Anonymous Blogging Tools
February 1, 2013 8:23 PM Subscribe
I would like to start a blog to write about topics which I do not want to be traced back to me personally. Is it possible to do this, and what would be the most effective way of protecting my identity and more importantly my family's identity?
These are not necessarily life and death topics, but I would be writing about things that, if it were to get back to me, could make life very difficult for me and especially for my wife and children. I'm willing to pay for a service if there's a better guarantee of un-traceability.
Tips on how to effectively create a convince pseudonymous persona also welcome.
These are not necessarily life and death topics, but I would be writing about things that, if it were to get back to me, could make life very difficult for me and especially for my wife and children. I'm willing to pay for a service if there's a better guarantee of un-traceability.
Tips on how to effectively create a convince pseudonymous persona also welcome.
Here's a good reference for things you can do:
How hard is to be the anonymous owner of a website?
Anonymously masking your WHOIS lookup info is usually good enough for these purposes, but that question on StackExchange has some other possibilities of how someone could trace you. Depends how far you really want to go.
posted by MMALR at 8:56 PM on February 1, 2013 [1 favorite]
How hard is to be the anonymous owner of a website?
Anonymously masking your WHOIS lookup info is usually good enough for these purposes, but that question on StackExchange has some other possibilities of how someone could trace you. Depends how far you really want to go.
posted by MMALR at 8:56 PM on February 1, 2013 [1 favorite]
Most likely, if your blog identity is compromised, it'll be because you've accidentally mentioned a few things that can be combined to lead back to you. Innocuous asides over the course of several years of blog posting, that kind of thing. Or your family will discover drafts of blog posts on your personal computer.
From a technical perspective, though, the first thing is to clarify your threat model a little. Decide whether there's a risk that your blog host will cooperate with a request to reveal your identity (subpoena, non-subpoena request by law enforcement, etc.). There are lots of things you could be talking about that would be devastating to get back to your family but which, from a legal or global perspective, are non-issues.
If you're not sure you can trust (and will always be able to trust) your blog host to refuse to turn over logs about you, then: use a free blog host (so that there's no payment information pointing back at you), use a different web browser or user account for your pseudonym than for all other activity (so that things like facebook buttons, google search histories, etc. don't link your identities), and use tor when talking to the blog host (this is a pain, but it's probably easier if you have one browser set up as the "always tor" browser).
That stackexchange thread looks like it has a lot of good information, incl. a link to this advice from a (once-)anonymous blogger.
posted by hattifattener at 9:11 PM on February 1, 2013 [1 favorite]
From a technical perspective, though, the first thing is to clarify your threat model a little. Decide whether there's a risk that your blog host will cooperate with a request to reveal your identity (subpoena, non-subpoena request by law enforcement, etc.). There are lots of things you could be talking about that would be devastating to get back to your family but which, from a legal or global perspective, are non-issues.
If you're not sure you can trust (and will always be able to trust) your blog host to refuse to turn over logs about you, then: use a free blog host (so that there's no payment information pointing back at you), use a different web browser or user account for your pseudonym than for all other activity (so that things like facebook buttons, google search histories, etc. don't link your identities), and use tor when talking to the blog host (this is a pain, but it's probably easier if you have one browser set up as the "always tor" browser).
That stackexchange thread looks like it has a lot of good information, incl. a link to this advice from a (once-)anonymous blogger.
posted by hattifattener at 9:11 PM on February 1, 2013 [1 favorite]
Tips on how to effectively create a pseudonymous persona, as answered by someone who's worked with many people who needed to do this and, ultimately, failed.
First, don't tell anyone. Not a single person in real life should know that you have a blog; not a single person online should be told about the real you. This is the number one thing that I've seen people mess up--they tell someone they've gotten friendly with over email, and that person slips up somewhere, or contacts them in real life. Or they tell someone in real life who they're really really sure will be cool with it, and then they fall out with that person, or that person slips up and mentions it in public, or whatever. No one else will ever be as cautions about this as you are, because it matters far less to them than it does to you.
Second, create an online persona that's as close to your actual life as possible. If you're a straight white dude with three kids in real life, be that dude online. Things like gender, race, rough age (30s, late fifties), marital status, sexual orientation, and number of children are not, in and of themselves, not personal identifiers. They are also the things that piss people off the most if you're caught out. (Also, pretending "down" the power scale--a man pretending to be a woman; a white person pretending to be black--will, quite rightly, get people really fucking angry. Do not do this.)
Keeping things close to real life means that if you slip up and mention [real life thing], you're less likely to get caught. It also means that your story is that much easier for you to maintain. Change innocuous details--if you live in Cleveland, maybe say you live in Columbus. If you work in retail, say you work in food service.
