part 1: how to start an anonymous website anonymously...

If you want to start an anonymous website, just ask yourself this question: how anonymous do you want it to be?

  1. ... operational security
  2. ... anonymous signup email
  3. ... anonymous money
  4. ... anonymous domain name
  5. ... anonymous web hosting
  6. ... opsec again

It is quite easy to set up a blog where you don't disclose your real identity to your website's visitors. You only have to register a domain, setup a website with a hosting provider - and then use a pseudonym to distribute your content. If that is anonymous enough for you, you can stop to read this post now.

We said it already: it is quite easy to set up a website where your real identity is unknown to your website's visitors. However, the downside is that your hosting provider most of the time still knows your real identity, because it is almost impossible to register a domain without disclosing information that is linked to your identity. How closely do you think is your email address connected to your real identity? Furthermore, most of the time you have to pay for your domain and your server space with money from your bank account, which is even more closely linked to your real identity than your email address.

Yes, Bitcoin payments become more and more common now, but as long as you are registered with an exchange like Coinbase or Binance, where you have to verify your real identity in oder to buy Bitcoin, it won't make you much more anonymous because every Bitcoin you buy through the exchange will inevitably be tied to your identity as well. Bitcoin is based on an open ledger. Wallet addresses are public and every single transaction that ever happened on the blockchain can always be viewed by anyone.

Furthermore, did you consider that every time you visit a website, it knows the IP-address from where you visit? Your ISP can log your entire browsing history and big tech companies like Google have invented sophisticated ways to identify you based on your browsing habits.

As you can see, if you want to start an anonymous website anonymously there are a lot more things to consider than just which pseudonym you want to use. This post is a summary of the steps we have taken to start term7.info. We won't go into the details of all of these steps, because if you want to start an anonymous website anyonymously yourself, it depends on your own preferences and the choices you want to make.

... operational security

Opsec is short for Operational Security. If your goal is to anonymously start an anonymous website you have to stay in the shadows:

  1. Before you start, make sure your computer is hardened for security and respects your privacy: If possible, either use QubesOS, a hardened Linux system, or a portable OS like Tails. If you have to use MacOS instead, improve its security and privacy settings to the maximum: enable full disk-encryption and the internal firewall, disable iCLoud, Siri and Spotlight Suggestions and set up a firmware password - just to name a few practical measures. If you need more detailed information on how to secure you Mac, check out this macOS-Security-and-Privacy-Guide on Github. Also this tool may be useful: PrivacySexy. Please don't use Windows.
  2. Don't browse the internet without precautions. Always hide your actual IP-address, but don't use a VPN. Use Tor instead. If you decide to use Tails, you will already use Tor by default. If you are on Linux or MacOS, download and use the Tor Browser Bundle instead, even it it is more slow than other browsers.
  3. Be careful and don't give away information that can be used to identify you. This means while you are using Tor to work on your anonymous website, you should never log into your social media accounts. Don't use your personal email address to sign up for services you intend to use for your anonymous website. Create an anonymous identity that is separate from your real identity and use it only in this context. Needless to say: never mix the two of them...

To continue reading this post anonymously on our hidden Tor v3 onion page, open this link in your Tor Browser:

http://3fyrg6hmejbgz6akff3nxhapoptywvmra6obz5e2u6wcfdgzd42542yd.onion/how-to-start-an-anonymous-website-anonymously

... anonymous signup email

You do need an email address to sign up for almost every service online. However, if you use your personal email address, you won't be anonymous anymore. To mitigate this problem you can use an anonymous temporary email address instead. In our example we use anonbox, which is made available and maintained by the Chaos Computer Club. Use it to register an account. It will expire within a day and you won't be able to use it to send emails.

In this example we make use of a temporary email address to set up an anonymous email account with ProtonMail, which we will then use to set up other accounts with a hosting company. That way we will be able to receive support emails in an encrypted inbox. Furthermore ProtonMail is based in Switzerland and protected by strong Swiss privacy laws.


