Seeking Guidance, Suggestions for Anonymous Web Hosting, Discussion Board

I’ve come to this forum with the hope that some of the more learned and knowledgeable members might offer help and guidance in selecting and setting up an appropriate offshore (to U.S.) web host for anonymous domain registration, web hosting, and email.

We are trying to put together a forum-based website (discussion board) for licensed professionals to discuss and share their experiences with unconventional practices. Discussion of these subjects is an absolutely protected right, but, in some jurisdictions, these professionals (including the ones who want to set up the website) put their license at risk by discussing or even acknowledging these practices. In order for the participants to feel secure enough to be candid and forthright in their discussions (which is an essential element in order to achieve the goals sought by the forum), we must provide assurances of anonymity – both to the participants and to the website owners.

1. The domain must be registered anonymously, but ownership of the domain should be within the control of the founding members;

2. Participation in the discussion board must provide assurances of anonymous posting (such as: host does not retain IP addresses, offshore and not subject to service of U.S. process, host will protect anonymity of users and website owners);

3. Protected email communications, intentionally not tracked or retained by host.​

I realize that the threat to members is far more theoretical than real, but I want to honestly offer and provide the best protections possible, which will support the ordinarily reluctant, and even some of the more paranoid members to join, and free them to participate more openly. Open, honest, unfettered communications between members will offer huge benefits for practitioners and for those to whom they offer their services.

At first, I thought prq.se would be ideal, given their statements about free speech protections (they offer both hosting as well as anonymous domain registration). But when they failed to respond to even the most elemental of inquiries, I realized that I needed to factor in such things as responsiveness, reliability, uptime, and problem solving. So prq is out, and I’m looking for suggestions and alternatives that would offer what they offer, but do so in a reliable and responsive manner.

Two additional caveats:

1. My knowledge of computer security issues is woeful, yet I am nevertheless dabbling in arenas well over my head. I apologize for my newbie status and all the extra work that that entails in even responding to my post. But the end goal is noble and worthwhile, and that is what is driving me to move forward with this, despite my limited knowledge, and emboldening me to ask for help.

2. As a favor, please do not try to “guess” (meaning “post”) what the specific subjects of the website may be. You are all very smart people here. I have provided more than sufficient information for anyone on the board to figure it out, and I know that it would not be difficult and even fun to play that game. But there are very good reasons for me to not want it to be “named” on a publicly accessible board. If anyone is still curious, I would be happy to send you an invite, once we are up and running. Thank you. ​

So, anything and everything that anyone wants to offer in terms of guidance and assistance toward this goal is welcome and appreciated. If you respond as if you were speaking computerese to a five-year-old, I would not only be not offended – I would be appreciative.

Thank you

 

The above post was originally posted in Privacy Related Topics > privacy general, but the thread has apparently been moved by the moderators to Privacy Related Topics > privacy software. This appears to me to be a misclassification, but I am open to explanation, if anyone has any.

 

Anonymous Speech seems to meet your requirements, they are subjected to Japanese law as their head quarters are in Japan.

Quoted from website:
The most important consideration for the majority of our clientele when sending anonymous secure email is his or her personal anonymity.

While other web-based email services will reveal your identity without reservation to an interested private party with money, AnonymousSpeech.com will not respond to inquiries made by foreign governments or private parties regarding the emails sent by its subscribers.

Any inquiries regarding the identity of our subscribers are ignored. We do not respond to any of them.

Our servers are constantly moving in different countries (Malaysia, Japan, Panama, Bolivia, Laos) and are always outside the US and Europe.

https://www.anonymousspeech.com/

 

This is actually a great question as it puts a common problem in nontechnical terms. And the answer would be beneficial to many. It is true that PRQ offered a solution to your needs, but that was before LE pressure, which has intensified due to current Wikileaks "dragnet."

If Poosey is willing to advise, I would take him up on it. I have been reading the privacy forums for some time, though I haven't posted for awhile and had to set up a new account for this exchange, but I've noticed Poosey's comments are first-rate. In fact, I was going to contact him myself with some of the same concerns.

I am a lawyer and activist who writes from a (some would say) radically pro-privacy perspective. In other words: privacy for the people, first through cogent explanation and then through practical implementation. People like Poosey and others on Wilders who are skilled in technical knowledge and generous with their time as well, can bridge the gap between the technology and those who approach these questions from a communications perspective. It can be a remarkably productive cross-over conversation. I can supplement from a legal perspective if anyone wants an information barter .

 

Poosey, I've tried private messaging on Wilders and it says its not available. Am I erring in some way? I'd be happy to initiate a conversation in medium and method of your choice. I just need to know what you prefer.
nancy

 

Setup a stealth paypal account. All you need is a gift card that currently works to lift spending limits on the card(the paypal and GC will be in bogus names). Grab a Simon Gift Account. Make sure the address matches on the two accounts. Use a real street address somewhere within 100 miles of where you live.
Fund the initial domain registration with the card/account. Renew it with your paypal.
If you don't know how to anonymously add money to paypal afterwards... search around aspkin.

