaid cards and no way to
verify the user's identity?

For #7, make sure you do VPN over Tor, _not_ Tor over VPN. The former is more
secure for you, and has the additional benefit that sites won't know you're
using Tor. The latter sucks for you _and_ Tor if you relay any traffic.

~~~
itake
#2, you can walk into a Target and by prepaid SIM cards for about $15/each.
You can also signup Google Fi for free, but they will need an address to ship
the card to.

~~~
beefhash
Mind you, you'll also have to travel out of the country if you're basically
_anywhere_ in Europe, where buying anonymous prepaid cards is simply not
possible anymore because laws mandate taking and storing the identity of the
buyer.

~~~
FDSGSG
Yeah, if you have no social skills. I've never had trouble with "Uh, I left my
ID home. I remember my passport number though, can I just give you that?"

I've bought lots of prepaids in probably most European countries.

------
beefhash
> 1\. Easier case: how to prevent being de-anonymized by curious individuals
> and specific corporations (e.g., multiple ISP's colluding together may be
> able to de-anonymize you, but for example a specific company like Google
> can't).

GitHub is Tor-friendly, so you can piggyback off GitHub pages with Tor/proxies
and get something out of that at no cost. Occasionally, they may automatically
determine you to be a bot account, but support is responsive and reinstates it
within at most days if you seem human enough. Censorship remains an issue, but
shoving the pages manually into archive.org should help build some resilience
at least.

Maybe mirroring on BitBucket and GitHub will also work.

> 2\. Harder case: ensuring anonymity even from state-level actors.

This is a very, very hard problem. Your best bet would probably be
compromising a few poorly-secured websites outside the sphere of influence
you're trying to hide from, doing this from a public hotspot in a foreign
country and then connecting to them only via Tor. Of course, if Tor is enough
of a red flag in and of itself, you'll always have to travel to post, which is
just as suspicious.

~~~
mvanga
> GitHub is Tor-friendly, so you can piggyback off GitHub pages with
> Tor/proxies and get something out of that at no cost. Occasionally, they may
> automatically determine you to be a bot account, but support is responsive
> and reinstates it within at most days if you seem human enough. Censorship
> remains an issue, but shoving the pages manually into archive.org should
> help build some resilience at least.

Interesting insight about using archive.org to build resilience against
censorship.

Also, is there something like a distributed version of GitHub pages/Netlify
that might be less centralized? (e.g. perhaps a blockchain-based publishing
platform that anyone can host a frontend for if one is taken out)

> This is a very, very hard problem. Your best bet would probably be
> compromising a few poorly-secured websites outside the sphere of influence
> you're trying to hide from, doing this from a public hotspot in a foreign
> country and then connecting to them only via Tor. Of course, if Tor is
> enough of a red flag in and of itself, you'll always have to travel to post,
> which is just as suspicious.

With behavioral patterns, I'm guessing it's nearly impossible to stay
anonymous for extended lengths of time. However, it might still be good for
releasing one-time long form content such as books.

~~~
wtmt
> Also, is there something like a distributed version of GitHub pages/Netlify
> that might be less centralized? (e.g. perhaps a blockchain-based publishing
> platform that anyone can host a frontend for if one is taken out)

There are, but I’m not sure about accessing them with conventional browsers of
today. There’s Beaker Browser (beakerbrowser.com) and there’s IPFS (ipfs.io).

~~~
rzzzt
I think both have content pinning and/or HTTP gateway services; one example is
Hashbase: [https://hashbase.io/](https://hashbase.io/)

------
whatisthiseven
Lots of good technical advice has been given and I won't rehash that, but I
think there are lots of other methods you'll need to consider, too.

1) Time of publish. You'll want to make sure the times you publish entries are
random and can't be correlated with things you are doing. If you take a
vacation, you'll need entries going up.

2) How you write. You'll want to ensure your writing isn't too similar to your
own. Either have others write it, excessively use synonym dictionaries, or
introduce writing styles and elements exclusively to the posts you write.

3) What you write about. It should be as diverse as possible. If you only
write about one topic, or clearly have a bias for one topic, then it is easier
to pin down your interests and focus searches against you to that. Write about
cooking, about programming, about art, about politics, etc. Even if you hate
or aren't good at it.

