Difference between revisions of "Step 1"

From Gender and Tech Resources

(Created page with "A) Know your digital shadow and the traces you leave on Internet (from assessing it with different tools to learning to self dox yourself, personal domains mapping) B) Assess...")
 
(added first draft of text written so far)
Line 1: Line 1:
A) Know your digital shadow and the traces you leave on Internet (from assessing it with different tools to learning to self dox yourself, personal domains mapping)
+
'''1. Know your digital shadow and the traces you leave in the internet'''
  
B) Assessing risks and potentials and learning how to choose which on line identity fits your purpose (real name, pseudonym, anonymous, collective names)
 
  
C) Create a new online identity (create a story/imaginary around your identity/virtual persona, alternate secure emails & disposable emails, commercial social media vs social media alternatives, anonymity - tails – onionland)
 
  
D) Managing various online identities (individually: tips to use social media with different identities - separate your relationships and online identities, freepto and Qubes / collective management: how to manage collective social media accounts, secure mailing lists, managing groups on secure social media alternatives)
+
'''Understanding your digital shadow'''
 +
 
 +
 
 +
 
 +
If you are planning to be active in the internet as a feminist or as a woman human rights defender – or if you already are and have suffered attacks by harassers or trolls, or just want to improve your defences against this kind of attacks – it’s a good idea to start from an assessment of your '''digital shadow''' and of your '''social domains''' that are spread across your online and physical activities. Although these two aspects can expose us to several threats, and can look scary at first sight, there are actually many '''strategies''' we can adopt and '''tools''' we can use in order to shape or control them and to obtain a greater security online.
 +
 
 +
 
 +
 
 +
'''What is a digital shadow?'''
 +
 
 +
 
 +
 
 +
Our digital shadow is the set of all the digital traces we leave when we connect to the Internet and to online services both through computers and other electronic devices such as smartphones, tablets and the like. Rather than as a shadow, which is something impalpable and temporary, we could describe these traces as a spectre of our past and present activities, that melt together in a permanent and ever-changing profile and could potentially haunt us forever.
 +
 
 +
The devices and the software we use to browse the Internet, access websites, connect to social networks like Facebook or Twitter, publish blog posts, receive phone calls, send SMS messages or emails, chat or buy things online all have particular features that make them '''uniquely identifiable''' in the flow of data that travel across the web. This enables several web services to identify and follow us as we pass from our browser to the IM app in our smartphone, download e-books in our readers, publish photos from the latest protest we have covered, or coordinate the next action with our group of activists.
 +
 
 +
''In some cases, our data is collected without our knowledge or consent – like when our browsing habits and IP address are collected while we visit a website. In other cases, we choose to hand over our data to third parties – when we share photos on Facebook, or book a flight ticket, for example. Through all such activity, we leave digital traces which result in the creation of our digital shadow.''
 +
 
 +
''When we use the Internet and/or mobile phones, we use digital services through networks. Our digital shadow exists within networks and that makes it vulnerable. In a network, data cannot travel directly from one device to another – it has to go through many other devices which make up the network. This means that all of our digital activity – such as sending an email, accessing a website or making a phone call – travels through multiple servers in a network until it reaches its final destination. The problem is that these third party actors can have access to our digital shadow in transit. ''
 +
 
 +
''Anyone can potentially have access to our digital shadow – including communications service providers, law enforcement agencies and companies, as well as groups and individuals running their own servers. We cannot know precisely what happens to our digital shadow and that itself is a problem.''
 +
 
 +
You can explore your digital shadow with '''Trace My Shadow''' – https://myshadow.org/trace-my-shadow – a tool launched by the Tactical Technology Collective together with a website that offers a lot of tips on how to protect our privacy and control our digital shadow: https://myshadow.org
 +
 
 +
 
 +
 
 +
'''Public and private traces'''
 +
 
 +
 
 +
 
 +
We may certainly find disagreeable that the traces we leave are logged on a regular basis by several entities and analysed for profiling us as users and consumers as well as for the sake of surveillance, and to better protect our privacy from this kind of actors there are several measures we can take.
 +
* To learn more about how our digital shadows can be used to profile and control us and about the tools we can use to protect ourselves, visit: https://myshadow.org
 +
But what exposes us to attacks online as vocal women – most of all if we write about traditionally male-oriented topics such as IT, politics or gaming – is the publicly available traces we leave behind, some of which we may be unaware of.
 +
 
 +
 
 +
 
 +
'''Data and metadata'''
 +
 
 +
 
 +
 
 +
When we publish contents in the web, it is always a good idea to ask ourselves if what we are posting is public or personal and where it is going to be accessible. Even if the information is connected to a public event and not to our personal lives, the names we mention or the images we upload may turn out to be dots that can be connected to draw a picture about who we are, what we are doing, where we are doing it and so on. And if we or our contacts are being targeted by people who are too curious for whatever reason, this could help them.
 +
 
 +
This does not mean that we should silence ourselves – by taking some easy precautions and adjusting some details in our attitude towards the web and its services, we can limit our risks by increasing the level of the effort that would be required to attack us:
 +
 
 +
 
 +
* When writing or posting images about public events in the web and in publicly accessible social network profiles, we should ask ourselves if the information we spread about single individuals, places and other details can be used to identify and/or attack someone. It is always a good idea to ask for permission to write about individuals and perhaps also to post information on public events only after they are finished. A good tool to anonymize faces in pictures that you take with your phone is '''ObscuraCam''', a free camera application for Android devices, created by the Guardian Project, that has the ability to recognize and hide faces: https://guardianproject.info/apps/obscuracam
 +
 
 +
* When writing about personal details of our life, it’s better to use '''private profiles''' that can only be accessed by selected contacts (see “Our several small-world networks” below).
 +
 
 +
* When giving our personal information to a web service, it’s best to check if they offer a secure connection (HTTPS instead of HTTP at the beginning of the URL) and to use that. If they don’t offer it or we don’t use it, this could expose us to attacks: for example someone could sniff our password and own our profile. A good solution to always use a secure connection (if available) without having to remember it is '''HTTPS Everywhere''', a Firefox, Chrome, and Opera extension developed by the Electronic Frontier Foundation that encrypts your communications with many major websites: https://www.eff.org/https-everywhere
 +
 
 +
* We should use '''different passwords''' for each web service we use: if one of the services we access does not provide a secure connection, and we use the same password for stronger services too, someone who sniffs the password when we connect to a weak service may also access our accounts in stronger services and access private data we were trying to keep secret. Since passwords should also be strong to protect ourselves against bruteforce attacks, it’s a good idea to have them generated randomly and remembered by a password manager like KeePassX: https://www.keepassx.org
 +
 
 +
 
 +
But there is something else that might unwittingly give away information about us, an invisible but very important thing that is called '''metadata'''.
 +
 
 +
''Metadata is information about a file (such as a word document, a PDF, a picture, music file etc.) that is stored within the file itself. This information can include the time and date a file was created, the username of the people who created or edited it, information about the device that created it, and other kinds of information. As a result of this, the metadata in a file could tell someone who created a file, on what computer or device, when, and in what location.''
 +
 
 +
 
 +
* Some of the most telling metadata can be hidden: for instance we can avoid using our real name when registering a device or copies of software such as Microsoft Office, Open Office, Libre Office, Adobe Acrobat and others and we can switch off the GPS tracker in our phone or camera, but still other information is generated automatically.
 +
 
 +
* Some file types contain more metadata than others, so when publishing contents online we can change files from ones that contain a lot of metadata (such as .DOCs and .JPEGs for example) to ones that don’t (.TXTs and .PNGs for example), or we can use plain text.
 +
 
 +
* Another solution is to use programs that anonymize metadata like '''Metanull''' for Windows: https://securityinabox.org/en/lgbti-africa/metanull/windows
 +
 
 +
* ''Windows or MAC OS users can use programs such as '''Adobe Acrobat XI Pro''' (for which a trial version is available) to remove or edit the hidden data from PDF files. For GNU/Linux users, '''PDF MOD''' is a free and open source tool to edit and remove metadata from PDF files. However, it doesn't remove the creation or modification time, it also doesn’t remove the type of device used for creating the PDF.'' To learn more on metadata and their anonymization, visit: https://securityinabox.org/en/lgbti-mena/remove-metadata
 +
 
