
This page is anonymous - voidnull
http://voidnull.sdf.org/
======
voidnull
Looks like the HN account is working again.

There have been a couple of quick updates I posted on the linked page. First,
SDF _does_ accept Bitcoin for validation.

Second, SMJ is personally upping the prize to $100. See the link for details.

I am very happy with the result of this stunt. So far this page has gotten
over 100,000 which works nicely towards the goal of driving more users towards
Tor and SDF.

------
voidnull
To give some context, I did this as a publicity stunt for SDF and the Tor
project. I have no affiliation with either of these, other than being a
grateful user. SDF especially can always use more money and users. As opposed
to pastebin, SDF lets you have an email account, message other SDF users, use
IRC, etc.

As for the $10 reward, yes it is small, but the point is to see whether people
can breach any of security, not to offer lots of cash (which I don't have
anyway).

~~~
zackzackzack
And now this is a test of how secure HN is as well.

~~~
javajosh
No, because it's a new account only associated with this thing. Granted,
access logs on HN could be used to crack the problem, but getting to those is
non-trivial.

~~~
sneak
I'm guessing he is using HN over tor, as well.

------
mseebach
If I open a paid Wordpress.com account using my real e-mail address and a
credit card registered to my home, and post a $10 reward for revealing my
identity, the fact that I strongly doubt anyone will claim the reward is not
proof of Wordpress.com's perfect safeguarding of my identity, just that their
systems are secure enough to not be trivially hackable and that nobody cared
enough to find a way to obtain a court order to compel WP.com to hand over my
info.

~~~
loumf
voidnull is trying to prove that SDF is NOT a perfect safeguard.

~~~
calinet6
I don't think he's trying to prove anything, just providing a fun game of wit
and a challenge. He will surely be delighted if he gets a postcard.

~~~
loumf
It also helps SDF to know about possible vulnerabilities. And, there's also
the stated reason: to get Tor and SDF some publicity.

------
loumf
I have no intention of trying to find out voidnull, but here are some thoughts
on what we know:

1\. We have a little bit of text we can be reasonably sure voidnull wrote --
some sort of text-likeness algorithm might be able to give us some candidates
-- pointed at newsgroups/forums/etc where SDF users might hang out.

2\. Using the above, I would note that there are some grammar/typos/mistakes
from possibly careless writing. That might be something to specifically try to
isolate

3\. The HTML on the page is very simple, but malformed -- perhaps look for
pages like that (some missing </p> tags)

4\. adnam made a comment that showed some familiarity with voidnull and SDF --
adnam might be easier to locate and an association might be discovered.

5\. If I believe #4, voidnull is possibly a handle that has been used before
(seems really dumb, though) -- perhaps it's a very recognizable alteration.

Anything else?

~~~
benmanns
Assuming malicious intent on the part of the provider, the envelope sent to
SDF will have a post office stamp from the city from which he sent it.
Intersect the IP subnets for the area with the IPs used to connect to SDF to
find a connection he made to a non-anonymous account.

Second, the command `ssh -o ProxyCommand="nc -X 4 -x localhost:9050 %h %p"
sdf.org` seems to be unique (to Google), and may be in a script he has written
previously.

~~~
jarek
> Assuming malicious intent on the part of the provider, the envelope sent to
> SDF will have a post office stamp from the city from which he sent it.

Unless they got someone to remail it from the other side of the country.

~~~
chris_mahan
Then there is an accomplice. Two people are easier to find than one.

~~~
bcoates
The postal service will cheerfully act as that accomplice:

[http://about.usps.com/who-we-are/postal-history/valentine-
po...](http://about.usps.com/who-we-are/postal-history/valentine-post-office-
names.htm)

~~~
btilly
My mother took advantage of that when my brother was in the hospital for
several months.

When the morning mail came around on Valentine's day, he had a ton of mail
from women he'd never heard from from half the towns in the USA with any kind
of romantic name.

When the afternoon mail came around, he got the same from the half that didn't
arrive in the morning.

For the rest of his stay, he had an unassailable reputation as a super stud.
Not a particularly bad thing for a marine in a military hospital!

------
icambron
> Yes, it is legal.

It saddens me that this needed to be clarified, that anyone would wonder
whether putting a page on the internet without going through the "proper
channels" was legal. Not surprising, but sad.