Then you'd best run a dedicated server. I would never trust any host that claims not to keep logs.
I'd also suggest the Netherlands as your host country. Their laws are such that the only court with any authority is their own. And they only care about domestic affairs.
Don't plot the PM's assassination and you'll be fine

End to end email encryption is what you're looking for. Google will explain it better than I

Email is the most simple thing to protect ever. There has been rock solid unreadable email since the 1980s.

lol CPanel. I think you might want to stop posting in this thread. I don't throw the word "noob" around lightly, but with the way you seem to consider yourself knowledgeable, I think it's applicable.

Basically.. don't hire Poosey.

Somehow you're not even aware that VBulliten PM requirements are on the sender, not the account.


Poosey is either incompetent or a troll. Either way, ignore him. He has no idea what he's talking about.

 

Doing that on the open WWW will be very risky if you don't know much and will be a significant investment in time and money.
I suggest to go a different route while forum and members grow and you learn more about the risks and options you have.
There are already highly secure and relatively easy to use anonymous networks that could serve you well.
The big problem with them is that the burden of security and setup is spread across all members and connection speeds are suboptimal, although for a plain text based discussion it's not too bad. Anyway UX is not optimal. This also makes it difficult to get new members on board. But the benefit is, there you can safely discuss further actions with like minded and more knowledgeable people so you can see it as a temporary option.
I'm talking about Frost, Tor/.onion, i2p and other darknets and decentralized anonymous networks. RTFM applies here as well as there are several risks you have to know about but I think easy compared to your current undertaking.

I think a hidden .onion forum is the best solution for your case. It makes for an easy transition to the www and people can (although with the added security risk) access the forum via the regular web and a tor to web portal.
If setting up your own server and web forum is still over your head I suggest Frost with FMS.

 

No, I'm just aware of what actual risks are. I violate the law every time I pull into my house from work. I have to cross double yellow lines, which is technically illegal at all times

There is no amount of security a site can offer users that aren't careful. You apparently aren't aware of this. Discussing illegal topics is typically not a crime. Not in the US, not elsewhere. Only planning specific acts or admitting to past crimes can get you into trouble.

In order to obtain his records, it would require a warrant. Aside from plotting specific future criminal acts, or publicly admitting to past acts, there is nothing that would allow for this.
Even in this event, the very simple steps I outlined above, would easily cover him %100.

Let's say a warrant actually is issued.
He has no logs. So nothing there.
He has registered the site as a fictional person. Nothing there again.
He's only administered his site with on-site tools, so again no logs.

What do they catch him with Poosey?
How do they catch the members?
No logs. No real people.

Tell me one way they're going to find *anyone*?
And tell me one way that any additional amount of security could prevent it.

The only way my system fails, is in the event the hardware is compromised. The problem is that if it were, no additional paranoia steps would prevent it.

P.S. If you want to go an extra step, beyond what's needed, Katio is correct. An .onion forum and making everyone use Tor itself is even more secure. But it's a bit like adding machine gunners to your yard in additional to the existing mine field. And it will probably shave the number of actual users of your community so low that it will certainly fail. As an administrator you have more to think about than the loftiest security measures imaginable.
You could invent a language and force all of your members to learn it in order to communicate, and make mastery of the language a requirement for ability to view the forum. The alphabet could be written in still images of Peter Frampton in various poses. That would be *really* secure.
It would also be rather silly.

 

To add to what I wrote above:
What we have been talking about has been about YOUR security, of your site, of the administration, not of the actual users.
You've asked for protecting the users too. I missed that in my first reply and so did everybody else it seems. Because for obvious reasons this is not possible in the good old plain text internet.
The only way to force your users to use good security is through using one of the mentioned darknets/anonymous networks. If you host a regular website people would have to set up Tor or use a, by design always inferior, VPN or proxy. You can't assure them any kind of security, they'd need to figure it all out by themselves, including the common pitfalls.
From this perspective I think the advantages of a offshore http/www website are pretty much negated and what's left is more risk for you, the users and your site, let me just mention the more and more common censorship - Great Australian Firewall coming to a friendly western government near you? Anonymous networks are censorship resistant to a large part, are decentralized, there is no single point of failure (e.g. you, which means you are a less interesting target...), can offer some level of plausible deniability, just in case you ever got into problems with the authorities, and they are secure by design (to some extent) making user errors, bugs and other stupidities like that less likely.
Really, they got a lot going for them and, if the risk is as high for the members too as it sounds, you'll have problems attracting new users either way no matter what UX you can offer.

<insert standard disclaimer how I'm not liable for anything, do not suggest to break your local law etc... use at your own risk>

 

something is missing here

 

Do you have to register a Simon gift card online? If so then do they ask for a SS#?

 

interesting topic. i know a friend who had experience with these types of forums but they don't last because members **** up. i suggest choosing members wisely through some questionnaire test before they can proceed any further. im talking about an extensive test to peek at their knowledge. also, a separate site that can detect an instant change in individual ip before it generate a code that they must insert when they first registering for your site. similar to a referral system. that way, it would prove that the member had the capability to install and use tor. its also a one time thing..part of the registration process..

 

How about setting the forum up as a Tor hidden service and having everyone access it through Tor? That's about the easiest (and still legal) way I can think of. That way, even the operator of the forum can remain anonymous.

 

Freenet? All is permitted there And it works through VPNs.

 

You can online, you can over the phone, including VOIP. There are several services that will order one for you as well.
No SSN# required.
But you want a gift account. Not a gift card. They send you the gift card, and you need to physically possess it to use it. The CCV2 is on the back, and they won't disclose it over the phone or online.