Much like security, you pick your countermeasures in advance in the hopes of raising the cost of an attacker to penetrating your security. You're not anonymous. You're anonymous to an adversary with a given amount of technical/legal/intelligence/etc resources to bring to bear on deanonimizing you.
People will probably give you links which describe adequate methods for securing you against adversaries without $1,000 or equivalent amounts of brainsweat. If that's your adversary, there. May you execute properly.
If your theorized adversary is a nation state, pick another adversary. You're guaranteed to lose that fight in the long run. If you bid the price of your identity up to $5 million, they will counter with "We routinely pay that to kill mosquitoes" and mean that entirely literally.
More specifically, if you truly care for anonymity, you won't be using a plain DNS+Web site. Instead, you should go for Freenet [1] or a Tor-hosted website [2].
Initially, Tor and I2P only pass information from one node to another while obfuscating it. At either end, you can now what the information is, but you do not know where it went through. It's basically a tunnel that goes somewhere. It is why you can use Tor to browse the web: you just use it to hide where you are connecting from.
On the other hand, Freenet is a paranoia-driven network over the Internet which makes information available and resilient. There is no such thing as a webserver on Freenet. An encrypted version of the data is sent to some nodes and passed from one to another. You don't know where the information comes from, you just get it at some point.
Finally, Tor implemented hidden services. This is almost the opposite of the initial situation where an user wants to access a known website without being known. The hidden service is hosted on some node, and you access it through the "Tor tunnel", meaning that you don't know where the service is. The user is still hidden by the network too.
Surely you could still keep anonymity (as long as you can work around the billing issues) by only accessing the servers yourself through Tor. The bigger advantage of Tor is if you also want to prevent law enforcement from finding the server / taking it offline / etc.
Besides the technical measures in the other comments, there are a bunch of other tricks that might be useful. (Please don't take this as advice, but just as a thought experiment! If I were writing a spy novel, these are some things my characters would do.)
Find a homeless person, and ask him/her to register a bank account in exchange for some cash or a meal. Use that account to set up your website anonymously. You'll find that you need to dirten money if running such an operation - reverse laundering or taking "clean" money and putting it untracably into the business. Such a proxy account is a vital ingredient.
Don't rely on Tor alone. It might be completely subverted, you wouldn't know until it's too late. Buy access to a botnet and route your stuff over it.
Have multiple servers. If you have one single server, its easy to trace. Either by brute force: the ISPs disconnect/slow down 50% of customers for a split second, depending on wheter your site went down or not they know in which half you are, repeat until they find you. There are much more sophisticated techniques that don't require active interference. But if you have at least two or three identical servers at different locations, it makes it a lot harder to catch you. Don't forget tamper-proofing your servers.
Have trustworthy accomplices. Generally, the less people you tell what you are doing, the better. But if you have a close circle of people you can really trust, it becomes much easier to pull this off. You can work from multiple locations, give each other alibis, etc..
Build fake personas. Don't just take a pseudonym, but create fake identities. Keep records on their interests, their motivations, what you disclosed about them. The purpose is to throw investigators off. You should be aware of techniques used by them, such as behavioral analysis, stilistic analysis, etc.. Working with accomplices can help alot in creating these fake identities and concealing your own (e.g. writing style).
Go somewhere safe. If possible, move your servers, or even yourself, somewhere where what you are doing is not punishable, or the authorities can be bribed.
This list could go on for ever... I'm not sure how practical many of these ideas are, but one thing is clear, you'll need a certain amount of "criminal energy" to pull this off - no matter whether your intentions are criminal or not. (Disclaimer: I'm too pussy to actually have done any of the above, so it may or may not work :-))
4. Do not accidentally leak your identity in one of million possible ways
#1-3 are pretty easy, but #4 is next to impossible. If nobody cares about you there might be some small room for error. But generally it takes one smallest mistake and you are ultimately busted.
The untraceableblog.com below is a great resource.
However, in the end, there is always text analysis though that can give your identity away, which the untraceable blog does not address.
That's why you possibly need a ghost writer that you provide with a script or a robot audio recording if you want to go 100% sure. You need to be able to trust your ghostwriter a 100% though then. :)
> We also show that automated attempts at circumventing stylometry using machine translation may not be as effective, often altering the meaning of text while providing only small drops in accuracy.
