__TOC__

'''Chapter 1: Digital traces and identities online'''

== Digital shadows ==

How much data exists about you? What kind of traces do you leave behind about your identity, your networks, and your habits when you use digital services? How does this connect to who you are online and who you are offline? What can someone who wants to harm you or investigate you, actually find out?

Your digital shadow is the story that data tell about you. It is created by trillions of traces, or bits of data, left behind in the digital world every time you go online, or when your mobile phone or any other object around you sends information to the internet. These bits of data can include your name, location, contacts, photos, messages, tweets and likes, but also the brand of your computer, length of your phone calls and information about which websites you visit.

These traces are created by you actively publishing and sharing information about yourself and people sharing information about you by tagging you in pictures, mentioning you in tweets or simply by communicating with you. There are also traces which are passively created, without you necessarily realising it, or consenting to it. For example, your browsing habits and IP address are shared amongst websites you visit and services you use in order to track your behaviour and try to sell you products through advertising.

In order to understand the concept of digital shadows, it is useful to break it down into what the data is that is being collected and who is collecting it.

''What is data?''

When we think about digital traces, we are talking about three types of data: content, metadata and noise.

'''Content:''' is what you actively produce: your messages, blogs, tweets, phone calls and online purchases; the pictures and videos you take to remember.

'''Metadata:''' is data about your data, information that is needed for the technological infrastructure to work. It enables your email to be delivered, files on your computer to be found and mobile communication to work. If you take the example of an email that you send, the metadata includes the sender's email, the recipient's email, the time the email was sent, the type of device the email was sent from, and the location it was sent from.

'''Noise:''' is the data that is created by either the manufacturing process or by the workings of the technological infrastructure. For example, every camera with a SD card to record and store pictures has unique scratches. These make small changes to the data that are not visible to the eye but can be recognised by computers.

''Who collects data?''

You might wonder about the importance of one picture, one message, or one call. You might think there is so much data out there that nobody knows what to do with it, or cares that much about it.

However, there are in reality a number of parties interested in this data - including companies, governments and individuals - and data collection and data analysis is by now very sophisticated. The data traces you leave behind online are constantly being collected, analysed and sorted by various parties to create profiles on you; and every time a new piece of data is aggregated, it can be identified and added to your profile. These profiles are ever-expanding, and give those who create them or who have access to them an immense insight into who you are.

Data is collected for a variety of purposes. Profiles can be bought and sold; data can be used to control, suppress or silence; or it can be used to create harassment strategies by people who want to harm your reputation or attack you for your views or beliefs. All of the aforementioned actors can have access to your digital shadow. They might access it in different ways: through surveillance of your activities, through data-sharing between applications, or through researching publicly available pieces of data about you and patching these all together.

Depending on who you are and what you do, you will probably have different concerns about who can access your digital shadows and how this makes you vulnerable.

'''Relevant links:'''

* '''Trackography''': (https://trackography.org/) an interactive map exploring how the global tracking industry is recording your online behaviour.

'''Further Readingsː'''

* Privacy international videoː (https://www.privacyinternational.org/?q=node/573) explaining what is metadata and what should we care about it.
* Ed Felten explains how you can tell someone had an abortion from studying the metadata of their phone calls: (http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/27/heres-how-phone-metadata-can-reveal-your-affairs-abortions-and-other-secrets/)
* Hello Barbie points at the limits of eavesdropping, privacy and how devices are sending data to third actor partiesː (http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/)

==== Exploring ====

You can't know exactly what is happening to your digital shadow or who might have to access to it, and that itself is a problem. Although this situation might seem dire, the idea is not to get paralyzed by paranoia but to try to demystify it for yourself and try out different methods for controlling and minimising your shadows. Some examples include reducing the amount of data you give away; consciously stripping valuable information from content and metadata; exercising the art of self-doxing; and thinking about ways to play with and break up your online identity.

The strategies and tools detailed below can increase your privacy, and help you to be more secure, both online and offline - without being less vocal or reducing your activity online. To move towards getting some control over your digital shadow, a good place to start is to see what it looks like (as far as is possible) and explore the size, depth and characteristics of your digital shadow:

* '''Trace My Shadowː''' (https://myshadow.org/trace-my-shadow) is a tool produced by Tactical Tech that allows you to see some of the traces you are leaving online, and it offers a lot of tips on how to protect your privacy.
* '''Digital Shadowː''' (https://digitalshadow.com) is a Facebook app developed by Ubisoft which illustrates what third parties can know about you through your Facebook profile.
* '''Panopticlickː''' (https://panopticlick.eff.org/) tests your browser to see how unique it is based on the information it will share with sites it visits. By using this application, your browser will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.
* '''OpenPaths.ccː''' (https://openpaths.cc/) is a tool that allows you to track your location history over time with your smartphone. You can then visualise this data and see what kind of story it tells about you.

'''Self-doxing:''' Another strategy for exploring your visible traces and what is already out there about you on the internet is to dox yourself. '''Doxing''' describes tracing or gathering information about someone using sources that are freely available on the internet. This method depends on the ability of the attacker to recognise valuable information about their target, and to use this information for their own ends. Doxing is premised on the idea that the more you know about your target, the easier it will be to find their flaws. This technique is used sometimes by activists and investigative journalists to profile subjects of interest. It is also used as a strategy of harassment online. "Self-doxing", or researching yourself, is a technique that can help you to make informed decisions about what you share online, and how. Of course, these same instruments can also be used to learn more about someone we have met online before we give them our full trust.

'''Methods used for doxing''' include exploring archives, images, phone directories and other publicly available information; querying common search engines like Google or DuckDuckGo (https://duckduckgo.com); looking for a person's profile in specific services; searching for information in public forums and mailing lists. But it can also simply consist in looking up the public information on the owner of a website, through a simple "whois search" (through websites such as: http://www.whois-search.com/ or similar).

Remember, even while you are exploring yourself, other people can be exploring you too. So when you are using these web services and looking for your digital shadow, a good idea is to use anonymisation tools like Torbrowser(https://www.torproject.org/projects/torbrowser.html.en).

'''Further Readings:'''

* Advice on doxing your harassers as a way to assess your risk: (https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk)
* Tips no how self-dox yourself (or to dox someone else): (https://lilithlela.cyberguerrilla.org/?page_id=93870)
* Anonymous Activism/Tor for Feminists by Fembot collectiveː (http://fembotcollective.org/blog/2015/05/06/toolkit-anonymous/)

==== Mapping ====

While we have explained what steps you might take to explore your personal digital shadow and traces you leave online, you will also need to enlarge this exploration to the people you interact with online.

Everyone belongs to several social domains - your work or advocacy networks, your family networks, friends, sports teams, whatever. Some networks may feel safer than others. For example, you may be more vigilant about what you share and how you share it in your work or advocacy activities, but less so for interacting with friends on a social networking platform.

If you use a single identity in all your domains, or if you always use your real name online, it becomes easier to gather information about you and to identify your vulnerabilities. For example, if you reveal in a social networking platform that you like a particular kind of game, an attacker who wants to investigate your work or advocacy activities might trick you into downloading a game which is infected with spyware.

This is only possible, however, if your work identity and your gaming profile can be connected to the same person; and this is why separating your social domains can be useful. To separate your social domains, it's helpful to first map them out and identify which ones could expose you most.

You can do this by thinking about your different activities and networks, and reflecting how sensitive each of these is in order to better separate the domains that are sensitive from those that are not. You can do this by considering the data that you handle in the different realms of your life and ask yourself: what would happen if this particular data suddenly disappeared or if it was seen, copied and distributed by a third actor party?

'''Example:''' Polish computer security researcher Joanna Rutkowska developed a Linux distribution based on the concept of “security by isolation” called Qubes OS. In this system, each social domain is isolated in a separate virtual machine. The three basic domains Rutkowska identifies for herself are:

* The '''work''' domain, including her work email, work PGP keys, reports, slides, papers, etc. She also has a less-trusted “work-pub” domain for things like accepting LinkedIn invites or downloading pictures for her presentations.
* The '''personal''' domain includes personal email and calendar, holiday photos, videos, etc. She adds to this with a special domain called “very-personal”, which she uses for the encrypted communication with her partner.
* The '''red''' domain includes the totally untrusted areas which don’t require her to provide any sensitive information.

This might be a technical example, but it illustrates the concept of security by isolation very well as it recognises that security measures can always be vulnerable and that harm can be reduced by stopping possible attackers from accessing the whole system that needs to be secured. This example can be applied in other ways to your own social domains.

Further readingsː
* You can find more details about Rutkowska's scheme here: (http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html).

==== Controlling ====

Finding out what data exists out there and can be accessed by others is an empowering first step. There are also measures you can take to control what content and metadata you give away. When you publish content on the internet, it is always a good idea to ask yourself if what you are posting is public or personal and who could have access to it. Even if the information is connected to a public event and not to your personal life, the names you mention or the images you upload may contribute to a picture about who you are, what you are doing, where you are doing it and so on. This could be used by people who wish to target you.

This does not mean that you should silence yourself – by taking some basic steps, you can limit your risks. You can think of these as increasing the amount of effort someone who wants to surveil or attack you or your contacts would need to take.

'''Controlling your content when connecting to the internet'''

* When '''giving personal information to a web service''', make sure the service provides an '''encrypted connection''' for you to access it from (the url should begin with https://). You can use the browser add-on '''Https Everywhere''' for Firefox, Chrome and Opera browsers, provided by the Electronic Frontier Foundation to help you force https connections with websites that have them (https://www.eff.org/https-everywhere).

* Using '''Torbrowser''' will '''hide specific metadata like your IP address''', thereby increasing your anonymity online. (See https://securityinabox.org/en/guide/anonymity-and-circumvention)

* You can install add-ons like '''Privacy Badger''' or '''Adblock Plus''' for the Firefox Browser, as well as by monitoring your privacy settings and deleting '''cookies''' on a regular basis.

* You should '''use strong and different passwords''' for each web service you use - if not, someone that intercepts your password could use it to access your other accounts. (See https://securityinabox.org/en/guide/passwords)

'''Controlling your content when publishing online'''

* When '''sharing personal details about your life''', you can use '''private profiles''' that can only be accessed by selected contacts. When using those on commercial social networking platforms, you should be aware of the '''regular changes to the privacy policies''' of that platform. There have been cases where privacy settings have been changed, exposing pictures, content and conversations of private groups.

* When '''writing or posting images about public events''' online, you should ask yourself if the information you spread about single individuals, places and other details could be used to identify and/or attack someone. It is always a good idea to ask for '''permission''' to write about individuals and perhaps also to discuss shared agreements about posting information on public events.

* '''Faces in pictures can be anonymised''' with a tool called '''ObscuraCam''', a free camera application for Android devices. (https://guardianproject.info/apps/obscuracam)

'''Controlling your content by reducing your metadata:'''

* You can '''switch off the GPS tracker''' in your phone or camera.

* When '''registering a device''' or software such as Microsoft Office, Libre Office, Adobe Acrobat and others, you don't need to use your real name. This prevents the metadata created when using this device or software from being connected to you.

* When '''publishing contents online''' you can change files from ones that contain a lot of metadata (such as .doc and .jpeg) to ones that don’t (such as .txt and .png), or you can use plain text.

* You can use '''tools to remove metadata from certain files'''. For images there is '''Metanull''' for Windows (https://securityinabox.org/en/lgbti-africa/metanull/windows). For '''PDFs''', Windows or MAC OS users can use programs such as '''Adobe Acrobat XI Pro''' (for which a trial version is available). GNU/Linux users can use '''PDF MOD''', a free and open source tool. (Note: this tool doesn’t remove the creation or modification timestamp, and it also doesn’t remove the information about the type of device used to create the PDF.) For a full guide to'''removing metadata from different file formats''', see Tactical Tech's resource: https://securityinabox.org/en/lgbti-mena/remove-metadata.

'''Controlling your content by deleting accountsː'''

One method of controlling your shadow is reducing the number of platforms and services you can be found on. Some tools to help you delete existing accounts include:

* The '''Suicide Machineː''' (http://suicidemachine.org) is a tool that facilitates the process of deleting social media profiles. The Suicide Machine was forced to stop deleting Facebook accounts, but instructions on how to do this are here: https://www.facebook.com/help/224562897555674
* '''AccountKillerː''' (https://www.accountkiller.com) has instructions on how to remove accounts or public profiles on most popular websites.
* '''JustDelete Meː''' (http://justdelete.me) is a directory of direct links to delete accounts from web services.

== Separating identities online ==

Once you have identified your different social domains and the digital activities and contacts that go with them, what you need to do is decide if you want to differentiate your identities accordingly, or if you'd rather stick to your official name and true face for each of them.

Once you have identified your different social domains and the digital activities and contacts that go with them, what you need to do is decide if you want to differentiate your identities accordingly, or if you'd rather stick to your official name and true face for each of them.

You may want to keep your work connected to your legal or "real" identity, or think that your activism should be anonymous, but these are decisions that need to be thought about carefully. For example, a journalist who finds it convenient to use her real identity for her writing may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together.

On the other hand, if an activist decides that she wants to use a pseudonym for her online activities, she should consider that she will be showing her face in all her connected activities in the real world, such as speaking at conferences or participating in demonstrations. Her online pseudonym will therefore be linked to her face; but her face could also be linked to her real name on social media, and her online activism identity unmasked.

In assessing which identity to use in a given context, it's helpful to consider for each specific situation the following questions:

* Would my safety, job or livelihood be at risk if my real identity were known?
* Would my mental health or stability be affected if my participation in X were known?
* Would my family or other loved ones be harmed in any way if my real identity became known?
* Am I able and willing to maintain separate identities safely?

These questions are part of a basic risk assessment which can you use at many different points when thinking about your digital security and privacy. Once you have assessed your risk, you can then consider different strategies for separating your identities online. These range from full transparency to full anonymity.

'''Relevant links:'''

* Tactical Tech's guide to risk assessment: (https://securityinabox.org/en/lgbti-mena/security-risk)
* Electronic Frontier Foundation's guide to threat modeling: (https://ssd.eff.org/en/module/introduction-threat-modeling)

==== "Real" names ====

Author Kate Harding talks about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers to follow practices like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers... masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”. Instead of putting responsibility on women, Harding says, problems of harassment should be handled by society as a whole, including men. However, she also acknowledges that the decision is a dangerous one.

For instance the project Geek Wiki Feminism reveals how certain groups of people are disadvantaged by policies which require individuals to use their real or legal names. These include women, queers, trans* persons, differently-abled persons, children and parents. The costs to these groups when having a public profile attached to their real name can range from discrimination in employment or provision of services to arrest,imprisonment or execution in some jurisdictions. For a comprehensive list of which groups of people are affected and how they are affected see Geek Wiki Feminism (http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F)

'''Further readings:'''

* Kate Harding talks about her decision to start writing under her real nameː (http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name/)
* How Facebook's real name policy affects LGBTQ persons: (https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community)
* Geek Feminism Wiki - Who is harmed by a "Real Names" policy?ː (http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F)

==== Anonymity ====

On anonymity, Vani, a human rights activist, writes: “I am a regular social network user. I voice my opinions on a range of topics. But I remain faceless and nameless” (http://internetdemocracy.in/media/women-bloggers-seek-safety-in-anonymity%20speaks%20of%20their%20participation%20on%20social%20networks%20anonymously).

Anonymity may be a good choice in settings where you don't need to gain other people's trust, when there are few or no people you can trust, or when you don't want to expose others in your life to risks. When you are researching or participating in message boards about health issues, or when sharing sensitive information for instance, you may wish to set up a one-time account, using a pseudonym, to comment on a blog or news site, or a one-time email account or chat session to discuss sensitive information with others.

But total anonymity can be difficult to maintain and also be dangerous in some countries, where it can signal to the state police that the author thinks they are doing something wrong. This strategy can also be lonely as anonymity can further isolates you, as a blogger underlines: “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”

When you adopt anonymity as a strategy you may use pseudonyms, but these should not be used across different networks or social domains, and some may only be used once and then discarded. Because of this, anonymity differs from persistent pseudonymity.

'''Relevant links:'''

* The anonymity decision for bloggers: (https://advocacy.globalvoicesonline.org/2015/05/01/to-be-or-not-to-be-anonymous-how-should-bloggers-decide/)
* How the real identity of the blogger behind the Gay Girl blog was revealed by online investigation: http://electronicintifada.net/blogs/ali-abunimah/new-evidence-about-amina-gay-girl-damascus-hoax

==== Persistent Pseudonymity ====

Persistent pseudonymity involves a fictitious name used consistently over a period of time. In the age of the internet, a pseudonym may also be referred to as a "nickname" or "handle". There are myriad reasons why you might want to use a name other than the one you were born with such as to hide your gender or protect your privacy.

A pseudonym can be name-shaped (e.g., "Jane Doe") or not. At the time of writing, some websites - including Facebook - require that users use their "authentic identity" which typically means using your legal name or the name by which you are commonly known. This policy has caused many users to lose their Facebook accounts among which we find feminists groups, trans* persons and drag kings and queens known for their pseudonymous rather than their legal name. If you choose to use a pseudonym on social networks, it is important to understand that you can be reported for using a "fake name" and possibly have your account deleted. A strategy for avoiding that is using a name-shaped pseudonym.

Persistent pseudonymity also offers '''visibility''', which allows to network with others, and by pinning your voice to a particular name you can develop an '''online reputation'''. This depends on others to decide whether you are worthy of trust, and is therefore a crucial aspect in trust-based online communities. Reputation can be developed by consistently using a nickname or pseudonym that can either be connected to your legal identity, or not. The choice to connect your online reputation to your "real" name should be taken individually, according to needs and context.

'''Relevant links:'''

* The many reasons people use pseudonyms: (https://www.eff.org/deeplinks/2011/07/case-pseudonyms)
* Geek Wiki Feminism on Pseudonymousː(http://geekfeminism.wikia.com/wiki/Pseudonymity) and a bingo about it (http://geekfeminism.org/2011/07/08/anti-pseudonym-bingo/)
* A blogger explains how a human error exposed her pseudomynous online identity which put her work identity at risk: (http://disabledfeminists.com/2010/04/14/on-refusing-to-tell-you-my-name/)

==== Collective Identity ====

Another way to be anonymous is through collective participation. For centuries groups and like-minded people have participated anonymously in historic protest movements, or have created ground-breaking and provoking artworks or pranks under a collective pseudonym. Besides hiding the identities of the individuals involved, these collective personas have shrouded their feats in an aura of myth and almost magical power. Anonymity through collective identity can translate in a number of things, from a private group or mailing list that puts out collective statements, to a shared Twitter account. While the same security concerns apply, working from behind a collective identity means having the power of the crowd behind you, and can be a good option if you don't wish to reveal your identity.

'''Some examples of collective identities:'''

'''Captain Swing:''' the identity used by farm workers in their letters of protest during the English Swing Riots in 1830 (https://en.wikipedia.org/wiki/Captain_Swing)

'''Luther Blisset:''' a name originally belonging to an Italian footballer which was adopted and used by many artists and activists for various actions and projects (https://en.wikipedia.org/wiki/Luther_Blissett_%28nom_de_plume%29)

'''Guerrilla Girls:''' an anonymous group of feminist and female artists devoted to fighting sexism and racism within the art world (http://guerrillagirls.com/)

'''Netochka Nezvanovaː''' might be a collective name or it might be one women only. Netochka is the human face of a software tool kit used for digital video in real time. Netochka used to give the interviews to promote the software. However when she showed up in person, she was frequently embodied by different women (http://www.salon.com/2002/03/01/netochka/)

'''Kolena lailaː''' was started by a group of young women bloggers in Egypt in 2006. the initiative devotes one day a year to mobilize all Arab woman bloggers to speak out on different forms of oppressions they face under one banner; Kolena Laila means we are all Laila, the protagonist of “The Open Door” (Latifa El Zayyat)(http://yfa.awid.org/2010/04/blogging-initiative-amplifies-voices-of-young-arab-women/)

==== Comparing strategies ====

Whatever choice you make, what is important is that you keep your domains effectively separated. No matter how many domains you identify in your digital life, and how many corresponding identities you create, on the internet every identity - even the one bearing your real or legal name - becomes a “virtual” persona and should be managed carefully.

''The pros and cons of the various identity options:''

{|
!
!'''Risk'''
!'''Reputation'''
!'''Effort'''
|-
|'''Real Name'''
|"+"
|"+"
|"-"
|-
|'''Total Anonymity'''
|"-"
|"-"
|"+"
|-
|'''Consistent Pseudonimity'''
|"-"
|"+"
|"+"
|-
|'''Collective Identity'''
|"-"
|"+"
|"+"
|-
|}

'''Real name'''

*''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.

*''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.

*''Effort'': It requires little effort.

'''Total anonymity '''

*''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.

*''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.

*''Effort'': Intensive as it requires contacts caution. It might also require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')

'''Persistent pseudonymity'''

*''Risk'': Pseudonyms could be linked to your real world identity.

*''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.

*''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.

'''Collective Identity'''

*''Risk'': Possible exposure of your real world identity.

*''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.

*''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

== Creating a new online identity ==

Once something is on the internet it will stay on the internet, as the internet does not forget. You may think that deleting certain sensitive data from social networking platforms and web services may be enough to protect yourself, but remember that metadata cannot be deleted as easily. And using just one identity through your whole life - in all your work and personal domains - creates a bulk of information that makes it easier to profile you.

One option to avoid this is to leave an old identity behind and create a new one, or several new ones for each of your social domains. You might also choose to use your real identity in some areas, and your new alternative identities in others. Take into account the following recommendations when creating new online identities:

* You should select the contacts for each one carefully, and avoid sharing contacts with other identities you use for different activities. This effectively creates separate social domains, with separate accounts, mail addresses, browser profiles, apps, and if possible, even devices.

* Your various identities should not linked to each other, or to your real identity. Remember that some of these connections can be tenuous as for example when signing up for a new pseudonymous Gmail account using your real phone number, or using a persistent pseudonymous when creating a one time use disposable email.

* Creating disposable extra identities can be useful, as they can be discarded easily if compromised. Those can also can be created for new acquaintances when appropriate as introductory profiles to get to know somebody before you include them in your more trusted network.

==== What’s in a name ? ====

Many platforms have "real name" policies so if you want to use commercial social networking platforms, it is better to use a credible name and surname rather than more imaginative ones.

Once you have decided on a name, a surname, and a username for your virtual persona, you should do thorough research - perhaps also using doxing tools and techniques - to find out if someone else is already using that name. After all, if you wish to develop your own reputation, you don’t want to be confused with someone else, especially if they don’t share your views of the world or if your activities might put them at risk!

Then you need to create a story for this virtual persona because if it comes with a story it makes it a lot easier to maintain the role. You can invent a new story if you feel particularly inspired or base your story on a “known” person’s story, a superhero, a fictional character from your favourite novel, or adopt a “collective identity” like Anonymous/Anonymiss or the Guerrilla Girls. In any case when you create an identity you should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in order to become credible.