~~~
weinzierl
This depends on your jurisdiction. It might surprise you that even in western
countries like Germany it is not possible to legally have an anonymous web
page.

I don't have a reference in English, but
<http://de.wikipedia.org/wiki/Impressumspflicht> (in German) is very clear
about it.

~~~
blauwbilgorgel

      Wie sich aus § 55 Abs. 1 RStV ergibt, trifft 
      einen Anbieter somit nur dann keine Impressumspflicht, und
      er kann seine Webseite völlig anonym ins Internet stellen,
      wenn sein Angebot ausschließlich persönlichen oder
      familiären Zwecken dient.
    

Doesn't this say it is allowed to anonymously put a website online, if it is a
purely personal/family page? I don't think she is running a business or has
any commercial goals.

~~~
yk
IANAL, but perhaps. The following paragraph actually states, that if all your
content is password protected and you only give this password to personal
acquaintances, then you clearly don't need an impressum. ( Along with two
other examples, which also not very helpfill.)

The problem with this law is, that is says something about a page with some
baby pictures ( so that grandma can see her grandchildren), and something
about media corporations. However it simply does not address the case of a
private blog, were the audience is not personally related to the author, but
the author does also not try to make money with it.

------
driverdan
1\. Buy a prepaid credit card at a store with cash.

2\. Use the credit card to buy hosting with whomever you wish to use.

3\. Enjoy your anonymity.

I realize it may be possible for law enforcement to find you through tracking
down the location the card was purchased at but in reality no one else can
find who you are. Even then you could go out of your way to purchase the card
outside your home area at a grocery store since they often have minimal / poor
camera coverage.

 _Edit - Responses to some of the comments:_

In the USA SSNs are only required for customized reloadable cards with your
name on them which is obviously not the type you'd want.

As for AVS / name verification, most prepaid cards now have websites which
allow you to set a name and address for use online. Others will pass AVS
checks with any address. The packaging will often say if they can be used for
online purchases.

~~~
travisp
Because of the Patriot Act, don't prepaid credit cards now require Social
Security numbers and other identifiable information to activate (I would
imagine including your name, which you would provide with the credit card when
you buy hosting)?

Sure, you could lie, but you would probably be breaking the law (which the
method advocated in the article doesn't do).

~~~
jerdfelt
Only reloadable prepaid cards require SSN. Non-reloadable (Gift) prepaid cards
don't require an SSN. Some even allow you to set an address for AVS purposes.

------
mixedbit
The article received unofficial HN post of the week award. @voidnull please
post contact details, so the prize can be sent to you.

~~~
solistice
sneaky social engineering at work.

------
NelsonMinar
Reminded a bit of anon.penet.fi, from the long long ago in the time that was
before the Internet took off as a consumer thing.
<http://en.wikipedia.org/wiki/Anon.penet.fi>

~~~
dmix
Tor was essentially an evolution of these remailers. Probably a lot of the
same people involved to this day.

~~~
rdl
With the notable exception of Len, obviously.

(and anon.penet.fi was mostly NOT a cypherpunks type thing, it had very little
technical security; it was all policy and jurisdiction, which worked well
until Scientology.)

------
johnrob
Strangely fitting, SDF is the french word for homeless:
<https://fr.wikipedia.org/wiki/Sans_domicile_fixe>.

~~~
pyre
It's a reference to Macross[1], though I wonder if the SDF abbreviation (in
Macross) has any relation to the Japanese Self-Defense Force[2].

[1]
[https://en.wikipedia.org/wiki/The_Super_Dimension_Fortress_M...](https://en.wikipedia.org/wiki/The_Super_Dimension_Fortress_Macross)

[2] <http://en.wikipedia.org/wiki/Japan_Self-Defense_Forces>

------
jtheory
I've tried before to set up even _somewhat_ anonymous identities online before
-- not for law-evasion purposes, just for things like working on anti-spam
tools.

