How to get and stay anonymous
May 12, 2012 4:48 AM Subscribe
How does an anonymous blogger stay that way? How do they publish books? Formerly anonymous writer of Belle de Jour describes what she did and did not do and what should be done differently. With recent outings of anonymous bloggers, self-described tabloid trolls and others still a popular pastime is real anonymity even possible?
This post was deleted for the following reason: This is not really okay, Cuppatea; please reach us at the contact form if you're not clear why. -- cortex
is real anonymity even possible?
Pretty much no. Yeah, you can get away with it for a while, but it takes a pretty good effort.
So anyway, this person was pretty stupid. Just looking at the list of 12 items, most are in the purview of "how not to be an idiot with your online persona" than anything else. When the first tip on the page is not to use Hotmail, it does not exactly show one off as a very skilled online user.
What will be her next article? "Be Careful of Woeful Nigerian Royalty?" Please.
posted by lampshade at 5:27 AM on May 12, 2012 [4 favorites]
Pretty much no. Yeah, you can get away with it for a while, but it takes a pretty good effort.
So anyway, this person was pretty stupid. Just looking at the list of 12 items, most are in the purview of "how not to be an idiot with your online persona" than anything else. When the first tip on the page is not to use Hotmail, it does not exactly show one off as a very skilled online user.
What will be her next article? "Be Careful of Woeful Nigerian Royalty?" Please.
posted by lampshade at 5:27 AM on May 12, 2012 [4 favorites]
When the first tip on the page is not to use Hotmail, it does not exactly show one off as a very skilled online user.
I would never have known this. Mind I'm also not a call-girl blogger intent on hiding his/her annonymity.
What struck me was the portrait of the adversary that comes out of all these. Thank god this is not my headache, I kept thinking. Also I was under the impression that practical annonymity was imminently attainable: practical meaning this could be overcome but only with concerted, significant effort.
posted by From Bklyn at 5:38 AM on May 12, 2012 [4 favorites]
I would never have known this. Mind I'm also not a call-girl blogger intent on hiding his/her annonymity.
What struck me was the portrait of the adversary that comes out of all these. Thank god this is not my headache, I kept thinking. Also I was under the impression that practical annonymity was imminently attainable: practical meaning this could be overcome but only with concerted, significant effort.
posted by From Bklyn at 5:38 AM on May 12, 2012 [4 favorites]
She started blogging in 2003, had three books published and a TV series based on them, and was only "outed" in 2009, in spite of a fair bit of media interest in her identity, including attempts to find out her identity by sending her trojans. Like From Bklyn, I wouldn't have known some of the tips, and found this interesting.
posted by Infinite Jest at 5:43 AM on May 12, 2012 [7 favorites]
posted by Infinite Jest at 5:43 AM on May 12, 2012 [7 favorites]
So anyway, this person was pretty stupid. Just looking at the list of 12 items, most are in the purview of "how not to be an idiot with your online persona" than anything else. When the first tip on the page is not to use Hotmail, it does not exactly show one off as a very skilled online user.
I disagree. I mean, if I was starting out and knew the stakes were high -- I wanted to have a blog from within a repressive country, say -- I know I would do a lot of research first, sure. But if I was starting out with a simple blog about my life, there's no way that I would be thinking about IP address issues or about reasons to not use a service like Gmail.
She's also describing a situation of intense press interest, with journalists going through her accountant's trash bins, that most anonymous bloggers won't have to deal with; things like removing the identifying info from photos, however, are absolutely the low hanging fruit of staying anonymous.
posted by Forktine at 5:59 AM on May 12, 2012 [4 favorites]
I disagree. I mean, if I was starting out and knew the stakes were high -- I wanted to have a blog from within a repressive country, say -- I know I would do a lot of research first, sure. But if I was starting out with a simple blog about my life, there's no way that I would be thinking about IP address issues or about reasons to not use a service like Gmail.