'''Further reading:'''

* Helpful tips for inventing a new identity: (http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed)
* Artist Curtis Wallen's experience of creating a new online identity: (http://www.theatlantic.com/technology/archive/2014/07/how-to-invent-a-person-online/374837/)

==== Credible persona ====

A virtual persona or identity can't be just a name with a mail address and a series of web accounts. If you keep all your normal identifying traits - such as your gender, job, attitude or the way you write - it might be possible for someone to connect the dots and link your pseudonymous personas with your real identity.

* '''Work:''' Your persona should have a job that is different from yours, but not so different that you don’t know anything about that field: for example, they shouldn’t be a surgeon if you don’t know anything about anatomy!

*'''Skills and interests:''' Similar considerations should be made to select your persona's skills and the main topics they focus on and write about.

*'''Psychological attitude:''' A good way to give your persona depth is by creating some "weak spots" which are not the same as your own. So when the persona gets attacked, you can laugh about it and not experience harm. E.g if you have a good sense of humour, try impersonating a humourless person!

* '''Linguistic fingerprint:''' This could be identified through a "stylometric analysis" that makes it possible to identify the author of a particular text. To change this, you can start by using a spell-checker in your word processor to check for consistent typos and you could also think about adopting a different writing attitude. You could adopt one simple rule for each persona, making them shout by only using capital letters, or be a low-talker with a lower-case style, or very excitable, with a lot of exclamation marks.

In any case, you should always remember that on the internet, each one of your identities - even the one connected to your real name - is a “virtual” identity, and it is always better to decide what character traits you want to expose in each of them. Creating a somewhat fictional character can be a good idea even for your “real” online identity.

'''Relevant links:'''

* Tips for creating a rounded character for your identities: /https://lilithlela.cyberguerrilla.org/?page_id=94049)

== Managing several identities ==

Maintaining multiple identities is some work, but like most of these practices, it just requires some curiosity, patience and attention. The main point is to keep your identities separated otherwise they will very quickly begin to mix with one another. As a start, you can keep notes on your identities to help you to avoid any awkward situations where you confuse one with the other (but do think carefully about where you host or keep those notes!) There are also technical things you can do:

* Create '''different browser profiles''' so that your browsing habits are captured under different identities, on Firefox (https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles) or Google Chrome (https://support.google.com/chrome/answer/2364824)
* When creating a new email account or social media account for your identity, it is a good idea to '''connect to the server’s website with Torbrowser''' and, if a contact email address is required, to think about using a disposable email address instead.
* If you have the resources and motivation you can separate your identities per device or operating system. This can include using virtual machines for instance, as explained below.

==== Disposable email addresses ====

For some activities and social domains you need to manage rounded personas, in order to gain a strong reputation and trust from other members of the community. In other cases, though, all you need is a disposable email address that you only need to use for opening an account in an untrusted platform. This will reduce the number of traces connected to the email address you use for your work or personal life and minimise the amount of spam in your life. Below are some services which can help you set up these disposable accounts and addresses:

* '''Anonbox:'''(https://anonbox.net) is a service provided by the Chaos Computer Club (CCC) gives you a mailbox for a day.
* '''Guerilla Mail:''' (https://www.guerrillamail.com) lets you choose your email id and holds any mail you receive to it in a mailbox for one hour.
* '''BugMeNot:''' (http://bugmenot.com) allows people to share their email logins and passwords created for platforms with free registration, for anyone to use.
* '''Fakena.me:''' (https://fakena.me) is a privacy-oriented '"fake name generator" that will give you all the fake info you need to set up an account (fake name, birth date, US only address, username and password) as well as a link to an associated guerillamail mailbox.
* '''Instant Internet Decoy:''' (https://decoys.me) creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.

Another option is to set up a '''mail alias''' - a different email address that is connected to your main mailbox. The advantages of this approach are that this email account will not expire, and if it gets compromised you can just dispose of it and create a new one. But beware that is very easy to check what the source email address, so don't use this method when you really need to disguise your identity.

While not every mail service allows users to create mail aliases, this service is offered to every mail user of '''Riseup''' (https://we.riseup.net) and '''Autistici/Inventati '''(https://www.autistici.org).

'''Relevant links:'''

* A list of autonomous email providers compiled by Riseup: (https://help.riseup.net/en/radical-servers)

==== Commercial social networking platforms ====

Before choosing to use any social networking platform there are some basic security and privacy questions you should ask, regardless of which identity you plan on using:

* Does it provide an '''encrypted connection (https)''' for all uses of the site, rather than just during login? Are there any problems related to encryption (e.g. related to encryption certificates)?

* According to the platform's '''End User Licence Agreement''', '''Privacy Policy and/or Data Use Policy''', how is your content and personal data treated? With whom are they shared?

* What privacy options are provided for users? For example, can you choose to share your videos securely with a small number of individuals, or are they all public by default?

* Is the '''geographical location of the servers known'''? Under which '''territorial jurisdiction''' do they fall? Where is the company registered? How does this information relate to the privacy and security of your activity and information?

Now when you think about crafting a separate identity and letting it out on commercial social networking platforms, there are additional precautions to take:

* When '''creating a social networking account for a new persona''', use the browser profile you have created for that persona. Make sure to '''check the privacy settings''' so that you know what you are making public, who can see what you post, who can contact you, who can look you up and what your contacts can do (can they tag you in pictures? can they write on your "wall"?)

* Have fun with '''the profile information you provide''' but remember that this information is publicly available, so think about the message you want to convey with it.

* Make sure your contacts do not overlap with your other identities, and your different identities don't "follow" one another. It is particularly not a good idea to follow your pseudonymous personas with your real identity. If someone is looking to unmask one of these personas, the first thing they will look for is who the account follows, and who follows the account. For the same reason, we should avoid reposting posts or other content published by one account with another account.

* To '''make your identities look like different people''', you can publish from your various accounts at different times of the day. Some social networking platforms, like Facebook, allow users to schedule the publication time of their posts.

* It can be a good idea to follow, from your pseudonymous profiles, other people who might reasonably be considered the real owners of that profile. To further distance your real identity from your pseudonymous identities, you can also write (and hashtag on Twitter) posts under your pseudonymous profiles about events that you are not attending, especially if they are taking place far away from you. It can also be fun to publish and then delete posts that look like you have exposed your identity, so as to further confuse anyone who may try to unmask you.

* If you are using a GPS-enabled phone, most '''social networking platforms will display your location where they can'''. This function is generally provided when you interact with the platform using a GPS-enabled phone, but the network your computer is connected to may also provide location data. It's always a good idea to '''double-check your settings''' - particularly on photo and video sharing sites.

* If you '''access social networking platforms via mobile apps''', it is better to use a different app for each separate account, so as not to post something to the wrong account by mistake. There are several apps which can be used to manage your social networking platforms - it is, however, a good idea to use a different one for each identity, to reduce the risk of giving away your real identity.

'''Relevant links:'''

* '''Terms of Service; Didn’t Read:''' (https://tosdr.org) provides a summary in "human language" of the Terms of Service of many popular social networking platforms and other websites.
* '''Women, action and the media:''' (http://www.womenactionmedia.org/facebookaction/)
* Help on scheduling Facebook posts: (https://www.facebook.com/help/389849807718635)
* Tools for scheduling posts on Twitter and other platforms: Buffer (https://buffer.com) and Postcron (https://postcron.com)

==== Alternative social networking platforms ====

Mainstream commercial social networking platforms can be extremely useful if your intention is to publicise as widely as possible an event you are organizing or a project you are launching. You can think of them as a megaphone - a great tool for getting attention and drawing a crowd but not ideal for communicating anything sensitive or private. There are numerous reasons why they are not considered security or privacy conscious. To begin they have very strict terms of service that could justify their decision to close your accounts if they find that your contents go against their rules. They also profile the users and send the information to advertisers. If you add to this the ever-changing terms of service and the interactions with other apps and features that make it very difficult to understand clearly what actually happens to your data.

Mainstream commercial social networking platforms can be extremely useful if your intention is to publicise as widely as possible an event you are organizing or a project you are launching. But they definitely have their downsides. They have very strict terms of service that could justify their decision to close your accounts if they find that your contents go against their rules (for more, read: http://www.aljazeera.com/indepth/opinion/2013/05/20135175216204375.html). They also profile the users and send the information to advertisers. If you add to this the ever-changing terms of service and the interactions with other apps and features that make it very difficult to understand clearly what actually happens to your data.

So be strategic. Limit the use of commercial social networking platforms to specific projects you want to publicise to a wide audience. For other purposes, there are alternative social networking platforms that give much more freedom to their users and don't profile them. These are community-based, distributed rather than centralized, based on free and open-source software and privacy-friendly. Examples include:

'''Diaspora:''' (https://joindiaspora.com) offers a community driven micro-tweeting platform
'''Friendica:''' (https://friendica.com) enables users to integrate their contacts from different social networking platforms (Facebook, Twitter, Diaspora, GNU social, App.net, Pump.io, etc),
'''N-1:''' (https://n-1.cc/) offers a wide range of tools such as wiki, pads, mailing lists and has a clear anti-sexist terms of service
'''Crabgrass:''' (https://we.riseup.net) has been around for more than ten years and constitute a solid and sustainable social networking alternative.

There may be similar sites popular in different regions, so you may wish to research them.

'''Relevant links:'''
* How social network policies are changing speech and privacy norms: (http://www.aljazeera.com/indepth/opinion/2013/05/20135175216204375.html)
* Helpful chart comparing various alternative social networking platforms: (https://en.wikipedia.org/wiki/Comparison_of_software_and_protocols_for_distributed_social_networking)

==== Blogs and websites ====

Creating a '''blog''' can be as easy as signing up to a blogging platform and choosing a name and a "theme" or visual template. There are several blogging platforms that are both user-friendly and free:

'''Wordpress:''' (https://wordpress.org) very popular and easy to use, open-source.

'''Noblogs:''' (http://noblogs.org) security-oriented blogging platform based on Wordpress with some tweaks for additional user privacy, managed autonomous servers, Autistici/Inventati.

'''BlackBlogs:''' (http://blackblogs.org) similar to Noblogs, managed by German tech collective, Nadir.

If you want a complex graphic layout or need to install particular tools that are not offered by Wordpress and its plugins, you can create your own website. For this you need to get some space in a server through a webhosting service. There are many services out there, but since they generally aren’t free, the options to stay completely anonymous are reduced to creating a website with Austistici/Inventati, which by default does not connect the users of its services with real identities. To learn more about Autistici/Inventati’s webhosting service, visit: https://www.autistici.org/en/services/website.html

If you want to use your own '''domain''' name, bypassing payments and identifications may get difficult unless you use '''Bitcoin''' or another anonymous payment system. The personal data you will provide will not only be stored in the registrar’s internal archives, but by default will also be recorded in a database that can be easily queried by anybody through a simple command in a search engine (whois) or on several websites (e.g: https://www.gandi.net/whois). To avoid this, you can register your domain with the data of an association and use a prepaid credit card that is not connected to your own data (if available in your country). Alternatively, you can use a registrar like '''Gandi''' (https://www.gandi.net) that offers private domain registration for individuals whenever possible.

== A different machine for each identity ==

There are three approaches to digital security: the first one is '''security by obscurity''', which is based on encryption, strong passwords and similar measures and acts as a first line of defence, as a deterrent that will discourage random attacks but is not likely to stop someone who is directly targeting you; then there is '''security by correctness''', whereby software developers try to get rid of bugs that make their code vulnerable. But modern software is very complex, and it is almost impossible to do this job perfectly. Therefore, one of the most realistic approaches is '''security by isolation''', which gives for granted that security measures can be vulnerable and focuses on harm reduction by stopping possible attackers from accessing the whole system that needs to be secured.

If you use the same operating system for your several identities, no matter how carefully you separate your profiles you can still make a human mistake by, for example, connecting to a pseudonymous account through the browser profile you have assigned to your "real" identity, or get infected by a malware that allows your attacker to monitor everything you do online, with all your identities.

To mitigate these risks, you could set up a different device for each of your domains but most of us don't have that kind of resources. A more feasible option is to set up a different operating system by using a GNU/Linux live distribution like Tails or by using virtual machines. A virtual machine (VM) can be described as a simulated computer with its own operating system, which runs as software on your physical computer. You can think of a VM as a computer within a computer. This strategy can be useful for anonymisation but also for sharing machines with others or for example for opening untrusted attachments in isolation in order to avoid a malware infection of your entire system.

The three tools proposed here – Tails, Whonix and Qubes OS – provide you with separate operating systems for managing your alternate identities, and can be quite useful to make sure that you don’t reveal your true identity while you use the anonymous one(s). Take into account that all the solutions detailed below are free and open-source Linux distributions and that they have been designed to maximise the privacy and security of its users.

'''Tails, or The Amnesic Incognito Live System: ''' (https://tails.boum.org/) is a live operating system designed to help you use the internet anonymously and evade censorship. It can be run on almost any computer directly from a DVD, USB stick, or SD card and then shut down again without leaving a trace. It forces all the computers outgoing connections to go through Tor, blocking direct, non-anonymous connections. Using Tails is pretty easy, and if what you want to do with your virtual identity needs anonymisation, then it may be worthwhile to overcome the initial obstacle of installing it on a USB stick and launching it. Tails is a good option also if you have few resources, if you don’t have a computer of your own, or if you often use computers at internet cafes and want to be safer. If you want to keep the files you have created on the system or save your actions, you need to enable this option when you start it. Tails is an established, respected project that has been developed for many years and is used by a wide community of people.

* System requirements: Tails should work on any computer manufactured after 2005 (https://tails.boum.org/doc/about/requirements/index.en.html)

* Documentation: https://tails.boum.org/doc/index.en.html

'''Whonix: (https://www.whonix.org)''' is an operating system created to run in a virtual machine that is designed to protect your anonymity, privacy and security by helping you to use your applications anonymously. A web browser, IRC client, word processor and more come pre-configured with security in mind. Whonix is a relatively recent project and the community using it is still rather small.

* System requirements: You will need a good machine where you can run Virtualbox (https://www.virtualbox.org) in order to install Whonix (https://www.whonix.org/wiki/System_Requirements).

* Documentation: https://www.whonix.org/wiki/Documentation

'''Qubes:''' (https://www.qubes-os.org) keeps the things you do on your computer securely isolated in different virtual machines so that if one VM gets compromised, nothing else will be affected. This way, you can do everything on a single physical computer without having to worry that one successful cyberattack harms your whole system, potentially revealing all the connections among your several identities. Qubes OS is a good choice if you want to keep all your activities inside your own computer without having to install anything else and if what you are trying to do is to effectively separate your identities rather than anonymise your activities online.

*System requirements: Qubes requires a very powerful computer (http://qubes-os.org/trac/wiki/SystemRequirements) – this can be a hindrance, but if you feel that you really need to protect yourself against possible digital attacks, the investment may be worth its while.

* Documentation: https://www.qubes-os.org/doc/

To sum up, none of these tools protect you from every threat, and you shouldn’t look at them as a magic potion that will make you invulnerable. Nevertheless, by using any of them, according to your needs and resources, you will raise the level of effort that an attacker will need to harm you, thus making an attack less likely.

'''Relevant links:'''
* A wider comparison of other such operating systems: https://www.whonix.org/wiki/Comparison_with_Others
* Qubes developer Johanna Rutowska describes how she partitioned her life into security domains: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

== Synthesis ==

This section of the manual has looked at how to include gender into individual security and privacy practices by focusing on the question of identity, exploring what digital shadows mean for each of us alone, and collectively as women and trans* persons. It also covered practical steps you can take to control and play with your identity/ies. However most of you will also want to communicate and organise with others. So, how do you create and maintain pockets of comfort and safety in digital space for discussion, support and presence between those who share common goals, views or mandates, whether it be within your organisation or more broadly in your communities. And what are the strategies for increasing visibility and resistance in inhospitable spaces, which exclude or harm us. The second section of the manual looks beyond the choices and practices available to the individual, and delves into the management of space, looking at strategies for building safe spaces both online and offline.
 

'''Chapter 2: Safe spaces'''

== Safe Spaces ==

Safe spaces can be understood as spaces that are created though explicit community agreement, or through implicit sharing of values. They enable members of a group to flourish, empower themselves and create community. Safe environments for discussion and awareness-raising have played a key role in many women's liberation movements.

As explained by integrated security trainer, Sandra Ljubinkovic, safe spaces are important for any integrated approach to security because they enable an environment that support people to express their emotions without fearing any judgment: “Creating a safe space is crucial for creating a sense of physical safety as well as a sense of confidence in a group. It is important for participants who usually have no time to relax to feel comfortable and enjoy simple things. And if they live in a country where their lives are in danger it is even more crucial to make sure that they feel physically safe. Safe space in a group means a space to feel comfortable and speak openly and freely about feelings, challenges, and emotions as they may arise. In the workshops where issues personally affect people (whether those are physical, emotional, or spiritual threats and challenges), participants may have strong emotions as they do their own inner work facing their own oppression, privilege, anger, hurt, pain and suffering”.

Safe spaces can be temporary and take place during a one time event or training, they can also become permanent spaces when collectives or organisations embed the basic principles of safeness, support, respect and inclusiveness in their own space management.

Whatever format or style is used, a safe space should allow allow women and trans* persons to access and learn about technology and related fields without having to fear sexist language and attitudes, being challenged, mocked or mansplained. There are many possible event formats and styles which can support the creation of safe spaces, both online and offline, to allow women, trans* and other groups to communicate and exchange in a nurturing and welcoming environment.

You might assume that the online communities you create or take part in through social media, discussion lists and chat channels are inherently democratic, non-hierarchical, participatory and relatively safe. However online spaces often reproduce the same hierarchies, privileges and power relations that exist in society, in the offline world.

It's important to be mindful of this and to think through ways to mitigate and limit these downsides in order to get the best out of our spaces. Using such strategies is about caring for ourselves and for the communities we are part of. Making these issues explicit and visible is also about agency, social justice and feminism, helping us to better shape the spaces we care about, we organise in and within which we grow.

This section, will first look at building safe spaces online for enabling a better and safer collaboration among us through the use of mailing lists, chat, and other collaborative tools such as forums, wikis and pads. It will also look at how to use these tools tactically, in a way that supports the creation and maintenance of safe space. The tools that have been highlighted in this section have been included because they are free and open source, and are designed and administered with increased privacy and security in mind, minimising the amount of traces we leave online.

Second, the section will focus on strategies of resistance in public spaces which are not inherently safe - for instance Twitter and Wikipedia. Those examples are designed to give us insight into how we can create safety online collectively by developing feminist counterspeech, storming and swarming together in order to protect and support each other.

Finally it will loop back to the offline world and discuss ways to build safe spaces offline in the physical world, such as through women and trans* only or mixed spaces, to learn and Do-it-Together.

== Collaboration ==

=== Mailing lists ===

Mailing lists are one of the oldest forms of social networks, allowing a group to discuss and organise, to exchange information, video, audio and images. A mailing list is a list of addresses to which the same information is sent simultaneously. The most common types of mailing lists are announcement lists and discussion lists.

If you have decided within your group that you need a secure communication channel and that you do not want to use corporate services, there are some good alternative services to choose from, often recommended for human rights defenders. Riseup, Aktivix and Autistici/Inventati (A/I Collective) are all free services that prioritise security and user privacy. Riseup in particular has many feminist- and queer-oriented lists and is therefore a great place to host your mailing list. On their website you can also have a look at the lists that already exist.

'''Riseup lists:''' https://lists.riseup.net/www/

'''Aktivix lists:''' https://lists.aktivix.org/mailman/listinfo

'''Autistici lists:''' http://www.autistici.org/en/services/lists.html

If you or your organisation has your own server you can also install your own software for managing mailing list and ensure that all your communications remains hosted and safe in your own machine and can not be intercepted by unintended third parties. More information at: https://en.wikipedia.org/wiki/Category:Free_mailing_list_software

==== Open or closed? ====

Once you are ready to create your mailing list you need to decide whether it will be open or closed.

'''Open:''' An open list allows anyone to subscribe, and then once they have joined the list, to receive announcements or participate in the discussion. Subscription can either be automatic, or it can be approved by a moderator. This type of mailing list is good for reaching out to your potential allies, contributors and followers and keeping them update about your activities.

'''Closed:''' Another option is to keep your mailing list closed. In a closed list, membership is limited, and all subscribers require approval before they can join the list. It's possible to have a list that is publicised - ie that everyone knows about - but still closed. This type of list is useful when you want to discuss sensitive or personal topics and be sure that all members in the conversation are trustworthy.

Note that sometimes the archives of a list can be made public to anyone on the web, and will also therefore end up on search engines (like Google). Check if keeping a list open to new subscriptions automatically implies that the archives of the list will be made publicly available, or if they will only be accessible to those who have the subscription password. Sometimes you can choose whether you keep the archives public or not.

If you intend to talk about sensitive issues (and talking about gender related topics is often a sensitive issue!) or if trust within the group is important for creating your safe space, you might want to set up a closed list and to keep your archives closed. If you do choose to leave your archives accessible, it is important to inform everyone subscribed to the list that any delicate topic or personal detail that pops up in your discussions will be potentially visible to anybody.

'''Encrypted lists:''' If you want a high level of security, there is also the possibility of encrypting mailing lists. However, it is important to understand that this requires every participants to the list to already use encryption software like PGP or GPG. This type of list, based on software called Schleuder (http://schleuder2.nadir.org/) and developed by Nadir.org, is designed to serve as a tool for group communication, but this time with a strong emphasis on security.

==== Policies ====

Agreeing on a mailing list policy - a set of do's and don'ts for the list - from the start will save you a lot of time and possibly difficult conversations. Even on a closed list, publishing your policy - which should include the ways in which moderation takes place and how to report violations of the policy, - can be helpful in creating the online safe space you want everyone to feel comfortable in. Your policy can address tensions like the fact that being free to expressing emotion is an important feminist principle, but losing your temper and attacking someone you don't agree with on the list is not ok. In the end any good mailing list policy will set its own rules for achieving a correct balance between freedom of expression and opinion and impeding flames and racist, sexist, or homophobic attacks for instance to take place within the list.

Having a visible and explicit policy sends a strong message about the value of maintaining the mailing list as a safe space. It can also help you to decide who can be added to your list and who not. To make sure that the policy does not get forgotten, you can regularly remind subscribers about it, with a link at the end of each mail you send out.

'''Relevant links:'''
* Sample mailing list policies that can be adapted and used for your own purposes: for women-only communities (http://geekfeminism.wikia.com/wiki/Statement_of_purpose/Women-only_communities) and for communities including men (http://geekfeminism.wikia.com/wiki/Statement_of_purpose/Communities_including_men).

==== Administration ====

'''Administrating a list:''' involves handling subscriptions and moderating content. You can choose how many administrators you want your list to have. Be aware that if your list suddenly becomes very chatty, this might be too demanding for just one person. Besides that, any communication tool including many members should not rely on only one person for administration duties. Take into account that this person could have problems, disapear or simply become abusive because of their power. Because of this, you should include more people helping with administration and moderation duties. A list can also be collectively managed and you can distribute those responsibilities among members of the list.

