This guide has been modified from an article that originally appeared on Global Voices Online, a nonprofit global citizens' media project sponsored by and launched from the Berkman Center for Internet and Society at the Harvard Law School. For additional information on blogging anonymously, you may also want to download Reporters Without Borders' Handbook for Bloggers and Cyber-Dissidents.
In April of 2005, the Electronic Frontier Foundation (EFF) posted its How to Blog Safely About Work and Anything Else. While the guide is rich in tips to ensure you don't reveal too much personal information while blogging, it doesn't look very closely at the technical issues associated with keeping a blog private. I decided to write a quick technical guide to anonymous blogging, trying to approach the problem from the perspective of a government whistle-blower in a country with a less-than-transparent government.
The Risks of Blogging
Sarah works in a government office as an accountant. She becomes aware that her boss, the deputy minister, is stealing large amounts of money from the government. She wants to let the world know that a crime is taking place but is worried about losing her job. If she reports the matter to the minister, she might get fired. She calls a reporter at the local newspaper, but he says he can't run a story without lots of additional information and documents to support her claims.
So Sarah decides to start a blog share her story with the rest of the world. To protect herself, she wants to make sure no one can find out who she is based on her blog posts. She needs to blog anonymously.
There are two main ways a blogger can get caught when he or she is trying to blog anonymously. One is if she reveals her identity through the content she publishes. For instance, if Sarah writes, "I'm the Assistant Chief Compliance Accountant to the Deputy Minister of Mines," there's a good chance that someone reading her blog is going to figure out who she is pretty quickly. (EFF's "How to Blog Safely" guide offers some great advice on how to avoid revealing your identity through the content of your blog.)
The other way Sarah can get caught is if someone can determine her identity from information provided by his or her Web browsers or email programs. Every computer connected to the Internet has — or shares — an address called an IP address, which consists of a series of four numbers from zero to 255 separated by dots (for example, 18.104.22.168). When Sarah uses her Web browser to make a comment on the minister's blog, the IP address she was using is included on her post.
With a little work, the Minister's computer technicians may be able to trace Sarah's identity from this IP address. If Sarah is using a computer in her home, dialing into an Internet Service Provider (ISP), the ISP likely has records of which IP address was assigned to which telephone number at a specific time. In some countries, the minister might need a subpoena to obtain these records; in others (especially ones where the ISP is owned by the government!), the ISP might give out this information very easily, and Sarah might find herself in hot water.
Security Measures for Hiding Your Identity Online
There are a number of ways Sarah can hide her identity when using the Internet. As a general rule, the more secure Sarah wants to be, the more effort she needs to expend hiding her identity. Sarah — and anyone else hoping to blog anonymously — needs to consider just how paranoid she wants to be before deciding how hard she wants to work to protect her identity. As you will see, some of the strategies for protecting identity online require a great deal of technical knowledge and effort.
One easy way Sarah can hide her identity is to use a free Webmail account and a free blog host outside her native country. (Using a paid account for either email or Web hosting is a bad idea, as the payment will link the account to a credit card, a checking account, or a Paypal account that could easily be linked back to Sarah.) She can create a new identity — a pseudonym — when she signs up for these accounts, and when the Minister finds her blog, he'll discover that it belongs to "Ann Onimous," with the email address firstname.lastname@example.org.
Examples of free Webmail account providers:
Examples of free blog-hosting providers:
The problem with pseudonyms, however, is that when Sarah signs up for an email or blog service, the server she's accessing logs her IP address. If that IP address can be traced to her — whether at home or to her computer at work — and if the email or blog-hosting provider is forced to release that information, her true identity could be revealed. It's not a simple matter to get most hosting providers to give away this type of information — to get Hotmail to reveal the IP Sarah used to sign up for her account, for instance, the Minister would likely need to issue a subpoena, probably in cooperation with a U.S. law enforcement agency — but Sarah may not want to take that risk.
2. Public Computers
One additional step Sarah could take to hide her identity is to post to her blog from computers that are used by lots of other people. Rather than setting up her email and blog accounts from her home or work computer, Sarah could set them up from a computer in an Internet café, a library, or a university computer lab. When the Minister traces the IP used to post a comment or a post, he'll discover that the post was made from a public location where any number of people might have been using the computers.
There are flaws in this strategy as well. If the Internet café or computer lab keeps track of who is using what computer at what time, Sarah's identity could be compromised. She shouldn't try to post in the middle of the night when she's the only person in the computer lab — the geek on duty is likely to remember who she is. And she should change Internet cafés often. If the Minister discovers that all the whistleblower's posts are coming from Joe's Cyber Café on Main Street, he might get someone to monitor that location to see who's posting to blogs in the hopes of catching the author.
3. Anonymous Proxies
Sarah's tired of walking to Joe's Cyber Café every time she wants to post to her blog. With some help from the neighborhood geek, she sets up her computer to access the Web through an anonymous proxy. Now when she uses her email and blog services, she'll leave behind the IP address of the proxy server, not the address of her home machine — which will make it very hard for the Minister to find her.
First, Sarah finds a list of proxy servers online, by searching for "proxy server" on Google. She picks a proxy server from the Publicproxyservers.com list, choosing a site marked "high anonymity." She writes down the IP address of the proxy and the port named on the proxy list.
Some reliable lists of public proxies:
Publicproxyservers.com : Lists anonymous and identifiable proxies.
Samair : Only lists anonymous proxies and includes information on proxies that support SSL.