 +
 
 +
'''Self-Doxxing'''
 +
 
 +
 
 +
 
 +
Despite all the measures we may take now, the traces we left behind in the web in the past are still out there, and they can be used against us for tracking us down or for connecting the dots to expose our real identity and personal life (what is generally called “doxxing”).
 +
 
 +
Harassers and stalkers use several tools and techniques to gather information about their targets, but since these tools and techniques are public and easy to use, we can anticipate them and self-doxx ourselves in order to make good, informed decisions about our online identity and activities. Of course, these same instruments can be used to learn more than is immediately obvious about someone you’ve met online before you give them your full trust.
 +
 
 +
To learn more about (self-)doxxing tools and techniques, visit: https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk
 +
 
 +
A nice (and creepy!) tool to learn what traces you have left behind in your Facebook account is Ubisoft’s '''Digital Shadow''', a Facebook app which illustrates what third parties can know about us through our Facebook profiles.
 +
 
 +
 
 +
 
 +
'''Our several small-world networks'''
 +
 
 +
 
 +
 
 +
As security expert Bruce Schneier explains, “Security is a chain, and a single weak link can break the entire system”.
 +
 
 +
Everyone of us belongs to several personal domains, and each intersection among these domains can turn into a threat for our security. Each of these domains is structured as a “small-world network” – a group of not more than few dozens people who are frequently in contact with most of the other members of the group through phone calls, IM, mail messages, etc.
 +
 
 +
In each of these networks we may have a more or less important role, and some of these domains may need to be more secure than others. For instance, we may tend to have a more secure behaviour for our work or activism and a less secure one for leisure and for interacting with friends on a social network. But if we use a single profile for all our social relationships and for all our personal domains, it becomes easier to gather information about us and to identify our vulnerabilities.
 +
 
 +
For example, if we reveal in a social network that we like a particular kind of games and that we download files with a p2p program like Emule, an attacker who wants to investigate our work or activism might inject a malware in our computer by having us download an infected proprietary game, because this network is not encrypted. But this is only possible if our social network profile and our Emule profile can be connected to the same person, and this is why separating our personal domains can be useful.
 +
 
 +
We may think that deleting certain sensitive data from social networks and web services may be enough to protect ourselves, but metadata cannot be deleted as easily (or, often, visualized, for that matter) and therefore it is much better to commit a virtual suicide by eliminating the old identity and creating a new one or, better, several new ones for each of our personal domains.
 +
 
 +
Every identity should be deleted or abandoned whenever we feel it necessary. Using just one identity in our whole life, in all the different work and leisure domains we cross, creates a bulk of information that can only be used to profile or attack us.
 +
 
 +
When we create our new identities, we should select their contacts more carefully for each one and avoid sharing contacts with our other identities we use for different activities, so as to effectively create separate personal domains, with separate accounts, mail addresses, browser profiles, apps, and possibly devices. It can also be a good idea to create a disposable identities for new acquaintances – an introductory profile you can use to get to know someone before you include them in a more trusted network.
 +
* To learn more about how to separate different identities into separate profiles, read “'''4. Managing various online identities'''” below.<br>
 +
 
 +
'''Mapping our social domains'''
 +
 
 +
When we decide to keep our social domains and identities separate, the first thing we should do is examine our digital activities in order to map our several small-world networks and identify the ones that expose us most to cross-domain attacks. We can do this by observing our several activities and contacts and reflect on the worst-case scenario that could be caused by a loss of data. The answers we give ourselves will help us understand if a certain domain is sensitive or not and to separate the domains that are sensitive from those that are not.
 +
 
 +
But partitioning one’s digital life into security domains is certainly not an easy process and requires some thinking. Joanna Rutkowska, a Polish computer security researcher, has developed '''Qubes OS''' (see below), a security-oriented Linux distribution based on the concept of “security by isolation”, where each personal domain is isolated in a separate virtual machine. In her blog, Rutkowska describes how she has divided her domains, and while her scheme is quite sophisticated and focused on her operating system, it can give interesting insights to anyone who wants to start isolating their several domains in order to enhance their security.
 +
 
 +
The three basic domains Rutkowska has identified are “'''work'''”, “'''personal'''”, and “'''red'''” (for doing all the untrusted, insensitive things).
 +
* The '''work''' domain is where she has access to her work email, where she keeps her work PGP keys, where she prepares reports, slides, papers, etc, but she also has a less trusted “'''work-pub'''” domain for other work-related tasks that require some Web access, such as accepting LinkedIn invites, or downloading cool pictures for her presentations. Furthermore, she has isolated other work activities in a “'''work-admin'''” and a “'''work-blog'''” domain in order to obtain a further level of security when managing her company’s servers and when writing on her blog or on other work-related web services.
 +
 
 +
* The '''personal''' domain is of course the domain where all her non-work related stuff, such as personal email and calendar, holiday photos, videos, etc., are held. Rutkowska says that she is not into into social networking, but if she was, she would probably access the social networks through a secure (HTTPS) connection. Also for her personal life, Rutkowska has decided to create a special domain called “'''very-personal'''”, which she uses for the communication with her partner when she is away from home. The couple uses encrypted mails to communicate, and Rutkowska has separate PGP keys for this purpose: while they don’t discuss any secret and sensitive stuff there, they still prefer to keep their intimate conversations very private.
 +
 
 +
* The '''red''' domain, on the other hand, is totally untrusted: this is where disposable profiles belong, because a domain dedicated to untrusted activities can get compromised easily and it should be possible to replace it with a different one. Basically, Rutkowska uses this domain to do everything that doesn’t fit into other domains, and which doesn’t require her to provide any sensitive information.
 +
 
 +
* Besides these three main domains, Rutkowska has several other separate domains. One is dedicated to '''shopping''', for accessing all the internet e-commerce sites. Basically what defines this domain is access to her credit card numbers and her personal address (for shipping). Then there is the '''vault''' domain, the ultimately trusted place where she generates and keeps all her passwords (using KeePassX) and master GPG keys. Finally, she has a domain for all the Qubes development ('''qubes-dev'''), one for '''accounting''', and another one for '''work archives'''.
 +
 
 +
 
 +
Of course we don’t have to separate our domains in such a complex way, and, as we will see, using Qubes Os to keep them separated is just one solution – that moreover requires a powerful machine to run on. Yet Joanna Rutkowska’s reflections on domain mapping can be an enlightening starting point to analyse our activities and to separate our social domains to enhance our security.
 +
 
 +
Joanna Rutkowska’s article on security domains can be found here: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html
 +
 
 +
'''2. Assessing risks and potentials and learning how to choose which online identity fits your purpose'''
 +
 
 +
 
 +
 
 +
'''Real or virtual identity?'''
 +
 
 +
 
 +
 
 +
Once we have identified our different personal domains and the digital activities and contacts that go with them, what we need to do is assign an identity to each of them. Someone may want to keep their work related to their real identity, or think that their activism should remain anonymous, but this is not an automatic choice and it should be pondered carefully.
 +
 
 +
For instance, a journalist who finds it convenient to write online with her real identity may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together. On the other side, if an activist decides that she wants to use a pseudonym for her activities online, she should consider that she will show her face in all her connected activities in the real world, such as speaking at a conference or participating in a demonstration, and this could help possible attackers to link her nickname to pictures of her face that are linked to her real name in social networks.
 +
 
 +
Many '''strategies''' have been adopted by women who are active online, ranging from full transparency to full anonymity. Kate Harding (http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name) writes about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers, like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers, disabling anonymous comments, masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”. Instead, she thinks that the problem should not be addressed by women, who can only do it by hiding their identity or even by giving up on their online activities, and should instead be fixed by the society as a whole and by men, who should understand that only by supporting women and their right to be active and vocal in the internet, something will change. And while she admits that “the only reason I haven’t yet heard I’m a worthless cunt who deserves to be raped is that nobody knows I exist yet”, she also acknowledges that this decision is “dangerous because I use my real name and especially dangerous because it’s a female name”.
 +
 
