Complete manual

From Gender and Tech Resources

Revision as of 10:31, 28 May 2015 by Floriana (Talk | contribs) (What’s in a name ?)

Understanding digital shadows

The internet is a great space to explore, learn, speak up, listen and communicate with people across the world.

Unfortunately, it has also become a space where people who question or challenge dominant discourses - especially where those deal with gender and sexual orientation - are silenced, harassed and threatened.

If you are active on the internet as women, human rights defenders, trans* or queer persons, and/or feminists, you'll probably want to make sure your privacy and security are protected as much as possible.

A good place to start is by assessing the traces you are leaving behind on the internet, by getting to know your digital shadow and understanding how you organise your social domains and networks across your online and physical activities.

The traces you leave online can tell very accurate stories about you; who you are, were you live and hang out; what you are interested in and who your friends and collaborators are. This information can expose you to several threats, including online harassment - particularly where the traces you leave behind are publicly available.

However, there are also many strategies and tools you can use to take more control over your digital shadows - to increase your privacy, and ultimately to be more secure, both online and offline - without being less vocal or reducing your activity online. Some examples of these strategies and tools include controlling the amount of data you give away by consciously stripping valuable information from content and metadata; trying the art of self-doxing; and thinking about ways to play with and break up your online identity.

Your digital shadow is the story data tells about you. This digital shadow is created by trillions of bits of data, left behind in the digital world when you connect to the internet, your mobile phones and your other online services. These digital shadows ultimately have a life of their own. They can be affected by others and can change in unpredictable ways. They grow continuously, and can be permanent, encompassing both your past and present activities.

How are these trillion bits of data created? The devices and the software you use to browse the Internet, access websites, connect to social networking platforms like Facebook and Twitter, publish blog posts, receive phone calls, send SMS messages or emails, chat, or buy things online, all create specific bits of data. These bits of data can include your name, location, contacts, pictures, messages, tweets and likes, but also the brand of your computer, length of your phone calls and information about which websites you visit. These data traces can be put out there by yourself as well as by other people.

How do we share data? In some cases you actively share data – for example when you share photos on Facebook, book a flight ticket online or contribute to a wiki. Other people can also actively share data about you, by tagging you in pictures, mentioning you in tweets or simply by communicating with you. In other cases, you give away data without necessarily realising it, or consenting to it.

Your browsing habits and IP address are shared when you visit a website by means of "cookies" and other tracking technologies, which are active in the background. These technologies are embedded in the websites you visit, and the information shared is collected for a wide range of purposes, from website analytics to advertising. Your mobile phone apps also collect data on you without your active knowledge or consent – for example, the photos you take usually have location data embedded in them. These tracking technologies enable web services to identify and follow you as you move from one service to another - from your internet browser to the IM (instant messaging) app in our smartphone, from downloading e-books in your readers to publishing pictures from the latest protest you covered.

What is data? Data can be broken into three parts: content, metadata and noise. Content is the content of your messages, blogs, tweets and phone calls; it is your pictures and videos. Metadata is data about data, information that is needed for the technological infrastructure to work. Metadata enables your email to be delivered, files on your computer to be found and mobile communication to work. Metadata can include your email address, phone number, location, time and date when a message was sent or stored. Noise is the data that is created by either the manufacturing process or by the workings of the technological infrastructure. For example, every camera has an SD card to record and store pictures. Every SD card has unique scratches that were created by the machines producing the SD cards. These scratches make small changes to the data that are not visible to the eye but can be recognised by computers.

Who collects data?

You might wonder about the importance of one picture, one message, or one call. You might think there is so much data out there that nobody knows what to do with it, or cares that much about it.

However, there are in reality a number of parties interested in this data - including companies, governments and individuals - and data collection and data analysis is by now very sophisticated. The data traces you leave behind online are constantly being collected, analysed and sorted by various parties to create profiles on you; and every time a new piece of data is collected, it can be identified and added to your profile. These profiles are ever-expanding, and give those who create them or who have access to them an immense insight into who you are.

Data is collected by these companies, governments and individuals for a variety of purposes. Profiles can be bought and sold; data can be used to control, suppress or silence; it can be used to create harassment strategies.

Data can be used to gain insight into who you are, what you do, where you have been and with whom you have been interacting. This information can then be used to make predictions on what you might do or where you might be in future. For example, if someone knows that you are an outspoken blogger on gender issues in country x, they know that you will probably be present at a conference on blogging and women held in that country.

Anyone could potentially have access to your digital shadow – including communications service providers, law enforcement agencies and commercial companies, as well as groups and individuals running their own servers.

You can't know exactly what is happening to our digital shadow, and that itself is a problem. Fortunately, there are many tools and tactics you can use to manage your digital shadows and to limit their ramifications in terms of profiling, control and surveillance. This will be discussed in the rest of this section.

