The opsec of running a hate site anonymously

[Your Psychologist]

Been talking about this with a few locals, help us out here kiwis.

The usual steps to hosting a website are very well-documented. Get a cheap server, buy a DNS record with your credit card, connect the two, and enjoy the result. The average website's owner you cannot track with ease.

How does this all change if you want to host a website to speak against globohomo and their kin - and retain a decent degree of anonymity while doing so? A connected and dedicated enough adversary could mess with many of those steps, from contacting your VPS providers for a friendly 3AM girl talk to getting a rogue developer to disable your domain name privacy guard.

If you live in a speech-hostile nation (lol Germany), you're in a world of hurt. Even if you don't, people are sure to start harassing your employer and other peers if the site strikes a bad enough nerve. We love our ooperator here - but I doubt anyone here would want to bear this sort of infamy.

Three practical questions to ponder.

1. Is this a reasonable threat vector to consider - has there been any precedent for infrastructure providers dumping doxx on website owners? I can only think of the Epik breach of a few years ago.

2. What are the proper opsec principles for a hate site host? Some servers and domains can be paid for with crypto. Is adopting a fake name and going full Bitcoin renegade the only option?

3. Is this gay and autistic, or a critical topic of discussion until the protocols for Internet 2.0 are in place?

 

[Baguette Child]

I just think it's funny that in 2023, "hate site" has come to mean "site that holds people accountable for what they do online." As though reminding people what they've said on the internet is inherently hateful.

 

[CuzinEd]

You will probably be fine as long as you don't get too big and attract a lot of attention. The issue will be the retards that start visiting your site. They are the ones that will bring you the attention and not in a good way. It only takes a few retards to fuck things up. Not just retards but also nut jobs.

 

[JesusChristDenton]

It only takes a few retards to fuck things up. Not just retards but also nut jobs.

And Glowies.
And Niggers.
And Glowie Niggers.

 

[CuzinEd]

And Glowies.
And Niggers.
And Glowie Niggers.

It's more like retards and nut jobs. Some retard stalking and harassing someone doing something to property or whatever. Then you have the nut jobs doing shit like mass shootings or killing someone. All it takes is one nut to do something and have all their shit seized by the Feds and your website gets busted and plastered all over the news. Then every angry leftist faggot with no life knows about the site.

It doesn't have to be federal agents. There are enough retards and nut jobs out there that they don't need Boomers with short haircuts baseball caps and aviators.

 

[Betonhaus]

If you quietly block all discussion of Liz-Fong you could get by fairly easily with logical identity protections.

 

[inception_state]

1. Is this a reasonable threat vector to consider - has there been any precedent for infrastructure providers dumping doxx on website owners? I can only think of the Epik breach of a few years ago.

Yes, if you are being completely paranoid then hacktivists or an insider data breach are reasonable threat vectors. It might even just take a scary letter from some troon's lawyer, I remember Josh mentioning that during a MATI stream. They subpoenaed an infra provider which just gave up the information without giving Josh an opportunity to respond.

2. What are the proper opsec principles for a hate site host? Some servers and domains can be paid for with crypto. Is adopting a fake name and going full Bitcoin renegade the only option?

Open an LLC in Panama. There are legal firms in Panama that handle all the incorporation paperwork and cater to English-speaking foreigners. Panama does not require registration of personal details of directors or shareholders. Hire some Panamanian dude or some guy on Fiverr to act as your agent and have him put his name on all the domain name registration paperwork as a representative of your LLC. Then find a host willing to take payment in crypto, Walmart gift cards, etc. Josh's 1776 hosting would probably be a good bet once it's back up. My understanding is that this is all perfectly legal, just a decent amount of hassle and expense.

3. Is this gay and autistic, or a critical topic of discussion until the protocols for Internet 2.0 are in place?

Seems like a reasonable question to me. You don't have to run a "hate site" to get cancelled, plenty of people get fired because they piss off the Twitter mob and their employer doesn't want to deal with that shit.

 

[CuzinEd]

If you get a site up and running and you can say what you want (no fed posting like a retard) I will make an account. I guess you mean a forum. That would be cool. We can always use another place to say nigger and faggot.

 

[Flaming Dumpster]

1. Is this a reasonable threat vector to consider - has there been any precedent for infrastructure providers dumping doxx on website owners? I can only think of the Epik breach of a few years ago.

I recall years ago people bragging they could dox owners of domains "protected" by Godaddy's whois privacy service (Domains by Proxy) by just sending e-mails pretending to be LEAs and asking for info. The reality is the only information safe from being leaked by infrastructure providers is information not given to them.

2. What are the proper opsec principles for a hate site host? Some servers and domains can be paid for with crypto. Is adopting a fake name and going full Bitcoin renegade the only option?

If your site never really gains any notoriety then you could host it with your credit card, real name and everything attached to all the invoices and probably be ok as long as you remember to toggle all the whois privacy options. The reality is that doxing takes effort and I don't think as many people are proficient at looking at "dickheadfarms.net" and doxing its owner as you think. (At least when basic precautions have been taken)

and retain a decent degree of anonymity while doing so?