It's difficult, and I've noticed recently that it's getting worse.

It used to be you could open a hotmail (or gmail) account pretty trivially
without using any real personal info.

But lately these email services have started _requiring_ you to link a phone
number, and/or an alternative email address... in theory these are to reduce
lockouts, account hacking, etc. -- and they really can help -- but they also
mean it's far easier to connect those email addresses with a real person.

I had a gmail address that was "anonymous", linked to some content I was
hosting on Google Pages and participation in discussion lists, etc..

Then one day YouTube accounts were merged into Google accounts; and I happened
to be logged into the anon google account (and youtube) simultaneously. The
was one prompt that I didn't read carefully... and then my public YouTube
account that was obviously me was _permanently_ , irrevocably linked to the
anon gmail account.

Whoops.

I don't have any pressing need nowadays for an anonymous persona online, but
I'm inclined to try again at some point, just because it's something I feel
should be still _possible_.

------
joebeetee
Found you! <http://www.voidnull.com/>

~~~
lucisferre
Whoever that guy is, he is going to be getting a lot of postcards.

~~~
D9u
LoL

    
    
        Diaz Gonzalez, Ruben  
        ruben7583@msn.com
        C/ Angosta de los Mancebos 5
        Madrid, ma  28005
        IT
        677417085

~~~
lucb1e
Do you really need to post personally identifiable information in a public
place? In the Netherlands it's not even legal, not sure about where you live.
And regardless of whether it's legal, it's not done. I wouldn't want my
information to be posted like that.

Oh and if you say "he asked for it", well yes but you got the wrong person, so
that's kinda screwed up for whoever happened to own that domain.

~~~
jarek
That's the output of whois voidnull.com. Too obvious to be the guy making the
challenge, of course, but it's not exactly classified information, and has
already been "posted" in a public place (the whois records).

------
guelo
There has been highly sensitive data published on pastebin which have led to
intense FBI witchhunts but I've never heard of the pastebin user being
revealed.

~~~
CoryG89
Yes, well I doubt the FBI is quick to publish it's snitches unless it has to.

------
comex
Although I like SDF, a physical letter is a lot more evidence and perhaps
hassle than what you'd incur with Tor and some boring free shared hosting
service, or running a Tor hidden service if you want interactivity and don't
mind slowness, or even joining a Bitcoin mining pool and using the (minimal)
payout to anonymously pay for hosting.

------
_hgt1
Hey voidnull, long time no see! Welcome to HN :) Great to see SDF being
promoted here, I've been a member for over 13 years

------
United857
This page is anonymous... and it also seems to be down.

Google cache to the rescue:
[http://webcache.googleusercontent.com/search?q=cache:ivvU0sx...](http://webcache.googleusercontent.com/search?q=cache:ivvU0sxNQfYJ:voidnull.sdf.org/+&cd=1&hl=en&ct=clnk&gl=us)

------
rcamera
If keeping your identity anonymous is your goal, there is no better example
than Satoshi Nakamoto, that managed to create Bitcoin, run and manage the
project for almost couple years, mine a bunch of coins and still remain
completely anonymous.

You need a great deal of fore-planning, but it's certainly doable and there is
probably no bigger unspoken bounty on an anonymous user's head than Satoshi's,
to prove the point.

Also, for those thinking of finding out his identity through text analysis of
his writings (you can view about 500 posts of his in the forums archive,
iirc), from my experience reading them (though not actually analyzing through
proper tools), he seems to deliberately always use the simplest words and
short sentences.

~~~
andypants
His/her/their story is very interesting.

Didn't Satoshi have email conversations with other developers or interested
users? What about forum or wiki accounts for the bitcoin sites? Domain name
registration? Web hosting account?

------
D9u
_Today, to host a piece of content on the Internet, you must link your
identity to the content on some level_

Completely incorrect.

There are any number of free web hosts who require nothing more than an email
verification.

Some may say that free web hosting is inferior to paid, and I will agree,
however my content hosted on free web hosts is still not tied to my real
identity.

