![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48"><rect fill-opacity="0"/></svg>){kind=small}
(Attention: there is no service, there is only an idea)
When publishing information bypassing censorship, a problem arises: how to publish information without revealing your identity and data leading to disclosure of your identity? The IP address can be considered sufficient information to determine the identity of the person accessing the server. Taking into account that all hosters usually fully cooperate with totalitarian governments, the process of identifying the owner/author of a particular site does not pose a problem. Naive promises of companies “not to disclose customer data” require very high trust, and, moreover, cannot always be fulfilled (lavabit is an example of this).
Below is a technical solution that excludes the factor of high trust (protection against espionage) and assumes moderate trust (they won’t abscond with money).
A commercial company buys hosting services (VDS, dedicated server, etc.), configures an i2p router plus an ssh server running via i2p, and gives the details to its client, who orders and pays for services only via i2p. Payment can be made using any cryptocurrency (for now let’s agree that it’s bitcoin), all interaction takes place via the i2p network.
The company has a website in i2p and accepts bitcoins. When payment is received, the company orders the service from the specified supplier (on the regular Internet), configures i2p, and gives the details to the client. At the client's request, the server is rebooted/reinstalled, and mail can be forwarded with support. In the most advanced version - API for management.
Having visited the i2p site, the client orders hosting “on the Internet”, gets access to his server via i2p, where he places the necessary information.
There is a website on the Internet. The site is on a server. The server belongs to the hoster, was ordered by an intermediary company, and then sold to an anonymous person for bitcoins, whose history includes several mixers and operations within the i2p network. You can seize the server, you can punish the company (if it is under the jurisdiction of a totalitarian regime), it is impossible to find the author using logs, recorded traffic and through honeypots.
We can safely assume that the server is compromised (as well as its i2p router) and is completely controlled by a totalitarian regime. At the same time, if the service is functioning (that is, it publishes information), then the authors do not care. If it does not function, then yes, the server does not function. Compromising the server does not allow one to reveal one’s identity, even if the publication of materials is monitored for quite a long time.
In this situation, the position of the company providing the service looks most vulnerable. Firstly, anonymity will significantly increase the number of abuses. Secondly, the company can easily be accused of collaborating with “rocking the boat”».
Most likely, the correct decision will be a rather strict position on network abuse (DoS, flooding, spam, etc.) and avoidance of the jurisdictions of totalitarian regimes. In this case, for local suppliers it will be just a foreign client, and for the security forces of totalitarian states it will be a company that cannot be prosecuted, from which you can only take away the current leased servers (which can be included in the cost of the service). With proper diversification of server placement across different jurisdictions, a fairly stable design should be obtained.
On such a server it is impossible to perform any confidential operations (disclosure of which could harm the owner). You can store it, but you can’t change it. For example, it will not be possible to raise “private mail” on such a server, because North Korean intelligence services will seize the servers and will be able to gain access not only to correspondence, but also to metadata (addresses of recipients and senders, IP addresses).
On such a server it is possible:
When publishing information bypassing censorship, a problem arises: how to publish information without revealing your identity and data leading to disclosure of your identity? The IP address can be considered sufficient information to determine the identity of the person accessing the server. Taking into account that all hosters usually fully cooperate with totalitarian governments, the process of identifying the owner/author of a particular site does not pose a problem. Naive promises of companies “not to disclose customer data” require very high trust, and, moreover, cannot always be fulfilled (lavabit is an example of this).
Below is a technical solution that excludes the factor of high trust (protection against espionage) and assumes moderate trust (they won’t abscond with money).
A commercial company buys hosting services (VDS, dedicated server, etc.), configures an i2p router plus an ssh server running via i2p, and gives the details to its client, who orders and pays for services only via i2p. Payment can be made using any cryptocurrency (for now let’s agree that it’s bitcoin), all interaction takes place via the i2p network.
Description from the company
The company has a website in i2p and accepts bitcoins. When payment is received, the company orders the service from the specified supplier (on the regular Internet), configures i2p, and gives the details to the client. At the client's request, the server is rebooted/reinstalled, and mail can be forwarded with support. In the most advanced version - API for management.
Description from the client side
Having visited the i2p site, the client orders hosting “on the Internet”, gets access to his server via i2p, where he places the necessary information.
Description from the side of the totalitarian regime
There is a website on the Internet. The site is on a server. The server belongs to the hoster, was ordered by an intermediary company, and then sold to an anonymous person for bitcoins, whose history includes several mixers and operations within the i2p network. You can seize the server, you can punish the company (if it is under the jurisdiction of a totalitarian regime), it is impossible to find the author using logs, recorded traffic and through honeypots.
Trust the server
We can safely assume that the server is compromised (as well as its i2p router) and is completely controlled by a totalitarian regime. At the same time, if the service is functioning (that is, it publishes information), then the authors do not care. If it does not function, then yes, the server does not function. Compromising the server does not allow one to reveal one’s identity, even if the publication of materials is monitored for quite a long time.
In this situation, the position of the company providing the service looks most vulnerable. Firstly, anonymity will significantly increase the number of abuses. Secondly, the company can easily be accused of collaborating with “rocking the boat”».
Most likely, the correct decision will be a rather strict position on network abuse (DoS, flooding, spam, etc.) and avoidance of the jurisdictions of totalitarian regimes. In this case, for local suppliers it will be just a foreign client, and for the security forces of totalitarian states it will be a company that cannot be prosecuted, from which you can only take away the current leased servers (which can be included in the cost of the service). With proper diversification of server placement across different jurisdictions, a fairly stable design should be obtained.
Service applicability
On such a server it is impossible to perform any confidential operations (disclosure of which could harm the owner). You can store it, but you can’t change it. For example, it will not be possible to raise “private mail” on such a server, because North Korean intelligence services will seize the servers and will be able to gain access not only to correspondence, but also to metadata (addresses of recipients and senders, IP addresses).
On such a server it is possible:
- Storing data in a crypto container (Encryption/decryption - on the client side). Seizure of the server and interception of traffic will not make it possible to gain access to information; most modern cryptocontainers guarantee integrity. Data availability, of course, is not guaranteed. Please note that you cannot access data inside the cryptocontainer, because transferring the key to the server automatically compromises it.
- Internet access. A secure anonymous channel from the server to the client allows you to hide the source/recipient of traffic from the client side. Note that the traffic itself can be considered completely public, as well as its destination (from the client side). It should be especially noted that the transmitted traffic can identify the client in an unexpected way (js snapshot of screen parameters/browser version, for example).
- Public anonymous posting of information. This can be prevented, but the author cannot be identified. Moreover, autonomous publication (which does not require tunneling to client resources) eliminates the possibility of identifying the author through a controlled interruption of the Internet access service for communication channels controlled by the totalitarian regime. Note that without additional means (such as a cryptosignature) there is no way to protect the integrity of published information. Example: if there is a human rights website that publishes reports. An opposing totalitarian government, even without being able to identify the authors, may try to discredit them by posting deliberately ridiculous information and spoiling existing articles..
![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="96" height="96"><rect fill-opacity="0"/></svg>){kind=small}
