I just noticed the recent talk on a wiki and improved security and decided now is as good a time as any to discuss how we can be safer around here.
For the website itself:
1. Remove the main page, replace it with a "under construction" placeholder
As it stands anyone who happens to come upon our main page will immediately recognize it as a forum for drug chemistry (Hi DEA! Come raid hostmonster and take all our info!). Why are we advertising this? This forum is invite only as I understand it; there is no reason to advertise what we are doing. You should have access this site via a direct link to the forum (http://127.0.0.1/talk)
2. Setup the robots.txt to disallow indexing ANY of this websites content.
Once again, this is a private forum about drug discussion. We do not need anything here listed on google and the likes. I'm not really familiar with the spidering process, so maybe one of our more informed members can tell us how long it will take before the site is de-indexed (if this will indeed happen?)
These two alone will nullify any copyright concerns anyone may have about setting up a wiki or otherwise. They can't get us for something they can't see.
3. Move the hosting to an offshore VPS if it isn't there already.
Having all these drug related documents on a rack somewhere in the US is a big no no. Move it to Malaysia or another country that doesn't care about what we do here. Preferably one that isn't super friendly with the USA. Even more preferably, one that takes an anonymous currency like bitcoin for payment (just to make things easier on the admin)
4. Run this site as a TOR hidden service
Running this site strictly as a TOR hidden service has two major advantages. First of all, no one (including the DEA) will know where the server is hosted. If its hosted outside the US, its virtually impossible for them to raid/shut us down. Second, it guarantees that everyone here is accessing the website in a safe and anonymous manner.
4. Periodically scrub IP addresses from posts/access logs
This one shouldn't need any further explanation
5. Redirect unsecured HTTP traffic to HTTPS.
If you need help making this happen, shoot me a PM.
For the users:
1. USE GPG ENCRYPTION FOR ALL POTENTIALLY INCRIMINATING PRIVATE MESSAGES
You're on a forum discussing illicit drug synthesis, why the fuck aren't you using encryption? This is not 1990. The DEA knows what the fucking internet is. Even if you're not worried about the DEA, guess what? the admins can read any of your unencrypted PMs. What reason do they have to read your messages? Probably none, but I don't know and I don't care. I want to know my shit is private.
2. USE TOR TO ACCESS THIS WEBSITE
Protect yourself. Don't let LEO know where you live. Even if you're using a public wifi, you're still giving them a general idea. TOR will mask your location completely.
3. Do not retain incriminating evidence on your harddrive.
Do not have your entire lab notebook unencrypted on your desktop called "MAKINGDRUGS.TXT" Use something like truecrypt to encrypt anything suspicious. When the three letter boys come a knockin' the first thing they're going to grab (after your glassware and the dead hooker) is your computer and any usb sticks you have.
4. Only use SSL (https://thevespiary.org) to access this site
Keep everything secure. This needs no further explanation
5. Loose lips sink ships.
Anyone have anything else to add?
For the website itself:
1. Remove the main page, replace it with a "under construction" placeholder
As it stands anyone who happens to come upon our main page will immediately recognize it as a forum for drug chemistry (Hi DEA! Come raid hostmonster and take all our info!). Why are we advertising this? This forum is invite only as I understand it; there is no reason to advertise what we are doing. You should have access this site via a direct link to the forum (http://127.0.0.1/talk)
2. Setup the robots.txt to disallow indexing ANY of this websites content.
Once again, this is a private forum about drug discussion. We do not need anything here listed on google and the likes. I'm not really familiar with the spidering process, so maybe one of our more informed members can tell us how long it will take before the site is de-indexed (if this will indeed happen?)
These two alone will nullify any copyright concerns anyone may have about setting up a wiki or otherwise. They can't get us for something they can't see.
3. Move the hosting to an offshore VPS if it isn't there already.
Having all these drug related documents on a rack somewhere in the US is a big no no. Move it to Malaysia or another country that doesn't care about what we do here. Preferably one that isn't super friendly with the USA. Even more preferably, one that takes an anonymous currency like bitcoin for payment (just to make things easier on the admin)
4. Run this site as a TOR hidden service
Running this site strictly as a TOR hidden service has two major advantages. First of all, no one (including the DEA) will know where the server is hosted. If its hosted outside the US, its virtually impossible for them to raid/shut us down. Second, it guarantees that everyone here is accessing the website in a safe and anonymous manner.
4. Periodically scrub IP addresses from posts/access logs
This one shouldn't need any further explanation
5. Redirect unsecured HTTP traffic to HTTPS.
If you need help making this happen, shoot me a PM.
For the users:
1. USE GPG ENCRYPTION FOR ALL POTENTIALLY INCRIMINATING PRIVATE MESSAGES
You're on a forum discussing illicit drug synthesis, why the fuck aren't you using encryption? This is not 1990. The DEA knows what the fucking internet is. Even if you're not worried about the DEA, guess what? the admins can read any of your unencrypted PMs. What reason do they have to read your messages? Probably none, but I don't know and I don't care. I want to know my shit is private.
2. USE TOR TO ACCESS THIS WEBSITE
Protect yourself. Don't let LEO know where you live. Even if you're using a public wifi, you're still giving them a general idea. TOR will mask your location completely.
3. Do not retain incriminating evidence on your harddrive.
Do not have your entire lab notebook unencrypted on your desktop called "MAKINGDRUGS.TXT" Use something like truecrypt to encrypt anything suspicious. When the three letter boys come a knockin' the first thing they're going to grab (after your glassware and the dead hooker) is your computer and any usb sticks you have.
4. Only use SSL (https://thevespiary.org) to access this site
Keep everything secure. This needs no further explanation
5. Loose lips sink ships.
Anyone have anything else to add?