How hard is to be the anonymous owner of a website?

domains privacy
81,131

Solution 1

Summary

Minimising the attack vectors by not registering a domain, not registering hosting, not using a credit card linked to your name, not openly giving out your IP and email address, not using Google Analytics, and not discussing your new project openly will each reduce the chance of your identity being discovered.

How might your identity be discovered?

To understand how to set up a website anonymously, you must first appreciate that your identity might be obtained via:

  • The WHOIS record for any domains you register.
  • Your IP address (sent in the header of emails you send and found in server logs).
  • Your service providers' account records (i.e. hosting, domain registrar, ISP).
  • Your email address.
  • Your credit card details or other payment method.
  • Your Google Analytics account information (if tracking more than one site).

How can you eliminate most of these things?

The simplest and best way to eliminate many of these things being used to identify you is this:

Don't register a domain or pay for hosting at all.

Instead, register with a free blogging platform such as Tumblr or WordPress.com, who give you a subdomain when you sign up (i.e. yoursite.theirbrand.com). Many human rights bloggers and campaigners choose this option because the main thing they have to worry about then is protecting their email and IP address.

You can protect your IP address to a degree using a VPN such as HideMyAss whenever connecting to the Internet, or by using the Tor network. You should turn the VPN or Tor connection on before registering for any services and while using them.

A search for 'anonymous email' will provide you with an address you can use to sign up to services anonymously.

Be aware that some free blog providers will delete blogs that might be deemed offensive. Read their terms and conditions before signing up and take backups of your content if it's important to you.

If you feel compelled to register a domain and buy hosting

If, for some reason, you have to register a domain and buy hosting, consider the following ways of safeguarding your information:

  1. Register the domain using an anonymous registration service (not the same as domain privacy), as mentioned in this question.

  2. Use an anonymous hosting service that allows you to register under a pseudonym and without providing a postal address, such as Anonymous Speech.

  3. Consider using hosting and registration services that support pre-paid methods that don't link your identity to the payment method (i.e. cash). As ever, be careful about sending cash by post.

  4. Think about registering a domain in a country outside of your own nation's jurisdiction and hosting your site somewhere else too. This doesn't prevent requests for information being sent to hosting providers, but it can add an extra barrier.

Each of these items alone will not protect your identity from someone determined to discover it, but together they will make it harder to find out who you are.

Be careful about using Google Analytics and other third-party services

If you use Google Analytics -- even on a hosted platform like tumblr -- you should know that it's possible to do a 'reverse Google Analytics ID lookup' by putting your site's URL into services such as eWhois and Statsie to find out what other websites you're tracking with the same Google Analytics account. This could potentially unmask you if you're not protecting your identity on other websites you run.

For that reason, avoid using Google Analytics or any third-party service that might be used to identify you. Blog using a basic theme and no add-ons, widgets, or additional third-party scripts that require registration elsewhere.

Choose a unique nickname

If you're going to blog under an alias, make sure you've never used that alias for anything else. Aliases you've used in forums years ago ('runningWithScissors') have a habit of showing up in search engine results.

Don't go blabbing offline

Also consider not telling anyone else what you're doing. There's no point in taking steps to mask your identity online if you're willing to give it away freely offline.

Solution 2

The Whois privacy is barely a protection - most registrars will surrender your personal details at the first request. Well, perhaps at the second. Anyway, the point is, they are generally unwilling to take risk and get under fire so they won't bother to investigate who is right and who is wrong for a client that perhaps only brings $5/month of revenues.

  1. Your one option includes registering under fake name with fake address details. That will have the risk of you losing your domain name one day if they decided to validate your personality and contact details by calling your phone or mailing to your address.

  2. A more reliable and a long-term option includes registering an offshore company and running your site in its name. There are ways of keeping the list of owners (or at least the list of beneficiaries) very private so that even investigations at the government level may turn empty. The "$10/year" however won't cut it, you'll need a few thousands per year to make this work. Good news, there are service companies which will do this for you so you won't even have to fly to another country.

Solution 3

Use a Hidden Service on the Tor-network with a .onion-domain. Unless you give out personal details yourself, it's impossible to trace back to you.