 +
The strategies women should use when they decide to be vocal online are ironically summarized by Sady Doyle in a “Girl’s Guide to Staying Safe Online” (http://inthesetimes.com/article/12311/the_girls_guide_to_staying_safe_online). Her points are: (1) Don’t Post the Wrong Photo. Any Photo; (2) Don’t Have The Wrong Name. Any Name; (3) Don’t Be Good at Your Job; (4) Every Photo Is the Wrong Photo. Every Name is the Wrong Name. Any Kind of Good is Too Good. Don’t Go It Alone. Of course, this is just a provocation: since women are disproportionately targeted by hate speech and harassment, the first reaction can be to step out completely or to censor ourselves as soon as we see the effects of hate speech taking their toll on our lives. But giving up on our activities online is exactly what misogynists and harassers expect from us, as this webcomic by Gabby Schulz exemplifies: http://www.gabbysplayhouse.com/webcomics/sexism/ Ultimately, Doyle concludes, “the best way to ‘stay safe’ online may simply be to stay online. After all: If there’s no one left willing to complain about the harassment, what are the odds that it’s going to change?”.
 +
 
 +
One wide-spread reaction is becoming anonymous: a strategy adopted for instance by Vani, a human rights activist: “I am a regular social network user. I voice my opinions on a range of topics. But, I remain faceless and nameless” (http://internetdemocracy.in/media/women-bloggers-seek-safety-in-anonymity). But anonymity can be dangerous in some countries, where it can signal to the state police that the authors think they are doing something wrong. Besides, this strategy can be exhausting too: “Anonymity also isolates you”, a blogger writes. “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”
 +
 
 +
Total anonymity is, as a matter of fact, isolating. It can be useful in settings where we don’t need to gain other people’s trust and/or when there are few or no people we can trust or we don’t want to expose anybody to risks. That is, unless we are joining a group whose members choose to be anonymous and to use a collective identity (see below, '''Collective virtual personas''').
 +
 
 +
Visibility is certainly a better strategy than total isolation, because it allows us to network with others and because by pinning our voice to a particular name we can develop an '''online reputation'''. Online reputation allows others to decide whether we are worthy of trust, and is therefore a crucial aspect in trust-based online communities. But reputation does not have to be necessarily connected to a real name, and many people have gained a solid reputation just by consistently using a nickname. The choice to connect our online reputation to our real name or to our nickname should be taken individually, according to our needs and context, and someone could even decide to develop a reputation connected to one domain with their real name and one connected to another domain with a nickname, or to even use several nicknames and identities and manage an online reputation for each of them. As always happens with multitasking, it is a matter of energies and time, of course, and what will follow in the rest of this booklet is a series of hints and tips on the art of managing multiple identities online and live a happy life.
 +
 
 +
Whatever choice we make, what matters is that we keep our domains effectively separated and that no matter how many domains we identify in our digital life and identities we create, in the internet every identity, even the one bearing our true name, becomes a “virtual” persona and should be managed carefully.
 +
 
 +
 
 +
 
 +
''The pros and cons of the variousidentity options:''
 +
 
 +
* ''<br>
 +
''
 +
 
 +
* '''''Risk            '''''
 +
 
 +
''''' Reputation        ''        Effort'''                                                                                                                                
 +
 
 +
'''Real name'''                     +                +                        -
 +
 
 +
Total anonymit  '''y'''                                                                       
 +
 
 +
'''Consistent pseudonymity    ''' -                +                        +
 +
 
 +
'''Collective Identity'''          -                +                        +
 +
 
 +
 
 +
 
 +
 
 +
 
 +
'''3. Create a new online identity'''
 +
 
 +
 
 +
 
 +
'''Virtual suicide?'''
 +
 
 +
 
 +
 
 +
When we decide to separate our domains, one of the first decisions we should make regards the accounts and identities we have used so far – should we delete them or should we keep using them?
 +
 
 +
When navigating in the web, it is a good idea to consider each one of our identities potentially disposable, so that if it is somehow compromised, we can discard it easily. Our former account is likely connected to all our domains, so if we are starting to separate them, it is better not to have a place where all these connections are put together and at least to review our contacts, keeping only those linked to the relevant identity.
 +
 
 +
But as described before, when we use the internet we scatter our traces all over, and managing the traces we have left behind in the years is much more complex than we could think, so especially if we foresee to embark in high-risk activities but still want to keep our old identity, it is a good idea to create new identities that have nothing to do with the life we have lived and with the contacts we have had so far. In alternative, we can commit a virtual suicide by deleting all our accounts and profiles before we create new ones.
 +
 
 +
A nice tool to facilitate theprocess of deleting social network profiles is the '''Suicide Machine''': http://suicidemachine.org/
 +
 
 +
Unfortunately, the Suicide Machine was forced to stop deleting Facebook accounts. Instructions on how to delete Facebook accounts are here:https://www.facebook.com/help/224562897555674
 +
 
 +
Two other websites that help deleting online accounts are '''AccountKiller''' – https://www.accountkiller.com, with instructions to remove accounts or public profiles on most popular websites – and '''JustDelete Me''' – http://justdelete.me, a directory of direct links to delete accounts from web services.
 +
 
 +
 
 +
 
 +
'''Disposable email and mail aliases'''
 +
 
 +
 
 +
 
 +
While some domains require some sort of identity management in order to gain a strong reputation and trust from other members of the community, in some cases all we need is a '''disposable email address''' that we only need to use once or few times, for example for opening an account in a fishy website. Even if we decide to just have one identity online, this is always a good practice that prevents sites from building a history of our activities andensures that, even if that account gets compromised, we can simply delete it and create a new one, keeping our digital life unscathed.
 +
 
 +
Another option is to create a '''mail alias''',a different email address that is connected to your main mailbox. The advantages of this approach are that this email account does not expire as disposable email addresses, and that if it gets compromised we can just dispose of it and create a new one, as with temporary mailboxes. But of course if the alias receives a lot of spam, it will fill our main mailbox.
 +
 
 +
There are many services that offer disposable email addresses. Some of the most privacy oriented are: '''https://anonbox.net''', offered by the Chaos Computer Club, a historical hacker organization, and '''https://www.guerrillamail.com'''
 +
 
 +
In some cases, we don’t even need to create a disposable email account, because someone has already done this for us and shared the user name and password online. This is allowed by '''BugMeNot''', a site – http://bugmenot.com – where anyone can publish their new account data for sites with free registration. And there is also a Firefox extension: https://addons.mozilla.org/en-US/firefox/addon/bugmenot
 +
 
 +
If we can’t be bothered with thinking up a new name and other data every time we want to create an account with a website we don’t really trust, https://fakena.me is a privacy-oriented '''fakename generator''' that provides all we may need, from a credible name and surname with birth date and (US-based) address to a user name and password, up to a link to the connected guerrillamail mailbox. Another similar service called called '''Instant Internet Decoy''' – https://decoys.me – creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.
 +
 
 +
While not every mail service allows users to create mail aliases, this service is offered to every mail user both by '''Riseup'''(https://we.riseup.net) and '''Autistici/Inventati'''(https://www.autistici.org), two secure, autonomous servers that are particularly focused on the right to privacy and anonymity and that are recommended for general security too.
 +
 
 +
 
 +
 
 +
'''What’s in a name'''
 +
 
 +
 
 +
 
 +
An increasing number of psychologists argue that people living in modern societies giv emeaning to their lives by constructing and internalizing self-defining stories. Actually, the practice of “story telling” (and of creating a social mask, for that matter) is much older, and starting a new avatar with a story makes it a lot easier to maintain the role. We can  use a “known” person’s story, or a god or goddess, a superhero, a fictional character from our favourite novel, or adopt a “group identity” like anonymous/anonymiss or the Guerrilla Girls. Otherwise, if we feel particularly inspired, we can just invent a new story we like, but the main point is that when we create an identity we should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in orderto become credible, so it is better to start from the choice of our nickname. Moreover, when we choose our name we should consider that some social networks, most notably Facebook, insist that their users give their real name, so if we want to use commercial social networks, it is better to use a credible name and surname rather than more imaginative ones.
 +
 
 +
This page offers a lot of cues and links for inventing a new identity: http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed
 +
 
 +
Having found a name, a surname and a user name we like for our virtual persona, and having generated or invented all the fake data we need for creating accounts with it, we should do a thorough research, perhaps also using doxxing tools and techniques (see Self-Doxxing above) to find out if someone else is already using that name. After all, if we wish to develop our own reputation, we don’t want to be confused with someone else, especially if they don’t share our views of the world!
 +
 
