How secure are my bookmarks?

It's probably best not to say any more than “reasonably”. The basic architecture of Anonymarks is built with privacy and anonymity in mind, and we've taken sensible security precautions. However, this site is still in development, and there can be bugs in anything. There's definitely more risk here than in a more mature site that's been carefully audited for security.

On the other hand, bigger sites represent more tempting targets for hackers and the government intelligence services. Furthermore, many commercial cloud services deliberately gather data about you in order to maximise the value they get out of you as customers. We don't do that.

Can the NSA see what I bookmark?

Our data is stored in the cloud infrastructure provided by Amazon Web Services, which many people assume has been infiltrated by the NSA. However, merely looking at the database won't tell them all that much about you, since there's no personally identifying information stored in our system at all. If the NSA is after you, they're going to have much better luck observing your traffic as you visit the site at your ISP than by attempting to get data from our servers.

What should I do to make it more secure?

Choose a password that is as unpredictable as possible. Long phrases work as passwords, and can be both more secure and easier to remember than short strings of random digits.

It's important not to bookmark things that personally identify you under the same account as sensitive bookmarks. For example, if you bookmark your friends blog, your place of work and your favourite sports team, it may be possible to work out who you are. If you have multiple accounts with unrelated passwords, it should be impossible to draw any connections between one set of bookmarks and the other.

Can Anonymarks admins see what I bookmark?

Yes, although there's nothing that personally identifies you on our system. We don't have any interest in looking at what people choose to bookmark.

How is this different from other bookmarking services?

The key difference is that you don't need a username to store bookmarks. There's no signup or verification process, just your passphrase. This means it's very quick to get started and easy to log in again, but it also means that if anyone were ever to break into our database, there's no information to identify you.

You also have deniability. Since anyone who stumbles across your passphrase can edit or add to your bookmarks, it's difficult to be certain that any bookmark in particular was posted by you.

The idea of Anonymarks is fast, easy bookmarking that's secure and private enough. If you're worried about the government observing everything you do, this might not be the service for you. On the other hand, if you want to organise your data with extra privacy but without extra hassle, this might work for you.

Will my bookmarks be stored forever?

It's hard to say for certain. I don't want to have to delete any bookmarks, but if the service suffers from abusive usage (spam or flooding) then I may not be able to continue to provide the service to legitimate users if I don't delete the abusive bookmarks. While I'll always try to avoid affecting legitimate users, the anonymous nature of the site means that there might be some collateral damage.

Furthermore, this is a free service. Hosting a reasonable number of bookmarks for even a large number of people ought to have fairly trivial costs, but if it gets very popular and the costs start to mount up, I may have to start trimming bookmarks. If so, I'll do this on the basis of least recently used bookmarks being deleted first.

Why can't I bookmark pages on Anonymarks in my browser?

Mostly this would be pointless. Anonymarks is designed to avoid leaving a trail on your computer showing what you've been bookmarking, so directly linking your computer to your page on Anonymarks defeats the object.

However, maybe you have one secure computer that you trust, and still want anonymous access to your bookmarks from other computers. This is quite reasonable, but not something we support just yet. It's not obvious if this can be done without significantly compromising security.

Can I use this for illegal purposes?

Of course you can (at least, you can bookmark illegal content, whether or not the act of bookmarking is in itself illegal). The question is whether supporting illegal activity is something this site encourages, or whether I'll be doing my best to prevent it.

Quite honestly, I'd prefer it if nobody used this service in such a way as to further illegal activity. I'm not any sort of anarchist, and although I have my disagreements with some laws, I consider the democratic process to be legitimate and I therefore respect the law.

However, I don't see it as my role to police the service. Anonymarks can only be used for storing short pieces of textual data, the kind of thing that could otherwise easily be written on pieces of paper. It's hard to see how this can make a great difference to the ease with which crimes can be committed. Therefore I don't see that I have a moral duty to interfere with what people choose to store.

Can I have more than one account?

There's really no way we can tell whether you have one “account” or several. Go ahead, knock yourself out.

Why don't you use HTTPS?

The main reason is that Anonymarks is a free service, and secure HTTP costs money to provide. If I can see that the service is popular, I hope to upgrade this in the future.

How can I trust a little site like this?

You have to decide for yourself who to trust. Bear in mind that the larger companies represent very attractive targets for the government and for hackers, since they have so much information and so much of it is personally identifiable. By contrast, cracking our system won't give anyone very much at all of interest.