'''Moderating a list:''' as a general rule, moderation has three main goals. First, a well-moderated community will be more productive and efficient in generating and distributing valuable information and knowledge to its members (subscribers). Second, good moderation will increase the accessibility and openness of online communities by enabling respectful dialogue among its members. Finally, it will lessen the demands on the infrastructure, as well as on the list members.

Remember that any online safe space will apply the basic principles of ''net etiquette'' and that any good administrator, moderator and mailing list policy should review, adapt and include those principles in their core social norms and values and ask members of the list to discuss, understand and accept those. In a nutshell net etiquette requires users to: be nice, learn internet acronyms, keep messages brief, do not shout, protect personal information, help others, and to not send mails if feeling angry! (For more information see: http://www.networketiquette.net/ and https://en.wikipedia.org/wiki/Etiquette_in_technology)

==== Mailing list examples ====

Before setting up your own mailing lists, you might want to engage with some of the established mailing lists focused on gender and technology. for example:

Open Mailing lists:

'''Take Back the Tech!:''' the mailing list associated with the collaborative campaign to reclaim information and communication technologies (ICT) to end violence against women (VAW). To register: https://lists.takebackthetech.net/mailman/listinfo/takebackthetech

'''FemTechNet:''' is a network of scholars, students, and artists who work on, with, and at the borders of technology, science, and feminism in a variety of fields including Science and Technology Studies (STS), Media and Visual Studies, Art, Women’s, Queer, and Ethnic Studies. To register: http://femtechnet.newschool.edu/mailman/listinfo/femtechnet

'''Queer Feminism Geek:''' is a network of feminist, queer and trans* hackers, makers, geeks and artists who organise activities and assemblies at the Computer Chaos Camp and Congress. To register: https://lists.riseup.net/www/subscribe/queerfeministgeeks

'''Subscription after endorsement by others on the list:'''

'''Fembot:''' is a network of scholars and students who focus on gender, media & technology. To register: https://lists.uoregon.edu/mailman/listinfo/fembot

'''Femmehack:''' is a list created to organise a Global Feminist Hackathon that took place past 23th of May 2015 in loving memory of Sabeen Mahmud, a Woman Human Right Defender shot to death in Pakistan: https://f3mhack.org

'''TransHackFeminist:''' is a list that was created after the first THF convergence in 2014 where intersectional feminists, queer and trans* people of all genders met to better understand, use and ultimately develop free and liberating technologies for social dissent. It gathers members from all the over the world and uses Spanish and English to communicate: http://transhackfeminist.noblogs.org/files/2015/01/THF_report_Eng.pdf

'''Closed mailing lists:'''

'''Gender and Technology Institute Participants:''' The GTI list is a closed list of people who participated in the Gender and Technology Institute that took place past December 2014, inasmuch as it is opened to people trained by Tactical Technology Collective to privacy and digital security from a gender perspective.

'''Ada camp:''' is a closed list that is dedicated to speaking about issues related to women in open source. It is composed of the people who participated in Ada Camp: https://adacamp.org/

=== Chat with IRC ===

Internet Relay Chat (IRC) is a chat service which can be hosted on different servers and accessed through different user clients. It provides the ability to set up channels or chatrooms which allow many people to contribute to a discussion in real time. IRC also gives you the option to encrypt your communication. You can’t embed video, audio or pictures, but you can link to them.

While IRC can be a great tool for facilitating collaboration, there are things to bear in mind if you decide to use it. First, IRC can take a little time to get used to, depending on the skills in your group. Second, developing relationships across a purely text-based channel such as IRC can be challenging. Writing is not easy for everyone; and some in the group might not be using their mother tongue.

'''Accessing IRC through your browser:''' There are several ways to chat through an IRC network. The easiest way to start out is to access an IRC network directly through your browser, such as one from Indymedia (https://irc.indymedia.nl/) or Freenode (https://webchat.freenode.net/). You can get set up immediately by creating a nickname and a channel, which you can then give to your colleagues to connect with you.

'''Accessing IRC through a chat client:''' Connecting to an IRC network through your browser is, however, not the most secure option out there. If you are a more advanced user, or if you have already tested out IRC out and think it will work for your group, it can be better to access your chosen IRC network from a chat client.

There are a few different chat clients which you can choose from, including Jitsi and Pidgin. You can read more about these clients and how to use them on Tactical Tech's Security in-a-Box: Jitsi (https://securityinabox.org/en/guide/jitsi/windows) ; Pidgin (https://securityinabox.org/en/guide/pidgin/windows).

'''How to use a network:''' Advice and instructions on using an IRC network can be found on Freenode (https://freenode.net/using_the_network.shtml), Autistici (https://www.autistici.org/en/stuff/man_irc), and Indymedia (http://docs.indymedia.org/view/Sysadmin/IrcHowTo). The last two also allow us to anonymise our connections through Tor.

'''Facilitating a meeting:''' Once you start an IRC meeting, it is useful to appoint a facilitator to keep track of time. This person might also be in charge of making sure the discussion sticks to the topics at hand. In order to create a welcoming environment and a safe space, acknowledging and valuing the voice of everyone is key on IRC. When you start a conversation, take time to greet people - in particular newcomers. When facilitating a conversation:

* Set a time limit and stick to it because IRC meetings can be very tiring.

* You might decide that people should be given turns to speak in order to ensure that everyone has space to express themselves. You can simply assign turns in alphabetical order of nicknames (or any order you want to give) for each of the points addressed. This can help structure the conversation and stop one person or a small group of people dominating the conversation.

* IRC can go very fast, particularly if there are many people involved in the discussion. Getting everyone to slow down and read all the inputs can decrease frustration.

* It can be useful to end your input with “over” or "done", so everyone knows when you have stopped speaking.

Whatever the facilitation methods you choose, communicate them explicitly to all the participants beforehand, for example in the email where you invite people to join the meeting.

=== Forums, Wikis and Etherpads===

Chat services and mailing lists can be extremely useful, but they will only take you so far. When it comes to managing collaboration between people living in different places, you will probably find yourself looking for something with more functionality.

'''Internet forums:''' One of the oldest tools used for public discussions online are internet forums, where discussions can be hosted over time and are at least temporarily archived. What really distinguishes a forum from a mailing list or IRC chat is that it has a tree-like structure and can contain a number of sub discussions, each with a different topic.

'''Wikis:''' If you are looking for a tool to collaboratively write a text with many sections, or even to create the initial structure and content for a website, a wiki can be a useful tool. A wiki is a web application that allows for hierarchical structuring of content and tracks the edits and additions of the users, easily allowing you to revert changes, and move and delete content.

Both forums and wikis need to be hosted on a server, so you'll need to know how to set one up and manage it.

'''Etherpads''': For collaborating in real-time on documents, Etherpads are a great resource. They are also a good alternative to corporate services like Google Docs, and are far more effective for co-editing text than, for example, sending mails back and forth. The main thing you need to check for in an etherpad is that it is hosted with an encrypted connection (via SSL). A list of such etherpads can be found here: https://github.com/ether/etherpad-lite/wiki/Sites-that-run-Etherpad-Lite.

* To '''create a new etherpad''' (ie, a new document that you are going to collaborate on), you need to decide on the name of the URL. Because each pad is open to anyone who has the URL, you should give each pad a long and inventive name, so that it can't be easily guessed. For example: https://pad.riseup.net/p/feminists is not secure. A more complicated URL such as https://pad.riseup.net/p/FeministsRockAndTheyWillBeDoingGreatThingsToghether is much more secure. Once the etherpad has been created you can send the URL to your friends and colleagues to start collaborating on a document.

* If you are worried about your etherpad being found by others, you can also consider a '''password-protected pad'''. For more on this, see: https://www.protectedtext.com/

* Etherpads allow you be anonymous, use a pseudonym or use your real name. There is a colour-based system that differentiates the contributions of each participants on the Etherpad, so you can always see who is contributing what.

== Safe spaces in the public sphere ==
There are many spaces which will feel inherently unsafe either because they explicitly or implicitly exclude women and trans* people, or because they harbour bigots. There are a number of ways to counter the vulnerability and intimidation we might feel online. One is through caring for our personal and collective safety, through using security -and privacy- enabling tools and techniques and managing safely our online identities. Another is shaping with others methods to reclaim and stay safe in the public sphere. Organising collective actions can be a powerful act of resistance, bringing attention and visibility to the situation and in turn helping to bring about transformation.

'''Feminist counterspeech''' - creating counter-narratives online, or "talking back" - is one strategy for making sexism visible and for responding to online attacks and harassment. It can be an effective tactic to create a sense of belonging and make visible the effectiveness of collective feminist actions online. There are many examples of feminist counterspeech in action - many of which you have probably seen and appreciated. The Everyday Sexism Project (https://twitter.com/everydaysexism), for example, catalogues instances of sexism experienced by women on a day-to-day basis; or Byefelipe (https://instagram.com/byefelipe/), the Instagram account which reposts abuse my men who turn hostile when rejected. Feminist counterspeech can also include tactics to enable the inclusion and visibility of women's contributions to knowledge platforms such as Wikipedia.

=== Storming Wikipedia ===

There have been many studies that have criticised the way in which knowledge is produced on Wikipedia. A 2010 survey (https://web.archive.org/web/20100414165445/http://wikipediasurvey.org/docs/Wikipedia_Overview_15March2010-FINAL.pdf) conducted by the United Nations University found that only 13% of Wikipedia contributors identified as female. The fact that Wikipedia’s contributors are mostly men in their twenties and thirties, and disproportionately western, are important factors that influence content.

Women who have played a significant role in history are also often missing from Wikipedia, and feminist, queer and trans* content is often challenged.

The lack of gender and cultural diversity in the content on Wikipedia demands creative responses. Because of this partnerships, research, community organizing, socio-cultural and technical interventions should all be considered.

'''Storming Wikipedia''' or organising '''Edit-a-thons''' are two possible interventions. These enable participants to learn collectively how to edit and change content to better reflect their communities and histories. Learning how to edit Wikipedia can seem daunting, so collectively editing and creating pages is a great way to confront fears; to Do-It-With-Others (DIWO) in a safe space. Besides you will learn about the Wikipedia community values and principles and how such a large community-driven effort has, through the development of bottom-up social rules, become the most important encyclopedia in the world. All together, Wikipedia remains an important space worth investigating and reclaiming!

Organising a wikistorming involves gathering a group of friends (and friends of friends) who want to learn or already know how to edit Wikipedia, and identify a safe space in which to hold the event. It can be held in someone’s home, in a community centre, at an art centre or at a community organisation. Wikistorming can (and should) of course be organised for any day, but Ada Lovelace Day in mid-October and International Women's Day on March 8 are two specific days on which such gatherings often happen. A wikistorming can last for half to a whole day. Before the wikistorming or as part of it, decide which Wikipedia entries you want create or which existing page you want to edit. Be realistic in your goals and don't put too many edits on your agenda! To edit Wikipedia carefully takes time.

'''Relevant links:'''
* Advice on organising a wikistorming: http://femtechnet.newschool.edu/wikistorming
* Great examples of wiki storming: https://blog.wikimedia.org/2015/03/05/wikipedia-edit-a-thons-international-womens-day/
* Lectures about the gender gap in wikipedia and how to overcome it: https://meta.wikimedia.org/wiki/Gender_gap

[[File:We Can Edit.jpg|thumbnail|center]]

=== Dealing with Trolls ===
Women and trans* persons who begin to grow a following and have influence online might experience what Kathy Siera describes as a “koolaid point” (http://seriouspony.com/trouble-at-the-koolaid-point/). This is a point at which a certain group of people decide that you have too much influence, and make it their mission to silence you or discredit you. This is commonly referred to as 'trolling' - although it is more often than not targeted, discriminatory in nature and hate-based. A troll's tactics can include anything from sending constant derogatory and belittling messages, to editing and distributing images, and even making threats.

''Block or engage?''

There are two key ways you can deal with trolls. One is to '''block''' them and then '''report''' them to the platform you are using. The other is to engage with them. The decision on which way to go depends on what you want to achieve.

'''Blocking''' trolls can sometimes be effective, and can allow you to continue with your work unimpeded. Projects like Block Together (https://blocktogether.org/) and Block Bot (http://www.theblockbot.com/sign_up) were developed to help people who are harassed share their blocklists with each other.

When trolls are really committed to harassing you, however, blocking doesn't really help. A determined troll can create numerous different profiles (called “sock puppet accounts”) to continue the harassment, and this means your blocking has to keep up with their new account generation. This quickly becomes very tedious.

Historically, platforms like Twitter and Facebook have not handled '''reports of intimidation and violence''' very well. However, this is beginning to change, as they recognise the severity of problem and see how it deters people with important voices from using their services.

You might consider the alternative - '''engaging''' the trolls who are harassing you. One way to do this is to try and enter into rational arguments with them and interrogate their views. Another way is to try to shame them, or to use humour to deflate their egos. Effective engagement with trolls can actually help to generate debate and public interest around the act of harassment, and can involve others online in discussions about safe spaces, violence, sexism and online behaviour. It can also be a source of empowerment for the subjects of trolling: seeing others laugh at your harasser can be very uplifting.

'''Swarming''' can be another way to drown out the voices of the harassers. This can be done in retro style by creating communities of support with your allies in social media spaces where you are likely to encounter harassment. When someone is being targeted, others can quickly be alerted and bombard the harasser with messages. The content of that message is up to you: it could be scolding, educational, or loving. Another option is: instead of directing messages towards the harasser, the swarm can fill the victim's content stream with lots of new content in order to quickly make the negative, violent content disappear into online history.

If you want to engage with trolls, or try “swarming”, you might prefer to stay anonymous to avoid having your real identity trolled. Setting up a network of second accounts to do your troll-response work can be a good idea for your organisation or your community of friends. It might be easier too, psychologically, to say some of the things you want to trolls, than you would if the comments were linked to your main identity. And it is more performative: you can create any kind of identity you want and style it with an avatar, a funny name, a character etc.

However, while battling the trolls in the old-fashioned human way can be fun and eye-opening, it can also be a time waster. Another option to consider is automation using '''bots'''. For this you need to do some coding, or you can work with freely available code that someone has already uploaded on a software repository such as Github.

===== Bots against trolls =====

A bot is a piece of software that runs an automated task over the internet, performing tasks much faster than we can.

There are many different types of bots. There's the spambot, for example, which harvests email addresses and contact information; and there are also the 1800 approved bots on the English Wikipedia, which help to semi-automate the editing of Wikipedia pages. Bots can post content, gather information and click on things. Twitter is also filled with bots which use algorithms to harvest information and tweet. Many of these are humorous and random - for example @twoheadlines, which grabs random news headlines and combines them to create funny combinations.

A bot can be programmed to document trolls' activities, or talk to them, so that you don't have to. The possibilities outlined below apply mainly to Twitter; however some of these ideas can be used across other platforms as well.

'''The data-gathering bot:''' quietly scans Twitter and gathers up tweets, usernames and any other available information you have programmed it to collect. It places this information in a file for you. This bot can be useful for understanding what kind of content is out there, and for doing a first-stage analysis of abuse. Foxxydoxing is such an example; it is intended to help you analyse who your harassers are (https://github.com/DeepLab/FoxyDoxxing).

'''The simple talking bot:''' if you follow the #gamergate hashtag on Twitter, you will see a bot called @everyethics which tweets different humorous reasons for the #gamergate trolling, ridiculing the claim that the major trolling which has been called "Gamergate" was not about attacking women in gaming but about “ethics in game journalism”. While this bot could be seen as spam, it was actually clearly a strategy to undermine and make fun of the trolls.

'''The retweet bot:''' is programmed to scan Twitter for a list (created by you) of specific words, phrases or hashtags, and to retweet those. This would be a strategy for documenting and publicising Twitter abuse. Here's an example of such a bot you can download and install yourself (https://lilithlela.cyberguerrilla.org/?p=17418).

'''The autotweet bot:''' is similar to the retweet bot except that every time it finds a tweet with one of the words, phrases or hashtags you have programmed it to look for, it will tweet a pre-written tweet directed at that user. These bots get shut down much faster now, as was shown by @fembot, which was programmed to automatically respond to racist and sexist tweets. @fembot was blocked after only 75 tweets.

'''The data-gathering bot in combination with the talking bot:''' in this example the data-gathering bot finds the users according to your search terms, and compiles them for you to read over, check for accuracy and remove any false positives. Alongside the data-gathering bot, you can have a talking bot or a team of talking bots which can tweet whatever you want to those users. The campaign Zero Trollerance (https://zerotrollerance.guru) used this method, employing 160 talking bots which enrolled 3000 identified trolls in a self-help program and then sent them humorous motivational messages and video clips over a period of one week.

If you are considering creating bots to work for you to fight online bigotry and harassment, there are some things you need to watch out for. Twitter is not against bots and if you just want to create a bot that scans information from Twitter for you to analyse, or a bot that just tweets out to no one in particular, you will likely not encounter any problems. However if you want to tweet @ other Twitter users, you have to take into account Twitter's policy against spam.

Also keep in mind that language is slippery and if you want to tackle violence against women and trans* persons online, you will have to be very careful about what kind of language you search for. For example, every time someone uses the word “bitch” on Twitter to intimidate or harass a someone, there are probably at least five other people using it to tell their friend how much they love them or talk about the latest celebrity affair. The best way to figure out which language is being used for harm is to crowdsource it from people who have been harassed and then do a number of tests, pulling tweets from Twitter and then analysing the results yourself.

Read more of this section, including how to set up Twitter accounts to be bots for you:

Relevant links:
* Simple bots you can download and test out yourself with a little patience, from Lilith Lela: https://lilithlela.cyberguerrilla.org/?p=9247
* How to evade Twitter's spam filters with your bot: https://gendersec.tacticaltech.org/wiki/index.php/Step_2#Evading_Twitter.27s_spam_filters
* Twitter's guide to Automation Rules and Best Practices (https://support.twitter.com/articles/76915-automation-rules-and-best-practices).
* Video global Voices "Do We Feed the Trolls?"ː https://www.youtube.com/watch?feature=player_detailpage&v=YRZTeea9ohM
* How the Zero Trollerance bot army worked: http://www.telegraph.co.uk/technology/social-media/11535405/How-do-you-stop-Twitter-trolls-Unleash-a-robot-swarm-to-troll-them-back.html

=== Supporting others ===

It can feel daunting to know what to do when you see someone experiencing online violence, and sometimes in trying to help you can inadvertently worsen the situation. Knowing how to act in the best possible way is our individual and collective responsibility in helping to create a safe space online for everyone. If you are someone who wants to support a disadvantaged group but is not part of that group (men are allies when it comes to women's rights issues), it's important to speak out and say “NO”, in a public space, to online harassment and violence. Otherwise, the culture of impunity to online harassment will continue. Now when your friends or allies are being harassed and/or attacked online, there are some best practices you can follow:

'''Offer quick support:''' When someone is being attacked or harassed, try to be quick in bringing in support. If you are close to the person under attack, offer immediate assistance. Bear in mind that this person might feel overwhelmed and might not have a clear set of instructions in mind about how to best supported. Remain quiet, attentive and patient and try to not create any extra pressure or stress. In the event of doxing - where confidential info has been released on the internet about that person - you might want to offer a safe space (a home) if the person does not feel safe in their own home. You can also offer to moderate your friend's Twitter feed or blog comments to allow her/them to take a break from it.

'''Speak out:''' If you do not know the person well, you can at least speak out against what is happening. It's not enough to simply send a private email or a tweet to the person who is under attack telling them that you think this kind of behaviour is unacceptable (sometimes, if the person under attack is being flooded with tweets and mails, it's even better not to write at all). Instead, speak out about it in your networks and raise your voice against such behaviour. You can, for instance, commend publicly the work that the person under attack has been doing. Don't be silent, especially if you are a colleague or a team-mate. Make your voice resonate online - particularly if you are a man! Here is a great exemple of Jay Smooth calling On Men To Challenge Anti-Feminist Internet Trolls (https://vimeo.com/44117178)

'''Organise collectively:''' If you want to have more impact, think about crafting a "collective action" as those are often more effective than individual actions. Gather a group of friends, and friends of friends, for a Twitter storming, for instance. This will show to the person under attack that you and others care and that such acts are not OK.

'''Write a solidarity statement:''' If you are part of an organisation or network, you can write a solidarity statement that explicitly says you condemn online gender-based violence and harassment. Having feminists review the statement of solidarity is a best practice. If it's a person from your organisation who has been under attack, make sure she/they read the solidarity statement before it is released. You can also prepare an organisational policy in advance on what to do if someone is under attack. If you have a policy and specific steps to follow when such a situation occurs, chances are you will do less harm and be more effective in your response. see for instance Tor Solidarity against online harassment (https://blog.torproject.org/blog/solidarity-against-online-harassment).

'''Talk to the media:''' Depending on the nature and context of the situation, you might want to speak out through the media and highlight the gendered and sexist nature of online attacks. It's always best practice to consult the persons targeted before speaking to the mainstream media. If you do not know the person personally, go through the web of trust - your trusted online network. Thinking about the harm and added stress that the person can go through if they are made visible in the mainstream media is something that you should carefully assess. Consider especially that this is not about you: this is about fighting sexism online and supporting others!

'''Resources for support:'''

*'''Block Bot:''' (http://www.theblockbot.com/sign_up) will block known harassers and trolls on Twitter for you.

*'''Block Together:''' (https://blocktogether.org/) allows you to share your block lists with others on Twitter.

*'''Foxxydoxing:''' (http://foxydoxxing.com/) scripts to help you analyze the connections between your attackers on Twitter and a wonderful graphic story to explain how it works.

*'''Crash override network: ''' (http://www.crashoverridenetwork.com/) a support network and assistance group for victims and targets of unique forms of online harassment, composed entirely of experienced survivors. They work preventatively and reactively with survivors during episodes of harassment to keep them safe and provide them with the means to reduce harm and rebuild, as well as disempower their harassers.

*'''The Online Abuse Prevention Initiative (OAPI): ''' is a nonprofit organization dedicated to reducing and mitigating online abuse through the study and analysis of abuse patterns, the creation of anti-harassment tools and resources and collaboration with key tech companies seeking to better support their communities. It works in collaboration with the Crash Overide network (http://onlineabuseprevention.org/)

*'''Zero Trollerance:''' (https://zerotrollerance.guru) a humorous, video-based self-help program for sexist Twitter trolls. You can send your Twitter trolls links to individual videos or to the main website zerotrollerance.guru. You can also contact @ztrollerance on Twitter to do it for you.

*'''HeartMobː''' is a platform for real-time support to individuals experiencing online harassment and empowers bystanders to act. Visit their Kickstarter project to know more about the initiative (https://www.kickstarter.com/projects/4096561/heartmob).

*'''Trollbusters:''' (http://www.troll-busters.com/) still in development, this tool plans to counteract Twitter abuse by flooding your timelines with love messages.

=== Documenting violence ===

Besides directly supporting and showing solidarity with people subjected to violence, you can also populate and contribute to the documentation of instances of online violence and harassment. Those initiatives are key in order to show the extent of the problem and to make visible some of the structural aspects of violence in societies.

