this post was submitted on 03 Sep 2024
17 points (100.0% liked)

Privacy

32665 readers
491 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello !

I'm wondering if there's some blogging mechanism which would allow some sort of unique digital signature (PGP perhaps) to prevent personification, but which allows non traceable and fully anonymous author. Not looking for blockchain like stuff (apart from the layer Monero adds, blockchains are totally transparent, traceable and non anonymous). Not looking for bigotry, attacking people or anything like that.

The idea is to be able to share ideas, even corporate related, without being afraid of retaliations whether at work, corporations or governments. Expressing something at pubic might bring unexpected consequences, particularly if not aligned by the corporation one works on if that's the case, or might provoke AI, bots, or paid/unpaid people looking around, to include anyone in a particular list, without even warning the writer about it.

So I was looking if such thing is possible, and if it exists. Social networks of course wouldn't be an option, they're not anonymous, and at contrary can be used to cross-reference and trace people.

If such solution doesn't exist, I'm wondering if something based on gnuNet might get close, although gnuNet is not meant to make users anonymous. Or perhaps something based on i2p.

Of course the digital signature should be used exclusively for the blog posting, and can't be associated to any real email, host, or whatever...

Feedback on the blog posts should also be allowed to anonymous people with their own unique digital signatures. But this is harder, since depending on the technology, not sure if moderation would be allowed, or even if it would make sense, in which case, no blog feedback should be allowed, though no feedback is really a down side for blog posts. Maybe allowing just the original post to remove feedback. Some other down side, but that's unavoidable, is the lack of non on thread feedback, meaning giving feedback through email or any other medium, since if that was available would make the writer non anonymous...

If such thing is not available, and eventually based on something like gnuNet or i2p, most probably clients would be needed to write blogs but another one that would offer some sort of RSS/atom functionality for the blog to be accessible from current RSS/atom readers.

top 9 comments
sorted by: hot top controversial new old
[–] MigratingtoLemmy@lemmy.world 4 points 4 months ago

Get a domain against XMR from Njalla/NiceVPS/IncogNET.

Purchase a VPS with XMR.

Host website on it along with a WAF, Fail2ban, and maybe Cloudflare free account if you're OK with that (there are ways to not use Cloudflare but they're a bit more advanced).

Host it over the clearnet, TOR, I2P and FreeNET for universal access.

[–] propter_hog@hexbear.net 3 points 4 months ago* (last edited 4 months ago)

You mentioned PGP already, but this is exactly what that technology was designed for. You can sign the post with your private key, meaning anyone with the public key can verify its authenticity, and sites such as GitLab make use of this for signing code commits to prove it came from the author listed on the commit. A scaffolding utilizing PGP for blogging may already exist. You'd have to enter your PGP passphrase to seal the post. In fact, you may be able to take advantage of the exact mechanism GitLab and others are already using by publishing by way of a signed git commit, and displaying like a green lock or something on blog posts that are authenticated.

[–] katamari_22@lemmy.ml 2 points 4 months ago

Try Write.as

[–] adespoton@lemmy.ca 1 points 4 months ago (1 children)

Just use any p2p blogging solution and gpg sign all your posts?

[–] kixik@lemmy.ml 1 points 4 months ago (1 children)

I'm not aware of any, do you mind sharing anyone, better if not requiring account?

BTW I can easily find blogs about p2p solutions for whatever, but not about p2p blogging solutions...

[–] adespoton@lemmy.ca 1 points 4 months ago

In reality, you can use any blogging solution; they can be hosted on I2P or TOR or WriteFreely or even Lemmy. A Lemmy community is essentially a P2P microblogging solution if used that way.

Then, just sign all your posts on the platform you choose.

[–] felsiq@lemmy.zip 1 points 4 months ago (1 children)

You rule out social networks, but why? Wouldn’t a fediverse microblogging (or full blogging) platform work fine for the purpose? Just pick an irrelevant username and a strong+unique password and only access your account through tor using any and all relevant best practices.
Given you want the continuity of the author preserved, I don’t see the functional difference between the posts being associated with an anonymous account and them all having your public key. Am I missing something?

[–] kixik@lemmy.ml 2 points 4 months ago (1 children)

The issue with social networks is the account requirement. Even though decentralized, they still require servers with accounts. If you, to prevent not being able to access at some point included an email, and the server gets hacked, then there you go.

Perhaps is a mistake of mine, to think social networks are not anonymous enough. Maybe they are. But tracking mechanisms are so sophisticated now a days, than the need for an account make me think they won't ever be. That's why I excluded social networks. Perhaps it's the only option as of Today though.

[–] felsiq@lemmy.zip 2 points 4 months ago

I didn’t consider account recovery, that’s a good point. Personally I don’t usually bother with it for anything I want to be private - if I lose it I lose it lol.
It’s still not perfect, but some of the private email hosting providers like proton have email aliases, so you could use one for recovery without giving any info to hackers (assuming you trust the email provider). Definitely less secure than only a public key being exposed, but maybe an acceptable tradeoff for the convenience of an existing established solution?