Exploring

To move towards getting some control over your digital shadow, a good place to start is to see what it looks like (as far as is possible)

  • Trace My Shadowhttps://myshadow.org/trace-my-shadow – is a tool launched by Tactical Tech that allows you to see what traces you are leaving online, and it offers a lot of tips on how to protect your privacy.
  • Identifying and materialising social networks across your online and physical activities: John Fass, researcher and designer at the Royal College of Art, offers some activities for visualising your social networks and browser history ' [insert link].'
  • A tool called OpenPaths.cc allows you to see through the eyes of your mobile phone. Read the Terms of Service carefully and explore if you can change the access settings in your phone. On an iPhone you can change the permissions for each app under its privacy setting. LINK??

Controlling

The good news is that you can partly control what content and metadata you give away. When you publish content on the web, it is always a good idea to ask yourself if what you are posting is public or personal and who could have access to it. Even if the information is connected to a public event and not to your personal life, the names you mention or the images you upload may contribute to a picture about who you are, what you are doing, where you are doing it and so on. This could be used by people who wish to target you.

This does not mean that you should silence yourself – by taking some basic measures, you can limit your risks by increasing the level of the effort that would be required to attack you or your contacts.

  • When giving personal information to a web service, it’s best to use HTTPS so that the communication channel is secure (see the section on security measures for more on this).
  • Using Tor will hide specific metadata like your IP address, thereby increasing your anonymity online.
  • Use strong and different passwords for each web service you use - if not, someone that intercepts your password could use it to access your other accounts.
  • When sharing personal details about your life, you can use private profiles that can only be accessed by selected contacts. When using those on commercial social media, you should be aware of the regular changes to the privacy policies of that platform. There have been cases where privacy settings have been changed, exposing pictures, content and conversations of private groups.
  • When writing or posting images about public events on the web, you should ask yourself if the information you spread about single individuals, places and other details could be used to identify and/or attack someone. It is always a good idea to ask for permission to write about individuals and perhaps also to discuss shared agreements about posting information on public events.
  • You can prevent the tracking and collection of metadata through your browser by installing add-ons like Privacy Badger or Adblock Plus, as well as by monitoring your privacy settings and deleting cookies on a regular basis.
  • When registering a device or software such as Microsoft Office, Libre Office, Adobe Acrobat and others, not using your real name can help prevent the metadata created when using this device or software from being connected to you. You can also switch off the GPS tracker in your phone or camera.
  • Some file types contain more metadata than others, so when publishing contents online you can change files from ones that contain a lot of metadata (such as .doc and .jpeg) to ones that don’t (such as .txt and .png), or you can use plain text.
  • For editing or removing metada from PDF files, Windows or MAC OS users can use programs such as Adobe Acrobat XI Pro (for which a trial version is available). GNU/Linux users can use PDF MOD, a free and open source tool. However, it doesn’t remove the creation or modification timestamp, and it also doesn’t remove the information about the type of device used to create the PDF.

Self-Doxing

Doxing describes tracing or gathering information about someone using sources that are freely available on the internet and constitute a type of social engineering technique. This method depends on the ability of the attacker to recognise valuable information about their target, and to use this information for their own ends. Doxing is premised on the idea that the more you know about your target, the easier it will be to find their flaws. "Self-doxing" ourselves can help us to make informed decisions about what we share online, and how. Of course, these same instruments can also be used to learn more about someone we have met online before we give them our full trust.

Methods used for doxing include exploring archives, images, phone directories and other publicly available information; querying common search engines like Google or DuckDuckGo (https://duckduckgo.com); looking for a person's profile in specific services; searching for information in public forums and mailing lists. But it can also simply consist in looking up the public information on the owner of a website, through a simple "whois search" (see the section on "Creating a site of one’s own"). Before we start exploring these web services and looking for our digital self, a good idea is to use anonymisation tools like Torbrowser. Useful tips on self-doxing tools and techniques can be found here:

Mapping our social domains

As security expert Bruce Schneier explains, “Security is a chain, and a single weak link can break the entire system”. Everyone belongs to several social domains - your work or advocacy networks, your family networks, friends, and sports teams. Some networks may feel more secure than others. For example, you may tend to have a more secure communication practices for your work or advocacy activities, but less secure practices for interacting with friends on a social networking platform.

If you use a single identity in all your domains, or if you always use your real name online, it becomes easier to gather information about you and to identify your vulnerabilities. For example, if you reveal in a social networking platform that you like a particular kind of game, an attacker who wants to investigate your work or advocacy activities might trick you into downloading a game which is infected with spyware.

This is only possible, however, if your work identity and your gaming profile can be connected to the same person; and this is why separating your social domains can be useful. More on how to do this will be addressed later on, when we talk about identity management.