'''Resources for documentation:'''

* APC's '''Take back the Tech:''' has collected more than 500 stories of women who have experienced violence online. These stories were gathered using the open source platform called Ushahidi. The data visualisation can be see here: https://www.takebackthetech.net/mapit/ . The overall results of those who have participated in this exercise show that women between 18 and 30 who are using Facebook are most likely to be under online threat (http://www.genderit.org/articles/mapping-strategy-disclose-online-violence-against-women).

* '''GenderIT.org:''' emerged from APC's Women’s Rights Programme’s advocacy work in information and communications technologies. The need to have examples of national policy, gender-sensitive language, tools for lobbying, and an understanding of the impact of poor or positive policy all within easy access has been expressed by ICT advocates and policy makers alike (http://www.genderit.org/).

* '''The Geek Feminism Wiki''' has been documenting sexist incidents in geek communities. To see the timeline of incidents: (http://geekfeminism.wikia.com/index.php?title=Timeline_of_incidents). You can also check out their resource pages for allies supporting support women in geek communitiesː (http://geekfeminism.wikia.com/wiki/Resources_for_men)

* '''Women, Action, and the Media (WAM!)''' has written a report on online violence on Twitter (https://womenactionmedia.org/cms/assets/uploads/2015/05/wam-twitter-abuse-report.pdf/) and created a Twitter Harassment Reporting Tool (https://womenactionmedia.wufoo.com/forms/wam-twitter-harassment-reporting-tool/).

* '''Breaking the circle''' is an international campaign to raise awareness on the fact that gender violence is a problem that concerns both men and women, which focus on the role of men and include them as agents of change. They have developed a series of tools and information that will help us spread the message and raise awareness (http://en.breakingthecircle.org/).

* '''Crowdmaps in Indiaː''' After the Delhi Gang Rape there was a lot of interest in how tech could be used to address the issue of sexual violence against women in offline spaces. These initiatives emerged from spaces where tech meets gender in order to see how tech can be used to tackle gender based violence gender problems. See for instance Harassmap in Bombay (www.akshara.crowdmap.com ) and the Safecity -Pin the creep (www.safecity.in) and the 'Safetipin' app for safely auditing public spaces.

* '''Macholandː''' This french platform wants to voice actions, embedded in the public, media and political speech, driven by citizens who refuse to see sexism spread massively without reacting. Each user can participate and propose an action that pin with humor brands, organizations and public figures (http://macholand.fr/)

* '''Feminist Frequencyː''' This project includes the video series Tropes vs. Women, created by Anita Sarkeesian with Bitch magazine to examine common tropes in depictions of women in film, television and video games, with a particular focus on science fiction. Videos produced in this series include “The Manic Pixie Dream Girl”, “Women in Refrigerators” and “The Smurfette Principle” (http://feministfrequency.com/)

== Safe spaces offline ==

Many of the principles of creating and maintaining safe spaces online can also be applied offline. As noted in the introduction of this chapter, safe spaces can either be temporary and take place during a one time event or training or can also become permanent spaces where collectives or organisations embed the basic principles of safety, support, respect and inclusiveness in their own space management.

In the case of security and privacy training, you also need to consider how participants can best learn skills to protect themselves when the topics themselves can be frightening or overwhelming. The environment also has to be suited to the participants share stories about threats they have been facing online and offline. Those stories can be very traumatic and personal and should be handled carefully, but at the same time they are a very important part of the process of developing security and privacy strategies.

The difficulties in defining what a "safe space" should look like are inherent in the fact that you are bringing a diversity of people together, who might be considered to be part of the same community but who all have different histories, contexts and needs. What one person might find politically, socially or personally threatening might mean very little to another. And everyone will of course also come with different experiences and levels of knowledge and skills with regard to technology.

It is important to be aware that, in struggling to perfect a safe space, one always runs the risk of creating instead yet another form of social control and pressure to conform to a particular image of what, for example, a woman or trans* person is or should be.

=== Boundaries ===

When trying to create a safe space, you might encounter the issue of who is included and who is excluded from it. It can very divisive, as it will often touch on people's strongly held sense of their political, personal, sexual and social identities. Issues of sexual orientation and gender identity will likely come up. Some will prefer a women and trans* only environment, some will feel that this opens up an opportunity for external attacks on the whole project by adversarial forces, while some will feel that cis-men friends and colleagues are being unfairly excluded, and feel resentful. If you are having a debate about this, some things to consider are:

* Is there an agreed framework and rules of engagement? How do we define "woman" and "trans*"? How do we define "safe"?
* Who do we want to include, influence or support? Specifically women and trans* persons, or also potential allies?
* How important versus how contentious? Is it worth alienating some people from the group? How can we frame the debate to avoid alienating people who don't agree with the decision?
* How will the decision affect the actual experience of people within the space?
* Do we have all the skills we need to deliver this project among our networks, or will we need specific additional skills? Where will we get them?
* How will the space be organised to promote equal participation, especially if cis-men are included?

It's important to remember that building offline spaces is resource- and labour-intensive, and often many compromises have to be made. It may be a good idea to try to identify as early as possible which values are shared, important, and relevant to the event, so that you can constantly remember to prioritise those and de-prioritise less important or potentially divisive issues.

Building offline spaces is easiest and most successful when you're clear about what you're trying to do and how you plan to go about it. The second thing which must be considered is exactly what the event is intended to achieve. For example:

* '''Skills:''' How can we learn to do xyz?
* '''Advocacy:''' How do we change the culture of tech sectors to be more amenable for women and trans* persons, and/or let the world know that they are great at tech?
* '''Support, networking and boundary-crossing:''' What does it mean to be a woman or trans* person in tech? How can women from different places or sectors come together to spark off new ideas and practices? How can we support each other as women and trans* persons in tech?

Different aims will inform different safe space policies. For instance, it's difficult advocating for change in the male-dominated tech sector if you haven't invited cis-men to hear what you want to say - but you might prefer to discuss *how* to do this in a women and trans*-only environment first. If, on the other hand, you are advocating for engagement with technology to women and trans* persons and mainly want free, honest and mutually supportive discussions or skills-sharing, then in this case, a women and trans* only environment suggests itself.

With skills workshops, there is research to suggest that women and trans* persons learn tech skills best with each other, so these workshops have a very clear and communicable reason for being exclusive. Another possibility is to run an event twice, once for women and trans* participants and once for open participation. This can have the positive side-effect of enabling others to experience a safe space methodology and thereby change their own practices in the spaces they organise, but it will be clearly more time consuming.

=== Choosing a format that fits ===

Once you have settled the basic questions on what your event is for and who you want to invite, it's time to think about the format of your event. Deciding which format to use can be helped by your answers to some key questions:

* What are you trying to do? Which format will support this activity best?
* What are the participants' needs, existing skills, experience and preferences?
* What physical spaces are available, what will they allow you to do, and what resources do you have?
* What are your human and organisational resources - how much can you take on?

There are many different ways of organising events. Some of the most popular in FLOSS and tech-related communities are:

* '''Un-Conference''': helps people to make connections, share knowledge, collaborate and inspire each other. To take part, participants are encouraged to give a presentation, create a discussion, or even chair a debate (http://lanyrd.com/blog/2012/unconference-howto/ ; http://openspaceworld.org/wp2/what-is/). This format can be relatively egalitarian and relatively easy to organise (no messing about with programmes, scheduling and advanced prep) but you should watch out for the tyranny of structurelessness. Thy can also be extremely intimidating and therefore exclusionary towards less experienced or skilled participants; and can be stressful if you need to organise tech or other resources for specific activities in advance.

* '''Workshop''': transferring skills or knowledge in an interactive session. There are many possible workshop methodologies. Selecting a workshop format is very much about being clear about what you want to achieve. Workshops can be a good format for building skills or for maker and design activities. For instance in Pakistan Hamara Internet is a campaign by Digital Rights Foundation that seeks to raise awareness about violence against women online through various workshops. It literally means ‘Our Internet’ in English and works to impart digital security tips and training to women and bridge the gender digital divide in Pakistan (http://hamarainternet.org/).

* '''Hackathon:''' With its general motto "programming till someone drops from exhaustion", hack events can mix different groups - like NGOs with hackers - to come up with new approaches to building technology for that group. For instance IGNITE (Women Fueling Science and Technology from the Global Fund for Women International) organised a global Hackathon called #hackgirlsrights. This 24-hour, multi-country coding event, targeted girl coders which collaborate to develop a website or application that address specific challenge facing girls and young women (http://ignite.globalfundforwomen.org/gallery/ignite-international-girls-hackathon). On the past 23th of April 2015, another global feminist hackaton called femhack was organised around the world in loving memory of Woman Human Rights Defender Sabeen Mahmud (https://f3mhack.org). You can read more about how to run a hackathon here: (http://globalvoicesonline.org/2012/11/23/hackathons-in-droves-how-is-a-hackathon-organised/)

* '''Sprint:''' A sprint is a gathering of people involved in a specific project to further the focused development of some aspect of the project, such as working on sections of code, writing manuals or books, etc. These are effective at getting a lot done quickly for code and manuals (less so for other forms of writing), but can be exhausting and emotionally demanding - make sure you keep food and drink coming! To read more about sprints, visit wikipedia: (https://en.wikipedia.org/wiki/Sprint_(software_development) and Flossmanuals: (http://www.flossmanuals.org/service/booksprints). To note for instance that this manual was edited during an editorial sprintǃ

* '''Seminar:''' A seminar brings together a small group for recurring meetings which focus on a particular subject. In a seminar, everyone actively participates, or offers information or training on specific topics. On the one hand, this kind of structured activity supports people with less experience or confidence; planning for tech/resource support is fairly straightforward; and people know what to expect. On the other hand, the event can be experienced as overly structured and lacking spontaneity for more experienced participants; more 'top-down'; and requires more organisational effort in advance. Check out for instance The documentation of the Feminist Server Summit which consisted in a feminist review of mesh- cloud- autonomous- and D.I.Y. servers (http://vj14.constantvzw.org/r/about).

More stable kinds of safe spaces for experimenting and learning technology include:

* '''Hacklab, hackerspace or makerspaceː''' These are community spaces with hardware and/or tools - great for people to "get their hands dirty" and play around with anything - from taking computers apart to installing Linux to making music with bananas or building a radio out of razorblades and wire. Read more about hacklabs and hackerspaces here: "Hacklabs and Hackerspaces: Shared Machine Workshops":(http://www.coredem.info/IMG/pdf/pass11_an-2.pdf). You can also visit the following portalsː (http://makerspace.com/) (http://hackerspaces.org/)

* '''Feminist hackerspace:''' Those vary in shape, form, and size. What often unites them is a set of boundaries that are decided on collectively (who can be a member, who can be a guest, what are the policies, etc.) and an explicit belief in feminist principles. Feminist hackerspaces provide a place to work on individual and collective projects in a supportive environment. To know more about feminist hackerspaces you might want to visit the website Mz Baltazar’s Laboratory in Vienna (http://www.mzbaltazarslaboratory.org/), The Mothership Hackermoms in Berkeley (http://mothership.hackermoms.org/), Double Union in San Francisco (https://www.doubleunion.org/) and FemHack in Montreal (http://foufem.wiki.orangeseeds.org/).

For sharing skills, setting up a feminist hackerspace, or choosing an unconference, workshop or seminar format makes a lot of sense. For advocacy and networking events, the choice is not so obvious. Advocacy events can be some of the most challenging as it's easy to spend the entire day "re-inventing the wheel" with people who are new to the questions. If you have participants from diverse backgrounds in your advocacy event, it could be best to go with a more structured format. Unconferences and hackathons work best with activists or experienced practitioners who are used to a high level of self-determination, and who have a shared understanding of the implicit rules and structures of the space. Having said that, it can work well to try more open formats anyway, but be prepared for some skilled facilitating to make it a safe and fun space for both experienced and less experienced participants. Sometimes a mixed approach is what's needed - and some experimentation!

=== Fixing gender gap in tech ===

In order to get some inspiration we list below a selection of initiatives specially oriented at getting more women in ICT and technological related fields.

* '''Asikana Network (Zambia)ː''' is a group of females aiming to empower women in ICT related fields by changing mindsets and eliminating negative stereotypes attached to girls and women in ICT (http://asikananetwork.org/).
* '''Akirachix (Kenya)ː''' is an african wide network of women in technology to make tech and to inspire and mentor other women to be technologists (akirachix.com).
* '''Donestech (Spain)ː''' is a cyberfeminist and activist research group which develops also workshops and audiovisual productions in relation to gender and ICT access, uses of and desires. Lelacoders project is about studying and making visible the presence of women in the development of computer sciences, free software and hacker cultures (www.donestech.net) (https://n-1.cc/g/donestech+lelacoders).
* '''Feminist Approach to Technology (India)ː''' mission is to empower women by enhancing women’s awareness, interest and participation in technology (http://fat-net.org/).
* '''Flossie (UK)ː''' runs a conference and also skills workshops and it is intended to combine advocacy, boundary-crossing, support and skills-sharing bringing together women involved in digital arts with coders, artists, and makers (http://www.flossie.org/).
* '''Speakerinnenn (Germany)ː''' aim is to increase the visibility of women in the field of public speaking. With the help of our list it will be easier for organisers to find female experts to speak at their events (http://speakerinnen.org/).
* '''The Ada initiative (Global)ː''' organises AdaCamp, a series of conferences dedicated to increasing women’s participation in open technology and culture: open source software, Wikipedia and other wiki-related projects, open knowledge and education, open government and open data, open hardware and appropriate technology (https://adacamp.org/).

=== Codes of conduct ===

It's important, especially in mixed environments, to think about what's acceptable conduct in the space and what isn't. In order for this to have any practical effect, it's also important to think about what you'll do if individuals breach this - or when things go wrong generally. You can find plenty of information and example policies on the Geek Feminism Conference anti-harassment/Adoption page (http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Adoption)

Make sure your participants understand the policy and how it relates to their own conduct. It can be useful to make time in your schedule at the beginning of the event to share your policy, and reach consensus with the group on how to maintain a safe space over the days of the event.

Your code of conduct should be about preventing aggressive behaviour and not about trying to police how people identify, communicate or present themselves. It's also worth remembering that people who are struggling in a culturally unfamiliar environment can become confrontational more easily than they usually would. There may be many reasons why a participant might be struggling to communicate positively at any given moment. It's key to remain calm and to provide a non-judgmental space for the expression of emotions like anger or frustration. Because of this, a code of conduct should also include some people that will be assigned to receive feedback if any problem takes place. They should be good facilitators or moderators and be calm and patient. We are different, let's celebrate it, even when it's difficult to do!

Last not least, your code of conduct should include an agreement about how participants will respect other participants' '''right to privacy'''. Some general guidelines could include the following:

* '''Don't take or circulate sound, video or photos without permission'''. If anyone present faces significant external risk then don't take photos at all unless participants have given express permission and an opportunity to cover their identity.
* If you wish to record the event, '''prepare formal consent forms''' telling people exactly what audio-visual records are being made and how they will be stored, used, licensed and ask for clear consent with a signature.
* '''Don't share details of anyone's participation''', speech or actions on social media without their express permission.

=== How safe is the space? ===

As a check-list, here are some questions that can help you assess whether a space is safe or not.

* '''Background:''' What is the history of the space? Who started it and why? How many women and trans* persons have been involved?
* '''Participation:''' Who has stopped participating in the space since it was founded, and why? Is it mostly women who have left?
* '''Policies:''' Does the space have policies? If so, what kind? Are the policies regularly put in practice? Ask members in the space, particularly women.
* '''New people:''' How does the space welcome newcomers? The first time you went to the space, did you get a tour? Did people say hello? Were the people in the space friendly?
* '''Regular assemblies:''' Are there regular meetings (assemblies) that offer possibilities to raise concerns, to suggest collective projects, to suggest the organisation of workshops, to discuss the space (its cleanliness, etc.), to present yourself, etc.?
* '''Language:''' Is the language and vocabulary used on the website and in the space explicitly feminist? Read the website carefully, or go and see for yourself what the space looks like.
* '''Trust:''' Do you know people who you trust in the space or do you know friends of friends? The web of trust can be very useful here.
* '''Access:''' Who can go into the space and under which conditions? This should be made explicit on the website, otherwise ask.
* '''Accessibility:''' Is the space itself easily accessible? In which part of town is it located? Are there bathrooms? What are the opening hours? Who has access to the keys of the space?
* '''Cost:''' How much does it cost to become a member? Is there a sliding scale policy?

No space is perfect; a safe space should always, however, at least provide an environment and a set of boundaries in which to meet up, talk, and address and raise difficult issues. If you feel the space has potential and you want to get involved, don't be shy!

'''Relevant links:'''

'''* Integrated Security Manual:''' (http://www.integratedsecuritymanual.org/) a resource for planning, convening, and hosting your workshop which prioritize your participants' emotional and physical well-being.

'''* Level Up:''' (https://www.level-up.cc/resources-for-trainers) resources for digital security trainers and organisers of these trainings too.

Complete manual

2015-06-03T19:18:03Z

Floriana: fixed typo

Floriana:

__TOC__

=== Understanding and minimising our digital shadows ===

The internet is a great space to explore, learn, speak up, listen and communicate with people across the world. Unfortunately, the internet has also become a space where people who challenge the dominant discourse often find themselves under attack. These attacks can be very personal - enabled by the fact that there is often a lot of personal information about us on the internet.

To strengthen our defences against these kinds of attacks, it’s a good idea to start by our assessing our '''digital shadows'''. These shadows - can tell a story about us: who we are, were we live and hang out, what we are interested in, and who our friends and colleagues are.

This can expose us to several threats. In particular, it is the publicly available traces we leave behind that expose us to online harassment.

However, there are also many '''strategies''' and '''tools''' we can use to shape or control our digital shadows, to increase our privacy, and ultimately to be more secure, both online and offline - without being less vocal or reducing our activity online.

Some examples of these include controlling the amount of data we give away by consciously stripping valuable information from content and metadata; trying the art of self doxxing; and thinking about ways to play with and break up our online identity.

==== '''What is a digital shadow?''' ====

Our digital shadows can be defined as the stories data tells about us. These digital shadows are created by trillions of bits of data, digital traces we leave everyday when we connect to the Internet, our mobile phone and online services. Our digital shadows have a life of their own, are affected by others and change in unpredictable ways. Our digital shadows grow continuously, can be permanent permanent and we have little control over them. These traces are a spectre of our past and present activities, which melt together in a permanent and ever-changing profile.

''How are these trillion bits of data created?'' The devices and the software we use to browse the Internet, access websites, connect to social networking platforms like Facebook and Twitter, publish blog posts, receive phone calls, send SMS messages or emails, chat, or buy things online, all create specific bits of data about us. These bits of data can include our name, location, contacts, pictures, messages, tweets and likes, but also the brand of our computer, length of our phone calls and information about which websites we visit. These data traces can be put out there by ourselves as well as other people.

''How do we share data?'' In some cases we '''actively '''share data – for example when we share photos on Facebook, book a flight ticket online or contribute to a wiki. Other people can also actively share data about us, by tagging us in pictures, mentioning us in tweets or simply by communicating with us. In other cases, we give away data without necessarily realising it, or consenting to it.
Our browsing habits and IP address are shared when we visit a website by means of "cookies" and other tracking technologies, which are active in the background. These technologies are embedded in the websites we visit, and the information shared is collected for a wide range of purposes, from website analytics to advertising. Our mobile phone apps also collect data on us without our active knowledge or consent – for example, the photos we take usually have location data embedded in them. These tracking technologies enable web services to identify and follow us as we move from one service to another - from our internet browser to the IM (instant messaging) app in our smartphone, from downloading e-books in our readers to publishing pictures from the latest protest we have covered.

''What is data?'' Data can be broken into three parts: ''content'', ''metadata'' and ''noise''. '''Content''' is the content of our messages, blogs, tweets and phone calls; it is our pictures and videos. '''Metadata''' is data about data, information that is needed for the technological infrastructure to work. Metadata enables our email to be delivered, help find files on our computer and permit mobile communication. Metadata can be our email address, phone number, location, time and date when a message was sent or stored. '''Noise''' is the data that is created by either the manufacturing process or by the workings of the infrastructure. For example, every camera has an SD card to record and store pictures. Every SD card has unique scratches that were created by the machines producing the SD cards. These scratches make small changes to the data that are not visible to the eye but can be recognized by computers.

==== '''Who is collecting our data, and why?''' ====

We might wonder about the importance of one picture or one message, or think there is so much data out there that nobody knows what to do with it. However, data collection and data analysis has become very sophisticated.

The data traces you leave are collected, analysed and sorted by various parties to create digital shadows, or '''profiles'''. Every time a new piece of data is collected, it can be identified and added to your profile. These profiles are ever-expanding, and give those who create them or who have access to them an immense insight into who you are.

Data is collected by companies, governments and individuals for a variety of purposes. It can be bought and sold; it can be used to control; or it can be used to create harassment strategies.

Our digital shadows or profiles can be used to gain insight into who we are, what we do and where we have been. This data can then be used to make predictions on what we might do or where we might be in future. For example, if someone knows that we are an outspoken blogger on gender issues in country x, they know that we will probably be present at a conference on blogging and women held in that country. Profiles can also give potential harassers the ability to harass us across different platforms.

Anyone could potentially have access to our digital shadow – including communications service providers, law enforcement agencies and commercial companies, as well as groups and individuals running their own servers. We can't know exactly what is happening to our digital shadow, and that itself is a problem.

However, there are tools and tactics we can use to manage our digital shadows and to limit their ramifications in terms of profiling and surveillance. This will be discussed in the rest of this section.

==== '''Exploring our own digital shadow''' ====

As we mentioned before, anyone can potentially access to our digital shadow – including communications service providers, law enforcement agencies and companies, as well as groups and individuals running their own servers. We cannot know precisely what happens to our digital shadow and that itself is a problem. But there are tools and tactics to manage our digital shadow and to limit its ramifications in terms of profiling and surveillance.

Some good places to start are:

* Exploring our individual digital shadow with '''Trace My Shadow''' – https://myshadow.org/trace-my-shadow – a tool launched by Tactical Tech, accompanied by a website that offers a lot of tips on how to protect our privacy and control our digital shadow: https://myshadow.org
* Identifying and materialising social networks across our online and physical activities: John Fass, researcher and designer at the Royal College of Art, has created some activities to materialise our social networks and browser history ' ''[insert link].'''
* Seeing through the eyes of our mobile phone by installing a tool called '''openpath.cc'''. Some of our apps can see the same things. Read the Terms of Service carefully and explore if you can change the access settings in your phone. On an iPhone we can change the permissions for each app under its privacy setting.

==== '''Controlling what we share: content and metadata''' ====

The good news is that we can partly control what content and metadata we give away.

When we publish content on the web, it is always a good idea to ask ourselves if what we are posting is public or personal and who could have access to it. Even if the information is connected to a public event and not to our personal lives, the names we mention or the images we upload may contribute to a picture about who we are, what we are doing, where we are doing it and so on. This could be used by people who wish to target us.

This does not mean that we should silence ourselves – by taking some basic measures, we can limit our risks by increasing the level of the effort that would be required to attack us or our contacts.

