The local small town newspaper has a feature called ‘Soundoff’ where folks can anonymously voice their opinions. It states “Names and Email Addresses WILL NOT be Published”.
Submissions are made by submitting comments in a Comments box on the paper’s website. Name and email address are not required.
Can anyone tell me what information the publisher can obtain about the submitter from something like this?

your browser fingerprint and your IP address (the latter of which is meaningless if you use a proxy)? the fingerprint is pretty unique, but pretty worthless because a small newspaper probably doesn't keep that stuff around for analysis.

OP post the link for a better answer.

a few thoughts...
1. what will you do with this information? Kind of rhetorical, but also making sure it's not nefarious.
2. If you plan on commenting, the easiest thing is to open an incognito/private browser window, make your comment and then close the window. Any cookies/localStorage things they drop won't be stored. Also, any first or 3rd party tracking on your non-incognito browser won't be accessible - say if you have a subscription to this paper or signed up for email weather alerts or if they have facebook anywhere on the site (the probably do) then it can be associated with your facebook account - maybe not the text of the comment but the fact that you visited that page and made a comment.
2a. [edit] to clarify, not all parties have access to all data. local newspaper won't necessarily have info to all of the facebook data and facebook won't have access to some newspaper user ID info.
3. Some small town papers are owned by larger media AND any paper relies largely on advertising. There is a chance that they have more sophisticated tracking than you'd think - not to "monger" just letting you know.
4. As kppolich stated, the link would really help.
5. is this on a desktop or mobile device? Which browser are you using?
6. if you're in the private/incognito window they can get approximate geolocation, browser, OS, screen size, referring url (previous page) and any of the normal behavioral tracking they normally do. If you're in private/incognito, that tracking is limited only to that session. If you're not in a private/incognito they can get a metric f0ck ton of info that has been glommed onto your browser.

If you're not in a private/incognito they can get a metric f0ck ton of info that has been glommed onto your browser.

"The local small town newspaper"

I somehow don't think they're doing anything with the data.

probably, but see my point #3 above. I don't know the paper so you're probably right. But if it's something like patch.com/yourtownname, they hoover tons of data.

Here’s the link: https://www.heraldpubs.com/sound-off/ .
Click on Reply and the comment box opens.
As you can see, content quality is about three steps below Facebook rants.

I was just curious what the paper sees when they get a comment. Would they get an IP address or anything that would actually give the commenters identity away.

This is the host for that site: https://www.websitesfornewspapers.com/

They don't have a license agreement at their site as hosts or the specific site, so no commitment on their part about data collection or use.

Pardon me, I should have asked the basic question: can the paper tell who submitted the comment?

No, but i'd do it in an incognito window just be sure.

I actually submitted a comment and it only collected the basic stuff. It did drop a unique identifier - which is common - but there wasn't a "wrote a comment" event with a timestamp or anything like that.

Websites are connected. If the comment submitter has logged into Facebook, Google, Twitter, etc. and not cleared their caches, and if the newspaper has a tracking agreement with Google, etc. or presents advertising from those types of sources, then someone knows exactly who is making the comment.

For example, the New York Times typically has dozens of trackers embedded in a webpage. If you read a page, all those trackers try to identify you. Not all the tracking companies know who the reader is at that instant, but if one does then it adds the information to your profile (what you've read or what you post). For them it's a numbers game. If Palantir (for example) doesn't know who you are at that particular instant, they record that anonymous user X has read three NYT articles on French cooking recipes this morning. If later in the day you log into a site that can identify you (e.g. FB) and the tracker has an agreement with FB, then bingo, FB provides the identity the profiling data is linked to your identity, and both companies benefit from the surveillance. The data are used in a variety of ways. Maybe the user gets ads related to French cooking. Maybe a political campaign decides the user is more likely to support Biden than Trump. Etc.

The only question then is who has access to that knowledge. It could be that nobody at your local newspaper does, or maybe they do. If there is a tracking agreement then Google, etc. might record the entirety of the comment posted and index the keywords to add to Google's profile of the user: conservative, liberal, likely to have a gun at home, supports abortion rights, attends church, concerned about global warming, dislikes Mexicans, vegan, etc.

I don't want to implicate only Google here. Although it is one of the worst in the world there are dozens of companies that specialize in tracking, creating detailed profiles, and selling the information.

Look at firms like this... with very little data, they can and do provide detailed profiles.

https://www.acxiom.com/
https://www.acxiom.com/identity-resolution-solutions/data-quality/

I guess you can say that I’m somewhat involved in the industry so not much surprises me anymore, but I did get a good jolt of paranoia the other day.

Without going into too much detail, I had a instance involving an image in Photoshop resulting in targeted ads based on that image. At least that’s the only connection I could make. And I run a firewall for outgoing traffic.

I haven’t asked around much (yet) to see what’s the story, but it was darn creepy.

Websites are connected.

Starting just today someone's been trying to sell me weights and kettlebells on the NYT web site. All because I've been digging around a bit, looking for some KBs online and doing related searches. (e.g. see my thread about the KB Gryp)

The short answer is no, they won’t be able to connect you to your comment.

Longer answer:

- They can definitely connect you to an IP address. If the comment is defamatory or something else that gets the cops involved, you may be able to be connected via your IP.
- Some workplaces will have an IP address that is “owned”. So don’t comment from a work internet connection, as your comment may be traceable to your workplace.
- Some previous posters have noted that Google, Facebook, etc will likely be tracking the site. This data is anonymised and will not be useful to a newspaper. Google/Facebook/etc may, however, be building a profile about you - a profile that contains no personal data, but it will contain lots of things about you. These profiles are built for the purpose of selling ads.

TL;DR - How to comment safely:

Use an incognito window + VPN and you are basically anonymous.

The short answer is no, they won’t be able to connect you to your comment.

Longer answer:

Some previous posters have noted that Google, Facebook, etc will likely be tracking the site. This data is anonymised and will not be useful to a newspaper. Google/Facebook/etc may, however, be building a profile about you - a profile that contains no personal data, but it will contain lots of things about you. These profiles are built for the purpose of selling ads.

TL;DR - How to comment safely:

Use an incognito window + VPN and you are basically anonymous.

Sorry Jimmy but that is incorrect. Google, Palantir, Acxiom, etc. are far more sophisticated. Plus, data is not anonymized if the owner of the site (the newspaper) doesn't want it to be, and there is financial incentive for cash-strapped local newspapers to not want it to be.

Even with a VPN, individual users can be identified through browser fingerprinting. Search on that phrase for more. Between fingerprinting and the triangulation of multiple trackers operating simultaneously, it's like defending yourself against a pack of 25 small yappy dogs. Doable but very difficult over an extended period.

A person would need to (at least):

- clear cookies and all caches very frequently, including the hidden ones.

- have several browsers and switch among them frequently

- change the parameters that are used for fingerprinting (tough to do; how do you change your processor model or RAM?)

- don't have Adobe Flash installed on your machine

- not log into any software or website (including sites like Teams, Google Docs, Evernote, Slack, Zoom, etc.)

- use a VPN that is not participating in tracking (tough to do, as some VPNs are designed to deceive users)

- don't browse from a mobile device

- don't use your ISPs provided gateway router

- install a commercial grade firewall/UTP and know how to configure it

- and know how to monitor your port traffic, and actually take the time to do it.

This is not to say the situation is hopeless. It's easy to fend off most of the small yappy dogs with reasonable diligence.