Salta al contenuto principale

friendica (DFRN) - Collegamento all'originale

How to create and protect an anonymous identity


 Sometimes technology might not be enough to protect your anonymous identity. That's why you need a plan. These 10 rules might help you protect your real identity.

Have you ever thought of creating an anonymous identity online with which to interact or spread your ideas without fear of repercussions?

Easier said that done.

Technology is seldom enough to keep an identity anonymous. Being truly anonimous takes a lot of effort, planning and risk assessment — based on who you are, where you live and what you want to do with your anonymous identity.

“Even a poor plan is better than no plan at all.”

Mikhail Chigorin

Today I’d like to offer you a glimpse of what you should keep in mind to protect your real identity. Before starting, however, we should clarify one issue: privacy and anonymity are not the same thing. They shouldn't be confused, and they cannot be protected in the same way.

Join Privacy Chronicles to receive weekly updates and support our work.

Differences between privacy and anonymity


Privacy is many things.

However, as far as we are concerned here, we can say that it’s also the power to keep certain information confidential with respect to the outside world. For example, you might want to keep your communications or transactions confidential towards certain people or organisations. Privacy is therefore something that belongs to content: what we say or what we do.

Anonymity, on the other hand, belongs to identity.

Being anonymous means not being identifiable. Anonymity is often used as a way to give up privacy safely. For example, you may decide that you need an anonymous identity precisely to spread your thoughts publicly without fear of backlashes.

And then, there is pseudonymity: a “soft” form of anonymity. It’s the ability to create a digital identity recognizable by the public, but not immediately and easily referable to you.

This is the main difference: if you’re truly anonymous, your what you do or write cannot be referable to you, ever. If you’re pseudoanonimous, someone with a lot of resources (e.g. an intelligence agency) might be able to re-identify you. The simplest, and least secure example of a pseudoanonimous identity is being registered to a social network such as Twitter or Reddit using a nickname instead of your real name. You’re still quite easily identifiable though, since they keep track of IP addresses and other metadata.

Pseudonymity is therefore not anonymity.

But above all, always remember that privacy, as well as anonymity, are dynamic states of information that will change according to the context: between full identifiability and absolute anonymity (which does not exist, except in specific contexts) there are infinite gradations.

Our digital identities


Most of us have at least two digital identities: a private one and a work one.

In addition to these two identities, some people may need to create other identities to protect themselves: whistleblowers, journalists, political dissidents, researchers or anyone who wants to express their opinion without being prosecuted or discriminated against — like dangerous libertarian extremists that believe in the Non Aggression Principle. In these cases it might be useful to create an anonymous identity that can mitigate the risk of identification.

But being anonymous online isn't easy. To hope to be so, you need the right tools, but above all a plan that will allow you to have an adequate level of security.

Ten rules of thumb


Now that we have made the necessary introductions, we can move on to seeing how to create and protect our anonymous identity, thanks to a few principles borrowed from the world of OPSEC (Operations security). The following rules, to be understood more as "general principles" are designed to help you protect your online identity and to increase your level of anonymity:

1. Like Fight Club


The first rule is… don't talk about your anonymous identity or your plan. Never reveal the details of your security system or the tools you use to anyone. Not even to close friends or family members.

Basically: Shut the Fuck Up.

8327767


2. Start from scratch


If you already have an identity, make sure it's not tainted. If you are not able to assess the risk of contamination (see rule n. 3) and the various vulnerabilities, better create an identity from scratch.

The identities and tools used (e.g. means of communication) can also change on a regular basis to mitigate the risk over time. That way, if an identity is discovered or surveilled, the compromise will be less severe.

Fun fact: this site allows you to create fictitious identities full of realistic details.

Share

3. Don't taint your identities


Having one or more anonymous identities is useless if you don't pay attention to contaminations. Anonymity is a delicate balance that is easily broken.

Don't ever use the same email, account, browser, or login credentials. Separate as much as possible the devices, operating systems, and wi-fi networks with which you access the Internet. Don't communicate with the same people through different identities.

The level of identity segmentation should increase depending on your risk profile. The higher the risk, the more the identities must remain separate.

4. Stay in character


Create a background and stay in character. Avoid creating over-the-top identities that lack credibility or identities that you can't handle easily. If you are a 40 year old man who doesn’t speak French, don't try to pass yourself off as a french female teenager.

5. Trust no one


The zero-trust approach is a good habit in many aspects of life. Don't trust anyone, and especially don't trust anyone who says you can trust them.

Reducing the required level of trust automatically decreases the risk of exposure as well. Don't give anyone the power to blackmail or expose you. The oldest intelligence trick is to buy (or coerce) information from people.

Share

6. Don't expose yourself unnecessarily


Don't brag about your security protocols and avoid any behavior that may ring an alarm somewhere. Do not draw too much attention to particularly sensitive issues and avoid getting reported for any kind of violation.

7. Recognize your limits


Don't overcomplicate things and only do what you 100% understand. If you don't understand a tool or the full implications of what you're doing, don't do it. Keep it easy!

8. Leave no traces


Store only the essential information you need, and securely delete everything else. Delete or better yet — do not record any information, documents, logs that are not strictly necessary. If you can't help it, use encrypted documents (and adequately protect private keys). Avoid storing documents and encryption keys on public clouds.

9. No personal details


Avoid giving real personal details when interacting with people from your anonymous identity. Do not give information about your real gender/age/ethnicity. Avoid talking about your interests, hobbies, or any other information that can help identify you. Avoid posting photos and identification marks. Giving out personal details can lead to being identified.

8327769


10. Watch out for anomalies


Being anonymous is very difficult, and it is even more difficult if you surround yourself with anomalies that can be exploited to profile you and track your real-life identity. For example, writing weird coded messages that make no sense on Twitter is an anomaly. The best thing is to blend in and be as normal as possible, to stay in the background noise.

In summary


  1. Shut the f*ck up
  2. Do not trust anybody
  3. Compartmentalize identities and means of communication
  4. Leave no traces
  5. Remember that intelligence and law enforcement also follow the same rules:

8327771


Thanks for reading!


Want to support Privacy Chronicles? Either subscribe or donate a few sats with your favourite LN wallet. Just scan the QR Code!

8327773

privacychronicles.it/p/how-to-…