The goal: send a postcard reading “I see you” to the mystery challenger’s real-life address.
At a time when even the CIA has trouble keeping its secrets from hackers, can anyone truly be anonymous online?
That’s the question being posed to Hacker News readers. One of their own has created a page they claim is truly anonymous and challenging their peers to connect the page to his or her identity.
“Today, to host a piece of content on the Internet, you must link your identity to the content on some level,” writes voidnull. “This is most prominent with social networks such as Facebook and Google+, but even to host an anonymous blog on a free service such as WordPress.com or Tumblr is not trivial.”
But voidnull, a user handle created just two days ago, thinks he or she has found the way to protect their identity online. Voidnull explains the process in greater detail on the plain HTML page, but essentially they used a secure shell over Tor to conceal their online actions, then registered with Super Dimension Fortress (SDF) to host the site. Unlike most hosting sites which require an email address or credit card to host a url, SDF merely needs $1 sent through the mail to validate the web page.
The result, voidnull argues, is a completely secure website.
“If you think there is a way that this page could be linked to my identity, I challenge you to send me a postcard to my mailing address with the content that says ‘I see you voidnull’ and a self-addressed postage-paid envelope,” voidnull writes.
Voidnull isn’t offering much by way of a prize, merely $10 to the first person who correctly identifies him or her. But really, this challenge seems to be more about bragging rights anyway. In comments on Hacker News, voidnull professes to be an ardent fan of SDF’s services and claims to be doing this as a “publicity stunt” purely of his or her own volition.
Now a massive online manhunt, the likes of which we haven’t seen in nearly three weeks, is underway. Hacker News users have already pitched a lot of ideas for nailing down voidnull’s identity, from analyzing the website’s text to locating the registration envelope.
“Isn’t the way to get through this is to start running a lot of Tor nodes and hope to trap voidnull?” writes loumf. “If so, don’t we think that those that care about breaking Tor are doing this?”
But in an update to his or her original challenge, voidnull said this method would be “somewhat problematic, as I also only access resources as voidnull over HTTPS.” In that same update, voidnull also dismissed the theory that he or she could be connected through their Hacker News username, since an email is not required for registration.
Others, however, aren’t as concerned with discovering voidnull’s identity as they are with disproving their premise. Many have pointed out other ways one can conceal their identity online without SDF.
“If WordPress.com accepts Bitcoin, couldn’t you just acquire some Bitcoins not tied to your personal ID (you can use Moneygram with fake information and route it through mixers, buy them offline, etc.), and utilize Tor/Tor Services to set up the account, and give them fake information?” writes ssharp.
But as others have pointed out that using fake information to acquire bitcoins would be an act of fraud, as where voidnull’s solution seems to be “100 percent legal.”
As it stands right now, no one has successfully cracked the case. In an update on his or her website, voidnull denies being Stephen M Jones or Martin Naskovski, two names that were circulated among Hacker News commenters. He also apologized to Raul Díaz, the owner of the unaffiliated voidnull.com domain, who may be recieving some unexpected mail over the next few days.
Photo by ginnerobot/Flickr
Pure, uncut internet. Straight to your inbox.