A moderation system has already been set up and used for several bans, and it works well. If there are more and more visits, I'll recruit someone for 24/7!
I asked for details on how the hashing is blinded but haven't heard back. There are plenty of systems where an operator cannot furnish any information about a user, for example a Tor relay operator, mix net nodes, etc.
So if you were served a technical assistance order you would have no way of complying with that? How are you using a salt that you have no way of knowing/observing/recovering? What protection measures are employed to prevent the salt from being recovered from memory or otherwise dumped via some other exploit? Please be detailed, as matters of anonymity can usually be boiled down to life changing consequences for those involved.
The system is designed with multiple layers of privacy and security:
- IP Hashing:
One-way SHA-256 hashing with environmental salt ; Original IPs are never stored, only hashes ; Even with server access, original IPs can't be recovered; Server memory only processes hashes, never stores raw IPs
- Per-Category Anonymity: Different poster IDs per category using separate salts ; Double-hashing mechanism: first for global ID, then for category-specific ID ; Cross-category correlation is mathematically impossible ; Each context generates a unique, unrelated identifier
- Technical Assistance Compliance: I can provide hashed data and salting mechanisms; I can track specific hashed IPs if required; I can ban users without knowing their real IPs; But I technically cannot reverse the hashes to original IPs
The system balances legal compliance with user privacy - I can assist investigations through hash matching while maintaining technical inability to reverse-identify users.
This is not about avoiding compliance, it's about responsible data minimization. The architecture ensures I can't provide what I don't have, while still maintaining effective moderation capabilities.
How has the server been blinded from the hashing mechanism? Is this happening on different hardware, or facilitated through API calls to another server or something?
Genuinely curious as I think anonymous discussions are awesome but hate the kind of stuff that comes along with other anonymous image boards. Truly hope this is successful and results in a wonderful thriving community.
Yeah, unfortunately until IPv6 adoption increases this will be a problem. Even the currently utilized IPv6 space is probably small enough that sufficiently motivated corporations/nation states would probably be able to crack it given the resources available, assuming it's important enough for them to care about.
Thanks for your feedback and just to respond to you: As I said below, after several returns I've updated the site and removed the automatic deletion feature after 24h but I'm thinking of adding an option when creating a post.
Not at all, I'm planning to make it optional and I'm listening to people. Not just from here. I launched the project 3-4 days ago and I've had quite a few private messages [with arguments] which have led me to think that it's pretty fair.
Sure. I mean, I often hate the unique attributes people come up with, and I wouldn't use their product because of it. I certainly also hate yours ;P. But... would I use something that has no unique attributes? Probably also not! And, honestly, it is maybe better to first decide if I am even in your target market or not... (and in this case: I am not; my opinion is so different from your instinct that anyone similar to me simply do not matter for your design).
