Hiding your identity online

AnonSo, doxing is becoming a more and more common event for people who partake in debates on various topics online. A dox in this regard is when you dig up personal information on a person who does not want to have that information published and either publish it (usually on social media) or threaten to publish it unless a the person does what you want them to do. This became very common during the #Gamergate controversy and since then has become a much loved weapon of the regressive left to silence opponents and critics of their authoritarian beliefs.

Writing anonymously has a long history, Thomas Paine published some of his more inflammatory works anonymously, Benjamin Franklin published under an assumed name early in his career. Alexander Hamilton, James Madison and John Jay wrote “The Federalist Papers” under an assumed name. The reasons for electing to do so can be to ensure the focus stays on the message rather than who wrote it, out of a desire not to have your real-life impacted by your writing activity, or in some cases to stay alive. The latter is the case for many secularists, homosexuals, and other activists in the middle east, who without anonymity would face potentially deadly consequences.

There are no guarantees that someone who has enough resources and is determined enough won’t be able to find you, but there are ways you can make it a little more difficult for them. There are two major areas you need to focus on in order to remain as anonymous as possible, the technical side of things and the human interactions you engage in when you are writing under your pseudonym.

The Technical side of protecting your identity

On the technical side, there is the IP address that can allow someone to trace you. In order to obscure your IP address you can utilize a VPN (Virtual Private Network) which will display your IP address to the web as the address of the VPN provider. This can be used with or without a proxy server, which is a server that you connect to, which then handles your connection to the net. This way, if someone is attempting to trace you, they will end up at the proxy providers IP address. It is also possible to chain multiple proxy-servers together for even stronger protection against being traced.

The easiest way and most practical way for most people to ensure an acceptable level of protection is to use the TOR Browser combined with a VPN service, or proxy service.

Now that your IP address is somewhat secure, we can talk about services you use. I suggest making a dedicated email address for your writing endeavors, that you do not use for anything else. I recommend picking a provider that is not one of the “big ones” and preferably a .onion based operator. They are usually less reliable when it comes to up-time, but some of them are also extremely dedicated to privacy, in that they delete logs often, keep servers on the move, and so on. So, you may be asking “Why can’t I just use gmail or yahoo?” and my reason for this is not something that is going to be a big concern for you, unless you are dealing with government level things, because the big companies have a nasty habit to sharing information with governments that request it. They will always put their business over your privacy.

When you make your new email address, do not use a handle that you have used before unless its a very common handle. There is no point in taking every step to hide your identity if you use the same nickname on your anon-blog as you do on your instagram with 100k followers.

Once you have your new untracable email account, you can get a free blog on wordpress, blogger or another service. If you happen to want your own domain name, then you will have to find a domain name provider that supplies whoisguard, which prevents your name from being listed in the whois directory. However, this is only partial anonymity, in that your domain name provider can and will comply to a subpoena from the government for your information. If you think this may be a risk for you, I recommend looking into anonymous domain name registration services, where you only have to provide a valid email address and can pay in Bitcoin.

Which brings me to paying for stuff, always choose bitcoin if you can. If you do not have bitcoin when you read this the ideal way of getting some is to buy prepaid credit cards at a busy store that sells them with cash, and convert that money into bitcoin.

When sharing pictures, and similar material be aware that some phones will embed geographical information about where a picture was taken. Many online services such as Twitter have geo-tagging as an option, you want to disable all such services and if you post pictures make sure to remove it using a tool such as the one that shipped with recent windows versions. Also, for every picture watch out for reflective surfaces such as mirrors so your face doesn’t accidentally end up out there.

The human side of protecting your identity online

The human side is usually what trips people up when it comes to remaining anonymous online. Yes, people are traced through IP, or other means. Computers are hacked with RAT kits, Trojans, and various other pieces of software. However, the softest target is often the one that is also the easiest one to gain information through.

The reason why I suggested setting up a dedicated email for your blog alone is to highly limit your footprint. Ideally, you want the footprint of your anonymous blog identity to be as small as possible so that anyone who tries to dox you won’t find much information. A hack that I read about from a red team a few years ago, involved finding out that an employee had used his corporate email address to sign up to a web forum for stamp collecting. The result was that the red team could call him in advance with a ruse “I recently inherited my grandfather’s stamp collection with a lot of rare stamps from the 40s and 50s. I’m trying to sell it, can I send you an email to a website I made for it?” as soon as he went to the website in the email, the code downloaded to his computer and access was had.