 +
 
 +
 
 +
'''4. Managing various online identities'''
 +
 
 +
'''Securing our multiple identities'''
 +
 
 +
 
 +
 
 +
Once we have chosen a name for our new identity, we can start creating a contact email, accounts with web services, and so on. Yet, separating our digital life into multiple identities is not enough. What we need to do is to keep them '''technically separated''', that is to avoid that our identities scatter identical traces that can be linked together.
 +
 
 +
To do this, some precautions on the security side are definitely necessary, and to start, a good idea is to always hide our IP, the number that identifies our connections, through '''Tor''', an anonymity network that conceals both the location of our connection and what we do in the internet. By consistently using Tor, no one can link our IP (and therefore our alternative identity) to us, not even the mail server we use. For further information on how to use Tor, see “'''Anonymization'''” below.
 +
 
 +
Also the choice of the '''mail''' server we use for our contact mail address is important. While there are several secure servers that offer a good service – e.g. the Swiss commercial service '''Kolab Now''' (https://kolabnow.com) and the autonomous servers '''Riseup''' (only for activists: http://riseup.net) and Autistici/Inventati(https://www.autistici.org) – the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our virtual persona. If, for instance, we are creating an identity that doesn’t know much about digital security, it may be better to use a more widespread service like Gmail, and the possibility of two-factor authentication is always a plus. If the mail address we are creating is connected to our work and hosted by our firm’s mail server with its own domain, it is a good idea not to include our surname in the address and to keep just the name followed by the domain (e.g. ''jane@businessname.com''). Of course, if a mail address is required when registering a new mail account, we shouldn’t give our usual address and it is much better to use a disposable account for this purpose.
 +
 
 +
Another crucial point regards '''passwords''' and their management. Since we are using different identities, the number of our passwords will increase accordingly, and there is no way to remember so many secure passwords unless we have some mental magic powers that allow us to memorize dozens of long random strings of letters, numbers and symbols. On the other hand, having just one password for all the services we use is very dangerous, all the more if those services are connected to different domains and identities. Using always the same password, we risk that someone steals it from a weaker service and uses it with more secure ones, and even if two-factor authentication helps preventing this, not all services offer it.
 +
 
 +
A good tool to generate random passwords and store them in an encrypted place in our computer and/or Android device is '''KeePassX''', a cross-platform free and open-source password manager that is very easy to use and creates files with passwords that can also be exported and used in otherdevices.
 +
 
 +
To learn how to use '''KeePassX''', read this howto: https://securityinabox.org/en/guide/keepass/windows
 +
 
 +
To learn how to use '''KeePassDroid''', the correspondent tool for Android, read this howto: https://securityinabox.org/en/guide/keepassdroid/android
 +
 
 +
But some passwords, like the one we use to decrypt our KeePassX file, need to be easy to remember and strong at the same time. A good solution is to create passphrases that are formed by a random group of words that don’t make any sense together, separated by spaces. We can do this by simply using some real physical six-sided dice and a list of words like the '''Diceware''' word list, that contains 7,776 English words all connected with a five-digit number(http://world.std.com/~reinhold/dicewarewordlist.pdf). By rolling the dice five times, we will come up with a five-digit number that corresponds to the first word in our passphrase. By doing it again for at least six times, we will get a passphrase formed by six words that don’t make any sense at all, but together make a strong, random passphrase that can be memorized just as we did when we had to learn poems by heart at school and that is so long that it would take an average of 3500 years to crack it with bruteforce at a speed of one trillion guesses per second.
 +
 
 +
To learn more about the '''Diceware''' technique, read this article published by Micah Lee in ''The Intercept'': https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess.
 +
 
 +
To read more about how to create '''strong passwords''' and store them, go to: https://securityinabox.org/en/guide/passwords
 +
 
 +
 
 +
 
 +
'''A different profile for each persona'''
 +
 
 +
 
 +
 
 +
So now we have created several identities, but the risk that someoneconnects them together unwittingly or to harm us is still very highif we don’t take some simple precautions that can be summarized ina sentence: keep each profile apart from the others, both in yourdigital and physical life.
 +
 
 +
A good start to separate our activities into domains is creatingdifferent '''browser profiles''', '''mailboxes''' and '''socialnetwork accounts''' for each of our identities.
 +
 
 +
To create multiple profiles with''' Firefox''', visit: https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles
 +
 
 +
Tocreate multiple profiles with Google '''Chrome''', visit: https://support.google.com/chrome/answer/2364824
 +
 
 +
When creating a new '''mailbox''', itis always a good idea to connect to the server’s website with'''Torbrowser''' and, if a contact mail address is required, not togive one that is connected to another identity and to use adisposable email address instead.
 +
 
 +
A good rule of thumb is to always usedifferent apps for each account/identity and, if possible, to use adifferent profile in our computer or Android device or even differentdevices.
 +
 
 +
 
 +
 
 +
'''Managing multiple identities insocial networks'''
 +
 
 +
 
 +
 
 +
When we use social network websites, weshould always access them with a secure HTTPS connection. To do thisconsistently, it is best to install the '''HTTPS Everywhere '''extension in our browsers.
 +
 
 +
When creating a new account on a '''social network''', we should use the browser profile we have created forthe relevant identity, and check the '''privacy settings''' to bewell aware of what we are making public, who can see what we post,who can contact us, who can look us up and what our contacts can do(for example tagging us in pictures or writing in our personal page).
 +
 
 +
We should also be very careful about the''' profile information''' we provide and about the profile '''picture '''and '''cover photo '''we use, because they are generallypublicly available to anyone who looks for us in that social networkeven if they are not our contacts and regardless of our privacysettings.
 +
 
 +
Anothercrucial precaution isthat our social network '''contacts '''do not overlap among our several identities, and that we don’tfollow our account with other accounts associated to anotheridentity. In particular, '''it is not a good idea to follow our pseudonymous accounts with our personal account''': if someone is looking tounmask our anonymous identity, the first place they willlook is whom the account follows, and who follows it back. Forthe same reason, we should avoid reposting posts or other contentspublished by one account with another account.
 +
 
 +
Mostsocial networking sites will display our location ifpossible. Thisfunction is generally provided when we use a GPS-enabled phone tointeract with a social network, but we should not assume that this isnot possible if we aren’t connecting from a mobile. The network ourcomputer is connected to may also provide location data. The way tobe safest about it is to double-check our settings. Whe should beparticularly mindful of location settings on photo and video sharingsites, and not just assume that they are not sharing our location.
 +
 
 +
Photos and videos can also reveal alot of information unintentionally. Many cameras will embed hiddendata ('''metadata''' tags), that reveal the date, time and locationof the photo, camera type, etc. Photo and video sharing sites maypublish this information when we upload content to their sites.
 +
 
 +
If we use apps on mobile devices to access our social networks, it isbetter to use different apps for each account, so as not to post bymistake revealing contents with the wrong account. There are severalapps to manage social networks: we just need to pick up one for eachof our identities to reduce the risk of giving away our trueidentity.
 +
 
 +
Another trick to hide our trails is to publish from our variousaccounts at different times of the day. Some social networks, likeFacebook, allow users to schedule the publication time of theirposts, while for others, like Twitter, there are several apps thatcan do the job for us.
 +
 
 +
To schedule a post on Facebook, read:https://www.facebook.com/help/389849807718635
 +
 
 +
There are several apps to schedule a post on Twitter and othersocial networks, like Buffer – https://buffer.com – or Postcronhttps://postcron.com
 +
 
 +
Two further good hints for using social networks with multiple identities are to follow otherpeople who could reasonably be considered the owners of our fakeaccount, and to write (and hashtag on Twitter) posts about eventsthat we are not attending, especially if they are taking place faraway from us, to further distance our personal identity from ourpseudonymous identities. It may also be fun to publish and then delete posts that look like we have exposed our identity, so as tofurther confuse anyone who may try to track us down.
 +
 
 +
Finally, whatever social network you decide to use, always read its terms of service to check if they suit your purposes well. And if you find them too complicated, you can check the website Terms of Service Didn’t Read (https://tosdr.org), where terms of service of many social networks and web services are easily summarized for common mortals.
 +
 