* When '''sharing personal details about our life''', we can use private profiles that can only be accessed by selected contacts. When using private profiles on commercial social media, we should be aware of the regular changes to the privacy policies of that platform. This can have an impact on how “private” our profiles are. There have been cases where privacy settings have been changed, exposing pictures, content and the conversations of private groups.

* When '''writing or posting images about public events''' on the web and on publicly accessible social network profiles, we should ask ourselves if the information we spread about single individuals, places and other details could be used to identify and/or attack someone. It is always a good idea to ask for '''permission''' to write about individuals and perhaps also to post information on public events only after they are finished.

* '''Faces in pictures can be anonymised''' with a tool called ObscuraCam, a free camera application for Android devices. https://guardianproject.info/apps/obscuracam

* '''When giving personal information to a web service''', it’s best to use HTTPS so that the communication channel is secure (see the section on security measures for more on this).

* '''Use strong passwords''', and '''use different passwords''' for each web service you use - if you you the same password for multiple services and someone intercepts your password for one of these services, they could use it to access your other accounts.

* When '''registering a device''' or software such as Microsoft Office, Libre Office, Adobe Acrobat and others, not usingy our real name can help prevent the metadata created when using this device or software from being connected to you. You can also '''switch off the GPS tracker''' in your phone or camera.

* Some file types contain more metadata than others, so '''when publishing contents online''' you can change files from ones that contain a lot of metadata (such as .doc and .jpeg) to ones that don’t (such as .txt and .png), or we can use plain text.

* '''Remove metadata from image files''' by using Metanull for Windows: https://securityinabox.org/en/lgbti-africa/metanull/windows

* For '''editing or removing hidden data from PDF files''', Windows or MAC OS users can use programs such as Adobe Acrobat XI Pro (for which a trial version is available). GNU/Linux users can use PDF MOD, a free and open source tool. However, it doesn’t remove the creation or modification timestamp, and it also doesn’t remove the information about the type of device used to create the PDF.

* For more on '''removing metadata from different file formats''', see Tactical Tech's https://securityinabox.org/en/lgbti-mena/remove-metadata.

* You can '''prevent the tracking and collection of metadata''' through your browser by installing add-ons like '''Privacy Badger''' or Adblock Plus, as well as by monitoring our privacy settings and deleting cookies on a regular basis.

* Using '''Tor''' will '''hide specific metadata like our IP address''', thereby increasing our anonymity online.

===='''Social domains'''====

As security expert Bruce Schneier explains, “Security is a chain, and a single weak link can break the entire system”.

Each of us belongs to several '''social domains''' - our work or advocacy networks, our family networks, friends, and sports teams.

Some of these networks may be more secure than others. For example, we may tend to have a more secure communication practices for our work or advocacy activities, but less secure practices for interacting with friends on a social network. Areas where these domains intersect can turn into a threat to our security.

If we use a single identity in all our domains, it becomes easier to gather information about us and to identify our vulnerabilities. For example, if we reveal in a social network that we like a particular kind of game and that we download files with a p2p program like Emule, an attacker who wants to investigate our work or advocacy activities might trick us into downloading a game which is infected with spyware.

This attacker is interested in our advocacy activities, but knows that we have increased privacy and security measures for that part of our lives. The attacker also knows that our love of games is a digital weak spot as this network is not encrypted. Thus the attacker can exploit this part of our lives to gain access to another, more secure part.

This is only possible, however, if our work identity and our Emule profile can be connected to the same person; and this is why separating our social domains can be useful. More on how to do this will be addressed later on, when we talk about identity management.

==== '''Self-Doxing''' ====

'''Doxing''' (also written as "doxxing", or "D0xing", a word derived from "Documents", or "Docx") describes tracing or gathering information about someone using sources that are freely available on the internet. This method depends on the ability of the attacker to recognise valuable information about their target, and to use this information for their own ends.

Doxing is premised on the idea that "The more you know about your target, the easier it will be to find his or her flaws”.

Harassers and stalkers use several tools and techniques to gather information about their targets, but since these tools and techniques are mostly public and easy to use, we can also use them ourselves. "Self-doxing" ourselves can help us to make informed decisions about what we share online, and how. Of course, these same instruments can also be used to learn more than is immediately obvious about someone we have met online before we give them our full trust.

'''Methods used for doxing''' include exploring archives, yellow pages, phone directories and other publicly available information; querying common search engines like Google or DuckDuckGo (https://duckduckgo.com); looking for a person's profile in specific services; searching for information in public forums and mailing lists; or looking for images that the target has shared (and for instance may have also published in another, more personal, account). But it can also simply consist in looking up the public information on the owner of a website, through a simple "whois search" (see the section on "Creating a site of one’s own").

We can use these same tools to explore what can be easily found out about us by others.

Before we start exploring these web services and looking for our digital self, a good idea is to use anonymisation tools like Torbrowser.

* Useful tips on how to self-dox are available here: https://lilithlela.cyberguerrilla.org/?page_id=93870
* For more about (self-)doxing tools and techniques, visit: https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk
* A useful (and creepy!) tool to learn what traces we have left behind in our Facebook account is Ubisoft’s '''Digital Shadow''', a Facebook app which illustrates what third parties can know about us through our Facebook profiles: https://digitalshadow.com

==== '''Can we remove our digital past? Creating new identities''' ====
''
"Once something is on the internet it will stay on the internet, as the internet does not forget".''

We may think that deleting certain sensitive data from social networks and web services may be enough to protect ourselves, but metadata cannot be deleted as easily. And using just one identity through our whole life - in all our work and personal domains - creates a bulk of information that could be used to profile or attack us.

One option to avoid this is to leave an old identity behind and create a new one or several new ones - one for each of our social domains. We might also choose to use our real identity in some areas, and our new alternative identities in others.

* When we create a new identity, we should select the contacts for each one carefully, and avoid sharing contacts with other identities we use for different activities. This effectively creates separate social domains, with separate accounts, mail addresses, browser profiles, apps, and possibly even devices.

* It's important to make sure that our various identities are not linked in any way to each other, or to our real identity. Remember that some of these connections can be tenuous: for example, did you sign up for a new, pseudonymous Gmail account using your real phone number?

* Treating each of our extra identities as potentially disposable can be useful, as they can be discarded easily if it is compromised.

* Disposable identities can be created for new acquaintances where appropriate – introductory profiles we can use to get to know somebody before we include them in a more trusted network.

To learn more about how to separate different identities into separate profiles, read the section on “Managing multiple online identities”.

==== '''Deleting identities''' ====

If we decide to separate our domains by creating multiple identities, one of the first decisions we should make is whether to delete or keep the identity or identities that we already have.

To do this, we can start by investigating the traces of our existing identity or identities. (for methods and tools for following your own digital traces, see "Exploring your digital shadow" and "Self-Doxing").

If we want to delete existing accounts:
* The '''Suicide Machine''' (http://suicidemachine.org/) is a tool that facilitate the process of deleting social network profiles. The Suicide Machine was forced to stop deleting Facebook accounts, but instructions on how to do this are here: https://www.facebook.com/help/224562897555674
* '''AccountKiller''' (https://www.accountkiller.com) has instructions on how to remove accounts or public profiles on most popular websites.
* '''JustDelete Me''' (http://justdelete.me) is a directory of direct links to delete accounts from web services.

==== '''Mapping our social domains''' ====
To separate our social domains, it's helpful to first map them out and identify which ones could expose us most to cross-domain attacks.

We can do this by thinking about our different activities and networks, and reflecting how sensitive each of these is. This will enable us to better separate the domains that are sensitive from those that are not.

Partitioning one’s digital life into separate social (or "security") domains requires some thinking.

Polish computer security researcher Joanna Rutkowska has worked extensively on this, to the point that she developed a security-oriented Linux distribution based on the concept of “security by isolation” (called Qubes OS). In this system, each social domain is isolated in a separate virtual machine. While Rutkowska's scheme is quite sophisticated and focused on her operating system, it can give us interesting insights on how to start thinking about separating our domains.

The three basic domains Rutkowska identifies for herself are “work”, “personal”, and “red” (the untrusted, insecure area).

* The '''work''' domain includes her work email, where she keeps her work PGP keys, where she prepares reports, slides, papers, etc. She also has a less-trusted “work-pub” domain for things like accepting LinkedIn invites or downloading pictures for her presentations. To add to this, she has a “work-admin” and a “work-blog” domain, in order to get a further level of security for managing her company’s servers and for writing on her blog.

* The '''personal''' domain includes all the non-work-related stuff - such as personal email and calendar, holiday photos, videos, etc. She adds to this with a special domain called “very-personal”, which she uses for the communication with her partner when she is away from home. The couple uses encrypted mails to communicate, and she has separate PGP keys for this purpose.

* The '''red''' domain, on the other hand, is totally untrusted. This is where her disposable identities or profiles belong. Rutkowska uses this domain to do everything that doesn’t fit into other domains, and which doesn’t require her to provide any sensitive information.

* Besides these three main domains, Rutkowska has several other separate domains. One is dedicated to '''shopping''', for accessing e-commerce sites. What defines this domain is access to her credit card numbers and her personal address (for shipping). Then there is the '''vault''' domain, the ultimately trusted place where she generates and keeps all her passwords (using KeePassX) and master GPG keys. Finally, she has a domain for all the Qubes development ("qubes-dev"), one for '''accounting''', and another one for '''work archives'''.

Of course we don’t have to separate our domains in such a complex way, and using Qubes Os to keep them separated is just one solution – and one that requires a powerful machine to run on. Yet Rutkowska’s reflections on domain mapping can be an enlightening starting point to analyse our activities, and to separate our social domains for enhanced security.

* Joanna Rutkowska’s article on security domains can be found here: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

=== '''2. Assessing risks and potentials: how to choose which online identity fits our purpose''' ===

==== "'''Real" or virtual identity?''' ====

Once we have identified our different social domains and the digital activities and contacts that go with them, what we need to do is decide if we want to differentiate our identities accordingly, or if we'd rather stick to our official name and true face for each of them.

We may want to keep our work connected to our legal or "real" identity, or think that our activism should be anonymous, but these are decisions that need to be thought about carefully.

For example, a journalist who finds it convenient to use her real identity for her writing may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together.

On the other hand, if an activist decides that she wants to use a pseudonym for her online activities, she should consider that she will be showing her face in all her connected activities in the real world, such as speaking at conferences or participating in demonstrations. Her online pseudonym will therefore be linked to her face; but her face could also be linked to her real name on social networks, and her online activist identity unmasked.

In assessing which identity to use in a given context, it's helpful to consider the following questions:

* Would my job, livelihood or safety be at risk if my real identity were known in this context?

* Would my mental health or stability be affected if my participation in X were known?

* Would my family or other loved ones be harmed in any way if my real identity became known in this context?

* Am I able and willing to maintain separate identities safely?

Once we have '''assessed our risk,''' we can then consider different strategies for separating our identities online.

For more on assessing risk, visit: https://ssd.eff.org/en/module/introduction-threat-modeling

==== '''Strategies for separating identities online''' ====

'''strategies''' for maintaining separate identities can range range full transparency to full anonymity.

Author Kate Harding talks about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers to follow practices like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers... masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”.

Instead of putting responsibility on women, Harding says, problems of harassment should be handled by society as a whole, including men. However, she also acknowledges that the decision is dangerous one.
http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name

In "The Girl's Guide to Staying Safe Online," Sady Doyle writes that while becoming visible "creates a specific vulnerability", giving up on our online activities is exactly what the misogynists and harassers expect from us - and so the best way to ‘stay safe’ online may simply be to stay online. "After all: If there’s no one left willing to complain about the harassment, what are the odds that it’s going to change?”
http://inthesetimes.com/article/12311/the_girls_guide_to_staying_safe_online

As such, we have several options available to us: We can attempt to participate online anonymously. We can use a "persistent pseudonym". We can identify fully with our real or legal name, or we can divide our online lives, using our real or legal name sometimes and a pseudonym at other times. The following section will explore the pros and cons of each option, so we can determine which options are best for each one of us.

==== '''Anonymity''' ====
Total anonymity can be both isolating and difficult to maintain, but is useful in settings where we don't need to gain other people's trust, when there are few or no people we can trust, or when we don't want to expose others in our life to risks.

Anonymity may be a good choice in certain specific situations, such as researching or participating in message boards about health issues, or when sharing sensitive information. We may wish to set up a one-time account, using a pseudonym, to comment on a blog or news site, or a one-time email account or chat session to discuss sensitive information with others.

On anonymity, Vani, a human rights activist, writes: “I am a regular social network user. I voice my opinions on a range of topics. But I remain faceless and nameless”. [http://internetdemocracy.in/media/women-bloggers-seek-safety-in-anonymity speaks of their participation on social networks anonymously]

But while anonymity is a good option in many situations, it can also be dangerous in some countries, where it can signal to the state police that the author thinks they are doing something wrong. This strategy can also be lonely: “Anonymity also isolates you”, a blogger writes. “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”

Anonymity differs from "persistent pseudonymity". When we adopt anonymity as a strategy we may use pseudonyms, but these pseudonyms are not used across different networks or social domains, and some may only be used once and then discarded. For more information on how to be anonymous online, see '''Anonymizing tools'''.

==== '''Persistent Pseudonymity''' ====

Persistent pseudonymity involves using a pseudonym consistently over a period of time.

The Oxford English Dictionary defines a pseudonym as "a fictitious name, especially one used by an author." In the age of the internet, a pseudonym may also be referred to as a "nickname" or "handle", though the latter can also be tied to a person's legal identity.

Jillian C. York, in a blog post for the Electronic Frontier Foundation, writes: "There are myriad reasons why individuals may wish to use a name other than the one they were born with. They may be concerned about threats to their lives or livelihoods, or they may risk political or economic retribution. They may wish to prevent discrimination or they may use a name that’s easier to pronounce or spell in a given culture."
https://www.eff.org/deeplinks/2011/07/case-pseudonyms

Pseudonymous speech has played a critical role throughout history, says York. "From the literary efforts of George Eliot and Mark Twain to the explicitly political advocacy of Publius in the Federalist Papers or Junius' letters to the Public Advertiser in 18th century London, people have contributed strongly to public debate under pseudonyms and continue to do so to this day."

A pseudonym can be name-shaped (e.g., "Jane Doe") or not. At time of writing, some websites - including Facebook - require that users use their "authentic identity," which typically means using your legal name or the name by which you are commonly known. This policy has caused some users, such as a group of drag performers in California, to lose their Facebook accounts. If we choose to use a pseudonym on social networks, it is important to understand that a risk of doing so is being reported for using a "fake name" and having one's account deleted. A strategy for avoiding that is using a name-shaped pseudonym.
https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community

Persistent pseudonymity also offers us '''visibility'''. Visibility allows us to network with others, and by pinning our voice to a particular name we can develop an '''online reputation'''. An online reputation allows others to decide whether we are worthy of trust, and is therefore a crucial aspect in trust-based online communities. Reputation can be developed by consistently using a nickname or pseudonym that can either be connected to our legal identity, or not. The choice to connect our online reputation to our "real" name should be taken individually, according to needs and context.

It is also possible to maintain multiple pseudonyms (and reputations) for different purposes. For example, a person involved in the gaming community and LGBTQI rights activism may wish to maintain separate identities for each purpose, and can build trust within each community separately doing so.

==== '''Collective Identity''' ====

Another way to be anonymous is through collective participation. This could mean a number of things, from a private group or mailing list that puts out collective statements, to a shared Twitter account. While the same security concerns apply, working from behind a collective identity means having the power of the crowd behind you, and can be a good option if you don't wish to reveal your identity.

==== Comparing strategies ====

Whatever choice we make, what is important is that we keep our domains effectively separated.

No matter how many domains we identify in our digital life, and how many corresponding identities we create, on the internet every identity - even the one bearing our real or legal name - becomes a “virtual” persona and should be managed carefully.

''The pros and cons of the various identity options:''

{|
!
!'''Risk'''
!'''Reputation'''
!'''Effort'''
|-
|'''Real Name'''
|"+"
|"+"
|"-"
|-
|'''Total Anonymity'''
|"-"
|"-"
|"+"
|-
|'''Consistent Pseudonimity'''
|"-"
|"+"
|"+"
|-
|'''Collective Identity'''
|"-"
|"+"
|"+"
|-
|}

'''Real name'''

*''Risk'': Using your "real world" identity online means that you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.

*''Reputation'': Others can easily identify you; gaining reputation and trust is easier.

*''Effort'': requires little effort.

'''Total anonymity '''

*''Risk:'' can be beneficial at times, but can also be very difficult to maintain. Choose this option carefully.

*''Reputation'': few opportunities to gain trust and reputation, or to network with others.

*''Effort'': difficult; requires caution. Might also require the use of anonymisation tools (for example Tor.)

'''Persistent pseudonymity'''

*''Risk'': Pseudonym could be linked to our real world identity.

*''Reputation'': A persistent pseudonym that others can use to identify us across platforms is a good way to gain reputation and trust.

*''Effort'': Maintenance requires some effort, particularly if we are also using our real name elsewhere.

'''Collective Identity'''

*''Risk'': possible exposure of our real world identity.

*''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.

*''Effort'': Although secure communications are still important, requires less effort than total anonymity.

=== '''4. Creating a new online identity''' ===

==== '''What’s in a name?''' ====

The practice of naming varies greatly from one culture to another. While names, in one form or another, have existed across cultures for milennia, the concept of a "legal name" is a fairly new one.

Different countries regulate the practice of naming in different ways; for example, in Morocco, names must be chosen from a government-approved list, while in Germany a name must be clearly reflective of the baby's gender.

On the internet, platforms that have "real name" policies tend to base this judgement on an individual's legal name, rather than allowing them to identify as they choose. This can be problematic, not only for individuals trying to remain anonymous, but also for transgender individuals, individuals with mononyms, and others.

Because of such restrictions, it can be beneficial to select a "name-shaped" name when choosing a pseudonym. If we want to use commercial social networks, it is better to use a credible name and surname rather than more imaginative ones. Many companies will require that we use both a first name and surname, or a name that doesn't contain any slang terms or profanities.

Once we have decided on a name, a surname, and a username for our virtual persona, we should do thorough research - perhaps also using doxing tools and techniques (see the section on Self-Doxing) - to find out if someone else is already using that name. After all, if we wish to develop our own reputation, we don’t want to be confused with someone else, especially if they don’t share our views of the world!

==== '''Writing our own story''' ====

The practice of “story telling” (and of creating a social mask, for that matter) is an old one, and creating a new persona with a story makes it a lot easier to maintain the role.

We can base our story on a “known” person’s story, a superhero, a fictional character from our favourite novel, or adopt a “group identity” like Anonymous/Anonymiss or the Guerrilla Girls. If we feel particularly inspired, we can invent a new story.

The main point is that when we create an identity we should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in order to become credible.

This page offers some helpful tips for inventing a new identity: http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed

==== '''Creating a credible persona''' ====

A virtual persona or identity can't be just a name with a mail address and a series of web accounts. If we keep all our normal identifying traits - such as our gender, job, attitude or the way we write - it might be possible for someone to connect the dots and connect our pseudonymous personas with our real identity.

* ''Linguistic fingerprint'': One of the things to consider is our '''linguistic fingerprint'''. This could be identified through a so-called "stylometric analysis" using tools that are increasingly usable, even for non-experts, that make it possible to identify the author of a particular text. We can, for example, give away our real identity through our particular way of writing certain words, our typical typos, and our style and tone. To change this, we can start by using a spell-checker in our word processor to check for consistent typos. We could also think about adopting a different writing attitude. To keep it simple, we could adopt one simple rule for each persona, e.g. making them shout by only using capital letters, or be a low-talker with a lower-case style, or very excitable, with a lot of exclamation marks, or a spelling criminal, always putting apostrophes in the wrong place or mistyping words. What we decide to do with our writing style should match the character we choose for our new identity.

* ''Work'': To be sure that our pseudonymous avatar cannot be tracked back to us, our persona should have a job that is different from ours, but not so different that we don’t know anything about that field: for example, they shouldn’t be a surgeon if we don’t know anything about anatomy!

*''Skills and interests'': Similar considerations should be made to select our persona's skills and the main topics they focus on and write about. These can, of course, overlap - for example a journalist who writes about national politics may have an alternative identity that talks about national politics as well, but only casually (and their main interest will be something different, like carpentry or feminism or food).

*''Psychological attitude'': As for psychological attitude, a good rule of thumb is to give our persona depth by creating some "weak spots" - but choosing them carefully so that, if the weak spot is attacked, we are able to weather the strikes and even have some fun in the process. For example, if we have a very strong sense of humour, we could choose a severe lack of humour as our persona's biggest weakness, so that if that weakness comes under attack we can enjoy impersonating a humourless persona without really being psychologically harmed.

What is most important is to remember that on the internet, each one of our identities - even the one connected to our real name - is a “virtual” identity, and it is always better to decide what character traits we want to expose in each of them. Creating a somewhat fictional character can be a good idea even for our “real” online identity.

More about how to create a rounded character for our identities here: https://lilithlela.cyberguerrilla.org/?page_id=94049

==== '''Creating online profiles''' ====

Once we have created several personas, it's important keep them separate in both our physical and digital lives. While keeping notes on our identities might help ensure that we remember our story, there are technical measures we can take to make sure that our profiles stay separate.

A good start is to create different '''browser profiles''', '''mailboxes''' and '''social network accounts''' for each of our identities. A good rule of thumb is to always use different apps for each account/identity and, if possible, to separate our identities per device or operating system (see '''6. A different machine for each identity''').

==== Creating separate browser profiles and mailboxes ====

''Browser profiles:'' To create multiple profiles with Firefox, visit: https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles . For Google Chrome, visit: https://support.google.com/chrome/answer/2364824

''Mailboxes:'' When creating a new mailbox, it is always a good idea to connect to the server’s website with '''Torbrowser''' and, if a contact email address is required, to think about using a disposable email address instead.

===='''Disposable email addresses''' ====

For some activities and social domains we need to manage rounded personas, in order to gain a strong reputation and trust from other members of the community. In some cases, however, all we need is a '''disposable email address''' that we only need to use once or few times, for example for opening an account in an untrusted platform.

Even if we decide to have just one identity online, using disposable email addresses prevents sites from building up a history of our activities and ensures that if that account gets compromised we can simply delete it and create a new one, keeping our digital life intact.

* ''Creating a disposable email address'': There are many services that offer disposable email addresses. Some of the most privacy-oriented are:''' '''https://anonbox.net'''<nowiki/>''', offered by the Chaos Computer Club, and '''https://www.guerrillamail.com'''

* ''Tools to generate personal details'': Making the process of creating a disposable account easier, '''Fakena.me''' (https://fakena.me) is a privacy-oriented '"fake name generator" that provides everything for you - from a credible name, birth date and (US-based) address, to a user name and password and a link to the connected guerrillamail mailbox. Another similar service, called '''Instant Internet Decoy''' (https://decoys.me) creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.

* ''Using existing disposable email addresses'': We can also make use of existing fake or disposable email accounts. '''BugMeNot'''(http://bugmenot.com) allows people to share their email logins and passwords created for platforms with free registration, for anyone to use.

==== '''Mail aliases''' ====

Another option is to create a '''mail alias''' - a different email address that is connected to our main mailbox. The advantages of this approach are that this email account will not expire, and if it gets compromised we can just dispose of it and create a new one. But of course if the alias receives a lot of spam, it will fill our main mailbox.

While not every mail service allows users to create mail aliases, this service is offered to every mail user of '''Riseup '''(https://we.riseup.net) and '''Autistici/Inventati '''(https://www.autistici.org), two secure, autonomous servers that are particularly focused on the right to privacy and anonymity.

==== '''Managing our identities on social networks''' ====

Note: When we use social networking platforms, we should always access them with a secure HTTPS connection.

When creating an account for a new persona on a '''social networking platform''', use the browser profile you have created for that persona. Make sure to check the '''privacy settings''' so that you know what you are making public, who can see what you post, who can contact you, who can look you up and what your contacts can do (can they tag you in pictures? can they write on your "wall"?)

Also be very careful about the''' profile information''' you provide, as well as the profile picture and cover photo you use, as these are generally publicly available to anyone who looks for us in that social network, regardless of our privacy settings.

It's also crucial to make sure your contacts do not overlap with your other identities, and to make sure your different identities don't "follow" one another. It is particularly not a good idea to follow your pseudonymous accounts with your "real" identity. If someone is looking to unmask one of your pseudonymous personas, the first thing they will look for is who the account follows, and who follows the account. For the same reason, we should avoid reposting posts or other content published by one account with another account.

Most social networking platforms will display your location where they can. This function is generally provided when we interact with the platform using a GPS-enabled phone, but it can also happen if we are connecting from other devices - for example the network our computer is connected to may also provide location data. It's always a good idea to double-check your settings - particularly on photo and video sharing sites.

Photos and videos can also reveal a lot of information without you realising it. Many cameras will embed metadata into your photos, which can include the date, time and location of the photo, camera type, etc. Photo and video sharing sites may publish this information when we upload content to their sites.

If we access social networking platforms via mobile apps, it is better to use a different app for each separate account, so as not to post something to the wrong account by mistake. There are several apps which can be used to manage social networking platforms - you just need to choose a different one for each identity, to reduce the risk of giving away our real identity.

Another trick to hide our trails is to publish from our various accounts at different times of the day. Some social networks, like Facebook, allow users to schedule the publication time of their posts, while for others, like Twitter, there are several apps that can do the job for us.
* To schedule a post on Facebook, read:https://www.facebook.com/help/389849807718635

* There are several apps to schedule a post on Twitter and other social networks, like Buffer – https://buffer.com – or Postcron https://postcron.com
Two further good hints for using social networks with multiple identities are to follow other people who could reasonably be considered the owners of our fake account, and to write (and hashtag on Twitter) posts about events that we are not attending, especially if they are taking place far away from us, to further distance our personal identity from our pseudonymous identities. It may also be fun to publish and then delete posts that look like we have exposed our identity, so as to further confuse anyone who may try to track us down.

Finally, whatever social network we decide to use, we should always read its terms of service to check if they suit our purposes well. And if we find them too complicated, we can check the website Terms of Service; Didn’t Read (https://tosdr.org), where terms of service of many social networks and web services are easily summarized for common mortals.

==== '''Alternative social networks''' ====

For the sheer number of their users, mainstream commercial social networks like Facebook or Twitter are extremely useful if our aim is to publicize as widely as possible an event we are organizing or a project we are launching. Nevertheless, when we advertise our initiatives, we should remember that these platforms have very strict terms of service that could justify their decision to terminate our accounts if they find that our contents infringe their rules (for more, read: http://www.aljazeera.com/indepth/opinion/2013/05/20135175216204375.html)

Moreover, as is well known, with commercial social networks users are not the costumers, but the product, because they are profiled and sold to advertisers. If we add to this the ever-changing terms of service and policy and the interactions with other apps and features that make it very difficult to understand clearly what happens to our data, the best solution is to avoid commercial social networks as much as possible, and to limit their use to specific projects we want to publicize to a wide audience.

But social networks are not always profiling their users: there are alternatives that give much more freedom to their users and don't profile them.

On of these, '''Ello''', explicitly states in its manifesto that “You are not a product” and has become famous, particularly in the trans* community, for not requiring real names, a rarity amongst commercial social networks. Consequently, its number of users has grown and this can be a good alternative to mainstream commercial social networks for achieving the critical mass of readers we need to spread our ideas and initiatives. Nevertheless, Ello is still a commercial project, and there are alternatives that are community-based, distributed rather than centralized, based on free and open-source software and privacy-friendly. Among these, '''Diaspora '''(https://joindiaspora.com), '''Friendica '''([https://friendica.com)and https://friendica.com)] and '''Crabgrass '''(https://we.riseup.net) are especially worth mentioning.

Other similar sites may be popular in different regions, so we way wish to explore other options. Before choosing one, we should consider the following points:
* Does it provide connection over '''SSL''' (like ''HTTPS'') for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
* How are your content and personal data treated in the End User Licence Agreement and Privacy Policy or Data Use Policy? With whom are they shared? For a useful add-on which helps users understand the Terms of Service of many popular sites, see '''Terms of Service; Didn't Read''' – https://tosdr.org
* What privacy options are provided for users? Can we choose to share our videos securely with a small number of individuals, or are they all public by default?
* '''Is the geographical location of the servers known?''' Under which territorial jurisdiction do they fall? Where is the company registered? How does this information relate to the privacy and security of our email activity and information?

==== '''Creating a site of one’s own''' ====

Some of us may be content with the tools we have discussed so far, and writing in our social network accounts, especially if we have found a more privacy-friendly option (see '''5.3 Alternative social networks'''), may be all we need to voice our opinions and to''' '''interact with a network of people (or with several networks, if we are using different identities when writing online). On the other hand, we may want a more independent platform to spread our ideas, plans or creations, and to do that we can create a website or a blog.

Creating a '''blog''' is as easy as signing up in a web service and choosing a name and a nice theme for our blog, and there are several blogging platforms around that are both user-friendly and free, like '''Wordpress.com'''. Equally based on the free and open-source blogging tool Wordpress, but with some tweaks for additional user privacy, there are two security-oriented platforms that are managed by autonomous servers: Autistici/Inventati’s (A/I) '''Noblogs '''– [http://noblogs.org/ http://noblogs.org] – and Nadir’s '''BlackBlogs '''– [http://blackblogs.org/ http://blackblogs.org]. To open them, all that is needed is to have an email account hosted in an autonomous server (see <nowiki/>https://www.autistici.org/en/links.html <nowiki/>and <nowiki/>https://blackblogs.org/policy <nowiki/>respectively for a complete list).

All these platforms offer enough space for normal blogging activities and are very easy to use, but if we want to actively create our site from scratch, perhaps because we want a complex graphic layout or need to install particular tools that are not offered by Wordpress and its plugins, what we really should do is find some space in a server for our '''website''' and perhaps to associate it to our domain of choice.
* Webhosting services are many, but since they generally aren’t free, the options to stay completely anonymous are reduced to creating a website with '''A/I''', which by default does not connect the users of its services with real identities. To learn more about Autistici/Inventati’s webhosting service, visit: https://www.autistici.org/en/services/website.html

If we want to have our own '''domain''', bypassing payments and identifications may get difficult unless we use Bitcoin or another anonymous payment system, and the personal data we will provide will not only be stored in the registrar’s internal archives, but by default will also be recorded in a database that can be easily queried by anybody through a simple command (whois) or on several websites such as Gandi: Whois (https://www.gandi.net/whois). To avoid this, we can register our domain giving the data of an association and using a prepaid credit card that is not connected to our data (if available in our country), or else we can use a registrar like Gandi.net ([https://www.gandi.net/ https://www.gandi.net]) that offers private domain registration for individuals whenever possible.

=== '''5. Managing collective online identities''' ===

==== '''Collective virtual personas''' ====

From General Ludd to Captain Swing, from the Guerrilla Girls to Luther Blissett to Anonymous, for centuries several groups and like-minded people have participated anonymously in historic protest movements or have created ground-breaking and provoking artworks or pranks attributing them to a collective pseudonym that, besides hiding their identity as individuals, has shrouded their feats in an aura of myth and almost magical power.

Several essays have been written on the topic, and the fascination of pseudonymity and shapeshifting has perhaps its roots in the dawn of humanity, but what counts is that we can choose to adopt a collective identity that already exists, like Anonymous/Anonymiss, or create a new one that we want to share with our own group or with the rest of the world.
* A very interesting study on multiple identities online is anthropologist Gabriella Coleman’s book ''Hacker, Hoaxer, Whistleblower, Spy. The Many Faces of Anonymous ''(2014), based on an anthropological research on how Anonymous has become a well-known and powerful collective identity with multiple faces and attitudes.

* In her PhD dissertation ''Networked Disruption. Rethinking Oppositions in Art, Hacktivism and the Business of Social Networking ''(2011), Tatiana Bazzichelli also describes how multiple identities have been used to disrupt the fundamental notions of power and hegemony on which Western culture is based, and how this works in the web today.

==== '''Managing collective identities... or simple collective accounts''' ====

While the collaboration of many individuals can help creating a rich collective identity that is even more credible, given the many character traits we can think up with an enthusiastic, imaginative group of people, managing a collective project may have some further security and technological challenges we should keep in mind.

As we stressed above, security is a chain, and a single weak link can break the entire system. Therefore, our security and anonymity depend on the precautions each member of our group takes. We may decide that we don’t want to be absolutely anonymous, that our close friends can know about our collective activities, and the degree of security we may want to attain for our group depends on the possible threats we face and on our adversaries’ power and skills. Nonetheless, there are some important assets we would certainly not want to loose, like for instance the password to our collective mailbox or to our group’s social network accounts. Therefore, if we decide that we are going to share those passwords with the whole group, we’d better train each member on how to store a password securely or make sure that they have learnt the password by heart and don’t keep it on a post-it next to their desk at work (see '''3.2 Creating and using strong passwords''').

Whenever possible, we should try to use services that provide for different accounts and passwords. For example, instead of using a single mailbox for contact, we may create a mailing list that allows non-subscribed people to write to it and have all the members of the group subscribe to it, so that if someone writes to the group they can all read the e-mail in their own mailbox rather than in a collective one with a dangerously shared password. Similarly, if coordination really needs to happen through Facebook, it is much better to share information in a dedicated group rather than do everything within a collective account (which also risks to be deleted due to violation of the terms of service, see '''2.3 Persistent Pseudonymity''' and '''5.2 Managing our identities on social networks''').

=== '''6. A different machine for each identity''' ===

If we use the same operating system for our several identities, no matter how carefully we separate our profiles, we can still make a human mistake, for example connecting to a pseudonymous account through the browser profile we have assigned to our true identity, or get infected by a malware that allows our attacker to monitor all we do online, with all our identities, and connect dots together.

Both risks can be limited by using a virtual machine for each of our domains, and by reserving yet another virtual machine to opening fishy attachments in order to avoid a malware infection.

As the name suggests, a virtual machine (VM) is basically a simulated computer with its own OS which runs as software on our physical computer. We can think of a VM as a computer within a computer. Installing and running a virtual machine is not very complicated, and there is very good documentation around. For our purposes of anonymization, the best available option is to install '''Virtualbox''', an open-source, cross-platform virtual machine monitor (https://www.virtualbox.org), and to run Whonix in a virtual machine created with Virtualbox.

==== '''Whonix: compartmentalizing our identities through a secure virtual machine''' ====

'''Whonix '''(https://www.whonix.org) is an operating system that aims at protecting our anonymity, privacy and security by helping us use your applications anonymously. A web browser, IRC client, word processor and more come pre-configured with security in mind. It is a complete operating system designed to be used in a virtual machine. It is Free Software and based on '''Tor''', '''Debian''' GNU/Linux and '''security by isolation'''.

Whonix’s website offers a wide documentation, ranging from very clear installation and usage instructions to thorough recommendations on security and the risks we may run: https://www.whonix.org/wiki/Documentation

==== '''Tails: a live system that leaves no traces''' ====

Using virtual machines, Whonix in particular, is a good idea if we have our own computer where we are free to install whatever we want, especially if it is a powerful machine. But if we use an older box or just connect to the internet from cybercafes, installing a virtual machine becomes unsustainable. In this case, we may turn to a live Linux distribution, a USB-stick with a Linux operating system installed on it that runs in the computer we are using as soon as we switch it on.

A particularly secure live distribution focused on security and anonymity is '''Tails''', or '''The Amnesic Incognito Live System''', a free and open-source Debian-based Linux distribution that can be started on almost any computer from a DVD, USB stick, or SD card and forces all its outgoing connections to go through Tor, blocking direct, non-anonymous connections.

When we launch Tails, we have a complete operating system that, just as Whonix, comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc. With Tails, we can access the internet, communicate, and do all we need anonymously and securely and, after the computer is shut down, the system will leave no traces on the machine unless we ask it to do so.

When using different identities, it is not advisable to use the same Tails session to perform two tasks or endorse two contextual identities that we really want to keep separate from another, for example hiding our location to check our personal email and publishing a document on our pseudonymous blog.

The first reason is that Tor tends to reuse the same circuits, for example amongst a same browsing session, making it easier for a powerful adversary to correlate the several browsing requests as part of a same circuit and possibly made by a same user. Second, in case of a security hole or a misuse in using Tails or one of its applications, information about our session could be leaked. That could reveal that the same person was behind the various actions made during the session.

T''he solution to both threats is to shut down and restart Tails every time we are using a new identity''.

==== '''Security by isolation: Qubes OS''' ====

There are three approaches to digital security: the first one is '''security by obscurity''', which is based on encryption, strong passwords and similar measures and acts as a first line of defence, as a deterrent that will discourage random attacks but is not likely to stop someone who is directly targeting us; then there is '''security by correctness''', whereby software developers try to get rid of bugs that make their code vulnerable. But modern software is very complex, and it is almost impossible to do this job perfectly. Therefore, the most pessimistic, and realistic, approach is '''security by isolation''', which gives for granted that security measures can be vulnerable and focuses on harm reduction by stopping possible attackers from accessing the whole system that we want to secure.

In order to implement security by isolation, for instance, '''Whonix''' is divided into two parts: Whonix-Workstation, which is the system we access for our work, and Whonix-Gateway, which routes all internet traffic through Tor and, by being isolated from the workstation, averts many threats posed by malware, misbehaving applications, and user error.

But while Whonix needs a virtual machine to run on and its main focus is anonymization, there is an operating system that has security by isolation as its main purpose and that can make life a lot easier to someone who manages several social domains and/or identities in her digital life.

Called '''Qubes OS''' – https://www.qubes-os.org – and developed by computer security researcher Joanna Rutkowska, Qubes is a free and open-source security-oriented operating system based on '''Fedora''', a Linux distribution, and '''Xen''', a virtual machine monitor (or hypervisor), that allows us to separate the various parts of our digital life into securely isolated virtual machines. Qubes keeps the things we do on our computer securely isolated in these different VMs so that if one virtual machine gets compromised, the other won’t be affected. This way, we can do everything on a single physical computer without having to worry that one successful cyberattack harms our whole system, potentially revealing all the connections among our several identities.

A plus of Qubes OS for the purposes of multiple identities management is its user-friendly window manager, that assigns a different colour to each domain. Thus, the colour of the frame makes each window clearly recognizable as belonging to the domain corresponding to that colour and prevents potential human mistakes in the management of our identities.

==== '''Tails, Whonix, Qubes OS: how to choose''' ====

The three tools we have described in the last few paragraphs – Whonix, Tails and Qubes OS – all allow us to use a completely separate operating system for managing our alternate identities, and can be quite useful to make sure that we don’t reveal our true identity while we use the anonymous one(s). Still better, if we can afford it, would be to have a different machine for each of our identities, as well as an air-gapped one to store our most sensitive data. Of course, the choice depends on the resources we can dedicate to securing our digital life and on our threat-model, especially on the adversaries we expect to face: if we are pretty sure that in our country harassers work together with the regime to slander (or worse) people like us, we may want to be absolutely sure that none of our data is leaked and – if we have enough funds or are connected to a network of hacktivists – we may decide to ask for an expert’s help to check that we have taken all the necessary measures to keep doing an efficient work and to stop any ill-intentioned actors from tampering with our data. On the other hand, if we feel sufficiently protected by our community and/or by our government, and we expect our adversaries not to be very skilled in technological matters, perhaps all we need is to separate our browser profiles and mailboxes, to use a secure HTTPS connection and some basic common sense and to keep developing a network of support for vocal women online.

If we think that using a different operating system is really necessary, or that it can be helpful to keep things logically and graphically separated (or we just want to explore all the possibilities we have for the fun of it!), we should assess our resources and our needs in order to identify the best solution for us.

''Comparison between Tails, Whonix and Qubes Os:''
{|
!
!'''Tails'''
!'''Whonix'''
!'''Qubes OS'''
|-
|'''Required hardware/software'''
|"x86 compatible and/or Virtual Machines; DVD, USB stick, or SD card for booting the system"
|"x86 compatible pc with VirtualBox"
|"a powerful pc capable of running Qubes OS"
|-
|'''System requirements'''
|"lowest"
|"high"
|"highest"
|-
|'''Difficulty to install'''
|"medium"
|"medium"
|"easy"
|-
|'''Difficulty to configure'''
|"low"
|"medium"
|"high"
|-
|'''Learning curve'''
|"low"
|"low"
|"high"
|-
|'''Anonymization by default'''
|"yes"
|"yes"
|"no"
|-
|'''Security by isolation'''
|"no"
|"yes"
|"yes"
|-
|'''Pre-installed applications'''
|"nice selection"
|"not many"
|"not many, and some, like Tor or Virtualbox cannot be installed at all"
|-
|'''Persistence'''
|"no (available option)"
|"yes"
|"yes"
|-
|}

As we can see in the table above, '''Tails''' just needs a normal computer and a DVD or a bootable device to launch the system, but installing the system in this device, as well as having the DVD, USB stick or SD card actually boot in the computer we are using, can be tricky, and we may need some external help. After that, though, using Tails is pretty easy, and if what we need to do with our alternate persona needs a focus on ''anonymization'', then it may be worthwhile to overcome the initial obstacle. Tails is a good option also if we have few resources, if we don’t have a computer of our own, or if we often use computers at internet cafes and want to be safer. One particular advantage of Tails is that after we have switched the computer off, we leave no traces and everything we have done vanishes into thin air. But if on the other hand we need ''persistence'', i.e. we want to keep some files we have created or downloaded in our USB stick or we have changed some system settings and want to keep them also in the future, we need to enable this option when we start the system. Last but not least, Tails is an established, respected project that has been developed for many years and is used by a wide community of people.

If what we need is both ''anonymity'' and ''security by isolation'' and we have a good machine – https://www.whonix.org/wiki/System_Requirements – where we can run Virtualbox, installing '''Whonix''' in one or more virtual machines, according to the number of our alternative identities, seems a good solution that caters to all our needs and also offers an excellent documentation: https://www.whonix.org/wiki/Documentation. Nevertheless, Whonix, like Qubes Os, is a relatively recent project and the community using it is still rather small.

'''Qubes OS''' is a good choice if we want to keep all our activities inside our own computer without having to install anything else and if what we are trying to do is to effectively ''separate'' our identities rather than anonymize our activities in the web. It requires a very powerful computer – http://qubes-os.org/trac/wiki/SystemRequirements – and this can be a hindrance, but if we feel that we really need to protect ourselves against possible cyberattacks, the investment may be worth its while.

To sum up, none of these tools protects us from every threat, and we shouldn’t look at them as a magic potion that will make us invulnerable. Nevertheless, by using any of them, according to our needs and resources, we will raise the level of effort that an attacker will need to harm us, thus making an attack less likely.

For a wider comparison among these and other systems, go to: https://www.whonix.org/wiki/Comparison_with_Others<nowiki/><nowiki/>

[[Category:Resources]]

Step 1

2015-05-27T15:16:48Z

Floriana:

__TOC__

=== Understanding and minimising our digital shadows ===

The internet is a great space to explore, learn, speak up, listen and communicate with people across the world. Unfortunately, the internet has also become a space where people who challenge the dominant discourse often find themselves under attack. These attacks can be very personal - enabled by the fact that there is often a lot of personal information about us on the internet.

To strengthen our defences against these kinds of attacks, it’s a good idea to start by our assessing our '''digital shadows'''. These shadows - can tell a story about us: who we are, were we live and hang out, what we are interested in, and who our friends and colleagues are.

This can expose us to several threats. In particular, it is the publicly available traces we leave behind that expose us to online harassment.

However, there are also many '''strategies''' and '''tools''' we can use to shape or control our digital shadows, to increase our privacy, and ultimately to be more secure, both online and offline - without being less vocal or reducing our activity online.

Some examples of these include controlling the amount of data we give away by consciously stripping valuable information from content and metadata; trying the art of self doxxing; and thinking about ways to play with and break up our online identity.

==== '''What is a digital shadow?''' ====

Our digital shadows can be defined as the stories data tells about us. These digital shadows are created by trillions of bits of data, digital traces we leave everyday when we connect to the Internet, our mobile phone and online services. Our digital shadows have a life of their own, are affected by others and change in unpredictable ways. Our digital shadows grow continuously, can be permanent permanent and we have little control over them. These traces are a spectre of our past and present activities, which melt together in a permanent and ever-changing profile.

''How are these trillion bits of data created?'' The devices and the software we use to browse the Internet, access websites, connect to social networking platforms like Facebook and Twitter, publish blog posts, receive phone calls, send SMS messages or emails, chat, or buy things online, all create specific bits of data about us. These bits of data can include our name, location, contacts, pictures, messages, tweets and likes, but also the brand of our computer, length of our phone calls and information about which websites we visit. These data traces can be put out there by ourselves as well as other people.

''How do we share data?'' In some cases we '''actively '''share data – for example when we share photos on Facebook, book a flight ticket online or contribute to a wiki. Other people can also actively share data about us, by tagging us in pictures, mentioning us in tweets or simply by communicating with us. In other cases, we give away data without necessarily realising it, or consenting to it.
Our browsing habits and IP address are shared when we visit a website by means of "cookies" and other tracking technologies, which are active in the background. These technologies are embedded in the websites we visit, and the information shared is collected for a wide range of purposes, from website analytics to advertising. Our mobile phone apps also collect data on us without our active knowledge or consent – for example, the photos we take usually have location data embedded in them. These tracking technologies enable web services to identify and follow us as we move from one service to another - from our internet browser to the IM (instant messaging) app in our smartphone, from downloading e-books in our readers to publishing pictures from the latest protest we have covered.

''What is data?'' Data can be broken into three parts: ''content'', ''metadata'' and ''noise''. '''Content''' is the content of our messages, blogs, tweets and phone calls; it is our pictures and videos. '''Metadata''' is data about data, information that is needed for the technological infrastructure to work. Metadata enables our email to be delivered, help find files on our computer and permit mobile communication. Metadata can be our email address, phone number, location, time and date when a message was sent or stored. '''Noise''' is the data that is created by either the manufacturing process or by the workings of the infrastructure. For example, every camera has an SD card to record and store pictures. Every SD card has unique scratches that were created by the machines producing the SD cards. These scratches make small changes to the data that are not visible to the eye but can be recognized by computers.

