Bonjour,
When it is not possible to turn off the logs on a server, would it be a good idea to host the page on https://archive.org/ ? And add a link to it on the footer of each page of the web site. I mean in case it is less risky for a potential source to be logged by archive.org.
Cheers
Bonjour Loic!
I think it’s a great idea from a network monitoring perspective (https, no subdomains, archive.org serves pretty much the entire internet). In the past, we have also thought about GitHub pages as well.
However, before recommending that approach as a blanket technique to grab information from a landing page, we should obtain further details on archive.org (specifically their internal security and how they ensure page integrity as well details on what they log).
There is the unfortunately technical solution is to sign/verify signatures but not user friendly. I think the ultimate solution would be more distributed directory, multiple distinct external resources that can me compared.
The Internet Archive has an interesting approach to getting IP logs. From their page.
The web servers on Archive.org and OpenLibrary.org were modified to take the IP addresses, and encrypt them with a key that changes each day making it very difficult to reconstruct any users behavior.
However I think this is the same threat model that news organizations have with a CDN, or hosting on AWS or whatever. A sufficiently resourced adversary, could subpoena an ISP, Amazon, Cloudflare etc.