 +
'''Alternative social networks'''
 +
 
 +
 
 +
 
 +
For the sheer number of their users, mainstream commercial socialnetworks like Facebook or Twitter are extremely useful if our aim isto publicize as widely as possible an event we are organizing or aproject we are launching. Nevertheless, when we advertise ourinitiatives, we should remember that these platforms have very strictterms of service that could justify their decision to terminate ouraccounts if they find that our contents infringe their rules.
 +
 
 +
Moreover, as is well known, with commercial social networks users arenot the costumers, but the product, because they are profiled andsold to advertizers. If we add to this the ever-changing terms ofservice and policy and the interactions with other apps and featuresthat make it very difficult to understand clearly what happens to ourdata, the best solution is to avoid commercial social networks asmuch as possible, and to limit their use to specific projects we wantto publicize as much as possible.
 +
 
 +
But fortunately there are alternatives that give much more freedom totheir users and don’t profile them in any way.
 +
 
 +
On of these, '''Ello''',explicitly states in its manifesto that “You are not aproduct” and has become famous, particularly inthe trans community, for not requiring real names while Facebookstarted to strictly implement its “real name” policy.Consequently, its number of users has grownand this can be a good alternative to mainstream commercial socialnetworks for achieving the critical mass of readers we need to spreadour ideas and initiatives. Nevertheless, Ello is still a commercialproject, and there are alternatives that are community-based,distributed rather than centralized, based on free and open-sourcesoftware and privacy-friendly. Among these, '''Diaspora'''(https://joindiaspora.com), '''Friendica'''(https://friendica.com)and '''Crabgrass'''(https://we.riseup.net) are especially worth mentioning.
 +
 
 +
 
 +
 
 +
Other similar sites may be popularin different regions, so you way wish to explore other options.Before choosing one you should consider the following points:
 +
* Does        it provide connection over '''SSL'''        (like ''HTTPS'')        for all uses of the site, rather than just during login? Are there        no problems related to encryption, such as problems related to        encryption certificates?
 +
 
 +
*
 +
 
 +
* Read        the End User Licence Agreement and Privacy Policy or Data Use Policy        carefully. How are your content and personal data treated? With whom        are they shared? For a useful add-on which helps users undestand the        Terms of Service of many popular sites, see '''Terms        of Service; Didn't Read'''        – https://tosdr.org
 +
 
 +
*
 +
 
 +
* What        privacy options are provided for users? Can you choose to share your        videos securely with a small number of individuals, or are they all        public by default?         
 +
 
 +
*
 +
 
 +
* Do you know        the '''geographical        location of the servers''',        under which territorial jurisdiction they fall or where the company        is registered? Are you aware of how this information relates to the        privacy and security of your email activity and information?

Revision as of 19:36, 11 May 2015

1. Know your digital shadow and the traces you leave in the internet


Understanding your digital shadow


If you are planning to be active in the internet as a feminist or as a woman human rights defender – or if you already are and have suffered attacks by harassers or trolls, or just want to improve your defences against this kind of attacks – it’s a good idea to start from an assessment of your digital shadow and of your social domains that are spread across your online and physical activities. Although these two aspects can expose us to several threats, and can look scary at first sight, there are actually many strategies we can adopt and tools we can use in order to shape or control them and to obtain a greater security online.


What is a digital shadow?


Our digital shadow is the set of all the digital traces we leave when we connect to the Internet and to online services both through computers and other electronic devices such as smartphones, tablets and the like. Rather than as a shadow, which is something impalpable and temporary, we could describe these traces as a spectre of our past and present activities, that melt together in a permanent and ever-changing profile and could potentially haunt us forever.

The devices and the software we use to browse the Internet, access websites, connect to social networks like Facebook or Twitter, publish blog posts, receive phone calls, send SMS messages or emails, chat or buy things online all have particular features that make them uniquely identifiable in the flow of data that travel across the web. This enables several web services to identify and follow us as we pass from our browser to the IM app in our smartphone, download e-books in our readers, publish photos from the latest protest we have covered, or coordinate the next action with our group of activists.

In some cases, our data is collected without our knowledge or consent – like when our browsing habits and IP address are collected while we visit a website. In other cases, we choose to hand over our data to third parties – when we share photos on Facebook, or book a flight ticket, for example. Through all such activity, we leave digital traces which result in the creation of our digital shadow.

When we use the Internet and/or mobile phones, we use digital services through networks. Our digital shadow exists within networks and that makes it vulnerable. In a network, data cannot travel directly from one device to another – it has to go through many other devices which make up the network. This means that all of our digital activity – such as sending an email, accessing a website or making a phone call – travels through multiple servers in a network until it reaches its final destination. The problem is that these third party actors can have access to our digital shadow in transit. 

Anyone can potentially have access to our digital shadow – including communications service providers, law enforcement agencies and companies, as well as groups and individuals running their own servers. We cannot know precisely what happens to our digital shadow and that itself is a problem.

You can explore your digital shadow with Trace My Shadowhttps://myshadow.org/trace-my-shadow – a tool launched by the Tactical Technology Collective together with a website that offers a lot of tips on how to protect our privacy and control our digital shadow: https://myshadow.org


Public and private traces


We may certainly find disagreeable that the traces we leave are logged on a regular basis by several entities and analysed for profiling us as users and consumers as well as for the sake of surveillance, and to better protect our privacy from this kind of actors there are several measures we can take.

  • To learn more about how our digital shadows can be used to profile and control us and about the tools we can use to protect ourselves, visit: https://myshadow.org

But what exposes us to attacks online as vocal women – most of all if we write about traditionally male-oriented topics such as IT, politics or gaming – is the publicly available traces we leave behind, some of which we may be unaware of.


Data and metadata


When we publish contents in the web, it is always a good idea to ask ourselves if what we are posting is public or personal and where it is going to be accessible. Even if the information is connected to a public event and not to our personal lives, the names we mention or the images we upload may turn out to be dots that can be connected to draw a picture about who we are, what we are doing, where we are doing it and so on. And if we or our contacts are being targeted by people who are too curious for whatever reason, this could help them.

This does not mean that we should silence ourselves – by taking some easy precautions and adjusting some details in our attitude towards the web and its services, we can limit our risks by increasing the level of the effort that would be required to attack us:


  • When writing or posting images about public events in the web and in publicly accessible social network profiles, we should ask ourselves if the information we spread about single individuals, places and other details can be used to identify and/or attack someone. It is always a good idea to ask for permission to write about individuals and perhaps also to post information on public events only after they are finished. A good tool to anonymize faces in pictures that you take with your phone is ObscuraCam, a free camera application for Android devices, created by the Guardian Project, that has the ability to recognize and hide faces: https://guardianproject.info/apps/obscuracam
  • When writing about personal details of our life, it’s better to use private profiles that can only be accessed by selected contacts (see “Our several small-world networks” below).
  • When giving our personal information to a web service, it’s best to check if they offer a secure connection (HTTPS instead of HTTP at the beginning of the URL) and to use that. If they don’t offer it or we don’t use it, this could expose us to attacks: for example someone could sniff our password and own our profile. A good solution to always use a secure connection (if available) without having to remember it is HTTPS Everywhere, a Firefox, Chrome, and Opera extension developed by the Electronic Frontier Foundation that encrypts your communications with many major websites: https://www.eff.org/https-everywhere
  • We should use different passwords for each web service we use: if one of the services we access does not provide a secure connection, and we use the same password for stronger services too, someone who sniffs the password when we connect to a weak service may also access our accounts in stronger services and access private data we were trying to keep secret. Since passwords should also be strong to protect ourselves against bruteforce attacks, it’s a good idea to have them generated randomly and remembered by a password manager like KeePassX: https://www.keepassx.org


But there is something else that might unwittingly give away information about us, an invisible but very important thing that is called metadata.

Metadata is information about a file (such as a word document, a PDF, a picture, music file etc.) that is stored within the file itself. This information can include the time and date a file was created, the username of the people who created or edited it, information about the device that created it, and other kinds of information. As a result of this, the metadata in a file could tell someone who created a file, on what computer or device, when, and in what location.