She's also describing a situation of intense press interest, with journalists going through her accountant's trash bins, that most anonymous bloggers won't have to deal with; things like removing the identifying info from photos, however, are absolutely the low hanging fruit of staying anonymous.
posted by Forktine at 5:59 AM on May 12, 2012 [4 favorites]
...only with concerted, significant effort.
Depending on the skill of who's looking.
For instance, with even a bit of basic internet knowledge it's easy enough to post someone a private message on the social networking site du jour with an image in it (possibly an invisible gif). If you have access to the logs where the image is hosted then you have their IP address the moment they view the message. With someone's IP address you can get their (approximate at the very least) geographic location, if it's a fixed IP then you can do a web search and quite probably find traces of them on other sites (e.g. forum posts).
And that's just the very basics, 5 mins work....
For that reason using an internet cafe could actually be worse than a home connection: they are more likely to have reverse DNS set up, so you can trace the IP direct to the cafe. If you're using a wireless device (laptop, tablet, etc.) then it has a fixed MAC address that identifies it [software such as Cain & Abel will even hint at the machine type], from there's it's just a process of elimination (if the hunter is nearby).
Moderate anonymity is easy for most, because no-one is looking.
Personally, if I were trying it (currently I'd imagine it's about an hour's work at most to find my name, address, phone, precise geographic location, pet names...) I'd start by creating a distinct other persona in a different timezone and try and be as convincing that it was my real location as possible (local references, pics, regional language, activity times...).
posted by titus-g at 6:23 AM on May 12, 2012 [2 favorites]
Depending on the skill of who's looking.
For instance, with even a bit of basic internet knowledge it's easy enough to post someone a private message on the social networking site du jour with an image in it (possibly an invisible gif). If you have access to the logs where the image is hosted then you have their IP address the moment they view the message. With someone's IP address you can get their (approximate at the very least) geographic location, if it's a fixed IP then you can do a web search and quite probably find traces of them on other sites (e.g. forum posts).
And that's just the very basics, 5 mins work....
For that reason using an internet cafe could actually be worse than a home connection: they are more likely to have reverse DNS set up, so you can trace the IP direct to the cafe. If you're using a wireless device (laptop, tablet, etc.) then it has a fixed MAC address that identifies it [software such as Cain & Abel will even hint at the machine type], from there's it's just a process of elimination (if the hunter is nearby).
Moderate anonymity is easy for most, because no-one is looking.
Personally, if I were trying it (currently I'd imagine it's about an hour's work at most to find my name, address, phone, precise geographic location, pet names...) I'd start by creating a distinct other persona in a different timezone and try and be as convincing that it was my real location as possible (local references, pics, regional language, activity times...).
posted by titus-g at 6:23 AM on May 12, 2012 [2 favorites]
It is incredibly difficult to remain anonymous if you're leaving a money/press trail behind you.
Granted, but in the case of a money trail that's generally a good thing. Anti money laundering efforts still provide a huge net benefit to society despite this.
posted by ceribus peribus at 6:26 AM on May 12, 2012
Granted, but in the case of a money trail that's generally a good thing. Anti money laundering efforts still provide a huge net benefit to society despite this.
posted by ceribus peribus at 6:26 AM on May 12, 2012
Hmm I checked, actually it's about 17 seconds from here to my name, address & phone :D
posted by titus-g at 6:28 AM on May 12, 2012
posted by titus-g at 6:28 AM on May 12, 2012
So how did Belle de Jour finally get outed?
I have to be careful what I say here. In short, my identity became known to a tabloid paper and someone whom I had good reason not to trust gave them a lot of information about me.
It sounds as though she was outed by the old-fashioned method, i.e. someone shopped her to the tabloids. In other words, personal knowledge was the giveaway -- so while her advice about not using Hotmail, masking your IP address, and so on, is all perfectly valid, it doesn't actually seem to have much to do with her own case.
This also brings to mind the case of Richard Horton, aka Nightjack, the police blogger who got outed by the Times. The Times claimed that Horton had carelessly left online clues to his real identity. It subsequently transpired that this was a complete fabrication, and that the paper had illegally hacked into his email account. (For anyone interested in the case, I recommend David Allen Green's devastating account of the whole affair, in which the Times's reputation is methodically ripped to shreds.)
I believe Richard Horton had the right to remain anonymous. He certainly had the right to expect that the Times, however keen it might be to expose him, would not break the law in its efforts to do so. To suggest that anonymous bloggers are 'pretty stupid' to use Hotmail, or that it's all a matter of 'not being an idiot with your online persona', sounds to me a lot like blaming the victim.
posted by verstegan at 6:38 AM on May 12, 2012 [6 favorites]
I have to be careful what I say here. In short, my identity became known to a tabloid paper and someone whom I had good reason not to trust gave them a lot of information about me.
It sounds as though she was outed by the old-fashioned method, i.e. someone shopped her to the tabloids. In other words, personal knowledge was the giveaway -- so while her advice about not using Hotmail, masking your IP address, and so on, is all perfectly valid, it doesn't actually seem to have much to do with her own case.
This also brings to mind the case of Richard Horton, aka Nightjack, the police blogger who got outed by the Times. The Times claimed that Horton had carelessly left online clues to his real identity. It subsequently transpired that this was a complete fabrication, and that the paper had illegally hacked into his email account. (For anyone interested in the case, I recommend David Allen Green's devastating account of the whole affair, in which the Times's reputation is methodically ripped to shreds.)
I believe Richard Horton had the right to remain anonymous. He certainly had the right to expect that the Times, however keen it might be to expose him, would not break the law in its efforts to do so. To suggest that anonymous bloggers are 'pretty stupid' to use Hotmail, or that it's all a matter of 'not being an idiot with your online persona', sounds to me a lot like blaming the victim.
posted by verstegan at 6:38 AM on May 12, 2012 [6 favorites]
I believe most people get outed by bragging about their activities. If you can avoid bragging, then anonymity isn't completely impossible, just requires some discipline.
- Buy yourself a clean portable internet device using cash.* Never contaminate this device with your real identity. No shared email, voip, messaging, website, etc. accounts. Disable autoupdate features when doing anything traceable to your secret activities.
- Always access the internet from public locations like cafes that require no identification. Always make purchases there in cash. Never contaminate said locations by using your regular portable internet device simultaneously. Never take your clean device online from dirty locations. Don't take your mobile phone along either.
- Use the Tor browser bundle's FireFox as your primary browser on the clean device. Always access your blog through Tor. Do any research through Tor as well. Don't screw up this browser's secure configuration. If you require mess like flash, then configure another browser for Tor, but keep it as clean as possible, i.e. adblock, ghostery, clear cookies on exit, etc.
- Your new identity's email addresses should be established using temporary email accounts like 10minutemail.com or whatever. Avoid any free email companies linked with anyone who might find you interesting. Gmail is fine for many purposes, but obviously not if you're leaking secrets of Google, Motorola, the U.S. government, etc.
- Avoid making any unnecessary purchases. Use prepaid credit cards bought in cash for any purchases you must make.
- Take extreme care with documents that might be traceable to you, like photos you've taken, watermarked documents your leaking, etc.
- Any large files should be distributed using bitlockers, upload them through Tor of course. There are seedboxes that accept prepaid credit cards if you must use bittorrent. Also, superseeding might improve your anonymity, well maybe. Do not seed from your clean device directly. If you require a server, then consider using Tor hidden services.
* If you're not too worried about being outed, then you could get away with simply creating a new account. If you always log yourself out completely, then only software installed globally could out you, maybe only Apple or Microsoft if your system is very clean.
posted by jeffburdges at 7:03 AM on May 12, 2012 [21 favorites]
- Buy yourself a clean portable internet device using cash.* Never contaminate this device with your real identity. No shared email, voip, messaging, website, etc. accounts. Disable autoupdate features when doing anything traceable to your secret activities.
- Always access the internet from public locations like cafes that require no identification. Always make purchases there in cash. Never contaminate said locations by using your regular portable internet device simultaneously. Never take your clean device online from dirty locations. Don't take your mobile phone along either.
