Achieving complete anonymity in Rails -


each user has_many personas, each persona belongs_to user. users can create , destroy new personas whenever want. users sign in/create new session traditional email/password combination, , can operate whichever of personas choose (users allowed 3 personas - called 'dominos' on website).

each persona operates user on other website (profile pic, making posts, sending messages etc). want impossible determine user each persona belongs to. question is, how can achieved?

moreover, don't want link between personas. therefore think necessary ensure persona id cannot determined. if user creates 3 personas in quick succession, have consecutive persona id's, make reasonable guess personas consecutive persona id's created same user.

the friendly_id gem hides id's in url can still identified means?

what other considerations should there be? thank suggestions, don't know begin anonymity objective.

edit:

this have:

user model:

class user < activerecord::base    has_one  :ghost,    dependent: :destroy   has_many :personas, dependent: :destroy    before_create :create_remember_token   before_save     email.downcase!     callsign.downcase!   end   after_save     self.create_ghost unless ghost   end    validates :name, presence: true,                    length: { maximum: 50 }   valid_email_regex = /\a[\w+\-.]+@[a-z\d\-]+(?:\.[a-z\d\-]+)*\.[a-z]+\z/i   validates :email, presence:   true,                     format:     { with: valid_email_regex },                     uniqueness: { case_sensitive: false }   valid_callsign_regex = /\a[a-z\d\-.\_]+\z/i   validates :callsign, presence:   true,                        length:     { maximum: 20 },                        format:     { with: valid_callsign_regex },                        uniqueness: { case_sensitive: false }   validates :password, length: { minimum: 6 }    has_secure_password    def user.new_remember_token     securerandom.urlsafe_base64   end    def user.digest(token)     digest::sha1.hexdigest(token.to_s)   end    private      def create_remember_token       self.remember_token = user.digest(user.new_remember_token)     end  end 

users controller:

class userscontroller < applicationcontroller    before_action :signed_in_user,     only: [:index, :show, :edit, :update, :destroy]   before_action :non_signed_in_user, only: [:new, :create]   before_action :correct_user,       only: [:edit, :update]   before_action :admin_user,         only: :destroy    def index     @users = user.paginate(page: params[:page])   end    def show     @user = user.find(params[:id])     @page_name = "user_page"   end    def new     @user = user.new   end    def create     @user = user.new(user_params)     if @user.save       sign_in @user       flash[:success] = "welcome, " + @user.name       redirect_to @user     else       render 'new'     end   end # create    def destroy     @user = user.find(params[:id])     if ( current_user != @user )       @user.destroy       flash[:success] = "user deleted."       redirect_to users_url     else       redirect_to @user, notice: "suicide not permitted, admin chappie. hard cheese."     end   end    def edit   end    def update     if @user.update_attributes(user_params)       flash[:success] = "profile updated"       redirect_to @user     else       render 'edit'     end   end # update    private      def user_params       params.require(:user).permit(:name, :email, :callsign, :password, :password_confirmation)     end      # before filters      def non_signed_in_user       if signed_in?         redirect_to root_url, notice: "nice try pal. can't create new user                                         if you're signed in."       end     end      def correct_user       @user = user.find(params[:id])       redirect_to(root_url) unless current_user?(@user)     end      def admin_user       redirect_to(root_url) unless current_user.admin?     end  end 

persona model:

class persona < activerecord::base    belongs_to :user    before_save :make_downcase_callsign    validates :name, presence: true,                    length:   { maximum: 50 }   valid_callsign_regex = /\a[a-z\d\-.\_]+\z/i   validates :callsign, presence:   true,                        length:     { maximum: 20 },                        format:     { with: valid_callsign_regex },                        uniqueness: { case_sensitive: false }   validates :user_id, presence: true   validates :persona_id, presence: true    private      def make_downcase_callsign       return unless callsign       self.callsign = callsign.downcase     end  end # persona 

personas controller:

class personascontroller < applicationcontroller    before_action :signed_in_user   before_action :correct_persona,   only: [:edit, :update]   before_action :correct_destroyer, only: :destroy   before_action :too_many_personas, only: :create    def index     @personas = persona.paginate(page: params[:page])   end    def show     @persona = persona.find(params[:id])     @page_name = "domino_" + @persona.persona_id.to_s + "_page"   end    def new     @persona = persona.new   end    def create     @persona = current_user.personas.build(persona_params)     set_persona_id     if @persona.save       flash[:success] = "this moment of creation, " + @persona.name       redirect_to @persona     else       render 'new'       end   end    def edit     @persona = persona.find(params[:id])   end    def update     @persona = persona.find(params[:id])     if @persona.update_attributes(persona_params)       flash[:success] = "persona profile updated"       redirect_to @persona     else       render 'edit'     end   end    def destroy     @persona = persona.find(params[:id])     @persona.destroy     flash[:success] = "persona deleted."     redirect_to current_user   end     private      def persona_params       params.require(:persona).permit(:name, :callsign)     end      def correct_persona       @persona = persona.find(params[:id])       redirect_to(root_url) unless current_user.id == @persona.user_id     end      def correct_destroyer       @persona = persona.find(params[:id])       redirect_to(root_url) unless ( (current_user.id == @persona.user_id) || current_user.admin? )     end      def too_many_personas       if ( current_user.personas.count >= 3 )         flash[:message] = "sorry, you're not allowed more 3 dominos."         redirect_to(root_url)       end     end      def set_persona_id       if ( current_user.personas.count == 0 )         @persona.persona_id = 1         return       end       if ( current_user.personas.count == 1 )         if current_user.personas.first.persona_id == 1           @persona.persona_id = 2           return         else           @persona.persona_id = 1           return         end       end       if ( current_user.personas.count == 2 )         if current_user.personas.first.persona_id == 1           if current_user.personas.second.persona_id == 2             @persona.persona_id = 3             return           else             @persona.persona_id = 2             return           end         end         if current_user.personas.first.persona_id == 2           if current_user.personas.second.persona_id == 1             @persona.persona_id = 3             return           else             @persona.persona_id = 1             return           end         end         if current_user.personas.first.persona_id == 3           if current_user.personas.second.persona_id == 1             @persona.persona_id = 2             return           else             @persona.persona_id = 1             return           end         end       end     end  end # class personascontroller < applicationcontroller 

i want know how organise malevolent user cannot determine persona belongs user. idea user can create many personas likes, , there no connection between them apparent other (possibly malevolent) users.

i don't think going answer question, because don't think you've defined scope of problem enough.

but let's think through, @ high level, should true of application guarantee anonymity user.

1) no user should able discern identify through url.

  • this seems straightforward enough. if each persona has randomly generated key associated it, , key used id in url, condition should satisfied.

2) no user should able reverse engineer identity through site behavior.

  • this bit trickier. you'd want make sure you're not tracking information ip address of login (i think devise this, if you're using gem), because problem.
  • additionally, might want think whether want timestamp behavior of persona, since @ least reverse engineer side of world on timestamps.
  • you'd want avoid using third parties site analytics (e.g. google analytics), since defeat whole point.

3) if bad guy obtained copy of database, he/she should not able reverse engineer persona's identity.

  • now we're having fun! you're hashing passwords, want encrypting uniquely identifiable information. means names, usernames, emails, dates of birth, etc. there's gem called symmteric encryption (https://github.com/reidmorrison/symmetric-encryption) splits encryption key 2 separate parts, need database, ruby code, , separate key file put together.

4) other features

  • i don't know if you're familiar kinja (it's commenting platform), have idea of burner account. basically, create username, 16-digit key password, can't change password or recover if it's lost. anonymity standpoint, it's in sense if gained access email, couldn't use "forgot password?" feature means of gaining access burner account. depending on needs, implement that.

5) ssl

  • obviously, want every aspect of site behind ssl.

those main considerations have of claimed "anonymous". comes down level of anonymity you're trying guarantee though. insane level of anonymity blogging site, woefully inadequate twarting-the-nsa perspective. consider audience!


Comments

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

c# - How do I get the Nth largest element from a list with duplicates, using LINQ? -

jsp - "Sending a redirect is forbidden after the response has been committed" in sendRedirect -