To separate your social domains, it's helpful to first map them out and identify which ones could expose you most. You can do this by thinking about your different activities and networks, and reflecting how sensitive each of these is in order to better separate the domains that are sensitive from those that are not.

For instance, Polish computer security researcher Joanna Rutkowska has developed a Linux distribution based on the concept of “security by isolation” called Qubes OS. In this system, each social domain is isolated in a separate virtual machine. The three basic domains Rutkowska identifies for herself are:

  • The work domain, including her work email, work PGP keys, reports, slides, papers, etc. She also has a less-trusted “work-pub” domain for things like accepting LinkedIn invites or downloading pictures for her presentations.
  • The personal domain includes personal email and calendar, holiday photos, videos, etc. She adds to this with a special domain called “very-personal”, which she uses for the encrypted communication with her partner.
  • The red domain includes the totally untrusted areas which don’t require her to provide any sensitive information.

You can find more details about her scheme here: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

Deleting identities

If you decide to separate your social domains by creating multiple identities, you should decide whether to delete or keep the identity or identities that you already have. To do this, you can start by investigating the traces of your existing identity or identities. (For methods and tools for following your own digital traces, see "Exploring your digital shadow" and "Self-Doxing"). If you opt for deleting existing accounts, you can visit the following places:

Separating identities online

Once you have identified your different social domains and the digital activities and contacts that go with them, what you need to do is decide if you want to differentiate your identities accordingly, or if you'd rather stick to your official name and true face for each of them.

You may want to keep your work connected to your legal or "real" identity, or think that your activism should be anonymous, but these are decisions that need to be thought about carefully. For example, a journalist who finds it convenient to use her real identity for her writing may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together.

On the other hand, if an activist decides that she wants to use a pseudonym for her online activities, she should consider that she will be showing her face in all her connected activities in the real world, such as speaking at conferences or participating in demonstrations. Her online pseudonym will therefore be linked to her face; but her face could also be linked to her real name on social media, and her online activism identity unmasked.

In assessing which identity to use in a given context, it's helpful to consider for each specific context the following questions:

  • Would my job, livelihood or safety be at risk if my real identity were known?
  • Would my mental health or stability be affected if my participation in X were known?
  • Would my family or other loved ones be harmed in any way if my real identity became known?
  • Am I able and willing to maintain separate identities safely?

Once you have assessed our risk, you can then consider different strategies for separating your identities online. For more on assessing risk visit: https://ssd.eff.org/en/module/introduction-threat-modeling

Strategies for maintaining separate identities can range from full transparency to full anonymity.

"Real" names

Author Kate Harding (http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name) talks about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers to follow practices like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers... masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”. Instead of putting responsibility on women, Harding says, problems of harassment should be handled by society as a whole, including men. However, she also acknowledges that the decision is a dangerous one.

Anonymity

On anonymity, Vani, a human rights activist, writes: “I am a regular social network user. I voice my opinions on a range of topics. But I remain faceless and nameless”.

Anonymity may be a good choice in settings where you don't need to gain other people's trust, when there are few or no people you can trust, or when you don't want to expose others in your life to risks. When you are researching or participating in message boards about health issues, or when sharing sensitive information for instance, you may wish to set up a one-time account, using a pseudonym, to comment on a blog or news site, or a one-time email account or chat session to discuss sensitive information with others.

But total anonymity can be difficult to maintain and also be dangerous in some countries, where it can signal to the state police that the author thinks they are doing something wrong. This strategy can also be lonely as anonymity can further isolates you, as a blogger underlines: “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”

When you adopt anonymity as a strategy you may use pseudonyms, but these should not be used across different networks or social domains, and some may only be used once and then discarded. Because of this, anonymity differs from "persistent pseudonymity". For more information on how to be anonymous online, see the security recommendations at the beginning of this manual and Anonymizing tools in Step0 in the wiki.

Persistent Pseudonymity

Persistent pseudonymity involves a fictitious name consistently over a period of time. In the age of the internet, a pseudonym may also be referred to as a "nickname" or "handle", though the latter can also be tied to a person's legal identity. There are [reasons why individuals may wish to use a name other than the one they were born with]. They may be concerned about threats to their lives or livelihoods, or they may risk political or economic retribution. They may wish to prevent harassment and discrimination or they may use a name that’s easier to pronounce or spell in a given culture.

A pseudonym can be name-shaped (e.g., "Jane Doe") or not. At time of writing, some websites - including Facebook - require that users use their "authentic identity" applying a real name policy which typically means using your legal name or the name by which you are commonly known. This policy has caused many users to lose their Facebook accounts. If we choose to use a pseudonym on social networks, it is important to understand that we can be reported for using a "fake name" and having one's account deleted. A strategy for avoiding that is using a name-shaped pseudonym.