4) Fabricate entries. You'll want to write about topics you dislike, or topics
you don't believe in or about places you have never been. Reference dates and
times that would be impossible with your schedule, your income, your skills,
or your connections. For areas you are most versed in, introduce simple errors
to reduce your apparent expertise. In areas you are most ignorant, plagiarize
from experts in a non-obvious way to fake expertise.

5) Write in only your native language so as to not giveaway where you learned
some other language. If this isn't enough, then run your writing through an
automatic translator each time into some other language you might know and
only do a light touch up of the most egregious errors.

You kind of get the drift. Lots of people here can give technical advice, but
that is always one slip-up from going wrong and you getting caught. Having
lots of disinformation and mixed information in the blog itself can help
provide cover and deniability.

~~~
kadoban
Much of this seems like good advice. This definitely seems like the way you'd
have to think to pull off something like this reliably with a strong enough
attacker on your heels.

It's amusing to think of what happens if you follow this too far though.
Essentially you're putting on a mask that is as uncorrelated with yourself as
possible. But if your intent is to publish something, that seems contradictory
to some extent. Can't use your own point of view, can't use your own
expertise, can't use your daily experiences or any information specific to
yourself. The only sense you'd be publishing a blog would be mechanically.
Anything you actually intended to say would be lost in the white noise of
everything you must say in order to stay hidden.

~~~
whatisthiseven
That could happen in an extreme case, but I think if the intent is to write
something to inform, then regardless of one's expertise the content should
make clear the value.

I think when assessing anyone's work that is done through a pseudonym, anon,
or what appears as a clearly fake profile, one needs to really pick and choose
how they decide to ingest that information.

I would be hesitant to even remark on the anon blog that the blog is written
in the most defensive manner possible, as that indicates to adversaries the
level of aggression the target expects, which can itself narrow-down where
they might be.

It is a truly hard problem, but if the value of OP is complete anonymity and
the signal to noise ratio isn't as important, then these obfuscation steps are
valuable. Not the least because they can be implemented or dropped at any time
as one's security threat changes.

------
wtmt
You have to blend in with the crowd to avoid sticking out. This means not
buying a domain name (since domain registrations, even with contact
information hiding, require real addresses in many cases for the registrar to
process).

Then you use Tor to create a couple of ProtonMail and Tutanota addresses. Use
these email addresses to create accounts on sites like GitHub while using Tor
(make sure you link multiple addresses so that you have ways to get back in if
one of them doesn’t work or you get kicked out).

Mirror all the writings on archive.org and another free site so that you have
a backup to point people to (list the address of the other site in each site).
Never trust any provider not to kick you out for “violating their terms and
conditions” without telling you what you did or how you can fix it. When you
get locked out, it’s usually with vague statements and no way to get back in.
You’re at the mercy of bots and other people who may make it their mission to
shut you down (depending on what you write).

Create multiple throwaway accounts without a lot of history to share the posts
elsewhere.

Use Tor for everything related to the blog.

Edit: Building on what zelly said on translating from one language to another
and back to reduce the chances of being identified by your writing. Somewhat
similar in nature to hashing iterations, use one service to translate from X
to Y, another to translate from Y to Z, and then yet another service to
translate from Z to X. Then post X after making any necessary corrections.
This could be automated with simple scripts. Using simple and short sentences
could also help against any language analysis. Write, then feed it into
something like Hemingwayapp, simplify it, then process it further with
translation rounds.

~~~
jammygit
Having to sacrifice style completely like this: that’s a drag. Are the style
models accurate enough to id people already?

~~~
newscracker
Seems like they’ve been using this with a good amount of success in certain
cases. The Wikipedia page for Stylometry has more details. Bruce Schneier has
also written about it a few times over the last decade.

------
cannaceo
Upvoted because this is a super important topic. I don't feel comfortable
shining a spotlight on my industry because I don't trust that I could keep my
identity secure. I imagine many feel the same way.

------
smilesnd
This is a very simple question to a very complex problem/issue. Simple answer
it isn't possible. The current way the internet, law, and society works it is
impossible to start a anonymous blog. You can create hurdles and do simple
things that would stop the easy to find things. But, if someone or corporation
really put any effort into finding you they could.

The internet was not design for people to be anonymous. Our law's weren't made
to keep you anonymous. Our society doesn't allow for people to be anonymous.