Solution 4

The whois protection is good enough as far as I know. Obviously this is true for normal people. If police or similar will require your data, they will take them easily.

Solution 5

There is a blogger, writer and scientist in the UK who went by the nom de plume of Belle de Jour - because she wrote about being a practicing prostitute. She wrote a book (and some more later) and her book was made into two TV series. She remained completely anonymous for a very long time before she was outed.

The way she did it is detailed here.

The advice is a little different to the above because it talks about how to set things up in terms of business structures and accountants so you can't be found out. It also talks about how somebody who knew her worked out and created a page on his blog that was a Googlewhack. Only somebody else who worked it out and searched for specific terms would go to the page so he got early warning and could get a message to her.

Share:
81,131

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin almost 2 years

    I'd like to create a website with a very radical political message. It won't be unethical (encouraging violence, etc) but I feel the points I plan to list in it will definitely make me a lot of enemies.

    How hard would it be to protect my identity from anyone finding out who I am? I know domains always have a $10/year option for privatizing your registration information but is there any other protection I should think about having?

    • Admin
      Admin over 12 years
      You need to spend some time determining and then explaining just how anonymous you intend to be. Simply hiding your name, eg. whois protection, isn't going to do it. It'll help some, but more may be required.
  • Jonathon
    Jonathon over 12 years
    +1 Great answer with a very simple way to remove a lot of the 'tracking' issues (i.e. don't pay for anything)
  • Earlz
    Earlz over 12 years
    Also note that a lot of local stores provide anonymous pre-paid debit cards. These work wonders for paying for things anonymously online.
  • rekindleMyLoveOf
    rekindleMyLoveOf over 12 years
    Not true. I filed a complaint against a competitor once before on a potential copy-infringement issue and he came back with all of my "private registration" details (no, I don't know why he felt he had to send me my own info). Well, it turns out the guy worked for a registrar and had access to this info somehow.
  • Colin Pickard
    Colin Pickard over 12 years
    +1 worth considering although this is probably only nessecary to defend yourself against (international) government opposition. wired.com/threatlevel/2011/06/silkroad
  • Aurelio De Rosa
    Aurelio De Rosa over 12 years
    @DavidMurdoch This is a role abuse I suppose. It is like a man in a call-center who get all your private data without any authorization.
  • Earlz
    Earlz over 12 years
    There is one thing you can do. afraid.org offers free sub domains. I'm sure there are other similar services. But their sub domains you get full control over (point at your own nameserver) and they don't require address or anything
  • Victor Bjelkholm
    Victor Bjelkholm almost 12 years
    +1 That's probably the safest way. Running a hidden service with a .onion-domain is impossible to trace if you don't give out any details yourself.
  • Anthony Hatzopoulos
    Anthony Hatzopoulos over 11 years
    @Nick great advice +1. Here's some more resources... Secure Email: Hushmail | Secure VPN: IPredator | Paying Anonymously
  • lordmj
    lordmj over 11 years
    It sounds great "paying anonymously". But once being anonymous/ out of your countries juristiction maybe... what keeps the hoster from cheating you?.. great tipps though
  • Sven Slootweg
    Sven Slootweg about 9 years
    @AnthonyHatzopoulos Neither of those are 'secure', and both rely entirely on trusting the provider. Terrible idea. Just use Tor and any e-mail provider, using a local e-mail application + GPG. VPNs and webmail services are fundamentally flawed from an anonymity POV.
  • wscourge
    wscourge about 6 years
    Great tutorial on how to track down the domain owner. Thank you.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to transfer a domain without a "gap" in Whois privacy protection?
Which free VPN providers support Ubuntu?
How To mask personal identification information using any language like java?
What data is collected by Google Analytics (by default)
You must provide a valid Privacy Policy URL in order take your app Live. Go to App Details and make sure it is valid
Deleting iPad Analytics Data
Privacy Policy URL for instagram
Youtube API get unlisted videos
Dual boot. How do I reinstall the Ubuntu partition?
How to show .Trash and hidden files on USB sticks but not in $HOME?