Things that, in my experience, have ultimately served as personal identifiers, in that they led to the person in question being discovered: spouse's occupation, your employer, where you went to school, specific locations (names of small towns/general areas--if you're in a large metro area, it matters less), any group associations (fraternity, Knights of Columbus, place you do volunteer work, whatever).
Your biggest enemy here is going to be yourself. If you're able to blog without bringing yourself into it at all, this is a much easier goal. If you're not able to do that, I suggest getting a notebook and keeping notes on alternate you. Make headings for family, work, etc, and then every time you mention something, check it against the book. If it isn't contradicted by the previous information, make a note of it so that you can check against it in the future. If you are popular or controversial, people can and will do this for themselves.
If you become popular, don't accept media requests unless it's something you can answer entirely over email. Don't ever, ever think "oh, it's just a podcast about [topic], no one's ever going to listen to it." Eventually, someone will.
In short, there are a lot of (for example) straight white married dudes with two kids who live in the midwest. Once you become a straight white married dude with two kids who lives in the midwest and is an electrical engineer married to a schoolteacher and volunteers at the local food pantry, you've become much easier to figure out.
posted by MeghanC at 10:09 PM on February 1, 2013 [14 favorites]
First, don't tell anyone. Not a single person in real life should know that you have a blog; not a single person online should be told about the real you. This is the number one thing that I've seen people mess up--they tell someone they've gotten friendly with over email, and that person slips up somewhere, or contacts them in real life. Or they tell someone in real life who they're really really sure will be cool with it, and then they fall out with that person, or that person slips up and mentions it in public, or whatever. No one else will ever be as cautions about this as you are, because it matters far less to them than it does to you.
Second, create an online persona that's as close to your actual life as possible. If you're a straight white dude with three kids in real life, be that dude online. Things like gender, race, rough age (30s, late fifties), marital status, sexual orientation, and number of children are not, in and of themselves, not personal identifiers. They are also the things that piss people off the most if you're caught out. (Also, pretending "down" the power scale--a man pretending to be a woman; a white person pretending to be black--will, quite rightly, get people really fucking angry. Do not do this.)
Keeping things close to real life means that if you slip up and mention [real life thing], you're less likely to get caught. It also means that your story is that much easier for you to maintain. Change innocuous details--if you live in Cleveland, maybe say you live in Columbus. If you work in retail, say you work in food service.
Things that, in my experience, have ultimately served as personal identifiers, in that they led to the person in question being discovered: spouse's occupation, your employer, where you went to school, specific locations (names of small towns/general areas--if you're in a large metro area, it matters less), any group associations (fraternity, Knights of Columbus, place you do volunteer work, whatever).
Your biggest enemy here is going to be yourself. If you're able to blog without bringing yourself into it at all, this is a much easier goal. If you're not able to do that, I suggest getting a notebook and keeping notes on alternate you. Make headings for family, work, etc, and then every time you mention something, check it against the book. If it isn't contradicted by the previous information, make a note of it so that you can check against it in the future. If you are popular or controversial, people can and will do this for themselves.
If you become popular, don't accept media requests unless it's something you can answer entirely over email. Don't ever, ever think "oh, it's just a podcast about [topic], no one's ever going to listen to it." Eventually, someone will.
In short, there are a lot of (for example) straight white married dudes with two kids who live in the midwest. Once you become a straight white married dude with two kids who lives in the midwest and is an electrical engineer married to a schoolteacher and volunteers at the local food pantry, you've become much easier to figure out.
posted by MeghanC at 10:09 PM on February 1, 2013 [14 favorites]
Once you've done all the other things people have mentioned, this FPP from a few days ago presented a (fairly complicated) tool called "Anonymouth" that can be used to try to alter your writing style to make it less distinctive, to try to avoid identification by comparison of the blog posts with your public writing.
posted by XMLicious at 10:52 PM on February 1, 2013
posted by XMLicious at 10:52 PM on February 1, 2013
Be smart from the very beginning.
It would be best to make every post from a brand-new device, then physically destroy that device after posting. Since that's probably infeasible, do everything you can to avoid leaving traces on the devices you post from. Many public terminals, e.g. at libraries, effectively restore the system to a known prior state after each patron logs off, hypothetically removing your traces for you. On the other hand, a system you don't control is subject to being co-opted by an attacker, so you probably shouldn't trust them. So your best bet is to post from a laptop of yours, preferably exclusively for the purpose of posting to your blog. If you use a computer that isn't brand-new, use something like dban to wipe every magnetic trace of pre-existing data from the drive before use. From then on, use full-disk encryption such as TrueCrypt or a Mac's built in FileVault to encrypt your hard drive. Use a high-entropy random password; if you must have it be somewhat memorable, use Diceware to generate it. (Of course, it goes without saying that you should use a different, high-entropy password for everything associated with this project.) Never leave this computer unattended. Never leave it turned on if you're not using it. Never connect it to the internet for longer than you have to. Use the "private" mode in your browser, then delete all your caches anyway.