==== '''Who is collecting our data, and why?''' ====

We might wonder about the importance of one picture or one message, or think there is so much data out there that nobody knows what to do with it. However, data collection and data analysis has become very sophisticated.

The data traces you leave are collected, analysed and sorted by various parties to create digital shadows, or '''profiles'''. Every time a new piece of data is collected, it can be identified and added to your profile. These profiles are ever-expanding, and give those who create them or who have access to them an immense insight into who you are.

Data is collected by companies, governments and individuals for a variety of purposes. It can be bought and sold; it can be used to control; or it can be used to create harassment strategies.

Our digital shadows or profiles can be used to gain insight into who we are, what we do and where we have been. This data can then be used to make predictions on what we might do or where we might be in future. For example, if someone knows that we are an outspoken blogger on gender issues in country x, they know that we will probably be present at a conference on blogging and women held in that country. Profiles can also give potential harassers the ability to harass us across different platforms.

Anyone could potentially have access to our digital shadow – including communications service providers, law enforcement agencies and commercial companies, as well as groups and individuals running their own servers. We can't know exactly what is happening to our digital shadow, and that itself is a problem.

However, there are tools and tactics we can use to manage our digital shadows and to limit their ramifications in terms of profiling and surveillance. This will be discussed in the rest of this section.

==== '''Exploring our own digital shadow''' ====

As we mentioned before, anyone can potentially access to our digital shadow – including communications service providers, law enforcement agencies and companies, as well as groups and individuals running their own servers. We cannot know precisely what happens to our digital shadow and that itself is a problem. But there are tools and tactics to manage our digital shadow and to limit its ramifications in terms of profiling and surveillance.

Some good places to start are:

* Exploring our individual digital shadow with '''Trace My Shadow''' – https://myshadow.org/trace-my-shadow – a tool launched by Tactical Tech, accompanied by a website that offers a lot of tips on how to protect our privacy and control our digital shadow: https://myshadow.org
* Identifying and materialising social networks across our online and physical activities: John Fass, researcher and designer at the Royal College of Art, has created some activities to materialise our social networks and browser history ' ''[insert link].'''
* Seeing through the eyes of our mobile phone by installing a tool called '''openpath.cc'''. Some of our apps can see the same things. Read the Terms of Service carefully and explore if you can change the access settings in your phone. On an iPhone we can change the permissions for each app under its privacy setting.

==== '''Controlling what we share: content and metadata''' ====

The good news is that we can partly control what content and metadata we give away.

When we publish content on the web, it is always a good idea to ask ourselves if what we are posting is public or personal and who could have access to it. Even if the information is connected to a public event and not to our personal lives, the names we mention or the images we upload may contribute to a picture about who we are, what we are doing, where we are doing it and so on. This could be used by people who wish to target us.

This does not mean that we should silence ourselves – by taking some basic measures, we can limit our risks by increasing the level of the effort that would be required to attack us or our contacts.

* When '''sharing personal details about our life''', we can use private profiles that can only be accessed by selected contacts. When using private profiles on commercial social media, we should be aware of the regular changes to the privacy policies of that platform. This can have an impact on how “private” our profiles are. There have been cases where privacy settings have been changed, exposing pictures, content and the conversations of private groups.

* When '''writing or posting images about public events''' on the web and on publicly accessible social network profiles, we should ask ourselves if the information we spread about single individuals, places and other details could be used to identify and/or attack someone. It is always a good idea to ask for '''permission''' to write about individuals and perhaps also to post information on public events only after they are finished.

* '''Faces in pictures can be anonymised''' with a tool called ObscuraCam, a free camera application for Android devices. https://guardianproject.info/apps/obscuracam

* '''When giving personal information to a web service''', it’s best to use HTTPS so that the communication channel is secure (see the section on security measures for more on this).

* '''Use strong passwords''', and '''use different passwords''' for each web service you use - if you you the same password for multiple services and someone intercepts your password for one of these services, they could use it to access your other accounts.

* When '''registering a device''' or software such as Microsoft Office, Libre Office, Adobe Acrobat and others, not usingy our real name can help prevent the metadata created when using this device or software from being connected to you. You can also '''switch off the GPS tracker''' in your phone or camera.

* Some file types contain more metadata than others, so '''when publishing contents online''' you can change files from ones that contain a lot of metadata (such as .doc and .jpeg) to ones that don’t (such as .txt and .png), or we can use plain text.

* '''Remove metadata from image files''' by using Metanull for Windows: https://securityinabox.org/en/lgbti-africa/metanull/windows

* For '''editing or removing hidden data from PDF files''', Windows or MAC OS users can use programs such as Adobe Acrobat XI Pro (for which a trial version is available). GNU/Linux users can use PDF MOD, a free and open source tool. However, it doesn’t remove the creation or modification timestamp, and it also doesn’t remove the information about the type of device used to create the PDF.

* For more on '''removing metadata from different file formats''', see Tactical Tech's https://securityinabox.org/en/lgbti-mena/remove-metadata.

* You can '''prevent the tracking and collection of metadata''' through your browser by installing add-ons like '''Privacy Badger''' or Adblock Plus, as well as by monitoring our privacy settings and deleting cookies on a regular basis.

* Using '''Tor''' will '''hide specific metadata like our IP address''', thereby increasing our anonymity online.

===='''Social domains'''====

As security expert Bruce Schneier explains, “Security is a chain, and a single weak link can break the entire system”.

Each of us belongs to several '''social domains''' - our work or advocacy networks, our family networks, friends, and sports teams.

Some of these networks may be more secure than others. For example, we may tend to have a more secure communication practices for our work or advocacy activities, but less secure practices for interacting with friends on a social network. Areas where these domains intersect can turn into a threat to our security.

If we use a single identity in all our domains, it becomes easier to gather information about us and to identify our vulnerabilities. For example, if we reveal in a social network that we like a particular kind of game and that we download files with a p2p program like Emule, an attacker who wants to investigate our work or advocacy activities might trick us into downloading a game which is infected with spyware.

This attacker is interested in our advocacy activities, but knows that we have increased privacy and security measures for that part of our lives. The attacker also knows that our love of games is a digital weak spot as this network is not encrypted. Thus the attacker can exploit this part of our lives to gain access to another, more secure part.

This is only possible, however, if our work identity and our Emule profile can be connected to the same person; and this is why separating our social domains can be useful. More on how to do this will be addressed later on, when we talk about identity management.

==== '''Self-Doxing''' ====

'''Doxing''' (also written as "doxxing", or "D0xing", a word derived from "Documents", or "Docx") describes tracing or gathering information about someone using sources that are freely available on the internet. This method depends on the ability of the attacker to recognise valuable information about their target, and to use this information for their own ends.

Doxing is premised on the idea that "The more you know about your target, the easier it will be to find his or her flaws”.

Harassers and stalkers use several tools and techniques to gather information about their targets, but since these tools and techniques are mostly public and easy to use, we can also use them ourselves. "Self-doxing" ourselves can help us to make informed decisions about what we share online, and how. Of course, these same instruments can also be used to learn more than is immediately obvious about someone we have met online before we give them our full trust.

'''Methods used for doxing''' include exploring archives, yellow pages, phone directories and other publicly available information; querying common search engines like Google or DuckDuckGo (https://duckduckgo.com); looking for a person's profile in specific services; searching for information in public forums and mailing lists; or looking for images that the target has shared (and for instance may have also published in another, more personal, account). But it can also simply consist in looking up the public information on the owner of a website, through a simple "whois search" (see the section on "Creating a site of one’s own").

We can use these same tools to explore what can be easily found out about us by others.

Before we start exploring these web services and looking for our digital self, a good idea is to use anonymisation tools like Torbrowser.

* Useful tips on how to self-dox are available here: https://lilithlela.cyberguerrilla.org/?page_id=93870
* For more about (self-)doxing tools and techniques, visit: https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk
* A useful (and creepy!) tool to learn what traces we have left behind in our Facebook account is Ubisoft’s '''Digital Shadow''', a Facebook app which illustrates what third parties can know about us through our Facebook profiles: https://digitalshadow.com

==== '''Can we remove our digital past? Creating new identities''' ====
''
"Once something is on the internet it will stay on the internet, as the internet does not forget".''

We may think that deleting certain sensitive data from social networks and web services may be enough to protect ourselves, but metadata cannot be deleted as easily. And using just one identity through our whole life - in all our work and personal domains - creates a bulk of information that could be used to profile or attack us.

One option to avoid this is to leave an old identity behind and create a new one or several new ones - one for each of our social domains. We might also choose to use our real identity in some areas, and our new alternative identities in others.

* When we create a new identity, we should select the contacts for each one carefully, and avoid sharing contacts with other identities we use for different activities. This effectively creates separate social domains, with separate accounts, mail addresses, browser profiles, apps, and possibly even devices.

* It's important to make sure that our various identities are not linked in any way to each other, or to our real identity. Remember that some of these connections can be tenuous: for example, did you sign up for a new, pseudonymous Gmail account using your real phone number?

* Treating each of our extra identities as potentially disposable can be useful, as they can be discarded easily if it is compromised.

* Disposable identities can be created for new acquaintances where appropriate – introductory profiles we can use to get to know somebody before we include them in a more trusted network.

To learn more about how to separate different identities into separate profiles, read the section on “Managing multiple online identities”.

==== '''Deleting identities''' ====

If we decide to separate our domains by creating multiple identities, one of the first decisions we should make is whether to delete or keep the identity or identities that we already have.

To do this, we can start by investigating the traces of our existing identity or identities. (for methods and tools for following your own digital traces, see "Exploring your digital shadow" and "Self-Doxing").

If we want to delete existing accounts:
* The '''Suicide Machine''' (http://suicidemachine.org/) is a tool that facilitate the process of deleting social network profiles. The Suicide Machine was forced to stop deleting Facebook accounts, but instructions on how to do this are here: https://www.facebook.com/help/224562897555674
* '''AccountKiller''' (https://www.accountkiller.com) has instructions on how to remove accounts or public profiles on most popular websites.
* '''JustDelete Me''' (http://justdelete.me) is a directory of direct links to delete accounts from web services.

==== '''Mapping our social domains''' ====
To separate our social domains, it's helpful to first map them out and identify which ones could expose us most to cross-domain attacks.

We can do this by thinking about our different activities and networks, and reflecting how sensitive each of these is. This will enable us to better separate the domains that are sensitive from those that are not.

Partitioning one’s digital life into separate social (or "security") domains requires some thinking.

Polish computer security researcher Joanna Rutkowska has worked extensively on this, to the point that she developed a security-oriented Linux distribution based on the concept of “security by isolation” (called Qubes OS). In this system, each social domain is isolated in a separate virtual machine. While Rutkowska's scheme is quite sophisticated and focused on her operating system, it can give us interesting insights on how to start thinking about separating our domains.

The three basic domains Rutkowska identifies for herself are “work”, “personal”, and “red” (the untrusted, insecure area).

* The '''work''' domain includes her work email, where she keeps her work PGP keys, where she prepares reports, slides, papers, etc. She also has a less-trusted “work-pub” domain for things like accepting LinkedIn invites or downloading pictures for her presentations. To add to this, she has a “work-admin” and a “work-blog” domain, in order to get a further level of security for managing her company’s servers and for writing on her blog.

* The '''personal''' domain includes all the non-work-related stuff - such as personal email and calendar, holiday photos, videos, etc. She adds to this with a special domain called “very-personal”, which she uses for the communication with her partner when she is away from home. The couple uses encrypted mails to communicate, and she has separate PGP keys for this purpose.

* The '''red''' domain, on the other hand, is totally untrusted. This is where her disposable identities or profiles belong. Rutkowska uses this domain to do everything that doesn’t fit into other domains, and which doesn’t require her to provide any sensitive information.

* Besides these three main domains, Rutkowska has several other separate domains. One is dedicated to '''shopping''', for accessing e-commerce sites. What defines this domain is access to her credit card numbers and her personal address (for shipping). Then there is the '''vault''' domain, the ultimately trusted place where she generates and keeps all her passwords (using KeePassX) and master GPG keys. Finally, she has a domain for all the Qubes development ("qubes-dev"), one for '''accounting''', and another one for '''work archives'''.

Of course we don’t have to separate our domains in such a complex way, and using Qubes Os to keep them separated is just one solution – and one that requires a powerful machine to run on. Yet Rutkowska’s reflections on domain mapping can be an enlightening starting point to analyse our activities, and to separate our social domains for enhanced security.

* Joanna Rutkowska’s article on security domains can be found here: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

=== '''2. Assessing risks and potentials: how to choose which online identity fits our purpose''' ===

==== "'''Real" or virtual identity?''' ====

Once we have identified our different social domains and the digital activities and contacts that go with them, what we need to do is decide if we want to differentiate our identities accordingly, or if we'd rather stick to our official name and true face for each of them.

We may want to keep our work connected to our legal or "real" identity, or think that our activism should be anonymous, but these are decisions that need to be thought about carefully.

For example, a journalist who finds it convenient to use her real identity for her writing may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together.

On the other hand, if an activist decides that she wants to use a pseudonym for her online activities, she should consider that she will be showing her face in all her connected activities in the real world, such as speaking at conferences or participating in demonstrations. Her online pseudonym will therefore be linked to her face; but her face could also be linked to her real name on social networks, and her online activist identity unmasked.

In assessing which identity to use in a given context, it's helpful to consider the following questions:

* Would my job, livelihood or safety be at risk if my real identity were known in this context?

* Would my mental health or stability be affected if my participation in X were known?

* Would my family or other loved ones be harmed in any way if my real identity became known in this context?

* Am I able and willing to maintain separate identities safely?

Once we have '''assessed our risk,''' we can then consider different strategies for separating our identities online.

For more on assessing risk, visit: https://ssd.eff.org/en/module/introduction-threat-modeling

==== '''Strategies for separating identities online''' ====

'''strategies''' for maintaining separate identities can range range full transparency to full anonymity.

Author Kate Harding talks about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers to follow practices like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers... masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”.

Instead of putting responsibility on women, Harding says, problems of harassment should be handled by society as a whole, including men. However, she also acknowledges that the decision is dangerous one.
http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name

In "The Girl's Guide to Staying Safe Online," Sady Doyle writes that while becoming visible "creates a specific vulnerability", giving up on our online activities is exactly what the misogynists and harassers expect from us - and so the best way to ‘stay safe’ online may simply be to stay online. "After all: If there’s no one left willing to complain about the harassment, what are the odds that it’s going to change?”
http://inthesetimes.com/article/12311/the_girls_guide_to_staying_safe_online

As such, we have several options available to us: We can attempt to participate online anonymously. We can use a "persistent pseudonym". We can identify fully with our real or legal name, or we can divide our online lives, using our real or legal name sometimes and a pseudonym at other times. The following section will explore the pros and cons of each option, so we can determine which options are best for each one of us.

==== '''Anonymity''' ====
Total anonymity can be both isolating and difficult to maintain, but is useful in settings where we don't need to gain other people's trust, when there are few or no people we can trust, or when we don't want to expose others in our life to risks.

Anonymity may be a good choice in certain specific situations, such as researching or participating in message boards about health issues, or when sharing sensitive information. We may wish to set up a one-time account, using a pseudonym, to comment on a blog or news site, or a one-time email account or chat session to discuss sensitive information with others.

On anonymity, Vani, a human rights activist, writes: “I am a regular social network user. I voice my opinions on a range of topics. But I remain faceless and nameless”. [http://internetdemocracy.in/media/women-bloggers-seek-safety-in-anonymity speaks of their participation on social networks anonymously]

But while anonymity is a good option in many situations, it can also be dangerous in some countries, where it can signal to the state police that the author thinks they are doing something wrong. This strategy can also be lonely: “Anonymity also isolates you”, a blogger writes. “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”

Anonymity differs from "persistent pseudonymity". When we adopt anonymity as a strategy we may use pseudonyms, but these pseudonyms are not used across different networks or social domains, and some may only be used once and then discarded. For more information on how to be anonymous online, see '''Anonymizing tools'''.

==== '''Persistent Pseudonymity''' ====

Persistent pseudonymity involves using a pseudonym consistently over a period of time.

The Oxford English Dictionary defines a pseudonym as "a fictitious name, especially one used by an author." In the age of the internet, a pseudonym may also be referred to as a "nickname" or "handle", though the latter can also be tied to a person's legal identity.

Jillian C. York, in a blog post for the Electronic Frontier Foundation, writes: "There are myriad reasons why individuals may wish to use a name other than the one they were born with. They may be concerned about threats to their lives or livelihoods, or they may risk political or economic retribution. They may wish to prevent discrimination or they may use a name that’s easier to pronounce or spell in a given culture."
https://www.eff.org/deeplinks/2011/07/case-pseudonyms

Pseudonymous speech has played a critical role throughout history, says York. "From the literary efforts of George Eliot and Mark Twain to the explicitly political advocacy of Publius in the Federalist Papers or Junius' letters to the Public Advertiser in 18th century London, people have contributed strongly to public debate under pseudonyms and continue to do so to this day."

A pseudonym can be name-shaped (e.g., "Jane Doe") or not. At time of writing, some websites - including Facebook - require that users use their "authentic identity," which typically means using your legal name or the name by which you are commonly known. This policy has caused some users, such as a group of drag performers in California, to lose their Facebook accounts. If we choose to use a pseudonym on social networks, it is important to understand that a risk of doing so is being reported for using a "fake name" and having one's account deleted. A strategy for avoiding that is using a name-shaped pseudonym.
https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community

Persistent pseudonymity also offers us '''visibility'''. Visibility allows us to network with others, and by pinning our voice to a particular name we can develop an '''online reputation'''. An online reputation allows others to decide whether we are worthy of trust, and is therefore a crucial aspect in trust-based online communities. Reputation can be developed by consistently using a nickname or pseudonym that can either be connected to our legal identity, or not. The choice to connect our online reputation to our "real" name should be taken individually, according to needs and context.

It is also possible to maintain multiple pseudonyms (and reputations) for different purposes. For example, a person involved in the gaming community and LGBTQI rights activism may wish to maintain separate identities for each purpose, and can build trust within each community separately doing so.

==== '''Collective Identity''' ====

Another way to be anonymous is through collective participation. This could mean a number of things, from a private group or mailing list that puts out collective statements, to a shared Twitter account. While the same security concerns apply, working from behind a collective identity means having the power of the crowd behind you, and can be a good option if you don't wish to reveal your identity.

==== Comparing strategies ====

Whatever choice we make, what is important is that we keep our domains effectively separated.

No matter how many domains we identify in our digital life, and how many corresponding identities we create, on the internet every identity - even the one bearing our real or legal name - becomes a “virtual” persona and should be managed carefully.

''The pros and cons of the various identity options:''

{|
!
!'''Risk'''
!'''Reputation'''
!'''Effort'''
|-
|'''Real Name'''
|"+"
|"+"
|"-"
|-
|'''Total Anonymity'''
|"-"
|"-"
|"+"
|-
|'''Consistent Pseudonimity'''
|"-"
|"+"
|"+"
|-
|'''Collective Identity'''
|"-"
|"+"
|"+"
|-
|}

'''Real name'''

*''Risk'': Using your "real world" identity online means that you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.

*''Reputation'': Others can easily identify you; gaining reputation and trust is easier.

*''Effort'': requires little effort.

'''Total anonymity '''

*''Risk:'' can be beneficial at times, but can also be very difficult to maintain. Choose this option carefully.

*''Reputation'': few opportunities to gain trust and reputation, or to network with others.

*''Effort'': difficult; requires caution. Might also require the use of anonymisation tools (for example Tor.)

'''Persistent pseudonymity'''

*''Risk'': Pseudonym could be linked to our real world identity.

*''Reputation'': A persistent pseudonym that others can use to identify us across platforms is a good way to gain reputation and trust.

*''Effort'': Maintenance requires some effort, particularly if we are also using our real name elsewhere.

'''Collective Identity'''

*''Risk'': possible exposure of our real world identity.

*''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.

*''Effort'': Although secure communications are still important, requires less effort than total anonymity.

=== '''4. Creating a new online identity''' ===

==== '''What’s in a name?''' ====

The practice of naming varies greatly from one culture to another. While names, in one form or another, have existed across cultures for milennia, the concept of a "legal name" is a fairly new one.

Different countries regulate the practice of naming in different ways; for example, in Morocco, names must be chosen from a government-approved list, while in Germany a name must be clearly reflective of the baby's gender.

On the internet, platforms that have "real name" policies tend to base this judgement on an individual's legal name, rather than allowing them to identify as they choose. This can be problematic, not only for individuals trying to remain anonymous, but also for transgender individuals, individuals with mononyms, and others.

Because of such restrictions, it can be beneficial to select a "name-shaped" name when choosing a pseudonym. If we want to use commercial social networks, it is better to use a credible name and surname rather than more imaginative ones. Many companies will require that we use both a first name and surname, or a name that doesn't contain any slang terms or profanities.

Once we have decided on a name, a surname, and a username for our virtual persona, we should do thorough research - perhaps also using doxing tools and techniques (see the section on Self-Doxing) - to find out if someone else is already using that name. After all, if we wish to develop our own reputation, we don’t want to be confused with someone else, especially if they don’t share our views of the world!

==== '''Writing our own story''' ====

The practice of “story telling” (and of creating a social mask, for that matter) is an old one, and creating a new persona with a story makes it a lot easier to maintain the role.

We can base our story on a “known” person’s story, a superhero, a fictional character from our favourite novel, or adopt a “group identity” like Anonymous/Anonymiss or the Guerrilla Girls. If we feel particularly inspired, we can invent a new story.

The main point is that when we create an identity we should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in order to become credible.

This page offers some helpful tips for inventing a new identity: http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed

==== '''Creating a credible persona''' ====

A virtual persona or identity can't be just a name with a mail address and a series of web accounts. If we keep all our normal identifying traits - such as our gender, job, attitude or the way we write - it might be possible for someone to connect the dots and connect our pseudonymous personas with our real identity.

* ''Linguistic fingerprint'': One of the things to consider is our '''linguistic fingerprint'''. This could be identified through a so-called "stylometric analysis" using tools that are increasingly usable, even for non-experts, that make it possible to identify the author of a particular text. We can, for example, give away our real identity through our particular way of writing certain words, our typical typos, and our style and tone. To change this, we can start by using a spell-checker in our word processor to check for consistent typos. We could also think about adopting a different writing attitude. To keep it simple, we could adopt one simple rule for each persona, e.g. making them shout by only using capital letters, or be a low-talker with a lower-case style, or very excitable, with a lot of exclamation marks, or a spelling criminal, always putting apostrophes in the wrong place or mistyping words. What we decide to do with our writing style should match the character we choose for our new identity.

* ''Work'': To be sure that our pseudonymous avatar cannot be tracked back to us, our persona should have a job that is different from ours, but not so different that we don’t know anything about that field: for example, they shouldn’t be a surgeon if we don’t know anything about anatomy!

