Our contributors mostly come from developing countries, and since law-enforcement agencies in some of those countries are corrupt, we designed our service to provide maximum anonymity for our contributors, e.g. no personal details are collected and no open IP logging taking place (IP addresses associated with submissions are stored in the DB in an encrypted format).
The problem is that anonymity opens the door to all sorts of nasty surprises - from spam and abuse to fake reports and blackmail campaigns.
How are you guys coping with problems that arise from running anonymous services? Anyone wants to share their experience?
Spam can be relatively easily avoided with some captchas; but I don't know how you can avoid fake reports; or how being anonymous even helps or hinders the likliehood that reports would be fake.
I agree with other posters that recommending, teaching, or even requiring them to use Tor is a good idea. tormail for example is reachable from the clearnet, but to actually use their service you are required to connect to their hidden service, which has the added benefit that they are basically impossible to shut down; even if they get your clearnet server (which really just has instructions and metainfo on it); the actual server doing the work is nearly impossible to find, and if it is found but the key is kept safe you can just pop it up again.
It's worth considering protecting not only your clients but your selves; running as a Tor hidden service can go a long way toward this.
The real problem is vetting your material, you will need to analyse and verify submissions before posting using real people, there is really no alternative when lives are at stake. This is the reason wikileaks collaborates with researchers and journalists, and there is an entire approval process. I must stress this point, you MUST have due diligence on your sources or else don't even bother.
Also keep in mind that several countries make anonymous services very difficult to use and even so they still might be monitored, you need to enable multiple avenues of submission and do a really good job at informing your user base on which is best.
You should have a very solid and dynamic server setup that can withstand attacks/DDos and domain name/ISP related takedowns.
tl;dr Learn from all the issues wikileaks had with tech and submissions and how they overcame these challenges.
Vetting a leak is easy. Vetting an accusation of bribery is next to impossible unless you're an undercover policeman and catch the bribed person red-handed (or, the building/exchange place is under CCTV surveillance).
Given how small the IP space is, does that actually add anything?
To address the problem of spam, we have already implemented a combination of selective captchas and Akismet filter running in the background.
We also use name entity extraction algorithm to obfuscate any names we identify in the submitted reports. It takes a couple of minutes and is not 100% proof, but at least reduces the risk of names being called.
The major problem that we are thinking about, however, is how do we structure the "vetting", given that reports are sometimes hard to verify without first hand knowledge of situation.
So far we tried to analyze how one goes about these things in real life and recreate natural constraints in the virtual space. The fact that we require every report to be geo-tagged works to our advantage in this situation.
As a practical example, ordinary people usually do not have access to president's palace, so if someone claims to be paying a petty bribe there, it is obviously a fake and we would automatically suspend such report.
What you can do, though, is to provide HTTP, HTTPS and TOR access to your webservice to allow everyone to submit stuff at his/her own security choice.
If possible, change your IP address(es) and domain names on random intervals; you can use free domains like .de.vu and friends to have reliable "entry points" (an example is canna.cu.to).
If you have an android app anyway, try building a "distributed" service like BitTorrent or Bitcoin for information exchange.
Regular users often times find it difficult to use regular apps, not to mention things like TOR access. And since we want as many users as possible being able to use it, we cannot just waive them off saying "go learn Internet" :)
Both you and your visitors will always stay anonymous. Not your hoster nor their ISP's will never have a chance to reveal someones identity.
