Fli
08-15-2016, 02:07 AM
Hello, im not sure if it is anonymous, but here is the idea, feel free to comment on this & improve. Im a newbie so my info. can be wrong:
Schema of the connection from the client to the server
1. Client
2. Domain
a) Registered via HTTPS via Tor network
b) paid from Bitcoin wallet created/accessed using HTTPS & Tor, funded by coinjoin service like Bitmixer.io or Tor's Helix
c) anonymous data used during registration
d) whois protection applied
e) domain that is out of USA (ICANN) control (not com,net,info,biz etc)
[Way to track owner? Only one: by following nameservers and finding owner of the hosting or services on the papth to it]
2. Cloudflare nameservers / reverse proxy
a) Cloudflare free account setup & accessed securelly same way like for domain
b) Domain never points to any other nameservers beside Cloudflare
c) CF acts as a reverse proxy and another anonymization layer
d) No one see where is site hosted, they see Cloudflare IPs
e) MX record/mailserver must not be configured as it can leak destination IP.
[Way to track owner? Only one: contact cloudflare, maybe get court order to obtain more details about from where they are serving the website data]
3. Reverse proxy server
a) this proxy server would "translating" requests between internet and Tor network
b) client's request will be forwarded to the Tor hidden service (home computer hosting all important data)
c) the traffic is end to end encrypted thanks to Tor and HTTPS enforced at the Tor hidden service/home computer
b) the reverse proxy server rented anonymously same way like for domain
c) the reverse proxy server accessed only via Tor network using SSH (https://askubuntu.com/questions/85766/how-to-use-ssh-with-tor)
[Way to track owner? None? Reverse proxy knows only data it is transacting and .onion address of the home computer]
4. Destination home server (hosting server, .onion Tor Hidden service)
a) server is using HDD encryption https://gitlab.com/cryptsetup/cryptsetup
b) server has iptables rule to force all incoming/outgoing connection via reverse proxy server only
b) server has multiple internet connections balanced thanks to 2+ WAN router
c) server + internet devices has backup power supply
----------
Alternative would be setting up VPN between reverse proxy and home server. But this way anonymity would be hurt because someone physicaly in the datacenter of the reverse proxy may(?) be able to discover IP of the VPN client (actual home sever that should be hidden).
Schema of the connection from the client to the server
1. Client
2. Domain
a) Registered via HTTPS via Tor network
b) paid from Bitcoin wallet created/accessed using HTTPS & Tor, funded by coinjoin service like Bitmixer.io or Tor's Helix
c) anonymous data used during registration
d) whois protection applied
e) domain that is out of USA (ICANN) control (not com,net,info,biz etc)
[Way to track owner? Only one: by following nameservers and finding owner of the hosting or services on the papth to it]
2. Cloudflare nameservers / reverse proxy
a) Cloudflare free account setup & accessed securelly same way like for domain
b) Domain never points to any other nameservers beside Cloudflare
c) CF acts as a reverse proxy and another anonymization layer
d) No one see where is site hosted, they see Cloudflare IPs
e) MX record/mailserver must not be configured as it can leak destination IP.
[Way to track owner? Only one: contact cloudflare, maybe get court order to obtain more details about from where they are serving the website data]
3. Reverse proxy server
a) this proxy server would "translating" requests between internet and Tor network
b) client's request will be forwarded to the Tor hidden service (home computer hosting all important data)
c) the traffic is end to end encrypted thanks to Tor and HTTPS enforced at the Tor hidden service/home computer
b) the reverse proxy server rented anonymously same way like for domain
c) the reverse proxy server accessed only via Tor network using SSH (https://askubuntu.com/questions/85766/how-to-use-ssh-with-tor)
[Way to track owner? None? Reverse proxy knows only data it is transacting and .onion address of the home computer]
4. Destination home server (hosting server, .onion Tor Hidden service)
a) server is using HDD encryption https://gitlab.com/cryptsetup/cryptsetup
b) server has iptables rule to force all incoming/outgoing connection via reverse proxy server only
b) server has multiple internet connections balanced thanks to 2+ WAN router
c) server + internet devices has backup power supply
----------
Alternative would be setting up VPN between reverse proxy and home server. But this way anonymity would be hurt because someone physicaly in the datacenter of the reverse proxy may(?) be able to discover IP of the VPN client (actual home sever that should be hidden).