  • Some of the most telling metadata can be hidden: for instance we can avoid using our real name when registering a device or copies of software such as Microsoft Office, Open Office, Libre Office, Adobe Acrobat and others and we can switch off the GPS tracker in our phone or camera, but still other information is generated automatically.
  • Some file types contain more metadata than others, so when publishing contents online we can change files from ones that contain a lot of metadata (such as .DOCs and .JPEGs for example) to ones that don’t (.TXTs and .PNGs for example), or we can use plain text.
  • Windows or MAC OS users can use programs such as Adobe Acrobat XI Pro (for which a trial version is available) to remove or edit the hidden data from PDF files. For GNU/Linux users, PDF MOD is a free and open source tool to edit and remove metadata from PDF files. However, it doesn't remove the creation or modification time, it also doesn’t remove the type of device used for creating the PDF. To learn more on metadata and their anonymization, visit: https://securityinabox.org/en/lgbti-mena/remove-metadata


Self-Doxxing


Despite all the measures we may take now, the traces we left behind in the web in the past are still out there, and they can be used against us for tracking us down or for connecting the dots to expose our real identity and personal life (what is generally called “doxxing”).

Harassers and stalkers use several tools and techniques to gather information about their targets, but since these tools and techniques are public and easy to use, we can anticipate them and self-doxx ourselves in order to make good, informed decisions about our online identity and activities. Of course, these same instruments can be used to learn more than is immediately obvious about someone you’ve met online before you give them your full trust.

To learn more about (self-)doxxing tools and techniques, visit: https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk

A nice (and creepy!) tool to learn what traces you have left behind in your Facebook account is Ubisoft’s Digital Shadow, a Facebook app which illustrates what third parties can know about us through our Facebook profiles.


Our several small-world networks


As security expert Bruce Schneier explains, “Security is a chain, and a single weak link can break the entire system”.

Everyone of us belongs to several personal domains, and each intersection among these domains can turn into a threat for our security. Each of these domains is structured as a “small-world network” – a group of not more than few dozens people who are frequently in contact with most of the other members of the group through phone calls, IM, mail messages, etc.

In each of these networks we may have a more or less important role, and some of these domains may need to be more secure than others. For instance, we may tend to have a more secure behaviour for our work or activism and a less secure one for leisure and for interacting with friends on a social network. But if we use a single profile for all our social relationships and for all our personal domains, it becomes easier to gather information about us and to identify our vulnerabilities.

For example, if we reveal in a social network that we like a particular kind of games and that we download files with a p2p program like Emule, an attacker who wants to investigate our work or activism might inject a malware in our computer by having us download an infected proprietary game, because this network is not encrypted. But this is only possible if our social network profile and our Emule profile can be connected to the same person, and this is why separating our personal domains can be useful.

We may think that deleting certain sensitive data from social networks and web services may be enough to protect ourselves, but metadata cannot be deleted as easily (or, often, visualized, for that matter) and therefore it is much better to commit a virtual suicide by eliminating the old identity and creating a new one or, better, several new ones for each of our personal domains.

Every identity should be deleted or abandoned whenever we feel it necessary. Using just one identity in our whole life, in all the different work and leisure domains we cross, creates a bulk of information that can only be used to profile or attack us.

When we create our new identities, we should select their contacts more carefully for each one and avoid sharing contacts with our other identities we use for different activities, so as to effectively create separate personal domains, with separate accounts, mail addresses, browser profiles, apps, and possibly devices. It can also be a good idea to create a disposable identities for new acquaintances – an introductory profile you can use to get to know someone before you include them in a more trusted network.

  • To learn more about how to separate different identities into separate profiles, read “4. Managing various online identities” below.

Mapping our social domains

When we decide to keep our social domains and identities separate, the first thing we should do is examine our digital activities in order to map our several small-world networks and identify the ones that expose us most to cross-domain attacks. We can do this by observing our several activities and contacts and reflect on the worst-case scenario that could be caused by a loss of data. The answers we give ourselves will help us understand if a certain domain is sensitive or not and to separate the domains that are sensitive from those that are not.

But partitioning one’s digital life into security domains is certainly not an easy process and requires some thinking. Joanna Rutkowska, a Polish computer security researcher, has developed Qubes OS (see below), a security-oriented Linux distribution based on the concept of “security by isolation”, where each personal domain is isolated in a separate virtual machine. In her blog, Rutkowska describes how she has divided her domains, and while her scheme is quite sophisticated and focused on her operating system, it can give interesting insights to anyone who wants to start isolating their several domains in order to enhance their security.

The three basic domains Rutkowska has identified are “work”, “personal”, and “red” (for doing all the untrusted, insensitive things).

  • The work domain is where she has access to her work email, where she keeps her work PGP keys, where she prepares reports, slides, papers, etc, but she also has a less trusted “work-pub” domain for other work-related tasks that require some Web access, such as accepting LinkedIn invites, or downloading cool pictures for her presentations. Furthermore, she has isolated other work activities in a “work-admin” and a “work-blog” domain in order to obtain a further level of security when managing her company’s servers and when writing on her blog or on other work-related web services.
  • The personal domain is of course the domain where all her non-work related stuff, such as personal email and calendar, holiday photos, videos, etc., are held. Rutkowska says that she is not into into social networking, but if she was, she would probably access the social networks through a secure (HTTPS) connection. Also for her personal life, Rutkowska has decided to create a special domain called “very-personal”, which she uses for the communication with her partner when she is away from home. The couple uses encrypted mails to communicate, and Rutkowska has separate PGP keys for this purpose: while they don’t discuss any secret and sensitive stuff there, they still prefer to keep their intimate conversations very private.
  • The red domain, on the other hand, is totally untrusted: this is where disposable profiles belong, because a domain dedicated to untrusted activities can get compromised easily and it should be possible to replace it with a different one. Basically, Rutkowska uses this domain to do everything that doesn’t fit into other domains, and which doesn’t require her to provide any sensitive information.
  • Besides these three main domains, Rutkowska has several other separate domains. One is dedicated to shopping, for accessing all the internet e-commerce sites. Basically what defines this domain is access to her credit card numbers and her personal address (for shipping). Then there is the vault domain, the ultimately trusted place where she generates and keeps all her passwords (using KeePassX) and master GPG keys. Finally, she has a domain for all the Qubes development (qubes-dev), one for accounting, and another one for work archives.


Of course we don’t have to separate our domains in such a complex way, and, as we will see, using Qubes Os to keep them separated is just one solution – that moreover requires a powerful machine to run on. Yet Joanna Rutkowska’s reflections on domain mapping can be an enlightening starting point to analyse our activities and to separate our social domains to enhance our security.

Joanna Rutkowska’s article on security domains can be found here: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

2. Assessing risks and potentials and learning how to choose which online identity fits your purpose


Real or virtual identity?


Once we have identified our different personal domains and the digital activities and contacts that go with them, what we need to do is assign an identity to each of them. Someone may want to keep their work related to their real identity, or think that their activism should remain anonymous, but this is not an automatic choice and it should be pondered carefully.

For instance, a journalist who finds it convenient to write online with her real identity may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together. On the other side, if an activist decides that she wants to use a pseudonym for her activities online, she should consider that she will show her face in all her connected activities in the real world, such as speaking at a conference or participating in a demonstration, and this could help possible attackers to link her nickname to pictures of her face that are linked to her real name in social networks.

Many strategies have been adopted by women who are active online, ranging from full transparency to full anonymity. Kate Harding (http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name) writes about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers, like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers, disabling anonymous comments, masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”. Instead, she thinks that the problem should not be addressed by women, who can only do it by hiding their identity or even by giving up on their online activities, and should instead be fixed by the society as a whole and by men, who should understand that only by supporting women and their right to be active and vocal in the internet, something will change. And while she admits that “the only reason I haven’t yet heard I’m a worthless cunt who deserves to be raped is that nobody knows I exist yet”, she also acknowledges that this decision is “dangerous because I use my real name and especially dangerous because it’s a female name”.