- Use the Tor browser bundle's FireFox as your primary browser on the clean device. Always access your blog through Tor. Do any research through Tor as well. Don't screw up this browser's secure configuration. If you require mess like flash, then configure another browser for Tor, but keep it as clean as possible, i.e. adblock, ghostery, clear cookies on exit, etc.
- Your new identity's email addresses should be established using temporary email accounts like 10minutemail.com or whatever. Avoid any free email companies linked with anyone who might find you interesting. Gmail is fine for many purposes, but obviously not if you're leaking secrets of Google, Motorola, the U.S. government, etc.
- Avoid making any unnecessary purchases. Use prepaid credit cards bought in cash for any purchases you must make.
- Take extreme care with documents that might be traceable to you, like photos you've taken, watermarked documents your leaking, etc.
- Any large files should be distributed using bitlockers, upload them through Tor of course. There are seedboxes that accept prepaid credit cards if you must use bittorrent. Also, superseeding might improve your anonymity, well maybe. Do not seed from your clean device directly. If you require a server, then consider using Tor hidden services.
* If you're not too worried about being outed, then you could get away with simply creating a new account. If you always log yourself out completely, then only software installed globally could out you, maybe only Apple or Microsoft if your system is very clean.
posted by jeffburdges at 7:03 AM on May 12, 2012 [21 favorites]
- Use the Tor browser bundle's FireFox as your primary browser on the clean device. Always access your blog through Tor. Do any research through Tor as well. Don't screw up this browser's secure configuration. If you require mess like flash, then configure another browser for Tor, but keep it as clean as possible, i.e. adblock, ghostery, clear cookies on exit, etc.
Even better, use Tails on your clean device for anything related to what you want to be anonymous. Not only does it automatically route all Internet traffic through Tor, it also leaves no trace of what you were doing on the device itself.
posted by burnmp3s at 7:18 AM on May 12, 2012 [7 favorites]
Even better, use Tails on your clean device for anything related to what you want to be anonymous. Not only does it automatically route all Internet traffic through Tor, it also leaves no trace of what you were doing on the device itself.
posted by burnmp3s at 7:18 AM on May 12, 2012 [7 favorites]
I am reasonably technical and this stuff still just makes my head hurt. I find it kind of depressing that we have to start from a position of "your private information is an open book" rather than the other way around.
posted by nowhere man at 7:29 AM on May 12, 2012 [2 favorites]
posted by nowhere man at 7:29 AM on May 12, 2012 [2 favorites]
If it is so childishly easy to track someone via their internet footprint, why did it take so long for her cover to be blown--and why was it not blown by any of these "easy" high-tech methods but rather by good old fashioned blabbermouthing?
I'm not disputing anyone's claims about how easy all this is, but it seems odd that you'd have teams of people rooting through her accountant's trash--a rather time-intensive and difficult way to acquire information--when apparently the information was just a few mouse clicks away.
posted by yoink at 7:31 AM on May 12, 2012
I'm not disputing anyone's claims about how easy all this is, but it seems odd that you'd have teams of people rooting through her accountant's trash--a rather time-intensive and difficult way to acquire information--when apparently the information was just a few mouse clicks away.
posted by yoink at 7:31 AM on May 12, 2012
It looks like she was sold out by an angry, vindictive ex-boyfriend.
posted by Hildegarde at 7:50 AM on May 12, 2012
posted by Hildegarde at 7:50 AM on May 12, 2012
I wonder if Skynet ever thought to try rooting around in John Connor's trash.
posted by Brocktoon at 8:00 AM on May 12, 2012 [1 favorite]
posted by Brocktoon at 8:00 AM on May 12, 2012 [1 favorite]
why did it take so long for her cover to be blown...but rather by good old fashioned blabbermouthing?
I do wonder that as well, to be honest, I know the geek stuff works because I've done it in the past (with unhinged trolls and harassers of friends).
The amount of skill needed to find someone is going to increase at a pretty steep curve dependant on what they know, and how much they are actively trying to be anonymous, and as Jeff says: how disciplined they are. It's only the easy stuff that's easy, but that probably would cover a lot of cases. That, combined with the fact that the people with higher 'finder'* skills are actually going to have far better (and salaried) things to do than engage in bottom-feeding, exposé, tabloid journalism.
