I just noticed the recent talk on a wiki and improved security and decided now is as good a time as any to discuss how we can be safer around here.
For the website itself:
1.  Remove the main page, replace it with a "under construction" placeholder
As it stands anyone who happens to come upon our main page will immediately recognize it as a forum for drug chemistry (Hi DEA! Come raid hostmonster and take all our info!).  Why are we advertising this?  This forum is invite only as I understand it; there is no reason to advertise what we are doing.  You should have access this site via a direct link to the forum (http://127.0.0.1/talk)

2.  Setup the robots.txt  to disallow indexing ANY of this websites content.
Once again, this is a private forum about drug discussion.  We do not need anything here listed on google and the likes.  I'm not really familiar with the spidering process, so maybe one of our more informed members can tell us how long it will take before the site is de-indexed (if this will indeed happen?)

These two alone will nullify any copyright concerns anyone may have about setting up a wiki or otherwise.  They can't get us for something they can't see.

3.  Move the hosting to an offshore VPS if it isn't there already.
Having all these drug related documents on a rack somewhere in the US is a big no no.  Move it to Malaysia or another country that doesn't care about what we do here.  Preferably one that isn't super friendly with the USA.  Even more preferably, one that takes an anonymous currency like bitcoin for payment (just to make things easier on the admin)

4. Run this site as a TOR hidden service
Running this site strictly as a TOR hidden service has two major advantages.  First of all, no one (including the DEA) will know where the server is hosted.  If its hosted outside the US, its virtually impossible for them to raid/shut us down.  Second, it guarantees that everyone here is accessing the website in a safe and anonymous manner.

4.  Periodically scrub IP addresses from posts/access logs
This one shouldn't need any further explanation

5.  Redirect unsecured HTTP traffic to HTTPS.
If you need help making this happen, shoot me a PM.

For the users:
1. USE GPG ENCRYPTION FOR ALL POTENTIALLY INCRIMINATING PRIVATE MESSAGES
You're on a forum discussing illicit drug synthesis, why the fuck aren't you using encryption?  This is not 1990.  The DEA knows what the fucking internet is.  Even if you're not worried about the DEA, guess what? the admins can read any of your unencrypted PMs.  What reason do they have to read your messages? Probably none, but I don't know and I don't care.  I want to know my shit is private.

2. USE TOR TO ACCESS THIS WEBSITE
Protect yourself.  Don't let LEO know where you live.  Even if you're using a public wifi, you're still giving them a general idea.  TOR will mask your location completely.

3.  Do not retain incriminating evidence on your harddrive.
Do not have your entire lab notebook unencrypted on your desktop called "MAKINGDRUGS.TXT"  Use something like truecrypt to encrypt anything suspicious.  When the three letter boys come a knockin' the first thing they're going to grab (after your glassware and the dead hooker) is your computer and any usb sticks you have.

4.  Only use SSL (https://thevespiary.org) to access this site
Keep everything secure.  This needs no further explanation

5.  Loose lips sink ships.

Anyone have anything else to add?

yes but some of us see these kinds of research as an expression of freedom and an
effort to change law and help users to stay safe with safe drugs.

to hide the site from the public is to undo any and all of these efforts.

Complicated issue, I will implement some of these...

I agree very much with shroomedalice and he probably put it more eloquently than I could have...

i think this post was very well thought out and put together, nice thread akcom.  i agree with everything akcom mentioned aside from the TOR hidden service.  that idea might be amazing from a security standpoint but might dissuade people from being as active on the site as they currently are.  by that i mean it might dissuade the people who don't use TOR, people who may use random proxies/etc instead.  aside from that, i think everything you typed out should at least really be taken into consideration by Vesp.  keeping this site off google and losing the main page are changes that i think would be 2 big winners.  scrubbing the ip addresses on the board (routinely by the admins) and using encryption (for pm's and your hard drive) should be a way of life for us.

good work man

yes but some of us see these kinds of research as an expression of freedom and an
effort to change law and help users to stay safe with safe drugs.

to hide the site from the public is to undo any and all of these efforts.

This place isn't oriented towards harm reduction like Erowid or Bluelight, nor to advocacy like MAPS or NORML. The harm reduction mentality takes an agnostic stance on the supply side, instead focusing on how to most safely deal with the demand. This place's niche is solely supply side. It's great to have discussions on harm reduction and legal advocacy, but the general tone doesn't have much to gain from a bunch of people showing up asking how to take MDMA for the first time.

To really get that message of safety and political change out there to those who need it requires a much more public profile than might be appropriate for a place at the cutting edge of underground chemistry.

^^^
Makes me think about how revolutionary (and successful) the hive was, considering how small the internet was 12 or 13 years ago compared to today. I think the wiki would be a good next step.

If you register the site with google webmaster tools, you can see what gets indexed and control what pages show up in Google search, if any.

Denying everything with a robots.txt is a much better idea than registering with Google.

I'd go one step further and grab a list of common bot useragents and IP ranges and simply ban those via .htaccess directives.

Wizard X, thevespiary is still spidered.

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=P2P+site%3Athevespiary.org

Agreed, and put a robots.txt in the server root directory & every server directory to ensure privacy.

www.thevespiary.org/robots.txt
www.thevespiary.org/talk/robots.txt

Server configuration plays a major part in stopping bots.

<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" /> in the index.html will stop the bots spidering the links in the index.html, HOWEVER, to ensure good privacy, place a robots.txt in the server root directory & every server directory.

They can't really shut this place down without inventing a lot of new caselaw, so long as things don't cross the line from speech to a specific conspiracy (which, contrary to what gets thrown around, requires more than two disconnected parties talking about the same illegal act).

The real value in the Tor hidden service comes from forcing members to connect with Tor.

Honestly, the shutdown doesn't worry me. Servers can be moved.

The primary concern should be on the exposure of members through a seizure or bugging which unmasks members who didn't cover their tracks. When Feds stake out a Mafia restaurant, they aren't interested in the restaurant itself, just the identities of those who come and go.

So far we're doing a good job of keeping the place from filling up with the sort of k3wl which bring negative attention. As much flak as I've caught for it, I still believe the more worrisome radar is that of the public. The less the disinterested or incapable outsiders know of this hobby, the better. With no more highly desirable specific precursors to take away (comparable to psuedo, P2P, safrole, ET, etc), any more Dateline-style moral panic will be directed against anything and everything from glassware to HCl, and certainly towards purchasers which aren't registered corporations residing at business addresses.

If we had to move to a Tor hidden service, then that would help raise the bar against curious gawkers, although I feel the registration requirement and low publicity are doing a good enough job for now.