The strategies women should use when they decide to be vocal online are ironically summarized by Sady Doyle in a “Girl’s Guide to Staying Safe Online” (http://inthesetimes.com/article/12311/the_girls_guide_to_staying_safe_online). Her points are: (1) Don’t Post the Wrong Photo. Any Photo; (2) Don’t Have The Wrong Name. Any Name; (3) Don’t Be Good at Your Job; (4) Every Photo Is the Wrong Photo. Every Name is the Wrong Name. Any Kind of Good is Too Good. Don’t Go It Alone. Of course, this is just a provocation: since women are disproportionately targeted by hate speech and harassment, the first reaction can be to step out completely or to censor ourselves as soon as we see the effects of hate speech taking their toll on our lives. But giving up on our activities online is exactly what misogynists and harassers expect from us, as this webcomic by Gabby Schulz exemplifies: http://www.gabbysplayhouse.com/webcomics/sexism/ Ultimately, Doyle concludes, “the best way to ‘stay safe’ online may simply be to stay online. After all: If there’s no one left willing to complain about the harassment, what are the odds that it’s going to change?”.

One wide-spread reaction is becoming anonymous: a strategy adopted for instance by Vani, a human rights activist: “I am a regular social network user. I voice my opinions on a range of topics. But, I remain faceless and nameless” (http://internetdemocracy.in/media/women-bloggers-seek-safety-in-anonymity). But anonymity can be dangerous in some countries, where it can signal to the state police that the authors think they are doing something wrong. Besides, this strategy can be exhausting too: “Anonymity also isolates you”, a blogger writes. “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”

Total anonymity is, as a matter of fact, isolating. It can be useful in settings where we don’t need to gain other people’s trust and/or when there are few or no people we can trust or we don’t want to expose anybody to risks. That is, unless we are joining a group whose members choose to be anonymous and to use a collective identity (see below, Collective virtual personas).

Visibility is certainly a better strategy than total isolation, because it allows us to network with others and because by pinning our voice to a particular name we can develop an online reputation. Online reputation allows others to decide whether we are worthy of trust, and is therefore a crucial aspect in trust-based online communities. But reputation does not have to be necessarily connected to a real name, and many people have gained a solid reputation just by consistently using a nickname. The choice to connect our online reputation to our real name or to our nickname should be taken individually, according to our needs and context, and someone could even decide to develop a reputation connected to one domain with their real name and one connected to another domain with a nickname, or to even use several nicknames and identities and manage an online reputation for each of them. As always happens with multitasking, it is a matter of energies and time, of course, and what will follow in the rest of this booklet is a series of hints and tips on the art of managing multiple identities online and live a happy life.

Whatever choice we make, what matters is that we keep our domains effectively separated and that no matter how many domains we identify in our digital life and identities we create, in the internet every identity, even the one bearing our true name, becomes a “virtual” persona and should be managed carefully.


The pros and cons of the variousidentity options:


  • Risk           

Reputation                Effort                                                                                                                                

Real name                     +                +                        -

Total anonymit  y                                                                       

Consistent pseudonymity     -                +                        +

Collective Identity          -                +                        +



3. Create a new online identity


Virtual suicide?


When we decide to separate our domains, one of the first decisions we should make regards the accounts and identities we have used so far – should we delete them or should we keep using them?

When navigating in the web, it is a good idea to consider each one of our identities potentially disposable, so that if it is somehow compromised, we can discard it easily. Our former account is likely connected to all our domains, so if we are starting to separate them, it is better not to have a place where all these connections are put together and at least to review our contacts, keeping only those linked to the relevant identity.

But as described before, when we use the internet we scatter our traces all over, and managing the traces we have left behind in the years is much more complex than we could think, so especially if we foresee to embark in high-risk activities but still want to keep our old identity, it is a good idea to create new identities that have nothing to do with the life we have lived and with the contacts we have had so far. In alternative, we can commit a virtual suicide by deleting all our accounts and profiles before we create new ones.

A nice tool to facilitate theprocess of deleting social network profiles is the Suicide Machine: http://suicidemachine.org/

Unfortunately, the Suicide Machine was forced to stop deleting Facebook accounts. Instructions on how to delete Facebook accounts are here:https://www.facebook.com/help/224562897555674

Two other websites that help deleting online accounts are AccountKillerhttps://www.accountkiller.com, with instructions to remove accounts or public profiles on most popular websites – and JustDelete Mehttp://justdelete.me, a directory of direct links to delete accounts from web services.


Disposable email and mail aliases


While some domains require some sort of identity management in order to gain a strong reputation and trust from other members of the community, in some cases all we need is a disposable email address that we only need to use once or few times, for example for opening an account in a fishy website. Even if we decide to just have one identity online, this is always a good practice that prevents sites from building a history of our activities andensures that, even if that account gets compromised, we can simply delete it and create a new one, keeping our digital life unscathed.

Another option is to create a mail alias,a different email address that is connected to your main mailbox. The advantages of this approach are that this email account does not expire as disposable email addresses, and that if it gets compromised we can just dispose of it and create a new one, as with temporary mailboxes. But of course if the alias receives a lot of spam, it will fill our main mailbox.

There are many services that offer disposable email addresses. Some of the most privacy oriented are: https://anonbox.net, offered by the Chaos Computer Club, a historical hacker organization, and https://www.guerrillamail.com

In some cases, we don’t even need to create a disposable email account, because someone has already done this for us and shared the user name and password online. This is allowed by BugMeNot, a site – http://bugmenot.com – where anyone can publish their new account data for sites with free registration. And there is also a Firefox extension: https://addons.mozilla.org/en-US/firefox/addon/bugmenot

If we can’t be bothered with thinking up a new name and other data every time we want to create an account with a website we don’t really trust, https://fakena.me is a privacy-oriented fakename generator that provides all we may need, from a credible name and surname with birth date and (US-based) address to a user name and password, up to a link to the connected guerrillamail mailbox. Another similar service called called Instant Internet Decoyhttps://decoys.me – creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.

While not every mail service allows users to create mail aliases, this service is offered to every mail user both by Riseup(https://we.riseup.net) and Autistici/Inventati(https://www.autistici.org), two secure, autonomous servers that are particularly focused on the right to privacy and anonymity and that are recommended for general security too.


What’s in a name


An increasing number of psychologists argue that people living in modern societies giv emeaning to their lives by constructing and internalizing self-defining stories. Actually, the practice of “story telling” (and of creating a social mask, for that matter) is much older, and starting a new avatar with a story makes it a lot easier to maintain the role. We can  use a “known” person’s story, or a god or goddess, a superhero, a fictional character from our favourite novel, or adopt a “group identity” like anonymous/anonymiss or the Guerrilla Girls. Otherwise, if we feel particularly inspired, we can just invent a new story we like, but the main point is that when we create an identity we should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in orderto become credible, so it is better to start from the choice of our nickname. Moreover, when we choose our name we should consider that some social networks, most notably Facebook, insist that their users give their real name, so if we want to use commercial social networks, it is better to use a credible name and surname rather than more imaginative ones.

This page offers a lot of cues and links for inventing a new identity: http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed

Having found a name, a surname and a user name we like for our virtual persona, and having generated or invented all the fake data we need for creating accounts with it, we should do a thorough research, perhaps also using doxxing tools and techniques (see Self-Doxxing above) to find out if someone else is already using that name. After all, if we wish to develop our own reputation, we don’t want to be confused with someone else, especially if they don’t share our views of the world!


4. Managing various online identities

Securing our multiple identities


Once we have chosen a name for our new identity, we can start creating a contact email, accounts with web services, and so on. Yet, separating our digital life into multiple identities is not enough. What we need to do is to keep them technically separated, that is to avoid that our identities scatter identical traces that can be linked together.

To do this, some precautions on the security side are definitely necessary, and to start, a good idea is to always hide our IP, the number that identifies our connections, through Tor, an anonymity network that conceals both the location of our connection and what we do in the internet. By consistently using Tor, no one can link our IP (and therefore our alternative identity) to us, not even the mail server we use. For further information on how to use Tor, see “Anonymization” below.

Also the choice of the mail server we use for our contact mail address is important. While there are several secure servers that offer a good service – e.g. the Swiss commercial service Kolab Now (https://kolabnow.com) and the autonomous servers Riseup (only for activists: http://riseup.net) and Autistici/Inventati(https://www.autistici.org) – the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our virtual persona. If, for instance, we are creating an identity that doesn’t know much about digital security, it may be better to use a more widespread service like Gmail, and the possibility of two-factor authentication is always a plus. If the mail address we are creating is connected to our work and hosted by our firm’s mail server with its own domain, it is a good idea not to include our surname in the address and to keep just the name followed by the domain (e.g. jane@businessname.com). Of course, if a mail address is required when registering a new mail account, we shouldn’t give our usual address and it is much better to use a disposable account for this purpose.