Don't pay for anything. If you use your credit card, there's at least half a dozen entities that could rat you out: the issuing bank, the card company, an unknown number of transaction processors, and the people you're paying. There's plenty of free blogging platforms out there that will let you sign up with little more than an email address (and, likewise, plenty of free webmail providers that will let you obtain a throwaway email). Don't send people emails from the same account you use to register your blog.
Don't post from home or work. Don't check associated emails from home or work. Conduct all your activities on secured wi-fi connections in public places. (These can be hard to track down, but you don't want to risk any unencrypted or weakly encrypted wi-fi traffic, because it can be easily sniffed.) Rotate locations you post from unpredictably. Seriously, unpredictably. Choose a venue randomly every time you post, using a die roll preferably. Maybe learn some more tradecraft from the movies. Even if you move about, though, the spooks could determine the locations you're posting from and start tightening the noose.
An anonymizing proxy service like Tor will be a common suggestion, but you should be cautious about using Tor as well. Tor exit nodes are publicly listed, and there will be malicious exit nodes on the service that can spy on your unencrypted traffic and possibly try to exploit you. There are practical attacks against Tor that will allow your traffic to be fingerprinted and possibly traced back to you, if your adversary has sufficient resources. (You should always assume your adversary has sufficient resources.)
When you decide to quit, run dban again on your computer to erase all your encrypted data, then hit the hard drive a bunch of times with a hammer and drop it in a tub full of acid. Maybe you can skip the acid.
If you do all that, and are smart about your identity as per above advice, and the spooks still track you down, then you might actually be an enemy of some state or other and godspeed you.
For my own part, I use the same handle in a bunch of places online and have disclosed my real name, employer, and location in various places online that are probably indexed by Google. Can't be bothered to be particularly private.
posted by silby at 1:47 AM on February 2, 2013
It would be best to make every post from a brand-new device, then physically destroy that device after posting. Since that's probably infeasible, do everything you can to avoid leaving traces on the devices you post from. Many public terminals, e.g. at libraries, effectively restore the system to a known prior state after each patron logs off, hypothetically removing your traces for you. On the other hand, a system you don't control is subject to being co-opted by an attacker, so you probably shouldn't trust them. So your best bet is to post from a laptop of yours, preferably exclusively for the purpose of posting to your blog. If you use a computer that isn't brand-new, use something like dban to wipe every magnetic trace of pre-existing data from the drive before use. From then on, use full-disk encryption such as TrueCrypt or a Mac's built in FileVault to encrypt your hard drive. Use a high-entropy random password; if you must have it be somewhat memorable, use Diceware to generate it. (Of course, it goes without saying that you should use a different, high-entropy password for everything associated with this project.) Never leave this computer unattended. Never leave it turned on if you're not using it. Never connect it to the internet for longer than you have to. Use the "private" mode in your browser, then delete all your caches anyway.
Don't pay for anything. If you use your credit card, there's at least half a dozen entities that could rat you out: the issuing bank, the card company, an unknown number of transaction processors, and the people you're paying. There's plenty of free blogging platforms out there that will let you sign up with little more than an email address (and, likewise, plenty of free webmail providers that will let you obtain a throwaway email). Don't send people emails from the same account you use to register your blog.
Don't post from home or work. Don't check associated emails from home or work. Conduct all your activities on secured wi-fi connections in public places. (These can be hard to track down, but you don't want to risk any unencrypted or weakly encrypted wi-fi traffic, because it can be easily sniffed.) Rotate locations you post from unpredictably. Seriously, unpredictably. Choose a venue randomly every time you post, using a die roll preferably. Maybe learn some more tradecraft from the movies. Even if you move about, though, the spooks could determine the locations you're posting from and start tightening the noose.
An anonymizing proxy service like Tor will be a common suggestion, but you should be cautious about using Tor as well. Tor exit nodes are publicly listed, and there will be malicious exit nodes on the service that can spy on your unencrypted traffic and possibly try to exploit you. There are practical attacks against Tor that will allow your traffic to be fingerprinted and possibly traced back to you, if your adversary has sufficient resources. (You should always assume your adversary has sufficient resources.)
When you decide to quit, run dban again on your computer to erase all your encrypted data, then hit the hard drive a bunch of times with a hammer and drop it in a tub full of acid. Maybe you can skip the acid.
If you do all that, and are smart about your identity as per above advice, and the spooks still track you down, then you might actually be an enemy of some state or other and godspeed you.