Rosinstrument Proxy Database : A searchable database of proxy servers.
Sarah then opens the Preferences section of her Web browser. Under General, Network, or Security, she will usually find an option to set up a proxy to access the Internet. (On the Firefox browser, which I use, this option is found under Tools > Internet Options > Connections > Settings.)
She turns on Manual Proxy Configuration, enters the IP address of the proxy server and port into the fields for HTTP proxy and SSL proxy, and saves her settings. She restarts her browser and starts surfing the Web.
Sarah notices that her connection to the Web seems to be a bit slower. That's because every page she requests from a Web server takes a detour. Instead of connecting directly to Hotmail.com, she connects to the proxy, which then connects to Hotmail. When Hotmail sends a page to her, it goes to the proxy first, then to her. She also notices that she has some difficulty accessing Web sites, especially sites that want her to log in. But at least her IP isn't being recorded by her blog provider!
Yet unfortunately, proxies aren't perfect either. If the country Sarah lives in has restrictive Internet laws, many Web surfers may be using proxies to access sites blocked by the government. The government may respond by ordering certain popular proxies to be blocked. Surfers move to new proxies, the government blocks those proxies, and so on, making using a proxy very time consuming.
Sarah has another problem if she's one of very few people in the country using a proxy. If the comments on her blog can be traced to a single proxy server, and if the Minister can access logs from all the ISPs within a country, he might be able to discover that Sarah's computer was one of the very few that accessed a specific proxy server. He can't demonstrate that Sarah used the proxy to post to a blog server, but he might conclude that because the proxy was used to post to the blog and Sarah was one of the few people in the nation to use that proxy, this was enough evidence that Sarah made the post. Sarah would do well to use proxies that are popular locally and to switch proxies often.
Sarah starts to wonder what happens if the proxy servers she's using are compromised. What if the minister convinces the operator of a proxy server — either legally or illegally — to keep records on whether anyone from his country is using the proxy and the sites they're visiting? Sarah is relying on the proxy administrator to protect her, and she doesn't even know who the administrator is or if he or she is trustworthy. Though the proxy administrator may not even know she's running a proxy, proxies are often left open by accident.
Sarah has a friend in Canada — a country less likely than Sarah's to censor Internet content — who might be willing to help her maintain her blog while protecting her identity. Sarah phones her friend and asks him to set up Circumventor on his system. Circumventor is one of dozens of proxy servers a user can set up to allow people to use his computer as a proxy.
Sarah's friend Jim downloads Circumventor from Peacefire.org and installs it on his Windows system. It's not an easy process — before installing Circumventor, he must first install programming language Perl on his system, then install OpenSA. And he now needs to keep his computer connected to the Internet constantly, so that Sarah can use it as a proxy without asking him to turn it on first. He gets the software set up, calls Sarah's cell phone, and provides a URL she can use to surf the Web or post to her blog through his proxy. This is especially convenient, because Sarah can use the proxy from home or from an Internet café, and doesn't have to make any changes to her system.
While Sarah is very grateful for Jim's help, there's a major problem with the arrangement. Jim's computer — which runs Windows — reboots quite often. Whenever it does, his ISP assigns a new IP address to the machine. Each time this happens, the proxy stops working for Sarah. Jim needs to contact Sarah again and tell her the new IP that Circumventor is associated with. This rapidly becomes expensive and frustrating. Sarah also worries that if she uses any one IP address too long, her ISP may succumb to government pressure and start blocking it.
5. Onion Routing
Jim suggests that Sarah experiment with the relatively new onion-routing system Tor , which provides a high degree of anonymity for Web surfing. Onion routing takes the idea of proxy servers — a computer that acts on your behalf — to a new level of complexity. Each request made through an onion routing network goes through two to 20 additional computers, making it hard to trace which computer originated a request.
Each step of the Onion Routing chain is encrypted, making it harder for the government of Sarah's country to trace her posts. Furthermore, each computer in the chain only knows its nearest neighbors. In other words, router B knows that it got a request for a Web page from router A, and that it's supposed to pass the request on to router C. But the request itself is encrypted — router B doesn't actually know what page Sarah is requesting, or what router will finally request the page from the Web server.
Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor. She downloads an installer to install Tor on her system, then downloads and installs Privoxy , a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the Web pages Sarah views.
After installing the software and restarting her machine, Sarah checks anonymous remailer service Noreply.org and discovers that she is, in fact, successfully "cloaked" by the Tor system — Noreply thinks she's logging on from Harvard University. She reloads, and now Noreply thinks she's in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy.
This has some odd consequences. When she uses Google through Tor, it keeps switching languages on her. One search, it's in English — another, Japanese, then German, Danish, and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but she's concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when she's using Tor.
Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the Web without a proxy — she finds that she ends up using Tor only when she's accessing sensitive content or posting to her blog. And she's once again tied to her home computer, since she can't install Tor on a public machine very easily.
Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers — when Tor tries to use a blocked router, she can wait for minutes at a time, but doesn't get the Web page she's requested.
Which Is the Best Solution?
Is the solution Sarah chose to publish her blog anonymously right for you? Or is some combination of security measures one, two, and three sufficient for your needs? There's no one answer: Any anonymous blogging plan needs to take into account local conditions, your technical competence, and your level of paranoia. If you have reason to be worried that what you're posting could endanger your safety, a combination of the security measures outlined above is probably not a bad idea.