... how to create a free anonymous ProtonMail account:

  1. Open your Tor Browser and visit ProtonMail's hidden Tor v3 onion site.
  2. Create a free account: Proton Free / CHF 0 and pick username and password for your anonymous identity. During the next step Proton requires to send you an email or an SMS to be used for one-time verification. Don't reveal your personal email or phone number! You also might have to complete a CAPTCHA to confirm that you are human.
  3. Visit anonbox, generate your temporary email address and open your temporary mailbox. Until you receive your first mail, this will be just an empty page.
  4. Back at the Proton Signup Page, enter your temporary as your one-time verification method and wait for Proton to send you a verification code.
  5. Next, refresh you temporary mailbox. The email sent by Proton will look something like this:
            
    From no-reply@verify.proton.me Sat Aug 06 12:01:55 2022
    Return-Path: <no-reply@verify.proton.me>
    Delivered-To: kxngp-bt7iioagw7@kxngp.anonbox.net
    Received: (qmail 99905 invoked by uid 0); 6 Aug 2022 12:01:55 -0000
    Received: from unknown (HELO mail-4320.protonmail.ch) (185.70.43.20)
      by anonbox.net with ESMTPS (TLS_AES_256_GCM_SHA384 encrypted); 6 Aug 2022 12:01:55 -0000
    Date: Sat, 06 Aug 2022 12:01:46 +0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verify.proton.me;
        s=protonmail; t=1659787314; x=1660046514;
        bh=u9SqrCK2B+QW7OUOo2zUYRo8k8xmSYYoPyFMRkO5kDU=;
        h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc:
         Date:Subject:Reply-To:Feedback-ID:Message-ID;
        b=eqgb47wK3Z3/tYSFFZVj+IvrNYLD77A/RQNRqLarS7j0+mVe5g6qihDy60IBcsC7N
         JxX62ZaqFCerZtsBCklpCMdS3BDYIxfsODiPMUwjXp2MGsvBCqE/HSVPICYd1j5YIQ
         669ikJFvBGanqZtUGISDZsnxWogCBbREhMrjUwDYLrlAitiJUJOcLAPbIjud6pPRMi
         0KUpLR1sZL1P201jw9XzKmFF0wdCkL0vXF2EIPUEFQGav2XLatGCXpGTUh2klmLWFG
         RPY7HHlEX39dgF0tZAevaQvTSZ+iASf/ycyDyqHpoMWG6L2xCUPNP4Ym8j4CFAu37n
         F5OQSDEzZUH3A==
    To: bt7iioagw7@kxngp.anonbox.net
    From: Proton <no-reply@verify.proton.me>
    Reply-To: Proton <no-reply@verify.proton.me>
    Subject: Proton Verification Code
    Message-ID: <545VT83GFJ5DRJH3V2GKDQPZN4@verify.proton.me>
    Auto-Submitted: auto-generated
    Feedback-ID: 47414585:system:proton
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
     boundary="b1_DlWAFRSzw2dQysylJcaUa3au55XZM2OIjBOE4o6g"
     
    This is a multi-part message in MIME format.
    
    --b1_DlWAFRSzw2dQysylJcaUa3au55XZM2OIjBOE4o6g
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: base64
    
    WW91ciBQcm90b24gdmVyaWZpY2F0aW9uIGNvZGUgaXM6CjMwNjU5Mw==
    
    --b1_DlWAFRSzw2dQysylJcaUa3au55XZM2OIjBOE4o6g
    Content-Type: text/html; charset=utf-8
    Content-Transfer-Encoding: base64
    
    PGh0bWw+DQo8Ym9keT4NCjxwPllvdXIgUHJvdG9uIHZlcmlmaWNhdGlvbiBjb2RlIGlzOiA8YnI+
    PGNvZGUgc3R5bGU9J2ZvbnQtc2l6ZToyLjVlbTsgbGluZS1oZWlnaHQ6MmVtJz4zMDY1OTM8L2Nv
    ZGU+PC9wPg0KPC9ib2R5Pg0KPC9odG1sPg0K
    
    
    --b1_DlWAFRSzw2dQysylJcaUa3au55XZM2OIjBOE4o6g--
    
    
  6. The content of this email will contain your verification code encoded in base64. To decode your verification code, visit base64decode, copy and paste the string of numbers and letters that contains your verification code from the email into the data field and click on <DECODE> to be able to read it. In this particular example, WW91ciBQcm90b24gdmVyaWZpY2F0aW9uIGNvZGUgaXM6CjMwNjU5Mw== decodes to:
    Your Proton verification code is:
    306593
    
  7. Afterwards, enter the code into the required field to complete your verification with ProtonMail and wait for your account to be set up. Don't set up a recovery email. You can generate a recovery phrase in your email settings later.

Please note: this method can fail and you may have to repeat it once or twice until you succeed. But as soon as you manage, you will have access to an anonymous email address that is protected by strong Swiss privacy laws.

