How to set up IP anonymity for authors?

Events happening in the community are now at Drupal community events on www.drupal.org.
drupalina's picture
Posted by drupalina on March 2, 2008 at 1:31pm

Hello,

I'm trying to set s a basic indymedia-style site in a very short period of time (days). The most important thing should be that anonymous users can publish political news anonymously -- and by this I mean that not only will the users be able to publish their stories without prior registration, but, importantly, that their IP addresses and locations must be impossible to trace. Because of the current political situation, it is very important that the users are guaranteed that it is no-way that the governement will be able to trace their true identities!!!

Please help -- what do I need in order to set up absolute anonymity for people who are submitting news? I've started setting up the basic site using Drupal 6.1 , but it looks like because of lack of modules and pressure of time, I will need to set it up using drupal 5.7. Please tell me how to set up anonymity in both cases.

Additional info: there will be "Most Recent" and "Most Popular" news -- the content credibility will be mostly governed by a system of Up/Down Vote by visitors (like on Digg.com) -- "Confirm as true", "Refute as lies". The rest will be managed automatically through taxonomies.

My knowledge of Drupal is intermediatary, I've been with it since June 2007 -- I know how to install it and set up most of the important modules, but I'm not much of a coder. And I know almost nothing about internet surveillance.

Thank you for your help!!!

Categories:

Comments

Best at the server level

Posted by ekes on March 2, 2008 at 3:08pm
ekes's picture

This is best done at the server level by applying riseup's Apache patch. http://dev.riseup.net/privacy/apache/ (there is a Debian package too). This should in my opinion be the defacto method for any Indymedia site no matter what people think their government might be like presently. There are other alternatives mentioned here http://docs.indymedia.org/view/Devel/ImcDrupalDevAnonymization , but they are not as reliable in anyway.

If people are really interested in their anonymity they should also not trust that they are being logged from their ISP to your host machine. You could promote the use of Tor http://www.torproject.org/ for what it's worth, certainly have https publishing, and consider what country the server is hosted in.

This is also something we're dealing with

Posted by deproduction on March 18, 2008 at 5:19am
deproduction's picture

We also recently moved our Indymedia site to Drupal, and have not yet ensure anonymity. I will pass on the Apache Patch to our current webmaster, but any assistance offered would be appreciated. We're trying to get the site functional to help with preparation for the Democratic National convention in Denver in August.

Tony

Whatever your first issue of concern, media had better be your second, because without change in the media, the chances of progress in your primary area are far less likely. http://denveropenmedia.org

Whatever your first issue of concern, media had better be your second, because without change in the media, the chances of progress in your primary area are far less likely. http://denveropenmedia.org

For help...

Posted by ekes on March 18, 2008 at 9:37am
ekes's picture

... just mail me or ...
Try popping into #drupal-dev on irc.indymedia.org (remember irc can be pretty asynchronous especially as we are in oceania, europe and americas)
Try mailing folks on imc-drupal-dev on lists.indymedia.org

A technique I have

Posted by mfb on March 18, 2008 at 6:02pm
mfb's picture

A technique I have implemented is periodic purging of IP addresses from drupal database tables via a cron hook, every n minutes. This allows me to temporarily store IP addresses for purposes of detecting and countering abuse. I'm not sure if it will meet your needs as far as anonymity. But various parts of drupal core do expect to receive valid IP addresses (for example the built-in flood control).

In my case I wrote a little custom module to do this -- there's probably one in contrib already or if not I could contribute mine.

I haven't seen a contrib module

Posted by christefano on March 18, 2008 at 11:20pm
christefano's picture

I haven't seen a contrib module that does this. Please do contribute it. It's certainly much better than simply setting logging to an hour and hoping for the best.

OK I put this on my list of

Posted by mfb on March 19, 2008 at 5:06pm
mfb's picture

OK I put this on my list of things to do. have to do some cleanup to actually release it. If you don't hear from me bug me on irc...

IP anonymizer module

Posted by mfb on March 31, 2008 at 3:59am
mfb's picture

I cleaned up my IP anonymizer module and posted it here: http://drupal.org/project/ip_anon

Please test it out when you get a chance and report any bugs/feature requests/etc.

thank you!

Posted by christefano on March 31, 2008 at 10:28pm
christefano's picture

This looks great. I'm really looking forward to using it on an upcoming project.

Thank you!

Good, but good enough?

Posted by ekes on March 27, 2008 at 1:09pm
ekes's picture

The Koumbit issue reminded me I was going to reply to this - as a complete security phreak.

It's certainly better to delete the logs if they are made. But if the data hit the magnetic media it's there, and it's probably still going to be there when the authorities come knocking on the door with a warrant for the physical hardware. If it's not stored (even in /tmp or swap) it's much better.

I had posted a feature request

Posted by mlncn on April 1, 2008 at 12:36am
mlncn's picture

Here: http://drupal.org/node/126197

Maybe solutions here should also be linked from there and the issue closed?

benjamin, Agaric Design Collective

benjamin, agaric

Indymedia

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: