Honestly I think most people end up doxxing themselves by posting too much personally-identifiable information in the accounts they want to keep separate from their real life identity, OR they friend/interact with people who they know under their real identity and those people leave clues. And it makes sense because if you want your arguments to carry weight and you want people to listen to you, sharing personal experiences/facts about yourself is a good way to accomplish that, and if you want to build an audience it makes sense to start by interacting with people who already know you.

You have to balance your desire for your new account to be heard/known with your desire to be anonymous. These needs are inherently in conflict with each other.

As for, like, tech and device-based security, definitely avoid posting from devices owned by your employer/via VPNs provided by your employer/stuff like that. If you're using a different machine, make sure your browser history isn't syncing to a computer owned by your browser. Ultimately though your employer's motivation to discover you and their technological capabilities are relevant here. If your employer is, like, the NSA, you're probably out of luck regardless.

But the most likely way to get "caught" is by you (or your contacts) posting about real-life stuff. (I would also guess that candid opinions about local politics are more likely to get you outed than candid opinions about national/world politics unless you become surprisingly influential.)
posted by mskyle at 10:32 AM on July 20 [8 favorites]

1. Use a throw-away email address.
2. Do not follow anyone you know IRL.
3. Do not let anyone you know follow you.
4. Do not let anyone you know IRL know about the account.
5. Post from a VPN. Better yet, use Tor.

Caveat: I deleted Twitter as soon as Musk bought it and he has made many changes of which I am unfamiliar. For example, if you need to give a phone number then you will need a burner number. Perhaps a Google Voice or the like?

Maybe this is useful? https://fresconews.com/anonymous-twitter/
posted by terrapin at 11:03 AM on July 20 [3 favorites]

I think there is some conflation of different types of risks here.

1) A member of the general public or your employer figuring out who you are by looking at your activity.

2) Your employer figuring out who you are because you used their resources (devices, network) to post.

3) A government or law enforcement agency figuring out who you are because they subpoenaed Twitter for their records.

Preventing (1) and (2) is pretty simple: Never post identifiable information, and never post using work resources. This is easier said than done, of course; people get doxxed all the time because they don't realize how identifiable they're making themselves. If you want to post about local politics, that narrows it down to your locality; if you want to rant about something that happened in a local committee meeting, that narrows it down to people who were present; etc. You might post about a hobby, which might lead someone to another forum where you're active, where you DID post identifiable information. Etc.

Preventing (3) is much more involved. Now you're talking about taking the same sorts of precautions that political dissidents in repressive regimes need to, precautions that aren't always successful. Burner devices, accounts, secure VPNs, and so on. This is a whole other conversation and if you need to take these kinds of precautions then it's worth reframing the question.
posted by Kutsuwamushi at 11:55 AM on July 20 [1 favorite]

Also: no photos you take yourself. Even if you scrub metadata, they give far too many clues.
posted by I claim sanctuary at 1:01 PM on July 20 [1 favorite]

And the last one is the classic - accidentally posting from the wrong account. That’s where a separate device comes in for security, really, if you happen to already have a personal account. It used to be that you could use different apps for each account but Elmo did away with that.
posted by slightlybewildered at 1:42 PM on July 20 [2 favorites]

Building on terrapin's item list:

Don't post content where you only have one source where very few people know about the issue; such info is often a trap or acts like one. I often triangulate info sources and confirm things (that are supposed to be secret) from hearing the same rare thing from different people who don't know each other.

Scrub your images of location and date-taken data using Exif Tools. I sometimes blur non-relevant content too.
posted by unearthed at 2:01 PM on July 20

And the last one is the classic - accidentally posting from the wrong account. That’s where a separate device comes in for security, really, if you happen to already have a personal account.

This. You can cover your trail easily enough but without a separate device specifically for posting to the secret account, sooner or later you're going to mess up. It will only take a single mistake to expose everything you're trying to hide to the world.
posted by Tell Me No Lies at 2:26 PM on July 20 [1 favorite]

This is not solid advice but if it's done on the same machine, I'd make a new account, install a seperate browser, do all the scrubbing possible, add a VPN for that account. Then as above be very careful of details, randomize everything possible, time of day, change the VPN details, use the specific browsers anon features, maybe a couple different browsers. Perhaps use a LLM to alter the phrasing so you don't sound like you. No photos.
posted by sammyo at 3:02 PM on July 20

Separate device is cheap enough and you can always go through privacy.com for an extra layer of protection if you REALLY want your VPN to be not tracked to you. But I agree that the biggest risk is doxing yourself.
posted by kschang at 4:38 PM on July 20

Make sure you use an email address for your account that is not trivially guessable when obfuscated!
posted by mkb at 5:22 AM on July 21