I would go with a Tor [1] hidden service or an EepSite on I2P [2].
Both are easy to setup and are accessible by anyone using "inproxies" such as onion.to or i2p.us.
Another advantage is that you can host the sites anywhere even behind a firewall or a NAT as long as the computer it's hosted on can run Tor or I2P.
I personally have a preference for I2P, since this is its main purpose while Tor's hidden services are not the primary purpose of Tor (which is to anonymize users on the clearnet).
Nearlyfreespeech is explicitly not for anonymous hosting. They are just very unlikely to take anything down without a court order forcing them to do so.
They do accept anonymous money and do not keep logs of who you are, but yes, they will take down stuff based on court order - but so will all public hosting.
I think most answers here are over thinking it; I do not think he wants a website that can defeat the NSA, just one where the service provider could get subpoenaed and not lead them to him.
So, just buy webhosting with Bitcoin at somewhere that does not require contact details.
It is not as much creating an anonymous website as it is about protecting the users (keeping their anonymity) and their content (from prying eyes).
A service can be in plain sight, but if it employs the correct (often needed - extreme) practices, it can provide its users with this level of confidence.
I happen to be a Co-Founder of such a service :-)
www.anongrid.com is an extremely secure and anonymous content sharing service. still in its infancy but you're welcome to check it out and see what I mean.
If you need to ask these questions you are not qualified to run such a site, or at least not to ask anyone else to trust that you are not going to screw up when setting it up or at some point in the future and break anonymity. The more you move away from "free speech" to avoiding regulation and toward criminal activity the greater the chance that someone out there will actually try to see how good you really are, and then your whole house of cards will fall down. Seriously, don't.
From the way the question was phrased, I think this is precisely for learning how to do such things. You still need to start somewhere, and as long as you know you should not take inconsiderate risks, you can screw up sometimes and learn from your errors.
Importantly, you don't get to learn from your mistakes in "opsec." Dread Pirate Roberts asked a question about connecting to a tor site using curl on StackOverflow under his own name. Seconds later he realized "D'oh, that is in hindsight a bad move." and changed his name to a pseudonym.
Choose your own adventure:
a) He got to learn from his mistake.
b) That incident was recounted years later in the criminal indictment.
That was pretty shocking to read in the indictment.
He obviously didn't think it was a serious issue at the time, but jesus, could you imagine how it felt to read about that one mistake years later? Makes you wonder what you have left online that might bit you in the ass years from now. I know i certainly couldn't run for office now!
It's not clear that was a mistake. The indictment merely lays out relevant evidence in chronological order, not in investigative order: we don't actually know how the FBI cracked DPR and found Ross Ulbricht. My own favored theory is that they only learned DPR==Ross Ulbricht in early 2013 when DPR paid for the first hit (of Curtis Green) by wiring 2 bank payments from an Australian bank account (Ulbricht lived in Australia with his sister for a year or two while running SR) to the undercover FBI agent. Yes, bank wires, not bitcoins. Since banks offer essentially zero security, it's very plausible his true name was on it and everything after that was just filling in the details as they investigated 'so who is this Ulbricht guy anyway?'
(These sort of leaks are always much easier to find in hindsight: no one ever noted the Shroomery or Bitcointalk or Stackoverflow leaks before the indictment was released, yet once you knew what you were looking for, you could find the posts in minutes.)
Depending on what you're trying to accomplish, couldn't you drop content on the blockchain? Not a traditional website, but relatively anonymous (depending on how you move the coin), and more importantly, it can't be seized or taken down (kinda scary when you think about the potentially implications for everyone who downloads the blockchain)
if you host it yourself, don't forget to clean up your access logs. you might want to actually fill them with invalid data, rather than completely deleting them.
I always thought it would be neat to create a raspberry pi server and throw it in the ceiling tiles of a hotel with free wifi. Setup some kind of routing to the IP, and let it go.
People will probably give you links which describe adequate methods for securing you against adversaries without $1,000 or equivalent amounts of brainsweat. If that's your adversary, there. May you execute properly.
If your theorized adversary is a nation state, pick another adversary. You're guaranteed to lose that fight in the long run. If you bid the price of your identity up to $5 million, they will counter with "We routinely pay that to kill mosquitoes" and mean that entirely literally.