This is hardly a scenario that is relevant to most of you, however, you may have used your email to sign up for a game, where you used a handle that you used earlier on another site, where you revealed personal information that can help the person trying to find information on you.

You also want to take steps to ensure that you share as little personal information as possible when you write your articles. Things like age and gender will always come up, and you probably cannot avoid it, but at the same time this type of information has little value by itself as it is very general. “Ok, so the person who writes this blog is in his late 20s” that leaves him and several 100 million other people. If you reveal that you are working in finance in New York, for a major buy-side firm, have been there for a couple of years, and graduated from Wharton. That gives them a lot of information to work with. This would be a case of cross-referencing Wharton grads of likely subjects with employees of major buy-side firms hired in the last 2 years.

This does not mean that you cannot share of yourself with people online, you can put most of your personality on display, just not information that helps someone build a checklist to find your identity.

Three people can keep a secret if two of them are dead. Do not tell anyone in your personal life about your online activities and do not tell anyone online identifiable information about you. I don’t care if your best friend comes running to you to tell you about this awesome new blog he came across, or if you’ve known someone online for years, do not share information with them. Belle De Jour wrote an anonymous blog about her life as a call-girl in London, and ended up being outed because she let her secret slip to a boyfriend, and fearing that he was about to out her decided to out herself.

Finally, keep the equipment you use to write your posts on secure. Do not save any passwords, do not save bookmarks to log in faster, do not leave the wordpress open when you get a surprise visitor.

Summary and conclusions

The decision on whether to write under your real name or a pseudonym is one that every content creator thinks about when they decide to start contributing to the library of ideas that is the internet. Some stay anonymous out of fear of reprisals of varying kinds such as threats to their careers, or their families. Others do it to separate their persona in one area from another one, such was the case of Charles Dodgson who wrote mathematical works under his own name, and fantasy novels under the more known Lewis Carrol. Author Stephen King was curious to whether his success was due to him being Stephen King or his abilities and as a result wrote under the name Richard Bachman. The Bronte sisters used pen names to disguise their gender in a time where female authorship was not very well regarded, yet also to avoid having their neighbors find out that the characters were based on them.

A nom de guerre is commonplace in wars, and was very common among the communist elite in Russia prior to the revolution, to avoid being arrested by the police. Likewise “Deep Throat” was one of the best guarded secrets in modern American journalistic history.

For dissidents, protesters, anti-regime activists, and many others, being able to express oneself anonymously is how they protect themselves from the very regimes they criticize. The Arab spring is a very recent case where the information only came out, because the people who were active and in the area could share content with those on the outside without fearing that the secret police would be on their doorstep an hour later.

Those who fear anonymity fear the message being sent to them, and as they cannot attack the messenger, they wish that the messenger present his or her head for them to attack instead.

Bonus for the paranoid

For those who want to add additional layers of security to your online persona there are steps you can take.

Only post from public networks in places with heavy traffic. Even if you are using a VPN and the TOR browser, this adds a layer of security, because in case someone is able to trace you, then can only trace you to a network used by (ideally) thousands of people. The other reason for electing a busy area, is that the odds of staff remembering you is smaller. Bring your content on a USB flash drive, sit down, upload it, and leave immediately.

When you are purchasing prepaid credit cards for cash, do it while you are on vacation in another state or country, to make it harder to trace them. The odds of someone actually being able to is very slim, but if you are going on holiday you won’t be going that much out of your way.

The first time when you create your blog and sign up for your email account(s) do so on a public network as far away from where you are located as possible. Lets say you are going to from New York to LA, and have a lay over in Chicago, use a network in the airport to create your accounts. Most companies will log the IP address you signed up for the service from.

 

 

Advertisements

3 comments on “Hiding your identity online

  1. Thank you for posting this awesome article. I’m a long time reader but
    I’ve never been compelled to leave a comment. I saved your blog in my
    rss feed and shared it on my Twitter. I will come back
    for sure to check your future articles!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s