What about using something like the Tor: Hidden Service Protocol [torproject.org]? You could run the entire site as a hidden service inside the Tor network. There are several downsides to this, like the requirement for people to install Tor, and the sluggish nature of the protocol. However, this would provide a good deal of anonymity for the service and the users.

If you have a forum, then you will need either cookies of sessions to keep the users logged in. You would need to ensure that the cookies last for the session only.

You could consider SSL for the whole site, as the communications between the user and your server would be encrypted and so can't be deciphered by third-parties (MITM). The server-load would increase though, and it's not a panacea.

One issue you haven't clarified - you want your users to be anonymous, but do you want you (ie. the domain owner and site operator) to be anonymous too?

As for server location, there are no "safe harbors" where you would not be subject to any regulation. If you host in the US, the hosting company will have to comply with court orders issued in their home state. Following on from the above comment, are you going to be prepared to mount a defense for any legal action in the hosting company's jurisdiction? Or are you going to jump from host to host? Same goes for the domain registrar - choose carefully, as it is easy to change servers, but much harder to change domains.

You might be better with non-reputable non-western hosts, as they are less likely to co-operate with UK Gov.

I would expect US hosting companys to privide info on request to US Gov, who in turn would be cooperative with UK gov

To clarify...

1) The whistle-blowing facility would be merely a small part of a much larger site. (But it might prove to be an important part.)
2) As the owner, I would not hide behind anonymity.
3) As the owner, I would cooperate with law-enforcement agencies, however, my thinking is that if little or no information is stored, little or no information can be provided. So far as I am aware, whilst ISPs are required to log data requests and emails, neither website owners nor hosts are required to do so. For instance, if Google didn't store data on search requests, the US authorities could not request it. With respect to not storing IP addresses, I was thinking along the lines of filtering the logs in real-time so that the last six decimal digits are zeroed. This would provide enough information for useful site analysis whilst being more or less useless to the authorities. If it's possible to configure what information is logged, that might be ideal.

encyclo said

You could consider SSL for the whole site

Could you clarify?
Having never studied https, I was under the impression that it only affected submitted form data (by encrypting it with the public key supplied by the host).
Do browsers store any history for https conversations? If they do not, that might be the best solution to part of the problem.
Are https urls/requests themselves encrypted?
I must confess complete ignorance of this area!

encyclo said

If you have a forum, then you will need either cookies of sessions...

I do not plan to provide enhanced privacy for forum users. The site and the forums would be run responsibly and I would not wish to encourage irresponsible posts. Forums could operate on a sister site to ensure normal IP address logging applied.

Kaled.

I tried to find out how to prevent pageviews from being recorded in the browser history several years ago, and the long and short of it was, you can't do that without hacking the user's computer. I highly doubt that has changed in the years since then, considering things have swung more and more toward user-control.

This would provide enough information for useful site analysis whilst being [u]more or less useless to the authorities[/u].

If the authorities get involved, wouldn't they be likely to consider your actions as aiding and abetting? I'd be very reluctant to start a site that deliberately destroys (or that takes specific steps to avoid collecting) data that the authorities are likely to want.

[edited by: MatthewHSE at 5:43 pm (utc) on Dec. 5, 2008]

re: SSL
Encrypted pages are not stored by shared caches [mnot.net].

If there's no legal requirement to record data, then not doing so is in no way prosecutable - even if considerable effort is required to not record it. (Manually deleting data to deliberately obstruct a specific investigation would be different but I don't plan to do that.)

I've given the matter of keeping the browser history clean some thought. The following might help
1) Using frames.
2) Using Cache-Control: no-cache
3) Avoiding images and external javascript/css.

I've started to consider content-management. The site would be largely article/comment based. Article-writers might reach a few dozen in number and registered users would be able to add comments. All thoughts/suggestions are welcome.

Kaled.

Hi, kaled.
hosting, proxy & internet providers can store log-files and their contain all history about user's surfing - usual methods don't allow hide it and privacy depends on who is searcher;) even botnet doesn't get 100%:))