Timeline for Trying to create safe website where security is handled by the website and not the user
Current License: CC BY-SA 3.0
26 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 10, 2018 at 13:05 | answer | added | Singularity. | timeline score: 0 | |
| Oct 10, 2016 at 0:20 | comment | added | keshlam | I was going to suggest some form of steganography, but like other encryption that only pushes the analysis problem back s level. It's still be evident you accessed the server, and if someone suspects a subchannel they can probably prove its there even if they can't decrypt the content... And steganography would require downloading a decoder, which would leave it's own traces. | |
| Oct 8, 2016 at 18:51 | comment | added | user23013 | Alternatively, make a general website that the LGBT related part is only a small portion. But beware that the page length may leak informations, especially if you are putting big videos there. | |
| Oct 8, 2016 at 16:08 | comment | added | Bakuriu | @JonasDralle Yes, and the bad guys are free to not believe what you say and kill you. The point is: if you really want to provide a safe resource anonymity is a must in those circumstances. What you are suggesting would be similar to voting in an elections were there are a few candidates for each party, but each party has a distinct booth, so people can say that you voted for party X instead of Y even though they may not be able to know which candidate you voted... but when the fact "voted for party X" is enough for a death sentence/retaliation you have problems... | |
| Oct 8, 2016 at 11:43 | comment | added | BlueWizard | @Bakuriu You're right that access won't be hidden but the exact kind of content consumed will be hidden. One could defend his/her homosexuality with "I was just researching and was looking at the impressum" | |
| Oct 8, 2016 at 11:20 | comment | added | Bakuriu | @JonasDralle That doesn't solve anything because it only provides secrecy but not anonymity. If the "bad guys" (in some cases could be the gorvernment) discover what the site is about then the simply tracing a connection to it from your computer, even without being able to read the data exchanged, is enough to put you in troubles. And the OP seems to want to provide an accessible resource (i.e. anyone should be allowed to see the contents etc) so the government can easily find out about this. Might be a little bit harder for them if you needed some secret to access the site... | |
| Oct 8, 2016 at 10:50 | answer | added | Dennis Jaheruddin | timeline score: 1 | |
| Oct 8, 2016 at 10:04 | comment | added | BlueWizard | Maybe try javascript-controlled End-2-End-Encryption like www.mega.nz does | |
| Oct 7, 2016 at 20:11 | answer | added | MvG | timeline score: 1 | |
| Oct 7, 2016 at 9:32 | comment | added | Turion | @billc.n, how do you know they will handle the data responsibly in the not-so-near future? Security as a service is inadvisable. And security through obscurity ("innocent-looking") even more so. | |
| Oct 7, 2016 at 9:04 | comment | added | v7d8dpo4 | To whom do they have to be untraceable? Do they have their own computers or do they have to use public computers? | |
| Oct 7, 2016 at 3:46 | answer | added | grochmal | timeline score: 2 | |
| Oct 6, 2016 at 22:31 | comment | added | Kyslik | Use https, and detect + enforce incognito mode. security.stackexchange.com/questions/9037/… | |
| Oct 6, 2016 at 21:49 | comment | added | paj28 | Can you clarify what sort of countries your mean by "very dangerous". Do you mean repressive regimes like Iran? | |
| Oct 6, 2016 at 19:52 | answer | added | paj28 | timeline score: 95 | |
| Oct 6, 2016 at 19:49 | comment | added | tmh | @FDoherty May I ask how you intend to promote the website to your target audience? | |
| Oct 6, 2016 at 18:14 | history | tweeted | twitter.com/StackSecurity/status/784094565577920516 | ||
| Oct 6, 2016 at 16:36 | comment | added | billc.cn | Can you host the contents on another "innocent-looking" website like Facebook/Youtube/Google sites/Google Drive shared folders? These sites can be accessed using HTTPS throughout and does not stand out from typical usage. | |
| Oct 6, 2016 at 16:28 | answer | added | John McNamara | timeline score: 25 | |
| S Oct 6, 2016 at 16:16 | history | suggested | user13695 | CC BY-SA 3.0 | General cleanup |
| Oct 6, 2016 at 15:47 | answer | added | Topher Brink | timeline score: 27 | |
| Oct 6, 2016 at 15:32 | review | Suggested edits | |||
| S Oct 6, 2016 at 16:16 | |||||
| Oct 6, 2016 at 15:22 | comment | added | Hamza Islam | if sony, yahoo, dropbox, and other major corporations can get hacked, then dont think you can get hacked.. All you have to do it just stay alert and be ready to face any breach and prepare for worst.. have all the security barriers in place,, | |
| Oct 6, 2016 at 15:19 | comment | added | INV3NT3D | The website itself wouldn't be able to do this, you would need to have them all using VPNs, or you could create a Tor site, but these both require software/configuration on the user's end, and a certain level of technical know-how. An HTTPS site would encrypt the web traffic, but where the web traffic is flowing to and from would be easily traceable. To be honest, I don't know if this is possible. Hopefully another user's answer can enlighten us both to a possible solution. Maybe some sort of authentication process to allow only the children and their families to access the site? | |
| Oct 6, 2016 at 15:10 | review | First posts | |||
| Oct 6, 2016 at 15:32 | |||||
| Oct 6, 2016 at 15:09 | history | asked | FDoherty | CC BY-SA 3.0 |