I have no intention of trying to find out voidnull, but here are some thoughts on what we know:
1. We have a little bit of text we can be reasonably sure voidnull wrote -- some sort of text-likeness algorithm might be able to give us some candidates -- pointed at newsgroups/forums/etc where SDF users might hang out.
2. Using the above, I would note that there are some grammar/typos/mistakes from possibly careless writing. That might be something to specifically try to isolate
3. The HTML on the page is very simple, but malformed -- perhaps look for pages like that (some missing </p> tags)
4. adnam made a comment that showed some familiarity with voidnull and SDF -- adnam might be easier to locate and an association might be discovered.
5. If I believe #4, voidnull is possibly a handle that has been used before (seems really dumb, though) -- perhaps it's a very recognizable alteration.
Anything else?
Assuming malicious intent on the part of the provider, the envelope sent to SDF will have a post office stamp from the city from which he sent it. Intersect the IP subnets for the area with the IPs used to connect to SDF to find a connection he made to a non-anonymous account.
Second, the command `ssh -o ProxyCommand="nc -X 4 -x localhost:9050 %h %p" sdf.org` seems to be unique (to Google), and may be in a script he has written previously.
> Assuming malicious intent on the part of the provider, the envelope sent to SDF will have a post office stamp from the city from which he sent it.
Unless they got someone to remail it from the other side of the country.
Then there is an accomplice. Two people are easier to find than one.
Mail something to a friend in New York, ask them to remail via a super-busy mail box and destroy the original envelope. Sure it'll technically be possible to review CCTV around the mail box, but then the investigators have to find out who asked the remailer to do this. More difficult than just cross-checking IP addresses to find potential matches for one person.
Daisy-chain the remails a couple of times and it gets ridiculously complicated for all but highest security purposes. Get the accomplices to each wait some semi-random amount of days before remailing to help improve chances that one of the CCTVs will roll-over and write over footage of a remailer...
Or mail it yourself while travelling without connecting to the server while in the area. Sure, you can technically cross-check CCTV from mailbox with transport centres footage with transport records, but...
Do U.S. stamps have identifying features like printers these days? Shown a stamp or three stamps, can you tell e.g. which store chain sold them?
I think you just send the SDF a dollar bill, that's it. You could just call a friend at the other side of the country and ask them to send it.
Make sure your friend isn't FBI, or FBI, Police, or other informant.
Make sure your friend isn't going to rat you out.
Make sure your friend isn't going to just take the money and tell you he mailed it.
Make sure your friend doesn't get caught.
Make sure your friend can resist NYPD torture (cough, I mean Enhanced Interrogation) because how do they know it's not ricin in the envelope, so they can't take any chances.
Make sure your friend understands that if you're doing something shady, something that could be considered Postal Fraud, that he could then be prosecuted as an accomplice. Make sure he understands that he could spend years in jail for blindly remailing something of yours.
For someone willing to take those risks based on your friendship, that would be some really close friend! (or an FBI informant).
I think it's safer to just not mail the letter if you really want to be anonymous.
Think of your friend's safety!
The postal service will cheerfully act as that accomplice:
http://about.usps.com/who-we-are/postal-history/valentine-po...
I'm going to bounce a letter off of Bridal Veil, OR and Lovejoy, GA. I'll follow up if/when it gets back to me.
Edit: Here we go: http://i.imgur.com/ZAXzlT8.jpg
My mother took advantage of that when my brother was in the hospital for several months.
When the morning mail came around on Valentine's day, he had a ton of mail from women he'd never heard from from half the towns in the USA with any kind of romantic name.
When the afternoon mail came around, he got the same from the half that didn't arrive in the morning.
For the rest of his stay, he had an unassailable reputation as a super stud. Not a particularly bad thing for a marine in a military hospital!
The IP method won't work since he's using Tor to access SDF.
This type of pattern recognition is a very interesting approach to fingering people, even anonymous ones. I've often thought that perfect anonymity is essentially impossible, mostly because nobody wants to enable it, and nobody is smart enough to pull it off for long enough (essentially have a split personality, from even before the time of beginning the anonymous side). As benmanns points out, that ssh command is unique so far. If voidnull has been talking IRL with people about this, they would be able to associate him with it.
Related to the issue of the postmark, there is also the issue of (potential) fingerprints on the envelope and money. The point is, even if the public cannot find identities, the authorities (almost) always can.
Anyways, anonymity is an odd thing: in the US, anonymous speech is allowed (by court decision), but not guaranteed. The government isn't obligated to facilitate it and businesses aren't forced to allow it. voidnull's access to anonymity rests solely on SDF's goodwill and solvency. And the government could easily harrass them, even if they are overseas.
Which brings up an interesting thought experiment: what would it look like if anonymity were guaranteed by law, how could it be implemented reliably and verifiably, and what would the counter-balance be against illegal activity?
> 1. We have a little bit of text we can be reasonably sure voidnull wrote -- some sort of text-likeness algorithm might be able to give us some candidates -- pointed at newsgroups/forums/etc where SDF users might hang out.
People call me extremely paranoid for this, but I've seen how effective author-analyzing software is.
I would almost certainly try to learn a new language if I want to stay anonymous, and only use that language for my anonymous alter-ego.
There are plenty of non-English communities out there, and if you're data is sufficiently interesting, people will translate it for you.
3a. The HTML is formatted in a specific way, with indents and white space.
Just going to point out that matches HTML code style to a person that shares traits with "voidnull" means nothing. Silly HTML pages I've written in vi over puTTY terminals look practically identical to that page.
Additionally, I would assume if he is to write something going "find me" he will likely purposefully change his styling or attempt to remove any styles he uses. Such a simple page devoid of any CSS or unique traits really shows that it could be written by a seasoned vet or a highschool kid with a good idea. Its the html equivalent of notepad file if you ask me.
> Silly HTML pages I've written in vi over puTTY terminals look practically identical to that page.
Sure, but it's a hint that the person might have written it in vi. Only some people would write HTML in vi. Sure that group overlaps quite strongly with group of people that would put out such a challenge, but it's still a couple bits of information.
Regarding #5, I doubt that the name is a useful lead. It seems to me that "voidnull" is just a play on the concept of anonymity and not something that you could tie personally to the OP.
It was adnam's recognition that made me think it was used before. Also voidnull appears to have a long standing interest in this concept, and so might have used a variant of it before. Again, just a data-point -- the idea is to sort a giant list, not necessarily filter it.
> 3. The HTML on the page is very simple, but malformed -- perhaps look for pages like that (some missing </p> tags)
The w3.org validator says it's okay.
http://validator.w3.org/check?uri=http%3A//voidnull.sdf.org/
That might be so, but it's still a possibly identifying fingerprint.
Sorry, but only people who have never written HTML by hand could think that omitted </p> tags are a useful identifying fingerprint.
It can fit in with word choice, indentation, line length, etc as part of a personal pattern. But by itself it is as meaningful as saying "and".
I have 4 errors, 5 warnings...
So, do I, now. But it's the ISP's over-quote page, not the page originally posted.
Ok, my bad.
voidnull claimed the page was legal, but it is not legal in Germany (according to other comments here). voidnull appears to be a native English writer and uses $ when referring to monetary amounts in a few contexts.
Omitted </p> tags have always been perfectly conforming in HTML, just not XHTML. The same goes for </li> tags. It's more common than you think for people to omit closing tags for those elements.