It's just a puzzle box!

Thursday, 3 April 2008

Chronicle

I've made a new release of the chronicle blog compiler, primarily to allow the "Subject:" header to be used for new blog subjects.

(That allows new entries to be automatically posted via email, with an appropriate procmail setup. I'll add one as an example shortly.)

RSS Utility

Whilst on the subject of RSS creation (huh?) I've written a tiny utility which will create an RSS feed from a list of text files. It will also create an index.html file to match.

To see why this is useful you could view my recent changelog.

I think there is a need for a small tool to read files and create feeds from them - like mod_index_rss does, but without messing with Apache.

If there is any interest I'd be happy to release the code, as-is it doesn't use a template..

Anonymous Hosting?

Online privacy is important. Mostly when this is discussed it is in the context of client-side anonymity.

Looking at it from the other side, though, How do you host a website anonymously?

You could register the domain via a proxy, or with bogus details. But if you host the site yourself the IP address may be traced to the hosting provider, and that may be used to trace back to you.

So, the alternatives? Well you could use a hosted site such as livejournal / wordpress / googlepages / etc. But pretty surely they'll be able to trace content back to you - and if you don't host it there's a high chance they'll just pull it if you talk about "bad things". (I guess you could use TOR for uploading / your connections there.)

So, going back to the question. How can you host something, easily accessible to the world, without risk of your identity/association being discovered?


I'm, obviously, ignoring FreeNet. Two reasons for that:

  • It's slow, has no search-engine goodness, and is unproven.
  • It requires an atypical client. Aunt Milly won't be able to surf Freenet...

I almost think the best way forward would be to write a site which was a proxy for a file-sharing protocol, then link people to items that way. Relying on the swarm to host the files..

The downside is that you'd have to have a convincing argument for when RIAA comes calling, suggesting that you're sharing their stuff too. If it wasn't a general purpose proxy then the deniability is gone, and if it is you're at risk of general copyright infringement claims.

Hard problem. Shame.

ObQuote: HellRaiser

| 6 comments.

 

Comments On This Entry

[gravitar] Anonymous

Submitted at 00:02:57 on 4 april 2008

I'll assume that you also want to ignore any illegal means of obscuring your identity.
I do believe Freenet represents the technically optimal solution for this, but as you said it only works with clients that use Freenet.
Tor has a "hidden site" mechanism, but it requires the client to have Tor. While Tor requires much less work to install and get working than Freenet (for instance, pre-bundled versions of Firefox and Tor exist), that still most likely puts your site out of the reach of the average person.
I also assume you don't just want to host something accessible to a limited number of people, since in that case you could use any arbitrary hosting to host files encrypted with the public keys of those people.
So, the remaining options that I know of: * Find one of the few hosting companies, often in an obscure jurisdiction, that claims not to log anything. Always interact with it using Tor and ideally also at least one other anonymizer, and make sure the client you use doesn't transmit any information that identifies you; do the same whenever you reference it elsewhere. Payment poses the most difficult problem, as no widespread solution exists for cryptographically untraceable currency; such a system would solve many problems. Sadly I don't think any hosting providers take cash. See http://snarfed.org/space/privacy%20through%20prepaid%20credit%20cards for more on anonymous credit cards.
[gravitar] Rod Ross

Submitted at 06:44:29 on 4 april 2008

re:Chronicle
I have been looking at all the options out there. I guess chronicle uses perl to produce static pages much like nanoblogger uses shell scripts ? Then there are all the blosxom, pyblosxom, etc versions out there that run as a cgi. I have not tried chronicle yet and will. It seems unless your running a newer computer, then the cgi based scripts are slow to build and if its a py or perl cgi and the site is busy you might as well go hiking and come back later. I noticed with the Plone site and slash, b2evolution, and more that they are really slow too unless your in a server room with countless mips at your disposal. I guess what I am getting at is: Where are some good fast c language blogs, cgi, and CMS programs ? I am not a big fan of BSD ( I run debian on 5 out of the 7 computers I have, the other 2 run bsd ) but the undeadly.org ( http://undeadly.org/undeadly-src.tar.gz) code looks like something we debian gnu/linux people should try to replicate.
re: Anonymous Hosting? Steve, I don't see you hiding. How would one have ads and at the same time have anonymous hosting ? I agree that there are ways for goverment types to track traffic. What do you think of GnuNet ? Could it become more. I use dhis, it is in debian. It runs on a 6116cd 601 powerpc at 60 mhz. Really, I am not kidding, it runs a homepage and wiki at http://rod.dhis.org/ . I don't care for livejournal, etc. I see you don't use your lj page much. Besides from what I read six apart & Brad sold it to the Russians for many millions. On the anon hosting, I think the answer is to move the net to wireless, using ham and satellite and Bdale @ debian would be the one who would come closest to knowing how to do it. But you would probably have to leave the old net behind and go to the new "Free to Air" net. A rewrite of the code possibly using GnuNet as a starting point or model.
Always a pleasure. Take care,
Rod Ross
[author] Steve

Submitted at 08:43:33 on 4 april 2008

Rob: Yes, that is precisely it. My tool is a slightly more featureful version of nanoblogger, written in a maintainable fashion. (Then augmented with a hacky commenting system.)

I've never looked for a C-language blogging sytem, and can't think of one off the top of my head. Generally I like things to be Perl-based..

I personally do not wish to host anything securely, but it is an interesting thinking exercise - and adverts are mostly orthogonal to that discussion.


[gravitar] David Claughton

Submitted at 13:34:49 on 4 april 2008

re: Anonymous Hosting? I've often thought websites over P2P would be a great idea. Apart for the anonymity angle, other advantages would be zero hosting costs and practically no chance of your site being down. There'd be no CGI though, probably, that's a large can of worms. Based on maybe 15 seconds of thought, I'm almost sure it could be done with a Firefox extension attached to a P2P client library, probably need a bit of protocol work. Just a thought ...
[author] Steve

Submitted at 15:15:59 on 4 april 2008

The only problem I see with a P2P based website is that there is the risk that somebody could poision it.

Say somebody uploads www.steve.org.uk.zip - how do you know it is the correct one?

You could probably solve that problem by signing files with a well-known key, and validating them via your plugin, but it would be something to consider.

[gravitar] Robert

Submitted at 07:52:42 on 11 april 2008

What you describe is pretty much what the newer-gen Freenet is.

It's not *quite* to the level of Aunt Milly being able to surf Freenet on your box without noticing a difference, but the underlying concept is that of swarm-hosting. And, thinking back to dear Aunt Milly, I suspect she'd be just as confused by having to go find a fileshared copy of www.steve.org.uk.zip and wait to download it... and, "but it's from last year!"

My personal opinion is that it would be less effort to improve the annoying parts of freenet (search engines are now theoretically possible just missing, for example) rather than trying to reimplement the concept. If nothing else, you get anti-takedown technology for free.

 

Comments are closed on posts which are more than ten days old.

Recent Posts

Recent Tags