After some discussion went down regarding WesConfess’ awesomeness and privacy issues, Wesleyinger Holly suggested I write a post explaining my thoughts. Here it is, the longest Wesleying post… ever.
WesConfess is a student-run online confession board modeled after the LiveJournal-based Anonymous Confession Board (currently in its eighth incarnation, and was based on the Oberlin Anonymous Confession Time LJ post). Wesleying has covered WesConfess twice before, a full announcement when it first made its debut, and a quick reminder of its existence just today.
Looking for anonymous advice on your secret crush? WesConfess may just be the place for you. Want to see if someone’s got the hots for you? Check it out. Is your gonorrhea acting up again? You may be better off confiding in your significant other.
WesConfess is different from (better than) the ACB in the way it organizes your posts. Instead of a 28 page long confession board that needs to be replaced every time it hits LiveJournal’s 5000 post limit, it’s a sortable compendium of every juicy nugget that’s been posted. One can sort by thread name, author, # of replies, # of views, star-based rating, or time of last post. Not enough for you, Mr/s. Web 2.0?
WesConfess is hosted, from what I can gather, by a student. The ACB, conversely, is hosted on LiveJournal, owned by blogging software company SixApart. The only drawback to WesConfess is privacy, or depending on how you look at it, trust.
A user on the first ACB said it doesn’t matter, because:
…there are only a few ip addresses for the entire campus. all you’d really be able to surmise from those ips is that it came from wesleyan
From a server in Texas, my first initial and last name. The point is, any normal post on the ACB or WesConfess sends your IP along, including your name.
So can you post about your first time doing [VERB] with a [NOUN] with confidence on the ACB? What about on WesConfess?
ACB: The newest version, the ACB VIII, has the IP address logging option turned off. You can post with safety, as long as you trust your connection and SixApart.
WesConfess’ FAQ states the user’s anonymity is based on trust, and:
When IP logging is turned off, it not only does not display the IP addresses of posts, it does not save them. So there would be no way to get the IP of a post after it was made.
This isn’t entirely true. I set up my own test MyBB-based board (the same type as WesConfess), and someone made an especially embarrassing post:
There are two ways to get IPs as the admin. The first, which the “log posting” option disables, looks like this:
The second is more standard, and applies to most any webserver (specifically, those using Apache). Most webserver software logs every request made, by default. In my test implementation, I grabbed the server log and performed a search for posts made at the same time as that embarrassing revelation:
Resolve the host and you know who that IP belongs to. The point is, your anonymous posts aren’t so anonymous, and you need to trust the owner of the site.
Honestly, who fucking cares?
In all reality, the WesConfess admin probably isn’t trying to sell your secrets on Wes Classifieds. Beyond that, they probably hadn’t planned on using server logs to pwn IPs. Really, I am just telling them exactly how to abuse trust if they wanted to. And throwing my IP out there a few times.
And as was discussed in our comments, you can also have your privacy violated by someone with a wireless sniffer, radio scanner, a very good ear or even well-placed eyes!
But there are answers!
Proxy servers and Tor provide pretty solid anonymity when web browsing, so put one of these in place and news of your personal life will only be known to strangers who may or may not know you. As for the other stuff, plugging in your ethernet, digital cellphones, loud noises and flashbangs will keep you (relatively) safe.