------
woofcat
Realistically the only way I could see this being possible on the standard
internet and not some service like Tor, etc. is to register multiple
corporations and hire multiple lawyers.

For instance register an LLC in your country or somewhere like St. Nevis, that
owns a LLC in New Mexico, that owns another LLC in New Mexico that pays for
hosting, then using ideally another chain of LLC's pay a lawyer to actually
post the content on the blog.

Basically following the same standards as money laundering but with content
publishing. That way anyone who wants to find out who actually published the
content would have to track down the owners of multiple corporations and the
legal barriers with that, especially with cross jurisdiction challenges this
can be effective.

It wouldn't be cheap, and nothing is 100% bullet proof. However this would
largely protect you against private corporations and individuals from tracking
your postings.

------
hombre_fatal
People have already given the advice of hosting your blog entirely on a
platform like Github.

Spitball idea: Host your data in the script portion of bitcoin transactions.
Now the part you host on Github or other platforms is just the JS script that
fetches your transactions from online blockchain explorers.

Use localbitcoins.com to trade cash for bitcoin face to face. Just trade $10.

The idea being that it's easier to pass around a JS script than the corpus of
a blog. And platforms like Github are probably less likely to remove your
pages if the potentially-troublesome plaintext of your blog isn't actually in
their database. And the purpose of storing the data on the blockchain is so
you don't have to keep rehosting content as it gets taken down.

I'll admit this is more of a fun weekend project (storing stuff on the
blockchain with a JS script that can fetch and present it) that I've
repurposed as an answer.

~~~
wtmt
This sounds like a good idea — dissociating the actual content from a platform
like GitHub. But I wouldn’t suggest the bitcoin blockchain. Unless the OP has
a decent amount of disk storage (which is easy to get) and a good amount of
network bandwidth to keep it in sync and also push changes to the network,
this would be cumbersome. The OP would also have to consider the time delay
for propagating the update into the blockchain network (which could be several
minutes or sometimes hours, AFAIK).

Maybe using the script to fetch from IPFS? (I have absolutely no clue if this
is even feasible and how it would work)

~~~
lawn
You don't have to run a full node yourself to embed data into the blockchain.
Just use a light wallet (but be sure to obscure your IP) and push the
transaction.

------
apeace
#2 is not a good idea. Do not attempt to publish information that could get
you in trouble with any governments.

Instead, get connected with a tech-savvy media outlet via SecureDrop or
Signal. They can publish the information, have experts on hand to help you
stay anonymous, and can likely connect you to legal resources should that
become necessary.

[https://www.theguardian.com/securedrop](https://www.theguardian.com/securedrop)

[https://www.washingtonpost.com/securedrop/](https://www.washingtonpost.com/securedrop/)

[https://theintercept.com/source/](https://theintercept.com/source/)

[https://www.nytimes.com/tips](https://www.nytimes.com/tips)

~~~
dublinben
You might want to cross The Intercept off that list, since they inadvertently
burned their source, Reality Winner.

[https://blog.erratasec.com/2017/06/how-intercept-outed-
reali...](https://blog.erratasec.com/2017/06/how-intercept-outed-reality-
winner.html)

~~~
jammygit
That is horrifying and Orwellian

------
zelly
1\. Login to a hosted blogging platform with Tor Browser.

2\. Put Tails on a live USB drive. Only ever do your blogging on Tails.
Purchase hosting for a hidden service with Monero. Watch out for people
tackling you in libraries.

------
tiborsaas
1) Don't run your own infrastructure

2) Don't buy a domain name

3) Deploy a static blog (gatsby, jackyll, etc...) to Github or Netlify

4) Done

Now you just need a VPN every time you log into these accounts and publish
your content.

You might also want to randomize the times you access these services and
publish content. That further obscures where you are in the world.

~~~
soohyung
You won't be anonymous to the VPN company so a specific corporation can
identify you though. Something like Tor would be a better choice.

~~~
tiborsaas
Oh, indeed I forgot that good VPN-s are paid :)

Besides Tor, you could get a free AWS/Google Cloud account and do content
submission from a free, minimal VPS machine.

~~~
janpot
You need to add a credit card, even for free accounts

~~~
tiborsaas
Fair, but you get the idea, you can edit the GIT repo easily that's hard to
detect who's doing it.

