|The steps to creating an anonymous website?|
A UK client wants a website whereby they as an individual can't be traced, so it's an anonymous website. I haven't really delved into this area before, is it possible to cover your tracks so that someone doing a bit of investigating can't find out who you are?
I've been looking at steps such as Whois opt out (is that effective?)
It's not a business website as such, otherwise this approach would be too extreme, they would like to have a website, but at the same time wish to remain anonymous, so that they don't get any unsavoury attention. I think people should be given this option in this day and age, but is it an option?
[edited by: The_Cricketer at 2:37 pm (utc) on Oct. 19, 2006]
I would think the whois protection offered at most registrars would be enough.
Pretty much the only way people have to find out who runs a site is to lookup the whois info of the site. The whois protection stops this by putting the whois protection services name and contact info in place of the actual registrants.
Added... although if there is some legal reason they want this, whois protection won't protect them if there is a court order to release the info.
[edited by: Philosopher at 2:38 pm (utc) on Oct. 19, 2006]
The site can't be completely "anonymous"....even if you don't include contact info...you can always go thru the web host (easy to find) to take care of "issues" that the site may create...
It may be anonymous for "joe six-pack" however anyone "in the know" can still find you...
just my $0.02
register with a fake name using a registrar that you don't normally use - eg not under your account.
of course your credit card payments and hosting payments (even if you co-lo you are paying someone) can be traced, thus it is no good if you are upto no good if you know what i mean.
but it will stop people if you are just being political or controversial.
alternatively what about a sub domain of one of the free hosters (you can pay to have ads removed)
|It may be anonymous for "joe six-pack" however anyone "in the know" can still find you... |
So if I was in the know, how could I do that? I can't see that you can get a website administrator's contact details just by contacting a web host or whatever?
The false details seems an interesting route to go down, but I suppose there could be a problem down the line regarding proof of ownership of a domain for example. I suppose you'd just have to be extra vigilant.
[edited by: The_Cricketer at 3:32 pm (utc) on Oct. 19, 2006]
Depends on how anonymous you want to be, and how much risk of eventually losing the domain you want to take.
Normally, I'd rant here, but, instead, I'll try to put myself in a space where I can rationalize doing this. I'll assume that the site is going to express a politically-unpopular view, perhaps in a repressive country, but isn't going to advocate violence, etc.
OK, now I can proceed. ;)
Yes, use fake - but plausible - contact details. AND use the registrar's privacy service. This way, members of the public cannot verify that the contact details are fake. Registrars are required to maintain accurate contact details, but normally don't check - they send you an email once a year saying "is this right? If not, please change it". But a member of the public could check-up on the address, and then contact the registrar and complain. So, use the privacy service to avoid revealing the fake contact details in WHOIS.
Pay with an anonymous pre-paid "money card". (Not quite sure what these are called). These have Visa or MasterCard numbers, but are good for a specific pre-paid dollar amount.
Do not host the site on a VPS with other sites that you own.
Open a hosting account the same way - fake details, pre-paid money card. Pay for a whole year in advance. Ask about a discount, while you are at it.
Use a CMS (to make it easy to add content from anywhere), and access the site from public terminals.
This is a good start, but, of course, if a government wants to find you, they probably can. But I think you are fairly safe from the general public, and even all but the most wiley hacker. (The most wiley hacker might break-into your site, view your site logs, see where you log-in from, track them down, and wait for you around the corner from the Internet cafe...)
You will need to follow similar steps in order to obtain an untracable email account for the domain contact - i.e. you will need to be able to receive email from the registrar.
An alternative would be to use similar steps to first obtain an untracable P.O. box (note that this may be breaking the law in your country) and phone number (voice mail, delivered to your untracable email), and skip the anonymous registration.
The latter is what I do for my registrations, other than the "untracable" part. I don't want some nut-case showing up at my door, but I don't want to pay the fee for anonymous registration, plus I think it looks unprofessional for a commercial website. It's cheaper to pay for a P.O. Box, a voicemail number, and a "disposible email address" service (useful for spam, in any case - you occasionally change the address and drop the old one) than to pay the anonymous fee for several domains.
[edited by: jtara at 5:01 pm (utc) on Oct. 19, 2006]
|I can't see that you can get a website administrator's contact details just by contacting a web host or whatever? |
Let's say you put up some site that that is in all ways "not accepted", you can actually go a couple of ways...
(without all the full details)
You can locate the site's IP address
Once you have that, it's a matter of tracking down who owns that IP address. Once you know who, it only takes a phone call, or sometimes simply an email to point out the site's issues. The owner of that IP "knows" what hosting company(s) work with that IP address. Even if it's a HUGE coproration with a buh-zillion IP's it's still a simple process to locate the hosting provider. Once you know who, you have the website by the throat. If the hosting doesn't share your views on your unacceptable site, you're gone.
(this is only 1 way..there are several ways to locate you...keep that in mind...however this is probably the simplest)
Even if you attempt to cover your DNS it doesn't matter in the long run...your site has a unique IP address, "somebody" owns that IP address (or rents it). And they WILL protect it, because in the long run they are the ones responsible for the content and actions of your site. Plus somebody had to pay for that hosting so they know you. Even if you lied about your contact info to the hosting, it wouldn't matter.
It's like a house on your street, you don't have to know the owner of the house, just the address, in order to report them for "loud music"...
The same applies here, "I know where your site lives", I can find the correct parties to handle "whatever" you decide to impose on me if it's outside the realm of "good taste and acceptible behavor".
Even if you decide to get some 2-bit host in Iran for this, if the infraction is big enough, you'd be toast in the long run.
|(The most wiley hacker might break-into your site, view your site logs, see where you log-in from, track them down, and wait for you around the corner from the Internet cafe...) |
an extreem case...but if you get extreem with your site, your asking for people to take extreem measures...
This is not as hard as it sounds.
As many said before, use the privacy feature of registrars.
Unfortunatelly, that is not sufficient, as a court can subpoena the details of a registration.
Same with a hosting company, no matter how well the information is hidden, a court can subpoena records.
UNLESS you select a registrar, and host that is out of the jurisdiction of the aforementioned country.
China, India, some central African countries come to my mind...
I do not see how a Chinese IP address at a Chinese DNS, with a Chinese registrar with hidden (and fake) information would lead back to the owner.
First one would have to get their hands on the logs. I have not have had such luck, yet I continue to try. No registar will respond and no host will respond to requests from outside of China.
[edited by: Tapolyai at 5:22 pm (utc) on Oct. 19, 2006]