INN2 Privacy Optimization - News Tcpreset Net

Overview

This guide focuses on advanced privacy optimization techniques for INN2 servers, minimizing metadata retention and protecting user anonymity while maintaining operational functionality.

Privacy Philosophy: The best data protection is not collecting the data in the first place. This guide implements "privacy by design" principles where metadata collection is minimized at the infrastructure level.

Metadata Minimization in inn.conf

Configure INN to avoid logging personally identifiable information:

sudo nano /etc/news/inn.conf

Critical Privacy Settings

# Disable IP address logging
logipaddr: false

# Disable article size logging (metadata fingerprinting)
logartsize: false

# Disable connection status logging
logstatus: false

# Disable NNTP link logging
nntplinklog: false

# Disable detailed reader statistics
logtrash: false

# Minimal innwatch monitoring
doinnwatch: true
innwatchlogged: false

Path Header Anonymization

# Use generic pathhost to avoid revealing infrastructure
pathhost: news.anonymous.invalid

# Avoid revealing internal architecture
server: localhost

Path Headers: The Path: header traces article routing through servers. Using news.anonymous.invalid prevents infrastructure fingerprinting while maintaining RFC compliance.

Short Retention Policy

Minimize data exposure by implementing aggressive article expiration:

Configure expire.ctl

sudo nano /etc/news/expire.ctl

# 7-day retention across all groups
# Format: pattern remember default purge
*:*:7:7:7

# Even more aggressive for high-volume groups
alt.*:*:3:3:3
comp.*:*:5:5:5

Automated Expiration

Ensure daily expiration runs automatically:

sudo nano /etc/cron.daily/inn-expire

#!/bin/bash
# Force article expiration daily
su - news -s /bin/bash -c '/usr/lib/news/bin/news.daily expire'
exit 0

sudo chmod +x /etc/cron.daily/inn-expire

Log Rotation and Sanitization

Configure aggressive log rotation to minimize stored metadata:

Configure logrotate

sudo nano /etc/logrotate.d/inn2-privacy

/var/log/news/*.log {
    daily
    rotate 3
    maxage 7
    compress
    delaycompress
    notifempty
    missingok
    sharedscripts
    postrotate
        /usr/lib/news/bin/ctlinnd logmode 2>/dev/null || true
    endscript
}

# Aggressive rotation for high-volume logs
/var/log/news/news.notice {
    daily
    rotate 1
    maxage 2
    compress
}

Disable Unnecessary Logging

sudo nano /etc/news/newsfeeds

# Minimal logging configuration
# Disable file logs, keep only critical errors
logtrash!:!*:Tc,WP:
controlchan!:!*:Tc,Wnsm:/usr/lib/news/bin/controlchan

Storage Optimization

Traditional Spool for Rapid Expiration

sudo nano /etc/news/storage.conf

method tradspool {
    newsgroups: *
    class: 0
    size: 0,65536
    expires: 7d
    # No overview retention
    options: NOOVERVIEW
}

Trade-off: NOOVERVIEW reduces metadata but impacts reader performance. Acceptable for privacy-focused servers with low user count.

History Database Pruning

Automatically prune history database to prevent metadata accumulation:

sudo nano /etc/cron.daily/inn-history-prune

#!/bin/bash
# Prune old history entries
su - news -s /bin/bash -c 'makehistory -b -f /var/lib/news/history.n -O'
su - news -s /bin/bash -c 'mv /var/lib/news/history.n /var/lib/news/history'
exit 0

sudo chmod +x /etc/cron.daily/inn-history-prune

Anonymous Reader Access

No Authentication Configuration

sudo nano /etc/news/readers.conf

# Completely anonymous access
auth "anonymous" {
    hosts: "*"
    default: "<anonymous>"
}

access "anonymous" {
    users: "<anonymous>"
    newsgroups: "*"
    access: RPA
    # No read tracking
    localtime: false
    # No IP resolution
    nnrpdauthsender: false
}

Disable Telemetry and Statistics

Disable Detailed Statistics Collection

sudo nano /etc/news/inn.conf

# Disable statistics collection
docnfsstat: false
docheckgroups: false
mergetogroups: false

# Disable reader tracking
readerswhenstopped: false
allownewnews: false

# Minimal status reporting
timer: 0
status: 0

Secure Defaults for newsfeeds

sudo nano /etc/news/newsfeeds

# Minimal newsfeeds configuration
# No persistent logs or metadata
ME:*:Ap,Tm:

# Peering without metadata retention
peer.example.net:*:Tm:innfeed!

Privacy Audit Checklist

Component	Privacy Measure	Status
IP Logging	logipaddr: false	✓
Connection Logs	nntplinklog: false	✓
Article Retention	7-day maximum	✓
Log Rotation	3-day maximum	✓
Authentication	Anonymous access	✓
Path Headers	Generic pathhost	✓
Statistics	Minimal collection	✓

Verification Commands

Verify Privacy Settings

# Check for IP logging
grep -i "logipaddr" /etc/news/inn.conf

# Verify log retention
ls -lh /var/log/news/

# Check article retention
cat /etc/news/expire.ctl

# Verify no persistent statistics
find /var/lib/news -name "*.stats" 2>/dev/null

Test Anonymity

# Connect and verify no tracking
telnet localhost 119
AUTHINFO USER test
AUTHINFO PASS test
LIST
QUIT

# Check logs for IP addresses (should show "localhost" or nothing)
sudo tail -f /var/log/news/news.notice

Privacy vs. Functionality Trade-offs

Understanding the Balance:

Disabled Logging: Makes troubleshooting harder but protects user privacy
Short Retention: Reduces storage but limits historical access
No Overview: Faster expiration but slower reader performance
Anonymous Access: Maximum privacy but no abuse attribution

Advanced: RAM-based Spool (Optional)

For ultimate privacy, use tmpfs for article storage (volatile, lost on reboot):

sudo nano /etc/fstab

# Add RAM-based spool (8GB example)
tmpfs /var/spool/news tmpfs size=8G,mode=0755,uid=news,gid=news 0 0

sudo mount -a
sudo systemctl restart innd

Warning: RAM-based spool means ALL articles are lost on reboot. Only use for maximum privacy scenarios where persistent storage is unacceptable.

Regular Privacy Maintenance

Weekly Privacy Audit Script

sudo nano /usr/local/bin/inn-privacy-audit.sh

#!/bin/bash
echo "=== INN2 Privacy Audit ==="
echo "Date: $(date)"
echo ""

echo "1. Checking for IP addresses in logs..."
sudo grep -r "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /var/log/news/ 2>/dev/null | wc -l

echo "2. Oldest article in spool..."
find /var/spool/news -type f -name "[0-9]*" | head -1 | xargs ls -lh

echo "3. Log file ages..."
ls -lh /var/log/news/*.log

echo "4. History database size..."
du -h /var/lib/news/history

echo "5. Privacy settings verification..."
grep -E "logipaddr|nntplinklog|logstatus" /etc/news/inn.conf

echo ""
echo "=== Audit Complete ==="

sudo chmod +x /usr/local/bin/inn-privacy-audit.sh
sudo /usr/local/bin/inn-privacy-audit.sh

Next Steps

Restricted Access Guide - Firewall security
Tor Security Guide - Enhanced anonymity
Complete Setup Guide - Basic configuration