Tools for anonymous blogging

[Dylan Knobold]

Greetings cryptographers,

   I would like to ask your assistance in setting up a weblog that
cannot easily be traced to my real identity. I have surveyed the
existing tools and do not find one that fits my needs well. For my
proposed blog, I would graciously accept volunteer hosting, but I
think it's also worth thinking improving tools so anonymous blogging
can be accessible to many.

   Of the many forms of Internet communication, blogs have many
desirable properties which interact well with anonymity. Perhaps
most important, the basic blog form is essentially invulnerable to
spam. Any idiot can put their blog up on the Web (and many do), but
nobody is forced to read it. Email, by contrast, is fertile ground
for spam and other similar forms of abuse. Indeed, the anonymous
remailer network had to deal with spam as a serious problem long
before it became the everyday bane it is today.

   Similarly, while running a remailer "exit node" can lead to
significant negative consequences from recipients of abuse, openly
running a proxy to make anonymous blogs accessible to the public
Internet is above reproach, at least among those who believe that
speech should be free.

   Publishing a blog can be relatively high in latency, and very low
in bandwidth, at least by today's standards. I believe these
properties should make it relatively easy to design a blog publishing
protocol which is highly resistant to surveillance. Real-time
Pipenet-style systems, such as ZKS Freedom and Onion Routing, are
susceptible to a listener simply correlating bursts of activity
between the publicly visible blog and the user's bandwidth to the
Internet.

   Finally, while remailers contend against the deeply entrenched
email infrastructure, blog publishing tools are still in their
infancy, and most people do not find it particularly convenient to
publish a blog. In addition, good hosting costs money; the free
hosting services are ad-ridden, in many cases badly.

   Given these goals, what tools are available today? The most obvious
is to use an anonymizing Web proxy such as anonymizer.com in
conjunction with a public blog hosting service such as LiveJournal.
However, this approach doesn't give me a warm and fuzzy feeling.  In
particular, anonymizer.com is a single point of vulnerability, a
one-stop shop if you will for spy agencies, conveniently pre-filtered
to include only those who feel that leaking identity information is
worth thirty bucks a year to protect (the free version is little more
than a teaser for the pay service).

   Another possibility is to leverage the existing email
infrastructure, for example Yahoo Groups. However, while posting to
such a group should be reasonably straightforward using an anonymous
remailer, it's not clear that admin functions are similarly
accessible. Also, such an approach is vulnerable to many attacks
deriving from email's lack of authentication. Finally, I don't
consider an email list to be a particularly high-quality blog format.
I'm not asking for all the frills, but reverse chronological display,
permalinks, and an RSS feed are all essential today.

   Am I missing something? Is there perhaps another good approach
to anonymous blog publishing? If so, I'd appreciate your insight.

   In the meantime, here is how my ideal hosting would work. I'd
arrange (via email) with a volunteer to host my blog. She'd get my
GPG public key, and I would assign me an email address for sending my
updates. That address would route to a script which would decrypt
incoming messages, verify that the signature matches my PK, and
immediately drop any non-conforming emails at that point.

   The contents of a signed email message are then passed to some kind
of "untar" script, which simply replaces files in a public Web
directory. I'm a little unsure about the use of tar itself - it
_should_ be secure, but is fairly crufty by now, and is not usually
considered a security-critical utility (in fact, it's disturbing that
the obvious .. path attack wasn't fixed until GNU tar 1.13.19, see
CAN-2001-1267). Perhaps there is another archive unpacking tool in
which the volunteer has more confidence, or perhaps a very simple, and
thus easily auditable, script, could serve. I'd be more than happy to
write such a script.

   On the posting side, any tool that produces "baked" pages, such as
Blosxom, should serve. It should be relatively easy to integrate the
blog-posting tool with GPG and premail, so that the updates are
automatically signed, anonymized, and sent.

   This is a "quick and dirty" approach which should get blogs online
reasonably easily. If it works well, others should be able to use it.
If enough good anonymous blogs go online, that should help motivate
the design of much more sophisticated tools, possibly using techniques
such as IBM's YouServ to replicate content and thus reduce the
dependence on particular proxy nodes.

   My own blog will probably serve as an example both for those who
feel that anonymous speech is important to protect, and those who feel
that it's too dangerous in our society. It will be intelligently
written, thoughtful, fair, and hugely controversial. If past
experience with anonymous Internet forums (mostly mailing lists) are
any guide, I expect a steady stream of death threats and the like.
Thus, hosting it is not for someone faint of heart. I'd be happy to
discuss the plans privately, but they're somewhat off-topic for this
list.

   If anyone can help me get my blog online, I'd be very grateful.
In addition, I think the design of better protocols and systems for
anonymous blogging is worth more attention from free speech-minded
cryptographers.

Peace,

Dyl


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com