I am developing a whistleblower website to be used by people to anonymously report cases of misconduct and corruption in public institutions in my country. The idea is to:
- Provide the whistleblower with as much anonymity as possible.
- The site NOT to hold any user identifiable information that we may be coerced to producing through court orders or other arm-twisting tactics. If we don't have it, we can't produce it. The idea here is to protect the whistleblower by all means.
Here is now it's supposed to work:
- A user will post a message and/or file on the site.
- The site will generate a unique username and password for the user.
- The user will provide no other information and will only provide followup to their post using the generated username and password.
I can guarantee anonymity to the user by NOT saving their IP or email addresses or any other information that can identify the user.
The site will use HTTPS of course.
So my question is: from the user's browser to the server and on the IIS server what else can give the user away? Where else should I be concerned with removing any connection between the user and their post? Anything else I should be concerned about? In some cases, it could be a matter of life and death.
Aucun commentaire:
Enregistrer un commentaire