------
ssharp
If Wordpress.com accepts BitCoin, couldn't you just acquire some BitCoins not
tied to your personal ID (you can use Moneygram with fake information and
route it through mixers, buy them offline, etc.), and utilize Tor/Tor Services
to set up the account, and give them fake information?

~~~
tempestn
Possibly, but it wouldn't have the benefit of being 100% legal, as voidnull's
solution appears to be. Also if Wordpress were to discover your fake info they
might take your site down.

~~~
bargl
Why is that not 100% legal?

~~~
rmc
Providing false information to WordPress is probably not legal.

~~~
tempestn
This is what I had in mind; good old CFAA. Ditto for entering false info in
moneygram. (Not commenting on whether these things _should_ be illegal.)

~~~
rmc
Well, it also touches on fraud and impersonation, old, long established
crimes, not just computer hacking.

------
neilk
Or you could use a pastebin and sign your messages with a private key.

~~~
bentcorner
You'd still need to use tor though.

~~~
eisbaw
Ofc, as for _any_ internet access

------
mike-cardwell
Another good way of setting up an anonymous website is to set up a Tor hidden
service, and then allow non-Tor users to access it by handing them a
tor2web.org URL: <http://tor2web.org/>

~~~
rsync
ToR is funded by the US government.

Don't ever forget that...

~~~
tekromancr
The design of the protocol (the spec for which is public and open) was funded
by the government. What you said was akin to a mathematical discovery being
made by a university with federal funding and not trusting the math because of
that.

------
shill
Please lick some of your DNA onto an envelope containing $1 to use our
anonymous service.

~~~
d23
So don't lick it. And unless your DNA is in a database somewhere (are you a
sex offender?), it wouldn't matter anyway.

~~~
emidln
Or have you been arrested? Or have you undergone a security clearance
investigation in the united states?

~~~
dillona
I don't think you have to give DNA for a security clearance

------
corwinstephen
If the rest of the internet is presumed to be linkable with a specific
identity, I challenge someone to figure out who represents
<http://www.banksy.co.uk/>. And Pest Control doesn't count. And if it does,
then that's a pretty easy way to hide your identity.

~~~
clebio
This is a good question. Most of the comments here seem to be concerned with
figuring out voidnull's identity, rather than the motivating idea of whether
such a thing is possible.

The easy answer to your question is, _Banksy_ represents that domain. But
perhaps he's not so easy to pin down? Still, I'd think the crew involved in
Exit Through the Gift Shop[1] might have some leads. Seems solvable, that is.

[1]: <http://www.banksyfilm.com/>

------
nate_martin
Only $10 for finding out who you are? Its sounds like you don't have very much
confidence in your anonymity scheme.

~~~
walrus
It's about the challenge, not the money.

------
wyck
This is tough without voidnull leaving some sort of clue, or the involvement
of SDF ( access logs and mail) and the post office , and/or an very detailed
tor exit node analysis. Or of course finding an exploit in SDF's system.

Text/source matching is a no go, if you search for specific words used in the
text maybe he has posted elsewhere on the subject of SSH/TOR/SDF, I came up
with 2 names (last name withheld since this is a wild guess) Doug and Patrick.

Snooping around SDF shows very little, no gopher setup or usage by username
voidnull.

Finger:

Login:voidnull

Name: Void Null

Directory: /udd/v/voidnull

Shell: /usr/pkg/bin/bash

New Mail received: May 1 19:21 2013

Unread mail Since: Apr 22 08:17 2013

The mail might elude to the fact that he set this account up a week + ago and
tested this out before he posted it. So the best bet would be to figure out
what was mailed to SDF during the week of April 22nd.

Best bet:

1\. Find a security hole in SDF

2\. Stake out an pay off someone at Post Office Box 17355 Seattle, WA 98127

------
hexonexxon
You can always just buy hosting in Russia with bitcoins and use ssh through
Tor to set it up. Russia doesn't care about names, email addresses or anything
else.