[https://www.gitpod.io/](https://www.gitpod.io/)

[https://visualstudio.microsoft.com/services/visual-studio-
on...](https://visualstudio.microsoft.com/services/visual-studio-online/)

------
omarhaneef
Off the top of my head:

1\. Use all free technology since payments are a great way to figure out who
you are. (So gitlab/github pages, blogger etc)

And then the usual info hygiene:

2\. Always use a VPN to log in

3\. Don't use the same username or password anywhere else

One final thing:

4\. If you put out enough samples of your writing anywhere else tied to your
identity (email archives, a non-anonymous blog, publications), people can
probably use ML to figure out who you are. I don't know if there is a "style
obfuscation" engine to help with this.

~~~
zelly
> I don't know if there is a "style obfuscation" engine to help with this.

Machine translate from language X to Y. Then Y to X again.

~~~
wtmt
Somewhat similar in nature to hashing iterations, use one service to translate
from X to Y, another to translate from Y to Z, and then yet another service to
translate from Z to X. Then post X after making any necessary corrections.
This could be automated with simple scripts.

Using simple and short sentences could also help against any language
analysis. Write, then feed it into Hemingwayapp, simplify it, then process it
further.

~~~
omarhaneef
I like the Hemingway app approach better than the translation approach because
if you are blogging you presumably want it to be well written for the ultimate
reader, though I recognize it would be less effective.

------
tossAfterUsing
Previous discussion:

"OnionShare makes it easy for anyone to publish anonymous, uncensorable
websites"

[https://news.ycombinator.com/item?id=21253668](https://news.ycombinator.com/item?id=21253668)

------
lozf
Some great answers here, but if you're doing anything that involves going out
and about (e.g. buying phones / cards / starbucks etc) - Don't forget to leave
your regular registered phone(s) at home or office, and never allow burner and
registered phones to be active (powered on) near each other.

------
encypruon
This is a sore spot with me, because here in Germany you just can't. At least
not legally. And more than that you have to openly announce your name and
address on your website. It's called "Impressumspflicht". Theoretically it
doesn't apply to "private" websites but there is enough ambiguity there that
not including an "Impressum" is considered too much of a risk.

Some try to render the "Impressum" as a picture so that it doesn't get indexed
by search engines but it's not clear wether that is sufficient.

You also can't just rent a post box somewhere to get around announcing your
address. The address has got to be a "ladungsfähige Anschrift" which means
that it has to be the place where you live.

~~~
jobigoud
What is the risk? And if it's anonymous how do they find you? You don't have
to host your blog on a .de domain.

------
CM30
For the former, just having a private domain registration, not putting any
personal information on the site and avoiding any type of presence in media
posted there (like face/voice in videos) will often be enough. Most people and
companies aren't that technically inclined, nor motivated to try and track
down anonymous creators. Unless you're being specifically targeted by a
dedicated group of obsessives, no one would even bother looking into things
like writing styles and background trivia.

For the latter case (or when dealing with said obsessives deliberately
targeting you), then things get trickier. The challenge with infosec is that
messing up even once compromises everything, and most people/groups mess up
multiple times.

Some advice there:

1\. Don't try and be a 'ghost', throw people off with fake identities.
Manufacture social media accounts/history to send people barking up the wrong
tree.

2\. Use burner equipment wherever possible, or at least computers/phones that
aren't used for real life activities.

3\. Get an anonymous email account, use it for a VPN, use Tor, etc.

4\. Access the internet from a variety of places under said conditions, maybe
with different online identities each time

5\. Use services based in countries your current one have no treaties with

6\. Deliberately vary your writing style so it can't be linked to previous
work (may be difficult)

Plus a whole bunch more steps that would make anyone writing them seem super
paranoid when posting.

------
mgreenleaf
Several things to think about, weak points could be:

Domain name, since the registrar will probably have your information.
Namecheap allows bitcoin payment, but I think they still require contact
information. Going with an onion url would limit that impact.

Hosting, again, they will almost certainly have your information. Swisslayer
allows bitcoin payments, but contact info might still be required. Could be
mitigated by going with Tor or some other service, but that limits
discoverability.

