ACB/WesConfess: The Good, the Bad, and the Ugly

After some discussion went down regarding WesConfess’ awesomeness and privacy issues, Wesleyinger Holly suggested I write a post explaining my thoughts. Here it is, the longest Wesleying post… ever.

WesConfess is a student-run online confession board modeled after the LiveJournal-based Anonymous Confession Board (currently in its eighth incarnation, and was based on the Oberlin Anonymous Confession Time LJ post). Wesleying has covered WesConfess twice before, a full announcement when it first made its debut, and a quick reminder of its existence just today.

Looking for anonymous advice on your secret crush? WesConfess may just be the place for you. Want to see if someone’s got the hots for you? Check it out. Is your gonorrhea acting up again? You may be better off confiding in your significant other.

The Good
WesConfess is different from (better than) the ACB in the way it organizes your posts. Instead of a 28 page long confession board that needs to be replaced every time it hits LiveJournal’s 5000 post limit, it’s a sortable compendium of every juicy nugget that’s been posted. One can sort by thread name, author, # of replies, # of views, star-based rating, or time of last post. Not enough for you, Mr/s. Web 2.0?

You can even get an RSS feed of the posts. SICK.

The Bad/Ugly/etc…
WesConfess is hosted, from what I can gather, by a student. The ACB, conversely, is hosted on LiveJournal, owned by blogging software company SixApart. The only drawback to WesConfess is privacy, or depending on how you look at it, trust.

The first two versions of the ACB weren’t completely anonymous. Users began to notice this:

Oops.

A user on the first ACB said it doesn’t matter, because:

…there are only a few ip addresses for the entire campus. all you’d really be able to surmise from those ips is that it came from wesleyan

I’m not sure what the Wesleyan network was like in 2005, but if it’s the same as today, you can tell what user belongs to a certain IP, even from remote locations. Case in picture:

bjordan.stu? What student could that be?

From a server in Texas, my first initial and last name. The point is, any normal post on the ACB or WesConfess sends your IP along, including your name.

So can you post about your first time doing [VERB] with a [NOUN] with confidence on the ACB? What about on WesConfess?

ACB: The newest version, the ACB VIII, has the IP address logging option turned off. You can post with safety, as long as you trust your connection and SixApart.

WesConfess: I’d worry more if the site’s semi-anonymous administrator had their options set up like this:

Ooh! I know! Click the one on top!

WesConfess’ FAQ
states the user’s anonymity is based on trust, and:

When IP logging is turned off, it not only does not display the IP addresses of posts, it does not save them. So there would be no way to get the IP of a post after it was made.

This isn’t entirely true. I set up my own test MyBB-based board (the same type as WesConfess), and someone made an especially embarrassing post:

There are two ways to get IPs as the admin. The first, which the “log posting” option disables, looks like this:

The second is more standard, and applies to most any webserver (specifically, those using Apache). Most webserver software logs every request made, by default. In my test implementation, I grabbed the server log and performed a search for posts made at the same time as that embarrassing revelation:

AH! YOU KNOW MY WEBBROWSER!

Resolve the host and you know who that IP belongs to. The point is, your anonymous posts aren’t so anonymous, and you need to trust the owner of the site.

Honestly, who fucking cares?

In all reality, the WesConfess admin probably isn’t trying to sell your secrets on Wes Classifieds. Beyond that, they probably hadn’t planned on using server logs to pwn IPs. Really, I am just telling them exactly how to abuse trust if they wanted to. And throwing my IP out there a few times.

And as was discussed in our comments, you can also have your privacy violated by someone with a wireless sniffer, radio scanner, a very good ear or even well-placed eyes!

But there are answers!

Proxy servers and Tor provide pretty solid anonymity when web browsing, so put one of these in place and news of your personal life will only be known to strangers who may or may not know you. As for the other stuff, plugging in your ethernet, digital cellphones, loud noises and flashbangs will keep you (relatively) safe.

WesConfess, keep on truckin’. The board is very entertaining. And Holly, who suggested I write this, you owe me an entire Thursday afternoon.

(Visited 6 times, 1 visits today)

12 thoughts on “ACB/WesConfess: The Good, the Bad, and the Ugly

  1. Anonymous

    tor IS a proxy server. Many, many proxy servers. Proxy++…. even proxy+++++I wish wesconfess were a hidden service (ie. only available for those using tor) as this would be both Completely anonymous and would force us all to use tor, which is a great, great thing.-w

  2. Anonymous

    tor IS a proxy server. Many, many proxy servers. Proxy++…. even proxy+++++

    I wish wesconfess were a hidden service (ie. only available for those using tor) as this would be both Completely anonymous and would force us all to use tor, which is a great, great thing.
    -w

  3. Anonymous

    Darwin (one of the wesconfess founders) here. As we’ve said before, IP logging comes down to trust. When you own a website, there’s a million ways you can log IP addresses, from statistic packages, forum software and more. So there’s no way we can prove that we’re not logging IP addresses. We are considering bringing on an impartial member to the forum team, but the problem is that IP logging could still be happening at the domain level or any other place besides forum software, so it’s very hard to prove either way. I had suggested a proxy server already in the FAQ for people who are concerned about anonymity, but tor is also a great suggestion. Thanks for the extra publicity!PS It’s two wesleyan students, not one.

  4. Anonymous

    Darwin (one of the wesconfess founders) here. As we’ve said before, IP logging comes down to trust. When you own a website, there’s a million ways you can log IP addresses, from statistic packages, forum software and more. So there’s no way we can prove that we’re not logging IP addresses. We are considering bringing on an impartial member to the forum team, but the problem is that IP logging could still be happening at the domain level or any other place besides forum software, so it’s very hard to prove either way. I had suggested a proxy server already in the FAQ for people who are concerned about anonymity, but tor is also a great suggestion. Thanks for the extra publicity!

    PS It’s two wesleyan students, not one.

  5. Anonymous

    Sorry about the IP tracking on the first ACB. I created that post, and apparently I had IP tracking turned on for my LJ. If I had known that people would actually post, perhaps I would have had the forethought to turn it off for people’s comfort. I can assure you all that I did not have IP tracking enabled on purpose, and no tracking of posts was ever, EVER done.-CarolineP.S. I am still over the top amused by how HUGE my “little-post-for-the-fun-of-it” became, although I’d like to think that someone else would have started it if I had not…

  6. Anonymous

    Sorry about the IP tracking on the first ACB. I created that post, and apparently I had IP tracking turned on for my LJ. If I had known that people would actually post, perhaps I would have had the forethought to turn it off for people’s comfort. I can assure you all that I did not have IP tracking enabled on purpose, and no tracking of posts was ever, EVER done.
    -Caroline
    P.S. I am still over the top amused by how HUGE my “little-post-for-the-fun-of-it” became, although I’d like to think that someone else would have started it if I had not…

Comments are closed.