Another crucial point regards passwords and their management. Since we are using different identities, the number of our passwords will increase accordingly, and there is no way to remember so many secure passwords unless we have some mental magic powers that allow us to memorize dozens of long random strings of letters, numbers and symbols. On the other hand, having just one password for all the services we use is very dangerous, all the more if those services are connected to different domains and identities. Using always the same password, we risk that someone steals it from a weaker service and uses it with more secure ones, and even if two-factor authentication helps preventing this, not all services offer it.

A good tool to generate random passwords and store them in an encrypted place in our computer and/or Android device is KeePassX, a cross-platform free and open-source password manager that is very easy to use and creates files with passwords that can also be exported and used in otherdevices.

To learn how to use KeePassX, read this howto: https://securityinabox.org/en/guide/keepass/windows

To learn how to use KeePassDroid, the correspondent tool for Android, read this howto: https://securityinabox.org/en/guide/keepassdroid/android

But some passwords, like the one we use to decrypt our KeePassX file, need to be easy to remember and strong at the same time. A good solution is to create passphrases that are formed by a random group of words that don’t make any sense together, separated by spaces. We can do this by simply using some real physical six-sided dice and a list of words like the Diceware word list, that contains 7,776 English words all connected with a five-digit number(http://world.std.com/~reinhold/dicewarewordlist.pdf). By rolling the dice five times, we will come up with a five-digit number that corresponds to the first word in our passphrase. By doing it again for at least six times, we will get a passphrase formed by six words that don’t make any sense at all, but together make a strong, random passphrase that can be memorized just as we did when we had to learn poems by heart at school and that is so long that it would take an average of 3500 years to crack it with bruteforce at a speed of one trillion guesses per second.

To learn more about the Diceware technique, read this article published by Micah Lee in The Intercept: https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess.

To read more about how to create strong passwords and store them, go to: https://securityinabox.org/en/guide/passwords


A different profile for each persona


So now we have created several identities, but the risk that someoneconnects them together unwittingly or to harm us is still very highif we don’t take some simple precautions that can be summarized ina sentence: keep each profile apart from the others, both in yourdigital and physical life.

A good start to separate our activities into domains is creatingdifferent browser profiles, mailboxes and socialnetwork accounts for each of our identities.

To create multiple profiles with Firefox, visit: https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles

Tocreate multiple profiles with Google Chrome, visit: https://support.google.com/chrome/answer/2364824

When creating a new mailbox, itis always a good idea to connect to the server’s website withTorbrowser and, if a contact mail address is required, not togive one that is connected to another identity and to use adisposable email address instead.

A good rule of thumb is to always usedifferent apps for each account/identity and, if possible, to use adifferent profile in our computer or Android device or even differentdevices.


Managing multiple identities insocial networks


When we use social network websites, weshould always access them with a secure HTTPS connection. To do thisconsistently, it is best to install the HTTPS Everywhere extension in our browsers.

When creating a new account on a social network, we should use the browser profile we have created forthe relevant identity, and check the privacy settings to bewell aware of what we are making public, who can see what we post,who can contact us, who can look us up and what our contacts can do(for example tagging us in pictures or writing in our personal page).

We should also be very careful about the profile information we provide and about the profile picture and cover photo we use, because they are generallypublicly available to anyone who looks for us in that social networkeven if they are not our contacts and regardless of our privacysettings.

Anothercrucial precaution isthat our social network contacts do not overlap among our several identities, and that we don’tfollow our account with other accounts associated to anotheridentity. In particular, it is not a good idea to follow our pseudonymous accounts with our personal account: if someone is looking tounmask our anonymous identity, the first place they willlook is whom the account follows, and who follows it back. Forthe same reason, we should avoid reposting posts or other contentspublished by one account with another account.

Mostsocial networking sites will display our location ifpossible. Thisfunction is generally provided when we use a GPS-enabled phone tointeract with a social network, but we should not assume that this isnot possible if we aren’t connecting from a mobile. The network ourcomputer is connected to may also provide location data. The way tobe safest about it is to double-check our settings. Whe should beparticularly mindful of location settings on photo and video sharingsites, and not just assume that they are not sharing our location.

Photos and videos can also reveal alot of information unintentionally. Many cameras will embed hiddendata (metadata tags), that reveal the date, time and locationof the photo, camera type, etc. Photo and video sharing sites maypublish this information when we upload content to their sites.

If we use apps on mobile devices to access our social networks, it isbetter to use different apps for each account, so as not to post bymistake revealing contents with the wrong account. There are severalapps to manage social networks: we just need to pick up one for eachof our identities to reduce the risk of giving away our trueidentity.

Another trick to hide our trails is to publish from our variousaccounts at different times of the day. Some social networks, likeFacebook, allow users to schedule the publication time of theirposts, while for others, like Twitter, there are several apps thatcan do the job for us.

To schedule a post on Facebook, read:https://www.facebook.com/help/389849807718635

There are several apps to schedule a post on Twitter and othersocial networks, like Buffer – https://buffer.com – or Postcronhttps://postcron.com

Two further good hints for using social networks with multiple identities are to follow otherpeople who could reasonably be considered the owners of our fakeaccount, and to write (and hashtag on Twitter) posts about eventsthat we are not attending, especially if they are taking place faraway from us, to further distance our personal identity from ourpseudonymous identities. It may also be fun to publish and then delete posts that look like we have exposed our identity, so as tofurther confuse anyone who may try to track us down.

Finally, whatever social network you decide to use, always read its terms of service to check if they suit your purposes well. And if you find them too complicated, you can check the website Terms of Service Didn’t Read (https://tosdr.org), where terms of service of many social networks and web services are easily summarized for common mortals.

Alternative social networks


For the sheer number of their users, mainstream commercial socialnetworks like Facebook or Twitter are extremely useful if our aim isto publicize as widely as possible an event we are organizing or aproject we are launching. Nevertheless, when we advertise ourinitiatives, we should remember that these platforms have very strictterms of service that could justify their decision to terminate ouraccounts if they find that our contents infringe their rules.

Moreover, as is well known, with commercial social networks users arenot the costumers, but the product, because they are profiled andsold to advertizers. If we add to this the ever-changing terms ofservice and policy and the interactions with other apps and featuresthat make it very difficult to understand clearly what happens to ourdata, the best solution is to avoid commercial social networks asmuch as possible, and to limit their use to specific projects we wantto publicize as much as possible.

But fortunately there are alternatives that give much more freedom totheir users and don’t profile them in any way.

On of these, Ello,explicitly states in its manifesto that “You are not aproduct” and has become famous, particularly inthe trans community, for not requiring real names while Facebookstarted to strictly implement its “real name” policy.Consequently, its number of users has grownand this can be a good alternative to mainstream commercial socialnetworks for achieving the critical mass of readers we need to spreadour ideas and initiatives. Nevertheless, Ello is still a commercialproject, and there are alternatives that are community-based,distributed rather than centralized, based on free and open-sourcesoftware and privacy-friendly. Among these, Diaspora(https://joindiaspora.com), Friendica(https://friendica.com)and Crabgrass(https://we.riseup.net) are especially worth mentioning.


Other similar sites may be popularin different regions, so you way wish to explore other options.Before choosing one you should consider the following points:

  • Does        it provide connection over SSL        (like HTTPS)        for all uses of the site, rather than just during login? Are there        no problems related to encryption, such as problems related to        encryption certificates?
  • Read        the End User Licence Agreement and Privacy Policy or Data Use Policy        carefully. How are your content and personal data treated? With whom        are they shared? For a useful add-on which helps users undestand the        Terms of Service of many popular sites, see Terms        of Service; Didn't Read        – https://tosdr.org
  • What        privacy options are provided for users? Can you choose to share your        videos securely with a small number of individuals, or are they all        public by default?         
  • Do you know        the geographical        location of the servers,        under which territorial jurisdiction they fall or where the company        is registered? Are you aware of how this information relates to the        privacy and security of your email activity and information?