Privacy & Anonymity - Factkeeper

🔒 Anonymous Submissions

Your Identity Is Protected

We cannot identify you from a submission, even if legally compelled. Your IP address is cryptographically hashed (one-way encryption) before storage, making it mathematically impossible to determine your identity.

How It Works

When you submit an event:

No Personal Information Required: We don't ask for names, emails, phone numbers, or any identifying data
IP Address Protection: Your IP address is immediately converted to a secure hash (like a fingerprint that can't be reversed)
Temporary Spam Prevention: The hash is kept briefly (30 days) only to prevent automated spam, then automatically deleted
Tracking ID Only: You receive a random tracking ID (like "CS1729845abc") to check submission status - it contains no identifying information

What We Don't Store

❌ Your real IP address
❌ Your name or contact information
❌ Browser fingerprints or device IDs
❌ Location data beyond what's in the event itself

What We Do Store (Briefly)

✅ A cryptographic hash of your IP (for spam prevention only)
✅ The content of your submission
✅ Timestamp of submission

🔧 Technical Details (For the Privacy-Conscious)

Hashing Method: We use SHA-256 with a secret salt, creating a 64-character hash. This is a one-way cryptographic function - there's no way to reverse it to get your original IP address.

Example: 192.168.1.1 becomes a3f2d9e1b4c7... (cannot be reversed)

Retention: Hashes are automatically deleted after 30 days or when a submission is approved/rejected, whichever comes first.

Database Backups: Even our backups only contain these irreversible hashes.

🛡️ Spam & Abuse Prevention

We balance anonymity with protection against abuse:

Rate Limiting

10 submissions per hour from the same IP address (determined by hash). This prevents automated spam while allowing legitimate multiple submissions.

Content Filtering

Profanity detection (submission rejected if found)
Length requirements (prevents spam phrases)
URL validation (ensures sources are real web addresses)
Honeypot fields (catches bots)

Manual Review

Every submission is reviewed by trained researchers before publication. This human verification catches sophisticated spam, ensures quality, and protects the integrity of the database.

If You're Blocked

If you legitimately need to submit more than 10 events per hour, you can:

Wait 1 hour for the limit to reset
Contact us via the contact page to request an exception
Use a different network (coffee shop, library, etc.)

👤 Reviewer & Curator Anonymity

Inspired by Wikipedia's editor privacy model, we protect the identity of our researchers and curators:

Pseudonymous Accounts

Reviewers and curators operate under pseudonyms, not real names. When you see "Event reviewed by curator_j_smith", that's a username, not a real identity.

Separation of Identity Layers

Public Layer: Pseudonymous usernames visible in public records
Internal Layer: Real identities known only to administrators for accountability
Private Layer: No public exposure of IP addresses, login times, or access patterns

Why This Matters

Our curators research and document politically sensitive material. Protecting their anonymity:

Prevents harassment and intimidation
Allows researchers to work without fear of retaliation
Encourages diverse perspectives and expertise
Maintains focus on facts, not personalities

Accountability Without Identity

Like Wikipedia's CheckUser system, we maintain internal audit trails for accountability (who edited what, when) without exposing real identities publicly. This balances transparency with safety.

Multiple Account Strategy

Some researchers use different pseudonyms for different types of work (e.g., one for data entry, another for sensitive investigations). This is allowed and encouraged as a privacy-protection strategy.

✨ Best Practices for Maximum Anonymity

For Submitters

Use Tor Browser: Routes traffic through multiple servers, hiding your IP even from us
Use Public WiFi: Coffee shops, libraries, etc. add another layer of separation
Don't Include Personal Info: Avoid putting your name, email, or identifying details in the submission text itself
Vary Submission Times: Avoid patterns that could correlate you with events
Use Tracking ID Safely: Don't share your tracking ID publicly or it could link submissions together

What We Recommend

The Safest Submission Method

Download Tor Browser (free, open-source)
Connect to a public WiFi network (not your home or work)
Submit your event through Tor
Clear browser data after submission

Note: Submissions via Tor are welcomed and encouraged. We will never block Tor users.

⚖️ Legal Protections & Limitations

What We Can Guarantee

We don't have your identity: One-way hashing means we mathematically cannot recover your IP address
Automatic deletion: Even hashes are deleted after 30 days
No cooperation with identifying submitters: We can't provide what we don't have

What We Cannot Guarantee

                Understand the Limits
                Your ISP: Your internet provider knows you visited this site (use Tor to hide this)
Network Monitoring: Your workplace/school network may log your activity
Submission Content: Details you include in your submission could identify you if they're unique enough
Correlat

ion Attacks: If you're the only person who knew about an event, submitting it could reveal you're the source

            

If You're a Whistleblower

If you're submitting information that could put you at legal or professional risk:

Use Tor Browser from a public location
Don't include unique details that only you would know
Wait days or weeks before submitting (avoid temporal correlation)
Consider using SecureDrop or similar secure submission platforms for highly sensitive material
Consult with a lawyer or press freedom organization

📊 Complete Data Collection Disclosure

We believe in radical transparency about data collection. Here's everything we collect:

From Public Submissions

Data Type	How Stored	Retention
Submission content	Plaintext in database	Indefinite
IP address	Hashed (SHA-256)	30 days max
User agent	Hashed (SHA-256)	30 days max
Submission timestamp	Timestamp	Indefinite
Tracking ID	Random string	Indefinite

We Do NOT Collect

Cookies (beyond essential session cookies for admin login)
Third-party tracking pixels
Analytics (Google Analytics, etc.)
Advertising data
Social media integrations

📧 Questions or Concerns?

We're committed to transparency about our privacy practices. If you have questions, concerns, or suggestions:

General Questions: Contact us via our secure contact form
Technical Questions: Review our open-source code (if published)
Privacy Issues: Report concerns to privacy@factkeeper.org

Our Commitment

Privacy protection is not a feature we can turn off for convenience. It's built into the architecture of our system. We cannot compromise your anonymity even if we wanted to, because we designed it to be mathematically impossible.