*''Skills and interests'': Similar considerations should be made to select our persona's skills and the main topics they focus on and write about. These can, of course, overlap - for example a journalist who writes about national politics may have an alternative identity that talks about national politics as well, but only casually (and their main interest will be something different, like carpentry or feminism or food).

*''Psychological attitude'': As for psychological attitude, a good rule of thumb is to give our persona depth by creating some "weak spots" - but choosing them carefully so that, if the weak spot is attacked, we are able to weather the strikes and even have some fun in the process. For example, if we have a very strong sense of humour, we could choose a severe lack of humour as our persona's biggest weakness, so that if that weakness comes under attack we can enjoy impersonating a humourless persona without really being psychologically harmed.

What is most important is to remember that on the internet, each one of our identities - even the one connected to our real name - is a “virtual” identity, and it is always better to decide what character traits we want to expose in each of them. Creating a somewhat fictional character can be a good idea even for our “real” online identity.

More about how to create a rounded character for our identities here: https://lilithlela.cyberguerrilla.org/?page_id=94049

==== '''Creating online profiles''' ====

Once we have created several personas, it's important keep them separate in both our physical and digital lives. While keeping notes on our identities might help ensure that we remember our story, there are technical measures we can take to make sure that our profiles stay separate.

A good start is to create different '''browser profiles''', '''mailboxes''' and '''social network accounts''' for each of our identities. A good rule of thumb is to always use different apps for each account/identity and, if possible, to separate our identities per device or operating system (see '''6. A different machine for each identity''').

==== Creating separate browser profiles and mailboxes ====

''Browser profiles:'' To create multiple profiles with Firefox, visit: https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles . For Google Chrome, visit: https://support.google.com/chrome/answer/2364824

''Mailboxes:'' When creating a new mailbox, it is always a good idea to connect to the server’s website with '''Torbrowser''' and, if a contact email address is required, to think about using a disposable email address instead.

===='''Disposable email addresses''' ====

For some activities and social domains we need to manage rounded personas, in order to gain a strong reputation and trust from other members of the community. In some cases, however, all we need is a '''disposable email address''' that we only need to use once or few times, for example for opening an account in an untrusted platform.

Even if we decide to have just one identity online, using disposable email addresses prevents sites from building up a history of our activities and ensures that if that account gets compromised we can simply delete it and create a new one, keeping our digital life intact.

* ''Creating a disposable email address'': There are many services that offer disposable email addresses. Some of the most privacy-oriented are:''' '''https://anonbox.net'''<nowiki/>''', offered by the Chaos Computer Club, and '''https://www.guerrillamail.com'''

* ''Tools to generate personal details'': Making the process of creating a disposable account easier, '''Fakena.me''' (https://fakena.me) is a privacy-oriented '"fake name generator" that provides everything for you - from a credible name, birth date and (US-based) address, to a user name and password and a link to the connected guerrillamail mailbox. Another similar service, called '''Instant Internet Decoy''' (https://decoys.me) creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.

* ''Using existing disposable email addresses'': We can also make use of existing fake or disposable email accounts. '''BugMeNot'''(http://bugmenot.com) allows people to share their email logins and passwords created for platforms with free registration, for anyone to use.

==== '''Mail aliases''' ====

Another option is to create a '''mail alias''' - a different email address that is connected to our main mailbox. The advantages of this approach are that this email account will not expire, and if it gets compromised we can just dispose of it and create a new one. But of course if the alias receives a lot of spam, it will fill our main mailbox.

While not every mail service allows users to create mail aliases, this service is offered to every mail user of '''Riseup '''(https://we.riseup.net) and '''Autistici/Inventati '''(https://www.autistici.org), two secure, autonomous servers that are particularly focused on the right to privacy and anonymity.

==== '''Managing our identities on social networks''' ====

Note: When we use social networking platforms, we should always access them with a secure HTTPS connection.

When creating an account for a new persona on a '''social networking platform''', use the browser profile you have created for that persona. Make sure to check the '''privacy settings''' so that you know what you are making public, who can see what you post, who can contact you, who can look you up and what your contacts can do (can they tag you in pictures? can they write on your "wall"?)

Also be very careful about the''' profile information''' you provide, as well as the profile picture and cover photo you use, as these are generally publicly available to anyone who looks for us in that social network, regardless of our privacy settings.

It's also crucial to make sure your contacts do not overlap with your other identities, and to make sure your different identities don't "follow" one another. It is particularly not a good idea to follow your pseudonymous accounts with your "real" identity. If someone is looking to unmask one of your pseudonymous personas, the first thing they will look for is who the account follows, and who follows the account. For the same reason, we should avoid reposting posts or other content published by one account with another account.

Most social networking platforms will display your location where they can. This function is generally provided when we interact with the platform using a GPS-enabled phone, but it can also happen if we are connecting from other devices - for example the network our computer is connected to may also provide location data. It's always a good idea to double-check your settings - particularly on photo and video sharing sites.

Photos and videos can also reveal a lot of information without you realising it. Many cameras will embed metadata into your photos, which can include the date, time and location of the photo, camera type, etc. Photo and video sharing sites may publish this information when we upload content to their sites.

If we access social networking platforms via mobile apps, it is better to use a different app for each separate account, so as not to post something to the wrong account by mistake. There are several apps which can be used to manage social networking platforms - you just need to choose a different one for each identity, to reduce the risk of giving away our real identity.

Another trick to hide our trails is to publish from our various accounts at different times of the day. Some social networks, like Facebook, allow users to schedule the publication time of their posts, while for others, like Twitter, there are several apps that can do the job for us.
* To schedule a post on Facebook, read:https://www.facebook.com/help/389849807718635

* There are several apps to schedule a post on Twitter and other social networks, like Buffer – https://buffer.com – or Postcron https://postcron.com
Two further good hints for using social networks with multiple identities are to follow other people who could reasonably be considered the owners of our fake account, and to write (and hashtag on Twitter) posts about events that we are not attending, especially if they are taking place far away from us, to further distance our personal identity from our pseudonymous identities. It may also be fun to publish and then delete posts that look like we have exposed our identity, so as to further confuse anyone who may try to track us down.

Finally, whatever social network we decide to use, we should always read its terms of service to check if they suit our purposes well. And if we find them too complicated, we can check the website Terms of Service; Didn’t Read (https://tosdr.org), where terms of service of many social networks and web services are easily summarized for common mortals.

==== '''Alternative social networks''' ====

For the sheer number of their users, mainstream commercial social networks like Facebook or Twitter are extremely useful if our aim is to publicize as widely as possible an event we are organizing or a project we are launching. Nevertheless, when we advertise our initiatives, we should remember that these platforms have very strict terms of service that could justify their decision to terminate our accounts if they find that our contents infringe their rules (for more, read: http://www.aljazeera.com/indepth/opinion/2013/05/20135175216204375.html)

Moreover, as is well known, with commercial social networks users are not the costumers, but the product, because they are profiled and sold to advertisers. If we add to this the ever-changing terms of service and policy and the interactions with other apps and features that make it very difficult to understand clearly what happens to our data, the best solution is to avoid commercial social networks as much as possible, and to limit their use to specific projects we want to publicize to a wide audience.

But social networks are not always profiling their users: there are alternatives that give much more freedom to their users and don't profile them.

On of these, '''Ello''', explicitly states in its manifesto that “You are not a product” and has become famous, particularly in the trans* community, for not requiring real names, a rarity amongst commercial social networks. Consequently, its number of users has grown and this can be a good alternative to mainstream commercial social networks for achieving the critical mass of readers we need to spread our ideas and initiatives. Nevertheless, Ello is still a commercial project, and there are alternatives that are community-based, distributed rather than centralized, based on free and open-source software and privacy-friendly. Among these, '''Diaspora '''(https://joindiaspora.com), '''Friendica '''([https://friendica.com)and https://friendica.com)] and '''Crabgrass '''(https://we.riseup.net) are especially worth mentioning.

Other similar sites may be popular in different regions, so we way wish to explore other options. Before choosing one, we should consider the following points:
* Does it provide connection over '''SSL''' (like ''HTTPS'') for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
* How are your content and personal data treated in the End User Licence Agreement and Privacy Policy or Data Use Policy? With whom are they shared? For a useful add-on which helps users understand the Terms of Service of many popular sites, see '''Terms of Service; Didn't Read''' – https://tosdr.org
* What privacy options are provided for users? Can we choose to share our videos securely with a small number of individuals, or are they all public by default?
* '''Is the geographical location of the servers known?''' Under which territorial jurisdiction do they fall? Where is the company registered? How does this information relate to the privacy and security of our email activity and information?

==== '''Creating a site of one’s own''' ====

Some of us may be content with the tools we have discussed so far, and writing in our social network accounts, especially if we have found a more privacy-friendly option (see '''5.3 Alternative social networks'''), may be all we need to voice our opinions and to''' '''interact with a network of people (or with several networks, if we are using different identities when writing online). On the other hand, we may want a more independent platform to spread our ideas, plans or creations, and to do that we can create a website or a blog.

Creating a '''blog''' is as easy as signing up in a web service and choosing a name and a nice theme for our blog, and there are several blogging platforms around that are both user-friendly and free, like '''Wordpress.com'''. Equally based on the free and open-source blogging tool Wordpress, but with some tweaks for additional user privacy, there are two security-oriented platforms that are managed by autonomous servers: Autistici/Inventati’s (A/I) '''Noblogs '''– [http://noblogs.org/ http://noblogs.org] – and Nadir’s '''BlackBlogs '''– [http://blackblogs.org/ http://blackblogs.org]. To open them, all that is needed is to have an email account hosted in an autonomous server (see <nowiki/>https://www.autistici.org/en/links.html <nowiki/>and <nowiki/>https://blackblogs.org/policy <nowiki/>respectively for a complete list).

All these platforms offer enough space for normal blogging activities and are very easy to use, but if we want to actively create our site from scratch, perhaps because we want a complex graphic layout or need to install particular tools that are not offered by Wordpress and its plugins, what we really should do is find some space in a server for our '''website''' and perhaps to associate it to our domain of choice.
* Webhosting services are many, but since they generally aren’t free, the options to stay completely anonymous are reduced to creating a website with '''A/I''', which by default does not connect the users of its services with real identities. To learn more about Autistici/Inventati’s webhosting service, visit: https://www.autistici.org/en/services/website.html

If we want to have our own '''domain''', bypassing payments and identifications may get difficult unless we use Bitcoin or another anonymous payment system, and the personal data we will provide will not only be stored in the registrar’s internal archives, but by default will also be recorded in a database that can be easily queried by anybody through a simple command (whois) or on several websites such as Gandi: Whois (https://www.gandi.net/whois). To avoid this, we can register our domain giving the data of an association and using a prepaid credit card that is not connected to our data (if available in our country), or else we can use a registrar like Gandi.net ([https://www.gandi.net/ https://www.gandi.net]) that offers private domain registration for individuals whenever possible.

=== '''5. Managing collective online identities''' ===

==== '''Collective virtual personas''' ====

From General Ludd to Captain Swing, from the Guerrilla Girls to Luther Blissett to Anonymous, for centuries several groups and like-minded people have participated anonymously in historic protest movements or have created ground-breaking and provoking artworks or pranks attributing them to a collective pseudonym that, besides hiding their identity as individuals, has shrouded their feats in an aura of myth and almost magical power.

Several essays have been written on the topic, and the fascination of pseudonymity and shapeshifting has perhaps its roots in the dawn of humanity, but what counts is that we can choose to adopt a collective identity that already exists, like Anonymous/Anonymiss, or create a new one that we want to share with our own group or with the rest of the world.
* A very interesting study on multiple identities online is anthropologist Gabriella Coleman’s book ''Hacker, Hoaxer, Whistleblower, Spy. The Many Faces of Anonymous ''(2014), based on an anthropological research on how Anonymous has become a well-known and powerful collective identity with multiple faces and attitudes.

* In her PhD dissertation ''Networked Disruption. Rethinking Oppositions in Art, Hacktivism and the Business of Social Networking ''(2011), Tatiana Bazzichelli also describes how multiple identities have been used to disrupt the fundamental notions of power and hegemony on which Western culture is based, and how this works in the web today.

==== '''Managing collective identities... or simple collective accounts''' ====

While the collaboration of many individuals can help creating a rich collective identity that is even more credible, given the many character traits we can think up with an enthusiastic, imaginative group of people, managing a collective project may have some further security and technological challenges we should keep in mind.

As we stressed above, security is a chain, and a single weak link can break the entire system. Therefore, our security and anonymity depend on the precautions each member of our group takes. We may decide that we don’t want to be absolutely anonymous, that our close friends can know about our collective activities, and the degree of security we may want to attain for our group depends on the possible threats we face and on our adversaries’ power and skills. Nonetheless, there are some important assets we would certainly not want to loose, like for instance the password to our collective mailbox or to our group’s social network accounts. Therefore, if we decide that we are going to share those passwords with the whole group, we’d better train each member on how to store a password securely or make sure that they have learnt the password by heart and don’t keep it on a post-it next to their desk at work (see '''3.2 Creating and using strong passwords''').

Whenever possible, we should try to use services that provide for different accounts and passwords. For example, instead of using a single mailbox for contact, we may create a mailing list that allows non-subscribed people to write to it and have all the members of the group subscribe to it, so that if someone writes to the group they can all read the e-mail in their own mailbox rather than in a collective one with a dangerously shared password. Similarly, if coordination really needs to happen through Facebook, it is much better to share information in a dedicated group rather than do everything within a collective account (which also risks to be deleted due to violation of the terms of service, see '''2.3 Persistent Pseudonymity''' and '''5.2 Managing our identities on social networks''').

=== '''6. A different machine for each identity''' ===

If we use the same operating system for our several identities, no matter how carefully we separate our profiles, we can still make a human mistake, for example connecting to a pseudonymous account through the browser profile we have assigned to our true identity, or get infected by a malware that allows our attacker to monitor all we do online, with all our identities, and connect dots together.

Both risks can be limited by using a virtual machine for each of our domains, and by reserving yet another virtual machine to opening fishy attachments in order to avoid a malware infection.

As the name suggests, a virtual machine (VM) is basically a simulated computer with its own OS which runs as software on our physical computer. We can think of a VM as a computer within a computer. Installing and running a virtual machine is not very complicated, and there is very good documentation around. For our purposes of anonymization, the best available option is to install '''Virtualbox''', an open-source, cross-platform virtual machine monitor (https://www.virtualbox.org), and to run Whonix in a virtual machine created with Virtualbox.

==== '''Whonix: compartmentalizing our identities through a secure virtual machine''' ====

'''Whonix '''(https://www.whonix.org) is an operating system that aims at protecting our anonymity, privacy and security by helping us use your applications anonymously. A web browser, IRC client, word processor and more come pre-configured with security in mind. It is a complete operating system designed to be used in a virtual machine. It is Free Software and based on '''Tor''', '''Debian''' GNU/Linux and '''security by isolation'''.

Whonix’s website offers a wide documentation, ranging from very clear installation and usage instructions to thorough recommendations on security and the risks we may run: https://www.whonix.org/wiki/Documentation

==== '''Tails: a live system that leaves no traces''' ====

Using virtual machines, Whonix in particular, is a good idea if we have our own computer where we are free to install whatever we want, especially if it is a powerful machine. But if we use an older box or just connect to the internet from cybercafes, installing a virtual machine becomes unsustainable. In this case, we may turn to a live Linux distribution, a USB-stick with a Linux operating system installed on it that runs in the computer we are using as soon as we switch it on.

A particularly secure live distribution focused on security and anonymity is '''Tails''', or '''The Amnesic Incognito Live System''', a free and open-source Debian-based Linux distribution that can be started on almost any computer from a DVD, USB stick, or SD card and forces all its outgoing connections to go through Tor, blocking direct, non-anonymous connections.

When we launch Tails, we have a complete operating system that, just as Whonix, comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc. With Tails, we can access the internet, communicate, and do all we need anonymously and securely and, after the computer is shut down, the system will leave no traces on the machine unless we ask it to do so.

As with Torbrowser, it is not advisable to use the same Tails session to perform two tasks or endorse two contextual identities that we really want to keep separate from another, for example hiding our location to check our personal email and publishing a document on our pseudonymous blog.

The first reason is that Tor tends to reuse the same circuits, for example amongst a same browsing session, making it easier for a powerful adversary to correlate the several browsing requests as part of a same circuit and possibly made by a same user. Second, in case of a security hole or a misuse in using Tails or one of its applications, information about our session could be leaked. That could reveal that the same person was behind the various actions made during the session.

T''he solution to both threats is to shut down and restart Tails every time we are using a new identity''.

==== '''Security by isolation: Qubes OS''' ====

There are three approaches to digital security: the first one is '''security by obscurity''', which is based on encryption, strong passwords and similar measures and acts as a first line of defence, as a deterrent that will discourage random attacks but is not likely to stop someone who is directly targeting us; then there is '''security by correctness''', whereby software developers try to get rid of bugs that make their code vulnerable. But modern software is very complex, and it is almost impossible to do this job perfectly. Therefore, the most pessimistic, and realistic, approach is '''security by isolation''', which gives for granted that security measures can be vulnerable and focuses on harm reduction by stopping possible attackers from accessing the whole system that we want to secure.

In order to implement security by isolation, for instance, '''Whonix''' is divided into two parts: Whonix-Workstation, which is the system we access for our work, and Whonix-Gateway, which routes all internet traffic through Tor and, by being isolated from the workstation, averts many threats posed by malware, misbehaving applications, and user error.

But while Whonix needs a virtual machine to run on and its main focus is anonymization, there is an operating system that has security by isolation as its main purpose and that can make life a lot easier to someone who manages several social domains and/or identities in her digital life.

Called '''Qubes OS''' – https://www.qubes-os.org – and developed by computer security researcher Joanna Rutkowska, Qubes is a free and open-source security-oriented operating system based on '''Fedora''', a Linux distribution, and '''Xen''', a virtual machine monitor (or hypervisor), that allows us to separate the various parts of our digital life into securely isolated virtual machines. Qubes keeps the things we do on our computer securely isolated in these different VMs so that if one virtual machine gets compromised, the other won’t be affected. This way, we can do everything on a single physical computer without having to worry that one successful cyberattack harms our whole system, potentially revealing all the connections among our several identities.

A plus of Qubes OS for the purposes of multiple identities management is its user-friendly window manager, that assigns a different colour to each domain. Thus, the colour of the frame makes each window clearly recognizable as belonging to the domain corresponding to that colour and prevents potential human mistakes in the management of our identities.

==== '''Tails, Whonix, Qubes OS: how to choose''' ====

The three tools we have described in the last few paragraphs – Whonix, Tails and Qubes OS – all allow us to use a completely separate operating system for managing our alternate identities, and can be quite useful to make sure that we don’t reveal our true identity while we use the anonymous one(s). Still better, if we can afford it, would be to have a different machine for each of our identities, as well as an air-gapped one to store our most sensitive data. Of course, the choice depends on the resources we can dedicate to securing our digital life and on our threat-model, especially on the adversaries we expect to face: if we are pretty sure that in our country harassers work together with the regime to slander (or worse) people like us, we may want to be absolutely sure that none of our data is leaked and – if we have enough funds or are connected to a network of hacktivists – we may decide to ask for an expert’s help to check that we have taken all the necessary measures to keep doing an efficient work and to stop any ill-intentioned actors from tampering with our data. On the other hand, if we feel sufficiently protected by our community and/or by our government, and we expect our adversaries not to be very skilled in technological matters, perhaps all we need is to separate our browser profiles and mailboxes, to use a secure HTTPS connection and some basic common sense and to keep developing a network of support for vocal women online.

If we think that using a different operating system is really necessary, or that it can be helpful to keep things logically and graphically separated (or we just want to explore all the possibilities we have for the fun of it!), we should assess our resources and our needs in order to identify the best solution for us.

''Comparison between Tails, Whonix and Qubes Os:''
{|
!
!'''Tails'''
!'''Whonix'''
!'''Qubes OS'''
|-
|'''Required hardware/software'''
|"x86 compatible and/or Virtual Machines; DVD, USB stick, or SD card for booting the system"
|"x86 compatible pc with VirtualBox"
|"a powerful pc capable of running Qubes OS"
|-
|'''System requirements'''
|"lowest"
|"high"
|"highest"
|-
|'''Difficulty to install'''
|"medium"
|"medium"
|"easy"
|-
|'''Difficulty to configure'''
|"low"
|"medium"
|"high"
|-
|'''Learning curve'''
|"low"
|"low"
|"high"
|-
|'''Anonymization by default'''
|"yes"
|"yes"
|"no"
|-
|'''Security by isolation'''
|"no"
|"yes"
|"yes"
|-
|'''Pre-installed applications'''
|"nice selection"
|"not many"
|"not many, and some, like Tor or Virtualbox cannot be installed at all"
|-
|'''Persistence'''
|"no (available option)"
|"yes"
|"yes"
|-
|}

As we can see in the table above, '''Tails''' just needs a normal computer and a DVD or a bootable device to launch the system, but installing the system in this device, as well as having the DVD, USB stick or SD card actually boot in the computer we are using, can be tricky, and we may need some external help. After that, though, using Tails is pretty easy, and if what we need to do with our alternate persona needs a focus on ''anonymization'', then it may be worthwhile to overcome the initial obstacle. Tails is a good option also if we have few resources, if we don’t have a computer of our own, or if we often use computers at internet cafes and want to be safer. One particular advantage of Tails is that after we have switched the computer off, we leave no traces and everything we have done vanishes into thin air. But if on the other hand we need ''persistence'', i.e. we want to keep some files we have created or downloaded in our USB stick or we have changed some system settings and want to keep them also in the future, we need to enable this option when we start the system. Last but not least, Tails is an established, respected project that has been developed for many years and is used by a wide community of people.

If what we need is both ''anonymity'' and ''security by isolation'' and we have a good machine – https://www.whonix.org/wiki/System_Requirements – where we can run Virtualbox, installing '''Whonix''' in one or more virtual machines, according to the number of our alternative identities, seems a good solution that caters to all our needs and also offers an excellent documentation: https://www.whonix.org/wiki/Documentation. Nevertheless, Whonix, like Qubes Os, is a relatively recent project and the community using it is still rather small.

'''Qubes OS''' is a good choice if we want to keep all our activities inside our own computer without having to install anything else and if what we are trying to do is to effectively ''separate'' our identities rather than anonymize our activities in the web. It requires a very powerful computer – http://qubes-os.org/trac/wiki/SystemRequirements – and this can be a hindrance, but if we feel that we really need to protect ourselves against possible cyberattacks, the investment may be worth its while.

To sum up, none of these tools protects us from every threat, and we shouldn’t look at them as a magic potion that will make us invulnerable. Nevertheless, by using any of them, according to our needs and resources, we will raise the level of effort that an attacker will need to harm us, thus making an attack less likely.

For a wider comparison among these and other systems, go to: https://www.whonix.org/wiki/Comparison_with_Others<nowiki/><nowiki/>

[[Category:Resources]]