I recall a few Iceland hosting services that do the same. As long as you
aren't doing something incredibly illegal they won't care what you are hosting

------
cjbarber
Mirror

[http://webcache.googleusercontent.com/search?q=cache%3Ahttp%...](http://webcache.googleusercontent.com/search?q=cache%3Ahttp%3A%2F%2Fvoidnull.sdf.org%2F&aq=f&oq=cache%3Ahttp%3A%2F%2Fvoidnull.sdf.org%2F&aqs=chrome.0.57j58.861j0&sourceid=chrome&ie=UTF-8)

------
run4yourlives
Question for you all:

Why is the ability to post something in complete anonymity onto the internet a
worthwhile goal?

~~~
wfn
Say you live in Syria and one of these days wake up to find the other side of
the street where you live completely smashed down by shelling. Oh, there's
been a civil war going on (or so the media calls it; "public uprising" maybe?)
for some time now alright, but you could be dead tomorrow, you need to
understand.. what is truly happening? what's the prognosis? Better ask
everyone around. Oh, it's the government, targeting rebels. Ok. Well, what's
next? While at it: what's the rebellion up to now? Nobody among your
acquaintances wants to talk about it, or knows anything certain. The official
news is a joke and is of no help in any case. You've heard there are facebook
groups for that, and you have internet.. better log on and post a message.
Whoops, apparently somebody did not like your 'too neutral => pro-rebellion'
point of view, and now various body parts of yours are being sent out to your
relatives, as a message, or just because.

There's been actual demand for anonymous message boards for folks in Syria /
friends/relatives of those living there to discuss matters, to understand what
the hell is going on. I can't quote sources, though. And there've been
incidents of 'facebook message -> whoops, body cut to parts', discussed in
some CCC talks, though I haven't tried to follow up and find anything more
conclusive. (could dig up the CCC video in question maybe.) In any case, a
mere illustration.

Tor usage spikes up during Iran elections (next one's in June).

Folks in cartel-controlled places, or places where public uprising is
happening, wanting to understand what is truly happening, or to organise
something, etc. are afraid to post to FB etc., and sometimes they are very
right to be afraid.

TL;DR This is for real.

[/drama mode]

~~~
run4yourlives
None of what you say answers the question posed. Your concerns seems to be
with the right of free speech, which is valid, but has nothing to do with
being anonymous.

~~~
wfn
> Your concerns seems to be with the right of free speech, which is valid, but
> has nothing to do with being anonymous.

Oh but it does! See, if I were to reside in Syria and to simply post
antigovernmental sentiments online, I very well might end up dead. I would not
end up dead (not necessarily) were I to succeed in posting anonymously (let's
simply say, 'under a pseudo + (somehow) hidden IP address'). 'Anonymous' here
for me simply means 'my online identity [which can post things, read things,
whatever] is not connected to my real identity', where 'real' can usually be
simply be evaluated to 'my real name' and/or 'my physical location'. I would
be too afraid to (merely) invent fake pseudonyms on FB - what if Syrian gov't
were to succeed and subpoena FB (who knows) and acquire my IP address?
Anonymity would matter very much to me!

However, at the same time I see what you mean. In this case, anonymity is a
free speech obstruction circumvention tool, in a (limited) sense. Perhaps I'm
a pessimist who does not really believe in free speech really being possible.
(The regimes are simply extreme cases/illustrations of this.) :)

~~~
run4yourlives
The value of anonymous free speech in the situation you describe (eg, Syria)
should _never_ be taken at anywhere close to face value.

It's nothing more than rumour and stories - precisely because it is anonymous!
There is no way to verify it is anything: A true account, a biased account, a
popular opinion or the ravings of a lunatic.

In areas where free speech does not exist, anonymous free speech adds nothing
at all. It's basically the propaganda the reader wishes to hear. You may as
well toe the government line.