I think you just have to accept that if you're going to host the next Kiwi Farms, you will be doxed eventually. The best you can do is minimize the impact of that when it eventually happens. Here's some suggestions

• Google your name and combinations of your name + locale (e.g. "josh moon", "josh moon florida", "josh florida site:linkedin.com", etc.) and see what pops up. Needless to say, if embarrassing old forum posts from a bygone era come up or things related to work, don't wait for someone to find it, delete it.
• If you have a Facebook account, delete it or completely anonymize it. Demented lunatics will try and ruin your family relations.
• Practice self doxing on occasion, Google usernames you've used and see if there's a trail somebody could follow to figure out who you are. Sometimes people are immediately thoroughly doxed but hopefully your opsec is good enough that, although some info is found, it's never enough to complete the picture.
• If you've ever been convicted of a sex crime, it will be found out and you will be outed for being a rapist/pedo/whatever. If this is applicable to you, just kill yourself as it'll be easier than enduring the pain that is your existence.

From a hosting perspective, here's some advice.

• Hosting big sites (especially with large storage requirements) often requires dedicated resources, these are slow to provision and difficult to replace quickly if you're suspended without warning. You should keep the backend hidden and funnel users through reverse proxies since these can be swapped out quickly and they'll absorb the complaint volume. I can't recommend BuyVM enough for this as they offer incredibly inexpensive DDoS protection and the owner respects freedom of speech.
• Treat websites you run on these boxes like you would identities and don't mix them together. There are bots that map out what IPs are hosting what domains so you can't slap your personal blog on the same IP as your hate forum and expect it to remain private.
• Make sure that outbound connections are either routed via a VPN or via the reverse proxy so people can't reveal your server's IP by baiting it into loading something (e.g. media proxying)
• Build up a small network of trusted competent admins who can provide advice and help when you don't know how to do something. Hosting a website is unbelievably complicated and even fucking up one small thing can completely ruin everything. (See Poast)

 

[KittyGremlin]

KF isn't a hate site, don't buy into their lingo.

 

[$80 Nude Haircut]

It doesn't have to be federal agents. There are enough retards and nut jobs out there that they don't need Boomers with short haircuts baseball caps and aviators.

I believe you guy with nazi avatar.

 

[The Mass Shooter Ron Soye]

Host a text-only onion site, no user content.

 

[Kill a Troon for Pikamee]

Never forget that one of the best privacy tools ever invented is bartering vodka with homeless people in exchange for using them to obtain bank accounts, debit cards, phone numbers etc.

 

[Claude Sigma]

I do not know the answer for sure, but I know there are websites specialized in privacy that do web hosting.

https://www.privacytools.io/private-hosting

I don't know how legally feasible this is, but maybe you don't need to give out your real name in some cases to host something, and since you can pay with crypto you cannot be identified with your credit card. Also there might be some countries where giving out the name of their clients without legal order is illegal and thus makes them free from troon harassment methods à la Liz NoDong Jones.

 

[StyxHexenHamster1350]

Just host on TOR and tell your users to install Tor browser. They can even visit through the clear web from an inproxy (onion.link, etc) if they don't need to log in or do anything that requires security on the site.

Compress the fuck out of everything, make the images as small as possible without making the site look like shit, avoid Javascript if at all possible.

Host a text-only onion site, no user content.

Why no user content? It's easy as shit to set up a forum or a chan on Tor.

 

[quackrock]

"So, you want to be a darknet drug lord..."

https://pastebin.com/raw/GrV3uYh5 / https://archive.ph/nPYnw

 

[CuzinEd]

I believe you guy with nazi avatar.

Because every nut job or retard that has done fucked up shit IRL and linked it back to the internet has been some kind of Boomer FBI agent.

 

[Benevolent Dictator]

If you don't know the answers to these questions and if you're not extremely confident in your abilities to remain anonymous online then don't make any attempts yet.

 

[Fools Idol]

It all comes down to your Internet foot print. Finding out who someone is easier if they reuse user names, e-mail accounts, crypto wallets, etc. If I can build a web of interconnected accounts/info then I can begin to narrow who you could be. At that point it's only a matter of time before I find something that links to an account that has some info on your real identity.

There's plenty of tech that you can use be you are the weakest link, what you need to do is keep you're real identity and any other assumed identities complete separate from this new account on your website. Keep any personal info off your site and be very deliberate with who you talk to and what you say to them.

 

[Betonhaus]

The rule of thumb is to have three identities with accounts and everything completely disconnected from each other.
The first identity is your legal identity, used to communicate with others in a professional environment and to deal with bills and transactions
The second identity is your informal one. One you use with online friends and gaming services, where you are more casual then with your formal identity but it's not world ending if they get linked.
The third identity is your anonymous identity, one that uses accounts and aliases that have never been associated with your personal information or other accounts. Set up with risk management that if there is any chance it will get linked to your other identities it will be your second, and you have time to nuke your third and/or second identity before your first identity gets linked to it.