The requirements for a secure service are many and are defined by a variety of laws and frameworks such as GDPR, ISO 27001, NIST, etc.
ANON::form is a web forms service that fulfills all this and more.
We use End-to-End Encryption (E2EE) using our customers public PGP keys. All form data is already encrypted in the browser and decrypted at the recipient, which we then transport in encrypted channels.
We do not store any form data in our systems, we just offer forms and secure transport. And we do not save anything about the transport in any logs or cache, our service is completely anonymized.
ANON::form is a completely unique service where none of the security is left to chance, we keep what we promise:
Meets safety requirements
Please also read our white paper on Threat Model & Best Practices
Legal notes
ANON::form relies on the GDPR legal basis (Article 6) of legitimate interest to provide anonymous form processing services, minimizing data collection to the bare minimum necessary to deliver the service. When ANON::form is a “Portal service”, no DPA is required. No sub processors are used.
ANON::form’s internal security practices are informed by the NIST Cybersecurity Framework (CSF), NIST 800-53 and NIST 800-171 security controls, with a focus on access control, data minimization, and encryption.
While ANON::form offers strong encryption and data minimization practices consistent with HIPAA data protection principles, users remain responsible for ensuring that their use of ANON::form complies with applicable HIPAA requirements. ANON::form does not act as a HIPAA Business Associate.
Anonform Ab refuse all data requests from foreign authorities. If a law enforcement agency in Finland requests information from us, we act according to the minimum requirements from current Åland and Finnish legislation.
Certifications and frameworks
ANON::form is a service that meets the requirements for security and controls according to the respective standard for:
EU/GDPR
EU/Schrems II
CH/revFADP
UK/FCA
US/SOX
and receives the rating A+ from Qualsys SSL Labs
ANON::form follows the Zero Trust framework for a secure infrastructure.
All website and secure transport certificates are encrypted with SHA256/RSA 2048 bits/TLS 1.2 or better.
ANON::form’s development and production environments are installed on Oracle Linux , who are certified with Common Criteria and FIPS 140-2 and included in the NIAP Product Compliant List
We use ISO 27001 certified data centers at Hetzner Online GmbH and Hetzner Finland Oy that are powered by wind and hydropower.
The company Anonform Ab, which provides the ANON::form service, is not certified but follows applicable parts of ISO 27001.
Software stack
Operating system; Oracle Linux
– automatic patching
– daily backup saved in each data center
– hardened with extra general and custom security configurations
– local firewall
– centralized Fail2ban (blocks IP simultaneously in all member servers’ firewalls)
– antivirus protection
– 24/7 monitoring
Server; “Secure Web Server” (limited information available to attackers)
– hardened/compiled with extra custom security configurations
– WAF
– honeypot function
– only allows traffic with strong SSL/TLS
Application; “Secure Web Application” (limited information available to attackers)
– hardened/compiled with extra custom security configurations
– limited access to hard drive and files
– protection against SQL and code injection
– spam protection via Captcha or hCaptcha
– speed limitation and Zero-trust in incoming traffic
– 24/7 monitoring via Pulsetic
DNS; DNS Made Easy/Digicert
– Full Service Edge with Triple IP Anycast+ (TIPA+) edge network
– Failover and Global Traffic Director
– Real-Time Traffic Anomaly Detection with AI
– 14+ years of 100% uptime (the longest uninterrupted history in the industry)
Datacenters
The 5, 9, and 14 Eyes alliances “may” raise concerns about privacy, personal data protection, and government oversight, read more here. Since ANON::form does not store any data or log usage and transports all data with multiple layers of encryption, this is of little importance.
All data centers are protected with:
– modern firewalls
– advanced DDoS protection capable of handling large-scale overload attacks
– electronic physical access control systems with logs
– extensive video surveillance
– high-security fencing around the entire data center
– 24/7 technical support directly in the data center
– 2FA protected logins to control panels
We use datacenters in:
Finland; not a member of any of the 5, 9, and 14 Eyes alliances and our data center there is protected against any national intelligence sharing, which is important for the protection of news tips. Finland is part of the EU’s network for law enforcement cooperation and can receive cross-border requests.
Germany; member of “The 14 Eyes Alliance” but still a good choice if national intelligence sharing is of little importance.
USA; member of all 5, 9 and 14 Eyes alliances and therefore recommended only if local presence in the US is required.
Singapore; not a member of any of the 5, 9 and 14 Eyes alliances but suspected of collaborating with the NSA and therefore recommended only if local presence in the Asia is required.
Client applications
ANON::form only provides secure and anonymized forms sent as e-mail and therefore needs to be supplemented with a secure e-mail service. ANON::form works with all email services and clients that support PGP encryption, but we recommend Proton Mail in Switzerland for the best protection.
Multitenancy risks
We host all services on private virtual servers that are fully controlled by Anonform Ab.
The service is structured so that multi-tenant risks between customer accounts in the server environment are minimized to a level that suits most use cases. However, it is possible to rent a private complete virtual server for maximum security.
See also the section “Protected against malicious code” below.
Staff
All of ANON::form’s staff is security checked. The selection process for employment includes strict requirements for safety thinking and code of conduct, practical experience from the safety area is prioritized.
Only authorized personnel with a stated need have access to the systems and then only to the parts affected by the need.
The company’s founders and senior management have extensive experience (20+ years) in IT security and how to develop and operate secure IT services.
Meets the requirement for Zero Access Encryption
ANON::form does not store form data and meets the requirement for Zero Access Encryption , suppliers who receive form data from ANON::form comply with Zero Access Encryption in that all data stored is encrypted via endpoints (E2EE) with personal keys.
Meets the requirement for privacy
ANON::form fulfills the requirement for anonymity in that no traffic, error or other logs are activated (No-Log Policy), all form data is sent encrypted directly to receiving systems without intermediaries.
Nothing is saved in the computer or browser by the service, but the use of incognito windows, or even better Tor Browser, is recommended to prevent sensitive data from being saved by the browser’s own functions.
Protected against malicious code
ANON::form is protected against malicious code by cleaning up all form data before it is processed by the server system. We do not have any online editing of forms, everything is uploaded manually by us after virus and other security checks.
The encryption software we use is open source OpenPGP which is constantly reviewed by a large community spread all over the world.
Plugins for embedding forms are open source and use iFrame for the embedding so that the website and the form are technically separated from each other and cannot, for example, run code in each other’s window. Plugins are only offered from the relevant CMS suppliers’ own archives and ANON:.forms servers.
Apart from OpenPGP and hCaptcha, no 3rd party software or services are used.
Spam protection
All forms have Captcha protection against bot-generated spam. The captcha function is part of the service’s core and does not download anything from external sources such as Google. The forms also support hCaptcha (ISO27001, ISO27701) for extended spam protection which, unlike for example Google’s reCaptcha, only saves the information required for the service.