Free speech only exists with attribution. Fiction and stories without. While I
appreciate the struggles of those in the situation you describe, you advance
nothing in an environment of anonymity.

~~~
wfn
While I see the gist of what you are saying, and the rumour / credibility
thing is realistically always an issue in such cases AFAIK, I do not think it
is true that "Free speech only exists with attribution [...] you advance
nothing in an environment of anonymity."

If a new space for anonymous speech comes up, things will be chaotic at first,
trust chains and circles - 'web(s) of trust' (not sure of terminology heh) do
emerge, and I've seen it happen [citation neeeded]. Consider the Bitcoin over-
the-counter marketplace (#bitcoin-otc on Freenode), where a web of trust
(based on (potentially) anonymous PGP identities/keypairs) does function quite
well (not without failures). Actually, if the identities are tied to something
like a PGP keypair, it obviously works across (e.g.) forum boards ( _cough_
(Tor, etc.) underground forum scene _cough_ ). You could actually use PGP
signature chaining, etc. (it does work very nicely!)

Of course, in my (vague) illustration, it'd be much more chaotic and nasty.
The thing is though that in the end, people do sense a need to have a medium
to coordinate efforts, exchange info, etc. (Consider also e.g. the idea that I
can disclose my real identity to a select party (pre-arranged IRL, e.g.), but
not necessarily to the whole forum. However, if that party is trusted by other
nodes, then those nodes can trust me without knowing who I am. Lots of human
factors and points of failure here, though. But it is not always futile!) At
the very least, one could coordinate an IRL meeting (you would of course say,
what if the organizers are covert government agents, etc.) In the end, a
system connected to IRL matters and lives will have IRL-bound points of
failure. That does not mean that it could (or does) not work, or that it would
be as fallible as a non-(quasi-)anonymous solution.

But I agree that it's usually a lot of effort; not necessarily futile though,
and that's my only point really.

------
ambrop7
Even if nobody manages to identify him (and probably nobody will), this says
nothing about what a resourceful organization (such as an intelligence agency
or a criminal organization) can do.

------
hexonexxon
Better way to do this:

Go on localbitcoins and find people who mail cash for bitcoins, or find
somebody on IRC to do it.

Sell them bitcoins, have them mail the cash to SDF for your payment. Now you
avoid all the problems of physically mailing something from where you live.
It's actually common for people to ask for single US bills in the mail too,
for collecting.

I also would edit Torrc file to use semi trusted exit nodes from
torservers.net so you aren't using a malicious exit node.

~~~
sneak
Then they get investigated, then give the investigators your contact info that
they used to transact with you.

~~~
hexonexxon
Oh noes, then they get a Tor exit node where you contacted them on IRC or
Bitcointalk forums, or a JonDonym free proxy you will never use again

~~~
sneak
It's also hard to get any significant amount of bitcoins anonymously in the
first place to begin this process.

------
VaucGiaps
I think bitcoin would be perfect for these guys...

~~~
msy
Why would you go through the hassle of trying to anonymously buy bitcoins with
cash so it's not traceable when you could just send the cash? Unless you have
mined your own coins there's no anonymity to be had via bitcoin. In fact using
bitcoin would make it far easier for someone to start tracking anyone who used
the service by tracing back the transaction chain from the wallet of the
hosting provider.

~~~
dmix
> In fact using bitcoin would make it far easier for someone to start tracking
> anyone who used the service by tracing back the transaction chain from the
> wallet of the hosting provider.

Assuming all transactions will go to one address or come from "traceable"
sender addresses is a bit presumptive.

Why not let the users sign up for the service (over Tor or whatever), then
generate a bitcoin address for them to send BTC to? Then every transaction has
a new address.

Besides that, there are a ton of ways to keep it anonymous using bitcoin.

~~~
bhitov
Even if every transaction has a new address, you have to get BTC in to the
wallet somehow, and the most common method to do this is to buy BTC online
with a credit card.

You could buy BTC with cash of course, but then why not just send the cash
direct?

I suppose you could also use washers but I'm not sure how reliable those are.

~~~
seanalltogether
as far as I know most exchanges and gambling sites pay out from a different
wallet that you pay in to, so washing coins this way may be possible depending
on how long each company keeps track of internal transactions.

------
aray
My vote would be thomask@sdf <http://sdf.org/tour/sdfers/gen.cgi?thomask@sdf>.
Searched around the internet archive for versioning of SDF tutorial pages, and
matched language in the voidnull page to his contributions to the various
tutorials.