* and how much does it suck that Fox just cancelled that show, and on a cliff-plummeter?
posted by titus-g at 8:12 AM on May 12, 2012
I do wonder that as well, to be honest, I know the geek stuff works because I've done it in the past (with unhinged trolls and harassers of friends).
The amount of skill needed to find someone is going to increase at a pretty steep curve dependant on what they know, and how much they are actively trying to be anonymous, and as Jeff says: how disciplined they are. It's only the easy stuff that's easy, but that probably would cover a lot of cases. That, combined with the fact that the people with higher 'finder'* skills are actually going to have far better (and salaried) things to do than engage in bottom-feeding, exposé, tabloid journalism.
* and how much does it suck that Fox just cancelled that show, and on a cliff-plummeter?
posted by titus-g at 8:12 AM on May 12, 2012
LinkMachineGo worked out Belle de Jour's identity very early on - he twigged that the writer had to be among the first wave of UK bloggers, and Brooke had published a few posts that we're stylistically very similar to the BdJ stuff.
There were so few British blogs in 2001 and before that I'm surprised a tech-savvy hack didn't think to search the directory sites for potential candidates (but then I read both of Brooke's pre-BdJ blogs and it never occurred to me that she was the culprit).
posted by jack_mo at 8:22 AM on May 12, 2012 [2 favorites]
There were so few British blogs in 2001 and before that I'm surprised a tech-savvy hack didn't think to search the directory sites for potential candidates (but then I read both of Brooke's pre-BdJ blogs and it never occurred to me that she was the culprit).
posted by jack_mo at 8:22 AM on May 12, 2012 [2 favorites]
I wonder how effective the use of online translation services would be in terms of masking a distinctive writing style. If all you care about is getting a particular bit of information across, then writing in the intended language, automatic translation to a second language and then back again should remove most of the easily recognizable patterns which would point a piece of writing to you.
The resulting prose won't be the most eloquent and will possibly be just barely functional, but I think that would work.
posted by honestcoyote at 8:26 AM on May 12, 2012
The resulting prose won't be the most eloquent and will possibly be just barely functional, but I think that would work.
posted by honestcoyote at 8:26 AM on May 12, 2012
Fascinating, and yeah, the ultimate tool is a competent accomplice who will KEEP his fucking mouth shut. People who can afford loyal crews have a huge advantage ... which is then countered by the fact that one of them might flip ...
Personally, if I were trying it (currently I'd imagine it's about an hour's work at most to find my name, address, phone, precise geographic location, pet names...) I'd start by creating a distinct other persona in a different timezone and try and be as convincing that it was my real location as possible (local references, pics, regional language, activity times...).
I thought that's what everyone did already. I have 5-6 online personas with fake real phone numbers and addresses. I mean, if I'm acting as one of those personas and not posting from my own ISP, it seems very difficult to track me, regardless of anonymizers, etc. Sure, it could be done, but the barrier seems pretty high.
posted by mrgrimm at 9:42 AM on May 12, 2012 [1 favorite]
Personally, if I were trying it (currently I'd imagine it's about an hour's work at most to find my name, address, phone, precise geographic location, pet names...) I'd start by creating a distinct other persona in a different timezone and try and be as convincing that it was my real location as possible (local references, pics, regional language, activity times...).
I thought that's what everyone did already. I have 5-6 online personas with fake real phone numbers and addresses. I mean, if I'm acting as one of those personas and not posting from my own ISP, it seems very difficult to track me, regardless of anonymizers, etc. Sure, it could be done, but the barrier seems pretty high.
posted by mrgrimm at 9:42 AM on May 12, 2012 [1 favorite]
« Older See nothing, hear nothing, speak nothing | #Popleveson: the Twitter meme from Court 73 Newer »
This thread has been archived and is closed to new comments
posted by Foci for Analysis at 5:24 AM on May 12, 2012 [1 favorite]