Register and post
Register your blog
Turn Tor on in your browser, or start XeroBank. Visit Wordpress.com and sign up for a new account by clicking the “Get a New WordPress Blog” link. Use the email address you just created and create a username that will be part of your blog address: thenameyouchoose.wordpress.com
b) Wordpress will send an activation link to your webmail account. Use your Tor-enabled browser to retrieve the mail and follow that activation link. This lets Wordpress know you’ve used a live email account and that they can reach you with updates to their service - as a result, they’ll make your blog publicly viewable and send you your password. You’ll need to check your webmail again to retrieve this password.
c) Still using Tor, log into your new blog using your username and password. Click on “My Dashboard”, then on “Update your profile or change your password.” Change your password to a strong password that you can remember. Feel free to add information to your profile as well… just make sure none of that information is linked to you!
Post to your blog
a) Write your blog post offline. Not only is this a good way to keep from losing a post if your browser crashes or your net connection goes down, it means you can compose your posts somewhere more private than a cybercafe. A simple editor, like Wordpad for Windows, is usually the best to use. Save your posts as text files (After blogging, always remember to remove these files from your machine completely, using a tool like Eraser or Ccleaner which is is available in many languages and wipes temporary files automatically from all installed browsers and other applications).
b) Turn on Tor, or use Tor Browser from your portable media drive, and log onto Wordpress.com. Click the “write” button to write a new post. Cut and paste the post from your text file to the post window. Give the post a title and put it into whatever categories you want to use.
c) Before you hit “Publish”, there’s one key step. Click on the blue bar on the right of the screen that says “Post Timestamp.” Click the checkbox that says “Edit Timestamp”. Choose a time a few minutes in the future - ideally, pick a random interval and use a different number each time. This will put a variable delay on the time your post will actually appear on the site - Wordpress won’t put the post up until it reaches the time you’ve specified.
Why?
By editing the timestamp, we’re protecting against a technique someone might use to try to determine your identity. Imagine you’re writing a blog called “Down with Ethiopia Telecommunications Company!” Someone at ETC might start following that blog closely and wonder whether one of their customers was writing the blog.
They start recording the times a post was made on downwithetc.wordpress.com and check these timestamps against their logs. They discover that a few seconds before each post was made over the series of a month, one of their customers was accessing one or another Tor node. They conclude that their user is using Tor to post to the blog and turn this information over to the police.
By changing the timestamp of the posts, we make this attack more difficult for the internet service provider. Now they’d need access to the logs of the Wordpress server as well, which are much harder to get than their own logs. It’s a very easy step to take that increases your security.