------
lucb1e
It's not very hard to be anonymous like this. Similarly, can you find the
postal address lucb1e.com, which points directly to my home IP address?
(Social engineering my ISP is an option.)

The real question is whether authorities can find the postal address. They're
not going to try of course.

~~~
solistice
The page appearently has the IP adress 83.161.210.237, with it being hosted by
Xs4All Internet Bv, Postbus 1848, 1000Bv Amsterdam, The Netherlands. According
to google plus, your name is Luc Jansen, where the last name is fake, which
really doesn't help. I guess I could send you an email with an image sent from
a server, which then reads you ip adress out of the request, but i guess you
have html embedded images disabled in all your email accounts. There is some
photos of you on G+, but then you only share them with some of your friends,
which means I'd need to find a less computer savy friend of yours and see
whether I can acess his account. Depending on how many, and what kind of
photos there are, I might be able to narrow down roughly where you live and
how you look or where you go to school (you're 19, so that's kinda hit or
miss). You don't look like a picture person from your twitter though. So
there'd be multiple avenues for SE. I'm pretty sure Authorities could find you
quite easily given only that link.

~~~
jarek
Given first name and birth date (from age down to seconds), any authorities
worth their salt can find him in a minute.

edit: well, unless he was not born in a territory under the authority of the
authorities in question, and is an undocumented resident of the territory in
question...

------
jfoster
If the $1 bill was marked in any way (eg.
<http://en.wikipedia.org/wiki/Wheres_George%3F>), SDF might have some clues.
If the post office keeps any logs of mail (eg. letter posted from box on X
street to Y address) then that might also provide some useful information.
Particularly so if the postbox had any security cameras watching it. Of
course, these approaches require a few organizations to be working
cooperatively to find voidnull.

------
cybernoodles
Can't the serial number on a dollar bill be traced back to the last bank it
was located? Not very accurate, but it's a lead if someone, for example, in
the government wanted to find you.

~~~
fixedd
I'm sure it could be traced back to the last bank the Federal Reserve gave it
to, but I seriously doubt they scan in every bill that passes through their
hands every day.

Also, for just how imprecise that location would be, see:
[http://www.fastcoexist.com/1681677/a-new-map-of-the-us-
creat...](http://www.fastcoexist.com/1681677/a-new-map-of-the-us-created-by-
how-our-dollar-bills-move#1)

------
loumf
Isn't the way to get through this is to start running a lot of Tor nodes and
hope to trap voidnull? If so, don't we think that those that care about
breaking Tor are doing this?

------
hosay123
It's worth mentioning SDF still (IIRC) provides dialup service. So a USB
modem, telecoupler and payphone are all required to really truly publish
without leaving much trace.

~~~
dllthomas
Linking a time to a physical location is not optimal, with the number of
cameras around.

------
zachrose
So publishing content is anonymous, but ultimately SFT is responsible for
hosting? Will they, for example, stop hosting your content if the MPAA/RIAA
make copyright claims?

~~~
mseebach
Probably. But you'd be safe from litigation.

But the anonymity of the poster and the inviolability of the content are two
separate concerns.

------
hkmurakami
_> The first person to do this wins the prize, and the rest become
ineligible._

Since we only get 1 batch of mail per day, I wonder how ties will be resolved.
:)

~~~
Emmrargh
Postmark?

I wonder what would happen if an international postcard arrive after the
winner has been declared with a postmark dated before the winner's date.

------
UVB-76
Stephen M Jones, is that you?

~~~
UVB-76
Martin Naskovski?

------
stfu
There have been quite a few free speech hosts around. A while ago I tested out
MediaOn(.com). Straight forward process. You just need some free email host
and snailmail the fees in as cash.

------
EGreg
I've seen this kind of post before, and I simply don't get it.

Has the person never heard of pastebins and other services that don't require
you to sign up in order to post content? If you are concerned about them
tracing your IP, that's a different story. You might go to a public computer
and hide from all the cameras. In 5 years, when cameras might be more
ubiquitous, you will still be able to post via proxies.

At the end of the day, for his claim to be true, EVERY site that lets users
post anonymously would have to record the IP of every transaction, maintain a
whitelist of IPs from networks that have at least some identity checking or
cameras, and ban everyone else. Unlikely!