Server software -- you would want to limit the ability to be compromised, so
something like OpenBSD with the built in httpd and raw html files would be a
reasonable bet for preventing intrusion. Keeping it simple would leave less
attack surface, and less potential to leak information.

Using Tor to connect would mean less logs between.

Any information you gave in content could be used to trace, but that is
difficult and would require being careful in the writing style, and what
information is leaked in that channel.

EDIT: As beefhash points out, piggybacking on an already accessible public
endpoint negates a lot of the leaking of your information through your own
services.

~~~
_-o-_
Is there a reasonably easy way to get anonymised bitcoins? Mining is currently
out of the question, purchase on exchange will leave a trail.

~~~
hombre_fatal
Trade bitcoin locally face-to-face.

I've used [https://localbitcoins.com](https://localbitcoins.com).

~~~
droffel
Localbitcoins requires KYC these days.

~~~
FDSGSG
You don't even need to register to use localbitcoins, they only require KYC to
put up a listing.

------
3pt14159
If you're trying to beat top tier state actors, and you're posting content of
high enough profile, you're going to lose. There are too many fingerprints and
timing attacks that will give you away. The way you construct sentences, the
types of words you hyphenate, the way you spell words, the words you select,
etc.

~~~
inetsee
> The way you construct sentences, the types of words you hyphenate, the way
> you spell words, the words you select, etc.

There are ways of countering these kinds of analyses. A search for "defeating
stylometry" turned up this link:
[http://www1.icsi.berkeley.edu/~sadia/papers/adversarial_styl...](http://www1.icsi.berkeley.edu/~sadia/papers/adversarial_stylometry.pdf)

------
brentis
Id look into crypto space. Buy a unique blogging computer and connect to free
wifi. These may not be the solutions, but possibly.

[https://www.cryptovibes.com/blog/2019/01/02/iota-
introduced-...](https://www.cryptovibes.com/blog/2019/01/02/iota-introduced-
the-next-generation-private-chat-app-chat-ixi/)

[https://zeronet.io/](https://zeronet.io/)

------
glomph
One route you could go down is sharing with a newspaper. Several newspapers
have projects where they want to be able to accept stories anonymously.

E.g.: [https://www.theguardian.com/help/ng-
interactive/2017/mar/17/...](https://www.theguardian.com/help/ng-
interactive/2017/mar/17/contact-the-guardian-securely)

------
g8oz
Don't get your own domain. Use a service like Wordpress.com. Register with
them using a outlook.com alias. Use one VPN to set the account up then cancel
that VPN. Then use another VPN to post new content. When administering the
blog don't use your own machine and everyday browser - instead, spin up a
clean VM.

------
sparker72678
If you were able to find someone, somewhere, who you otherwise have no
relationship with, perhaps you could get that person to setup the blog, and
post the messages that you send to them via some other (offline) method.

While clearly difficult, I'm not sure this is really any harder than the other
technical solutions listed here.

------
yifanl
Case 2 probably involves some (and likely a _significant_) amount of identity
theft, and even then I don't think you can do better than pseudonymous - if
you want your intended audience to reliably know which sources of information
comes from you, then any and all adversaries can know the same.

------
snow_mac
0\. Visit a library or starbucks in a nearby town using a computer that has no
association to you (wiped or loaner)

1\. Use TOR or some kind of proxy service

2\. Sign up for Proton Mail

3\. Use Proton Mail to sign up for wordpress.com blog

4\. PROFIT!!!

~~~
woofcat
You can't signup to ProtonMail from a VPN or Tor Exit node without SMS
validation.

~~~
snow_mac
Go to a starbucks then; no tor needed

~~~
woofcat
Sure, but now they have a location of where you are... which depending on the
contents of the blog might be all they need. Unless you're advocating that
they take a cross country trip to sign up for an email.

------
thakoppno
Great thought experiment that I’d like to expand to the question of how to
send a single anonymous packet on the Internet?

~~~
wtmt
Isn’t the Internet built for spoofing who/what sent something? As I understand
it, when you peel the layers and look deeper, there is no stringent
authentication or identity verification that really happens, which makes it
easy to exploit for DDoS attacks (using IP spoofing, which may help for
certain kinds of attacks, or BGP spoofing).

------
throwawaylol123
Use ZeroNet.io with Tor And fork ZeroBlog or use ZeroMe

