3

I'm going to set up a web service which will use the LAMP stack. One of the most important features of the site is that it should be anonymous. We thought that a cool thing will be if the server didn't made any logs that could potentially identify a user.

I'm working on a web app for a news organization. They want a site to allow people to sumbit news leads and tips (text / files) to journalists. We think if we can provide good anonymity people will be more inclined to provide information. We will also teach how to use stuff like TOR as an extra precaution for whistleblowers

Is this even possible? Any suggestions of obscure things we should look into?

flexterra
  • 31
  • 3
  • Logs are a double edged sword. Running a server without logs will create far more trouble than it can possible prevent. Same thing for not logging who connects and where from. – John Gardeniers Dec 30 '10 at 04:08

5 Answers5

1

If you just want users to be anonymous, and they are only using http.

  • Check your apache conf options for logs, turn off what you like there.
  • To go further it may be better to examine your syslog service conf to stop it there.

This guide should help you with apache config.

Config for your syslog service will depend on which one you are using.

Matt
  • 1,142
  • 1
  • 12
  • 32
0

Everything is possible, but also harmful...

Did you consider script kiddies taking control of your server and you even don't know it happened, 'cos you don't have logs?

I advice you to start from a features list of your internet site and mark on the side, if you need or not authentication, when you need authentication you cannot have anonymous users.

If all the content will be the same generated (or written in pure html) for every users, so yes, you can make it completely anonymous.

Provide us some more details in the case... May be interesting

tmow
  • 1,227
  • 9
  • 20
  • 1
    I'm working on a web app for a news organization. They want a site to allow people to sumbit news leads and tips (text / files) to journalists. We think if we can provide good anonymity people will be more inclined to provide information. We will also teach how to use stuff like TOR as an extra precaution for whistleblowers. – flexterra Dec 29 '10 at 23:43
  • 1
    Wow! This is a good subject, you earned a +1. Well, I'd use the Apache Conditional logging, so that you can avoid to log if the user is requesting one particular URL http://blogs.sitepoint.com/2004/02/18/conditional-logging-in-apache/ Then, I'd use captcha and similar other technologies to catch not human beings. So that the user have just to decipher an image to submit a story and finally I'd develop text filters in your web app, in order to catch spam like messages, so that a Human can then approve or not the story... This is a long discussion :-p – tmow Dec 29 '10 at 23:48
  • That was more or less what I had in mind. Thanks for the tips. – flexterra Dec 30 '10 at 01:26
0

I would highly recommend Freenet . Then, you periodically mirror the tips to the homesite. This allows people to post without fear of being tracked. Questions may be answered here . Basically, you want to setup a Freenet bulletin board, which is a common thing and users access it using a FCP (Freenet Client Protocol) and so you can provide the client on your site.

djangofan
  • 4,182
  • 10
  • 46
  • 59
  • This sounds cool. I have to read up on this freenet stuff. Thanks for the tip. – flexterra Dec 30 '10 at 01:23
  • Just did some testing and it seems that users might need to download and install Freenet node and Java if not present in order to then upload data. This seems very complicated for normal users. Also we would like to have the app available online making a web client for freenet will keep loggin the clients ip on our servers. Did I miss something? – flexterra Dec 30 '10 at 04:12
0

A Tor hidden service would be the best way to guarantee your visitors can't be tracked back to their ISP connection - it's far better to keep logs of traffic (anonymized before it reaches your network).

danlefree
  • 2,923
  • 1
  • 19
  • 20
0

Sounds like you want to do something like what wikileaks does. My understanding is that they use tor and something like anonymous ftp to allow people to upload whistleblowing documents anonymously. Obviously some logs should be keep, just not ones that about who is uploading. But like tmow said, catcha would be necessary.

JamesBarnett
  • 1,129
  • 8
  • 12