~~~
EGreg
A more interesting question would be, how to post anonymously and untraceably
on blogs? Well, if the blog owner has a whitelist policy, it might be
difficult to fool them into thinking you are someone they trust to post. But
if all they rely on is Wordpress' default blacklist of "mailinator" type email
providers, then it's a never-ending game of cat and mouse. I doubt the email
providers are held liable for not verifying the identity of a user before
providing an email address, especially since the email account is often
publicly viewable by everyone.

On a related note, I remember being affected by The Digital Imprimatur
document, and doing some serious thinking about the questions of Security,
Privacy, Identity and Censorship:

<http://magarshak.com/blog/?p=114>

------
jaydub
voidnull == lgv ?

Just a wild guess based on some quick searching
<https://news.ycombinator.com/item?id=1755073>

------
jlengrand
Funnily enough, SDF means homeless in french

------
muloka
Question for voidnull:

Were you wearing gloves when you handled the dollar bill and the envelope? Did
you lick the envelope to seal it?

~~~
chris_mahan
I wonder if one could train a cat to lick envelopes. The FBI DNA testing
people would have some interesting meetings with the agents.

~~~
maxerickson
That sounds like one of the harder ways to get cat DNA on an envelope.

~~~
Zigurd
Of course you are voidnull. We could tell by the scratches on your forearms.

------
gnarbarian
There's also this: <https://anonfiles.com/>

------
TazeTSchnitzel
Or just use a Tor hidden service.

------
shurcooL
Ok, say you can post something anonymously. But how will you link to it
anonymously?

~~~
jarek
Like he just did on HN...

~~~
shurcooL
But then can't you trace him based on the hacker news account? Why not just
post the text itself on hacker news, is it because HN can take it down while
the source should be relatively stable?

~~~
jarek
How will you trace him based on the HN account? All that's required to sign up
is a username/password combination. Looks like reddit is the same. Generate a
random password and access them via tor to not get your IP logged and there
isn't much to go on.

------
pavs
relevant: [http://www.slashgeek.net/2012/06/15/how-to-be-completely-
ano...](http://www.slashgeek.net/2012/06/15/how-to-be-completely-anonymous-
online/)

Also read the comments, there are some nice tips.

------
armini
why go through so much trouble, just host your anonymous content using
www.boopoohoo.org they also have an iphone and android app for those who are
keen

------
ErikRogneby
I wonder how hard it is to mail Yuan to Seattle?

------
gimlids
Can we get some Palantir up in here.

------
tunnuz
Thing is: to post this link on HN you probably had to give your e-mail address
:/

~~~
glitchdout
<http://10minutemail.com/10MinuteMail/index.html>

~~~
kamjam
I laugh in your face with your mail account that _only_ lasts 10 minutes

[http://www.20minutemail.com/TemporaryEmail/TemporaryEmail.as...](http://www.20minutemail.com/TemporaryEmail/TemporaryEmail.aspx)

:)

------
therandomguy
Makes me wonder, what have you got to hide?

~~~
lotsofcows
She's a gay, transgender, atheist, member of the very wrong political party
who once stole a loaf of bread while starving and who slept with her
boy/girlfriend (who was white) at an age where, although there was only a day
between them, she was an "adult" while the other was a "child" in Zimbabwe.

Sorry Zimbabwe, you were at the bottom of the "Freedom Index" I looked at.

For parts of the above, she could have been anywhere in Africa, the Middle
East or, indeed, the first world.

On top of all that, she also didn't want her parents to know she's got a
tattoo and was concerned that her colleagues would be upset that she'd
negotiated a higher pay package than them.

~~~
sneak
Or, in the flip side, a white male who says stuff that embarrasses or offends
people who have US Attorney cellphone numbers on speed-dial. Examples include
Assange, Weev, the two girls one cup guy, etc.

