Last month I said in my post ‘7 ways to blog anonymously‘ that I was trying to find out how anonymous blogging platform Blogacause.com ensured anonymitu. I’ve now had a response, from owner Michael Groves. Here’s what he said – comments and further questions welcomed:
Blogacause uses the blojsom blogging platform to execute the blogs you see on our site. The home page and subpages, not including blogs, are
built on coldfusion code. Since I’m a web application programmer by trade, I’ve rewritten the code in blojsom such that any identifying
information that was previously stored about visitors or bloggers is no longer a part of the engine code.
With regard to comments on the site I did leave the code in place but as you will notice as a blogger on our site it always returns the same IP, that of the hosting server (we did this because we though we might need to track down some very specific spammers from the Asian countries so we can block them. However, a recent code page I developed will allow us to automatically ban spamming IPs and this is due for deploy 4th quarter 2009. So eventually the comment IP will be removed entirely.).
The coldfusion server port forwards seamlessly to a tomcat server which serves the blojsom powered blogs and the logs for the tomcat have been turned off.
I’m currently writing code which is a type of dead-man switch which will begin deleting logs and other things, after a specific period of time, which might compromise anonymity should I be unable to access the server or admin consoles in place.
I also am a full admin on the servers on which we host our site so I can assure that logs are turned off which track visitors’ and users’ IP addresses and other identifying information. Those that we are not able to turn off are deleted with regularity daily. I’m currently working with the owner of the host servers to programmatically scrub the logs of any info about blogacause visitors and users.
I won’t go into any details other than what I’ve given above, but suffice it to say that I’m quite serious about providing an anonymous platform for our bloggers to expose government misdeeds or to champion causes against large organisations with deep pockets.
I will say this about other blogging platforms. While they say they can offer anonymous blogging, it’s been my observation that this not only is not true, but that because of who owns them or invests in their continuance (either mainstream media or the big guys like Google or Microsoft – WordPress got a huge bankroll from the New York Times) they have a vested interest in actively collecting data that can personally identify users and visitors and/or add to their bottom line. We do not have such an interests.
We have been using analytics but that will change as we believe that Google, who received her seed monies from the CIA and the NSA, cannot be trusted. Instead we have written our own code which will be implemented last quarter of 2009 which again will not collect any personally identifiable informaton.
I and the others involved in this endeavor are just normal everyday citizens who believe in being able to fight back and even the playing field, and we are concerned by the sociopolitical and economic paths we see “civilized”, “progressive” and “super-power” statused countries taking and its effects on humans.
As to being compelled in a court of law to provide info about a blogger or commenter, we can honestly tell a court that it’s not possible. And should the court try to compel us to turn on logging we will simply turn off the site and start it again somewhere else. We can always retool the site for other uses.
If police seize your servers is there a chance that there will be ghost residues of ‘deleted’ data? I’m assuming that is why they seized IndyMedia’s servers in the UK and US even though they delete user data.
That is most certainly why they seized the servers… for forensic analysis. There is always the chance of deleted data being available in ghost form on a disk.
Keep in mind this is a live webserver with probably close to a 1000 websites hosted on it. In as much as we keep the drives lean and mean, I’m sure that the drive’s deleted data doesn’t stay ghosted for long what with the 100’s of thousands of writes to the disk daily. If the site continues to grow eventually we will host on a standalone server and be able to implement even more strenuous privacy measures. At this time its just a matter of money.
Responses to further questions will be published here and in the comments.