Pages

Tuesday, June 09, 2015

Working in the Coal Mine -- Some Notes on Site Privacy, Etc.

First they came for Reason ... [h/t Wendy McElroy; details at Popehat, Wired and the Garrison Center].

First things first: There's not much I can do to protect your privacy or anonymity if you read, or comment at, KN@PPSTER. The blog runs on a Google server and commenting is provided by a third party service (Disqus).

That said, I'll do what I can.

If shiny badge holders demand to know whatever I happen know about (to take a random pseudonymous commenter) "dL," my immediate response will be "go f--k yourselves." They might beat whatever I know (which probably isn't much) out of me. But they'll have to beat it out of me. Or at least make dire threats that I know they can deliver on.

I've installed a "warrant canary." If shiny badge holders start asking questions and demand that I not tell you they're asking questions, I may or may not comply with that demand, but either way I won't update that canary, so there will be a way to tell (FYI, if I'm a day or three late updating it, don't panic -- hit the contact form and remind me, as I may have just forgotten).

There are warrant canaries at RRND and the Garrison Center now, too.

But let's be realistic. Like I said, KN@PPSTER runs on a Google server and uses Disqus for commenting. RRND and the Garrison Center run on HostGator's "shared hosting" and also use Disqus. There's no doubt in my mind that if the government wants to know who you are, etc., its agents can get what they want through one of those third parties, via subpoena or via hack. I'll be looking into plugins and other stuff to see what I can do to leave you less exposed, but my ability to do that is limited.

In an ideal world, all of my sites would run on servers under my physical control in the cave I lived in in Iceland. Those servers would be hardened against hacking, all the sites would be custom-coded to maximize privacy, and some kind of dead-man switch would be set up to erase everything and nuke Washington DC if I didn't punch a code in every 24 hours or so.

This is not an ideal world. Take care.

No comments:

Post a Comment