... anonymous money

If you use your bank account or PayPal to pay for your domain name and your server, you are not anonymous. Also if you use cryptocurrencies like Bitcoin (BTC) or Ethereum (ETH) you are not anonymous, because in most cases you have to buy these currencies on a crypto exchange and any reputable exchange requires their customers to verify their identity before they can trade crypto. Remember: cryptocurrencies like BTC are based on an open ledger, which means every wallet address and every transaction that has ever been made is stored on a public ledger that can be viewed by anyone.

But there also are privacy coins, for example Monero (XMR). Privacy coins are cryptocurrencies that enable private and anonymous blockchain transactions because they obscure the origin and the destination of every transaction. There are hosting companies like Njala and 1984 that accept XMR, which is why we use XMR as an example.

  1. First you need to get a Monero wallet. Please visit GetMonero, the official Monero website to find out what works best for you. The website is available as a hidden Tor v3 onion site too.
  2. LocalMonero is a peer-to-peer marketplace where you can buy and sell XMR directly.  This is our preferred option. LocalMonero operates a hidden Tor v3 onion site as well.
  3. If want to buy XMR, but the peer-to-peer solution does not work for you, you will still need to find a way to convert cash into crypto to pay for your website anonymously. The easiest and safest way is to register with one of the big exchanges. However, this means that you are required to go through a thorough identity verification process for which you will need your passport and you definitely won't be anonymous. The most famous exhange is Coinbase. There also is Binance, or if you prefer European jusrisdiction, you can choose for example Bitpanda. Yet while you can buy XMR on Binance, you cannot buy XMR on Coinbase or Bitpanda. Here you invest in crypto and you pay for it via bank transfer or your credit card.
  4. The next step then is to sign up with an anonymous identity at another exchange where you can trade XMR without identity verification, for example at Kraken. You don't want to use this account to buy crypto, which is why you do not need to get verified. Many exchanges allow you to trade, send and receive crypto - but they do require you to get verified as soon as you invest in crypto with fiat money like USD, GBP or EUR. You want to use this account as a buffer to obscure your money trail. It may be a good idea to get yet another anonymous email address to sign up for this account.
  5. Next you transfer your purchases from LocalMonero, or for example BTC from your personal crypto account at a big exchange, maybe even XMR if you are registered on Binance, to your anonymous crypto account and exchange it for XMR. From here you can then transfer XMR to your Monero Wallet.

... anonymous domain name

To our knowledge there only is one company that enables anonymous domain name registrations: Njalla

This is only possible because if you register with Njalla, you do not own your domain name, but Njalla owns it on your behalf. However, Njalla also makes sure that you have full control over it. In their own words:


"We're not actually a domain name registration service, we're a customer to these. We sit in between the domain name registration service and you, acting as a privacy shield.

When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.

For instance, when you register a domain name in our system, we can register with our own data. We will be the actual registrant of the domain -- it's not an ownership by proxy as found with all other providers. However, you will still have the full control over the domain name. You can either use our information (and our nameservers) or you can go with your custom data. And you can move at any time. Simple, flexible."


This also means that you have to trust Njalla with your domain and that Njalla won't give away your customer information if somebody, for example law enforcement, requests your data. However, there is no evidence that njal.la has ever handed over customer data. We believe the main reason is, that Njalla cares about privacy: Some members of Njalla started the PirateBay as well. Also take a look at their blog.  Furthermore, if they gave away their customer's data and it became public, Njalla would loose its credibility.

To register a domain with Njalla, open your Tor Browser and visit Njalla's Tor V3 onion site. Use your anonymous ProtonMail account to register. Njalla supports encrypted email. All emails from Njalla you receive on ProtonMail will be encrypted.

Transfer XMR from your Monero Wallet to Njalla to pay for your domain. A domain with Njalla costs between €15 and €75 per year.

... anonymous web hosting

You can rent a Virtual Private Server (VPS) from Njalla too, but you will have to be the admin of your own VPS. Njalla's servers are located somewhere in Sweden. A VPS with Njalla costs between €15 and €45 per month. You can pay with XMR.

Another great option is 1984. 1984 is based in Iceland and its servers run on 100% green energy. They accept XMR too and you can sign up with your anonymous ProtonMail address. Here you can install for example a WordPress site right away (for as little as €27.42 for the first year and a renewal price of €77 for the next year), which will be managed by 1984. Yet we do recommend you stay in control and learn to be the admin of your own VPS, which will cost you between €4.50 and €72 per month.

... opsec again

Congratulations! You now know how to start an anonymous website anonymously.

We repeat: If you want to stay anonymous keep your personal identity separate from your anonymous identity at all times and protect your privacy.