Anonymous Twitter Account, Part 2

For some reason people have a hard time wrapping their heads around the idea of an anonymous Twitter account. The standard naysayers came out all over the web on the various sites who linked to my article, casting doubt and dispersion about whether it was even possible. So consider this a followup, for those who didn’t bother to actually read the article at the Intercept, and just went off of the headline.

The naysayers are correct in that your computer will give you away. That’s why you don’t use YOUR computer. Don’t use the laptop that is resting on your belly while you sit in your recliner. Don’t use your phone — especially the so-called ‘burner phone’ that you (foolishly) carry around in the same pocket as your regular phone. Don’t use the same desktop where you pen your ‘militia roll calls’ on Facebook or share your memes. Don’t use the computer of anyone you know.

Instead, you go get a cheap refurb computer, that has never connected to your home or work internet (or your favorite coffee shops and hangouts). You never use it at work or home, or anywhere else you frequently go. You use a VPN, you use Tor, and you make accounts that aren’t linked to you in any way.  You use email addresses created and accessed only on that laptop, only when on VPN, only on Tor, only when not home.

On top of all of that, you don’t drive your own car to wherever you’re going to set up, because you don’t want a license plate reader picking it up and putting you in that location at that time. Don’t wear your loud-and-proud gear. Dress to fit in and disappear inside whatever area you’re in.  If that means you dress like a hipster and blend into some eclectic little vegan shop with wifi, then so be it. Don’t use the same location over and over. Don’t become recognizable and memorable. For the love of all that’s holy, don’t take your cell phone with you. In fact, send it with someone else going another direction if you have to.

If you’re going to do it right, you wouldn’t follow anyone you know with your account, anyone you would normally follow, or who would follow you. Your entire function is PUSHING information, and so you wouldn’t respond to direct messages, click on links, or do anything else that detracts from your actual function.

Gee, you might be thinking. That sounds like a big pain in the rear end. A lot of trouble and annoyance, or even money.  Yup. That’s exactly what it is. Do you want to do it and get caught? Or do you want to do it correctly?

That’s why agitators and activists — the real ones — are so few and far in between. Because doing it right requires a lot more work than sharing memes on Facebook.

Your Anonymous Browsing Can Still Identify You

A disturbing study reported on the The Atlantic highlights something we already know: Human nature will screw us every single time; in short, you screw yourself.

If you’re on Twitter, chances are that even if you are browsing anonymously, your history will identify you. Why? Because of how you — and all other humans — behave in a normal setting.

Here’s how the de-anonymization system works: The researchers figured that a person is more likely to click a link that was shared on social media by a friend—or a friend of a friend—than any other random link on the internet. (Their model controls for the baseline popularity of each website.) With that in mind, and the details of an anonymous person’s browser history in hand, the researchers can compute the probability that any one Twitter user created that browsing history. People’s basic tendency to follow links they come across on Twitter unmasks them—and it usually takes less than a minute.

Granted, this was in a test environment. But notice something very critical about the statement the researchers make:

Ultimately, if you want to use Twitter under your own name, there’s little you can do to thwart this de-anonymization technique. “Our deanonymization attack didn’t use any easily-fixed flaw in the Twitter service,” said Ansh Shukla, a graduate student at Stanford and one of the paper’s authors. “Users behaving normally revealed everything we need to know. As such, the research strongly implies that open social networks, detailed logging, and privacy are at odds; you can simultaneously have only two.”

Pay attention. If you tweet (or use Facebook) under your own name, there is no such thing as privacy. While he states you can have two out of the three, note that there are very few ways to stop the detailed logging and still use social media sites because they are designed from the ground up to log and track everything you do. In other words, your only other option is to create a separate everything. Get a throwaway refurbished laptop, run Linux on it, get a VPN, TAILS, and use that particular laptop away from your home for reading your various blogs and websites, buying your sensitive items, whatever. Save the Windows laptop in your recliner for puppy pics, paper towel orders on Amazon, and answering your grandmother’s messages about whether you’re going to the family campout.

While you’re at it, go to and take a look at what traces you are leaving.

Crossposted at Order of the White Rose.

Encryption Update

CSG has the new updates for NSA encryption. As he points out, if the watchers are upping their own standards, you should too.