How anonymous can a website 'owner' be?

Casually, yes. Seriously, no.

And why, praytell?

If I start up a site that some may deem 'controversial' I would prefer that someone doesn't stop by to shoot me.

If you need to ask the question, you shouldn't create the site.

Will vbulletin divulge the owner of a license if someone asks them?

There are several ways to go about this.

The first is the cheap and least secure way.

1. When you purchase the domain and host, use a post office box for your address.
2. Next ask your host to make your registration information private.
3. Next make sure you dont associate your personal information thats available on the internet with that site, otherwise people can tie it back to you (ie. using the same user name that you use on other sites that also reference your personal contact info etc.).

The average person wont be able to find out who the site owner is. An intermediate person might be able to do some pre-texting and identify your name and the PO Box. But, unless your publically listed in various records (ie. telephone book or internet search) then your still pretty hard to track down. An advanced user with access to unique records (ie. a detective or credit bureau) will easily track you down once they know your name and general whereabouts (ie. city or state or other unique info that seperates you from the other john smiths in the world).

Chances are that this is all you will need to do unless your writing something against a foreign government or high-end criminals who would go to great lenghts to find you.


The second method is a little more expensive but provides reasonable privacy.

1. First become registered as a corporation.
2. Next retain an attorney as both the principle representative and copyright agent for the corporation and website.
3. Register the domain and hosting under the corporation.

Corporations are legally considered a "person" under US Business Law. As long as your not publically traded, then the members of the corporation can assume a high level of confidentiality.

In short, the only information they will be able to find out is the corporation name and its principle representative, your attorney. Due to client/attorney priviledge, unless the attorney discloses who you are, then you remain annonymous.

But, this is kind of expensive. My attorney charges $800 to be retained as my copyright agent plus expenses.

The third method is very secure and can afford the greatest protection

1. Its basically the same as the second method. Except that you establish multiple holding companies and subsidiaries in multiple countries. (ie. establish a subsidiary in Denmark, Luxenburg, Switzerland, Bermuda etc). Each country has numerous complex laws so it will slow down people for months, like a pyramid, they will have to trace it back to you, company by company, each time having to identify the principle representative (your attorney) and eventually hitting the parent corp. where they would eventually identify the board members (you).
2. As before you would retain an attorney as the principle representative for each of these companies (dont use the same attorney as the attorney is the weak point).

The next part to this is technology. They will try to identify you through connecting to your site, as its alot easier then going through several holding companies/attorneys. So they will try to identify your IP address and other general data in order to identify your location.

It is critical that you dont use a connection that identifies yourself. Meaning dont connect to your host using a cable modem in your house. Otherwise they will find out your residence and your name.

You have two options, with both having downsides. Im assuming you have rented your own server from the host under the bottom subsidiary/holding company and not using a shared server for this example. (meaning the records will show the Z company owns the site, and a Y company owns that, an a G company owns that etc. etc. each time they hit a wall and have to then figure out that level before progressing to the next corporate wall).

1. Buy a laptop in cash and ensure no information links you to the laptop.
2. Connect to the server using VPN with an AES 256bit encryption Token Authenticator. This will encrypt your data between the server and your PC.
3. Connect via random public locations (ie. starbucks and internet cafes) and access site during busy hours.

At that point your weakest link is the CCTV that records you using the connection.

The second tech option is instead of connecting via VPN w/encryption at an internet cafe, you can just piggyback off someones WIFI connection. The problem is that they will be able to identify you being in a general radius of your neighbor and there probably arent many WIFI in your neighborhood, so its easy to triangulate you. If you do use WIFI then connect from the airport where you will piggyback off of different people each time and with so many people using laptops its difficult to identify you from them. (something easier to do at internet cafe's due to you using a physical connection).

At the very least you should make your registration info private and use a PO Box for registering. If anything to avoid lots of hate mail or people showing up at your home.

We'd divulge information to the appropriate authorities when they request it but never to anyone else.

fusion2 and Scott M., thanks for the great/helpful information.

I've run websites for a very long time all different types of websites too, no ones came round to my house and shot me.. yet, So I'm sure they won't for you either.

Read the attachment.

Bob

Would this apply to sites that are run not for profit ? The doc you enclosed seems to be directed to more business or sales type websites

It applies to all web sites, business or not.

Bob

Don't think so. My understanding was it is for companies, possibly not even including sole traders. In fact it says in the document:

and makes no mention of the application to personal websites. Additionally, personal websites are still legally permitted to hide their WHOIS details while businesses are not (including sole traders).

My understanding is that if your site involves financial transactions or is a website for a business, the above rules apply to you.

You can try to hide your information when you by a domain by also purchasing extra whois guard protection. And also use an alias email address from your servers CP Panel, that redirects mail to your own email address. Thats two things you can do to help a little.

But I guess nothing is 100%