Greetings cryptographers, I would like to ask your assistance in setting up a weblog that cannot easily be traced to my real identity. I have surveyed the existing tools and do not find one that fits my needs well. For my proposed blog, I would graciously accept volunteer hosting, but I think it's also worth thinking improving tools so anonymous blogging can be accessible to many.
Of the many forms of Internet communication, blogs have many desirable properties which interact well with anonymity. Perhaps most important, the basic blog form is essentially invulnerable to spam. Any idiot can put their blog up on the Web (and many do), but nobody is forced to read it. Email, by contrast, is fertile ground for spam and other similar forms of abuse. Indeed, the anonymous remailer network had to deal with spam as a serious problem long before it became the everyday bane it is today. Similarly, while running a remailer "exit node" can lead to significant negative consequences from recipients of abuse, openly running a proxy to make anonymous blogs accessible to the public Internet is above reproach, at least among those who believe that speech should be free. Publishing a blog can be relatively high in latency, and very low in bandwidth, at least by today's standards. I believe these properties should make it relatively easy to design a blog publishing protocol which is highly resistant to surveillance. Real-time Pipenet-style systems, such as ZKS Freedom and Onion Routing, are susceptible to a listener simply correlating bursts of activity between the publicly visible blog and the user's bandwidth to the Internet. Finally, while remailers contend against the deeply entrenched email infrastructure, blog publishing tools are still in their infancy, and most people do not find it particularly convenient to publish a blog. In addition, good hosting costs money; the free hosting services are ad-ridden, in many cases badly. Given these goals, what tools are available today? The most obvious is to use an anonymizing Web proxy such as anonymizer.com in conjunction with a public blog hosting service such as LiveJournal. However, this approach doesn't give me a warm and fuzzy feeling. In particular, anonymizer.com is a single point of vulnerability, a one-stop shop if you will for spy agencies, conveniently pre-filtered to include only those who feel that leaking identity information is worth thirty bucks a year to protect (the free version is little more than a teaser for the pay service). Another possibility is to leverage the existing email infrastructure, for example Yahoo Groups. However, while posting to such a group should be reasonably straightforward using an anonymous remailer, it's not clear that admin functions are similarly accessible. Also, such an approach is vulnerable to many attacks deriving from email's lack of authentication. Finally, I don't consider an email list to be a particularly high-quality blog format. I'm not asking for all the frills, but reverse chronological display, permalinks, and an RSS feed are all essential today. Am I missing something? Is there perhaps another good approach to anonymous blog publishing? If so, I'd appreciate your insight. In the meantime, here is how my ideal hosting would work. I'd arrange (via email) with a volunteer to host my blog. She'd get my GPG public key, and I would assign me an email address for sending my updates. That address would route to a script which would decrypt incoming messages, verify that the signature matches my PK, and immediately drop any non-conforming emails at that point. The contents of a signed email message are then passed to some kind of "untar" script, which simply replaces files in a public Web directory. I'm a little unsure about the use of tar itself - it _should_ be secure, but is fairly crufty by now, and is not usually considered a security-critical utility (in fact, it's disturbing that the obvious .. path attack wasn't fixed until GNU tar 1.13.19, see CAN-2001-1267). Perhaps there is another archive unpacking tool in which the volunteer has more confidence, or perhaps a very simple, and thus easily auditable, script, could serve. I'd be more than happy to write such a script. On the posting side, any tool that produces "baked" pages, such as Blosxom, should serve. It should be relatively easy to integrate the blog-posting tool with GPG and premail, so that the updates are automatically signed, anonymized, and sent. This is a "quick and dirty" approach which should get blogs online reasonably easily. If it works well, others should be able to use it. If enough good anonymous blogs go online, that should help motivate the design of much more sophisticated tools, possibly using techniques such as IBM's YouServ to replicate content and thus reduce the dependence on particular proxy nodes. My own blog will probably serve as an example both for those who feel that anonymous speech is important to protect, and those who feel that it's too dangerous in our society. It will be intelligently written, thoughtful, fair, and hugely controversial. If past experience with anonymous Internet forums (mostly mailing lists) are any guide, I expect a steady stream of death threats and the like. Thus, hosting it is not for someone faint of heart. I'd be happy to discuss the plans privately, but they're somewhat off-topic for this list. If anyone can help me get my blog online, I'd be very grateful. In addition, I think the design of better protocols and systems for anonymous blogging is worth more attention from free speech-minded cryptographers. Peace, Dyl --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