For my own part, I use the same handle in a bunch of places online and have disclosed my real name, employer, and location in various places online that are probably indexed by Google. Can't be bothered to be particularly private.
posted by silby at 1:47 AM on February 2, 2013
Also, don't post questions like this on Ask MetaFilter. Anonymous AskMes are mostly but not entirely anonymous, and the mods are capable of doing some backscatter analysis on anonymous question posting times to figure out who posted them. And they have your PayPal info and thus probably also your real name and address. Do you trust the mods?
Anonymity is hard!
posted by silby at 1:53 AM on February 2, 2013 [1 favorite]
Anonymity is hard!
posted by silby at 1:53 AM on February 2, 2013 [1 favorite]
Skip Tor. Use a VPN for all activity related to this. (You can switch it on and off. Keep it off if you're doing innocuous stuff.) If you're encrypted going to the VPN, you don't need to find public wifi, and your traceable IP address won't be connected to any of your email accounts, etc. Of course, paying for it will be hard if you want total anonymity and don't trust the VPN service. Most take Bitcoin, but you'll have to route the funds a few times if possible. (I assume other people have worked this out.)
Use a Linux computer and encrypt encrypt encrypt. No Dropbox. Multiple high-entropy passwords (multiword phrases are best and more memorable than random stuff). Burner cellphones if you have any need for texting, etc. Run all posts through software that obscures your writing style (this was just on the Blue, a team from Drexel).
posted by supercres at 6:17 AM on February 2, 2013 [1 favorite]
Use a Linux computer and encrypt encrypt encrypt. No Dropbox. Multiple high-entropy passwords (multiword phrases are best and more memorable than random stuff). Burner cellphones if you have any need for texting, etc. Run all posts through software that obscures your writing style (this was just on the Blue, a team from Drexel).
posted by supercres at 6:17 AM on February 2, 2013 [1 favorite]
If you're concerned at all about artifacts being left behind on your PC, use a bootable Linux image like this one. Insert the USB drive, reboot your PC and do your blogging from a browser on the thumbdrive. Just make sure you don't lose it.
This toolkit is another interesting approach.
posted by jquinby at 6:30 AM on February 2, 2013
This toolkit is another interesting approach.
posted by jquinby at 6:30 AM on February 2, 2013
Be aware that even if you're using things like VPNs and Tor to hide blogging activities from your ISP, your browser may be providing remote sites (such as the one where your blog is hosted) with enough information to positively identify you. Never use the same machine/browser combo you blog with on any other site (such as Metafilter) that might have information linking its unique fingerprint to you.
posted by RonButNotStupid at 7:40 AM on February 2, 2013
posted by RonButNotStupid at 7:40 AM on February 2, 2013
Assuming you have a laptop with a pc/mcia or express card slot, if you buy a network card specifically for this use (disabling the built-in network card), and don't use it anywhere else, and boot from a cd or thumb drive, you will reduce your identifiability.
posted by theora55 at 3:03 PM on February 2, 2013
posted by theora55 at 3:03 PM on February 2, 2013
If this were me and I wanted to do this I would get a lawyer to register the domain. The benefit is if someone looks up the whois and then googles the name they will realize there's a good chance that figuring out who you are will be expensive. If you just use a common registrar and pay for privacy chances are if a legal request for information is made you'll be given up in a heartbeat.
posted by cjorgensen at 5:52 PM on February 2, 2013
posted by cjorgensen at 5:52 PM on February 2, 2013
I have domain registered to my now-deceased dog, at an invalid address. Bonus: I don't get the junk mail for Daisy McDuff, and it's slightly camouflaged. I'm assuming this is not illegal.
posted by theora55 at 8:53 AM on February 8, 2013
posted by theora55 at 8:53 AM on February 8, 2013
I do the same sort of thing. I've never had any problems, but some people claim that it could cause difficulties were there to ever be a dispute over a domain you own, so I don't do it for any domain that would be painful to lose control of.
posted by XMLicious at 9:29 AM on February 8, 2013
posted by XMLicious at 9:29 AM on February 8, 2013
« Older Help me find good design ideas for my business... | What is this awesome wall treatment? Newer »
This thread is closed to new comments.
I'd say your best bet would be to set up a proxy surfing service like TOR on your PC or the various services that provide this via their web site. Then blog on a public host like Wordpress.com or Blogger, using a throwaway email account only for the blog.
Only use your proxy to reach the blog and your throwaway email address. Make it a religion. It's not perfect, but it's one way to think about this. Some proxy services explicitly delete all logs or do not keep them at all. Some do. You should probably figure out which ones are really secure.
If you want to host your blog, you can set up a domain name using Whoisguard to protect your identity being snicked directly off the DNS record. This is way less secure and determined hackers are probably going to figure out your identity if you self-host. There may be ways to do this that are much more secure, including hosts who explicitly guarantee security but I've not heard of one I think I would trust for this.
posted by diode at 8:50 PM on February 1, 2013