The recent tragic death in custody of Iranian activist Sattar Beheshti underlines the dangers of blogging at the sharp end – and the need for heightened security if your words are likely to incur the wrath of authorities.
By its very nature, a blog will give away certain elements of your personality, but not necessarily your identity if you cover your tracks. That said, you can never guarantee 100% anonymity because a determined adversary will always get you in the end. You can, however, make their lives extremely difficult.
The safest course is never to blog from home or via any personal device, but to use a cybercafé or public library. You can then set up an anonymous email account and link it to an anonymous blogging account and upload from there.
Avoid locations near your usual haunts and vary them as often as possible, only choosing the busiest times. Compose the blog directly onto a portable drive and use a free program like CCleaner to clear the history on whichever device you use.
You might also add a number of simple apps to the drive, including text and photo editors and a shredder. Portable Apps is a good source. Then shred relevant documents once the blog has been uploaded. Options include Eraser and Evidence Nuker.
If you have more than one blog, use different email and blog hosts and think twice before embedding any social network links like Facebook or Twitter, or an RSS feed. Equally, never visit your blog from any device linked to you and never Tweet about it under your real identity.
Generally, this will work for most eventualities but you can tighten security further by only ever accessing your blog via a hidden network of the Deep Web.
The most popular network is Tor, which stands for The Onion Router, and it works by hiding users among all the other users and repeatedly encrypting and unencrypting whatever data they send and receive. If you ever wondered why they can’t bring down WikiLeaks, it’s because Julian Assange uses Tor. You can download the free Tor/Firefox browser here.
Additionally, it is a good idea while down in the Deep Web to set up an anonymous email account withTorMail for added security.
Be equally cautious in publicizing your blog. To get your message out to the most popular blog search engines use Pingomatic, which alerts them all for you. Conversely, you might not want anyone to know about your blog, bar a select few, and will want to keep it out of the search engines. This involves inserting a robots.txt into your blog that will tell the engines to stay away. To find out more, visit the Robotstxt website.
Another option is to avoid blog hosts and have your own website hosted anonymously in a far-off country – preferably one hostile to your own government – making court orders for disclosure meaningless. You then access all this via Tor from a cybercafé with an encrypted USB thumb drive.
However, investigators always follow the money, so paying by credit card or PayPal may lead them to you. One simple option is to only pay for services with a pre-paid credit card.
Even so, there is no true hiding place. It’s no secret that the security services can employ sophisticated algorithms to analyze any blog’s writing style and idiosyncrasies. All they have to do then is compare the patterns with all the emails they intercept and simply select the culprit from among trillions.
For a deeper understanding read Deep Web Secrecy and Security.
This article first appeared in Occupy.com on November 27, 2012