How to keep my website absolutely private?


#1

I have several websites on the dreamhost server.

I have paid the domain registrar for private registration for one of my websites.

But I am concerned about people finding a connection between my private website and the public ones on the same server. I know I shouldn’t use the same google analytics ID, for example, because that is traceable through some hackery.

I know when there’s an error in wordpress, my dreamhost username is displayed right on the website as part of the path and is the same for all of my hosted websites. That’s what concerns me. I don’t know if this info is otherwise accessible to hackers. Is there a way for spiders or hackers to find these kind of hidden connections between websites and find out my identity?

Not that I think people would particularly care that much about my particular private website, but I want to be sure it’s anonymous.


#2

Set up a different username for that website, and that will keep the path from divulging your regular username.

Other than that, only the IP address, which is shared amongst MANY users, can connect your anonymous site to one of your regular sites.


#3

i believe there are also ways of preventing PHP from outputting errors in the first place…

But Scott’s advice is probably the easiest. Remember, on the internet, no one knows you are a dog.


#4

Thanks for the info! Super helpful. But how’d you know I was a dog? Do you know what breed?


#5

There is no absolute privacy.

  • Normal viewers of your website can still find out which domains are hosted on the same server, through reverse IP. The result includes domains of all users on that server, including your users. When I tried it, about 20% of the domains listed were mine.
  • If Dreamhost gets a request from a US court or police, they will give them your personal data without telling you. Same for your registrar, depending on where it is based.
  • Any third-party content you include (ads, Youtube videos, “Like” buttons…) or link to (especially affiliate links) means they can collect data and infer your and your visitors’ identity.
  • No server software is hacking-proof.
    If you need good privacy: get hosting in another country, always communicate with the server over anonymizing proxies over SSL (never trust a Tor exit node!), don’t leave a money trail, don’t leave any personal data on the server or with the hosting company, don’t use the same email/username/password elsewhere.
    If you need some privacy and this is just about Wordpress: why don’t you open a new account at Dreamhostapps for that? Dreamhostapps is anonymous and free.
    Or use some big blogging web service instead of your own domain/webspace. They are more likely to just delete your account when there are complaints than give your data away. So always back up and be prepared to rehost.
    more tips

#6

I’m with you, hellothere. I have/had similar concerns. I have a personal site and I also have some slightly embarrassing sites on Dreamhost. They aren’t bad sites, they’re about video games, I’m just not too proud of how I clearly spend a lot of time playing games.

Even if Dreamhost had a solution for this, it’s too late. There are sites that keep records of all DNS changes. If someone really wanted to, they could go through all our old DNS records and piece the history back together.