Persistent pseudonymity also offers visibility, which allows to network with others, and by pinning your voice to a particular name you can develop an online reputation. This depends on others to decide whether you are worthy of trust, and is therefore a crucial aspect in trust-based online communities. Reputation can be developed by consistently using a nickname or pseudonym that can either be connected to your legal identity, or not. The choice to connect your online reputation to your "real" name should be taken individually, according to needs and context.

It is also possible to maintain multiple pseudonyms (and reputations) for different purposes. For example, a person involved in the gaming community and LGBTQI rights activism may wish to maintain separate identities for each purpose, and can build trust within each community separately doing so.

Collective Identity

Another way to be anonymous is through collective participation. General Ludd, Captain Swing, the Guerrilla Girls, Luther Blissett, Anonymous - for centuries groups and like-minded people have participated anonymously in historic protest movements, or have created ground-breaking and provoking artworks or pranks under a collective pseudonym. Besides hiding the identities of the individuals involved, these collective personas have shrouded their feats in an aura of myth and almost magical power. Anonymity through collective identity can translate in a number of things, from a private group or mailing list that puts out collective statements, to a shared Twitter account. While the same security concerns apply, working from behind a collective identity means having the power of the crowd behind you, and can be a good option if you don't wish to reveal your identity.

Comparing strategies

Whatever choice you make, what is important is that you keep your domains effectively separated. No matter how many domains you identify in your digital life, and how many corresponding identities you create, on the internet every identity - even the one bearing your real or legal name - becomes a “virtual” persona and should be managed carefully.

The pros and cons of the various identity options:

Risk Reputation Effort
Real Name "+" "+" "-"
Total Anonymity "-" "-" "+"
Consistent Pseudonimity "-" "+" "+"
Collective Identity "-" "+" "+"


Real name

  • Risk: Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
  • Reputation: Others can easily identify you, thus gaining reputation and trust is easier.
  • Effort: It requires little effort.

Total anonymity

  • Risk: It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
  • Reputation: There are few opportunities to network with others thus to gain trust and reputation.
  • Effort: Intensive as it requires contacts caution. It might also require the use of anonymisation tools (for example Tor or TAILS)

Persistent pseudonymity

  • Risk: Pseudonyms could be linked to your real world identity.
  • Reputation: A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
  • Effort: Maintenance requires some effort, particularly if you are also using your real name elsewhere.

Collective Identity

  • Risk: Possible exposure of your real world identity.
  • Reputation: While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
  • Effort: Although secure communications are still important, it requires less effort than total anonymity.

Creating a new online identity

"Once something is on the internet it will stay on the internet, as the internet does not forget". You may think that deleting certain sensitive data from social networks and web services may be enough to protect yourself, but metadata cannot be deleted as easily. And using just one identity through your whole life - in all your work and personal domains - creates a bulk of information that makes it easier to profile you.

One option to avoid this is to leave an old identity behind and create a new one, or several new ones for each of your social domains. You might also choose to use your real identity in some areas, and your new alternative identities in others.

  • When you create a new identity, you should select the contacts for each one carefully, and avoid sharing contacts with other identities you use for different activities. This effectively creates separate social domains, with separate accounts, mail addresses, browser profiles, apps, and possibly even devices.
  • Your various identities should not linked to each other, or to your real identity. Remember that some of these connections can be tenuous as for example when signing up for a new pseudonymous Gmail account using your real phone number.
  • Disposable extra identities can be useful, as they can be discarded easily if compromised.
  • Disposable extra identities can be created for new acquaintances when appropriate as introductory profiles to get to know somebody before you include them in your more trusted network.

To learn more about how to separate different identities into separate profiles, read the section on “Managing multiple online identities”.

What’s in a name ?

On the internet, platforms that have "real name" policies tend to base this judgment on an individual's legal name, rather than allowing them to identify as they choose. This can be problematic, not only for individuals trying to remain anonymous, but also for transgender individuals, individuals with mononyms, and others.

Because of such restrictions, it can be beneficial to select a "name-shaped" name when choosing a pseudonym. If you want to use commercial social networking platforms, it is better to use a credible name and surname rather than more imaginative ones. Many companies will require that you use both a first name and surname, or a name that doesn't contain any slang terms or profanities.

Once you have decided on a name, a surname, and a username for your virtual persona, you should do thorough research - perhaps also using doxing tools and techniques (see the section on Self-Doxing) - to find out if someone else is already using that name. After all, if you wish to develop your own reputation, you don’t want to be confused with someone else, especially if they don’t share your views of the world!

Then you need to create a story for this virtual persona because if it comes with a story it makes it a lot easier to maintain the role. You can invent a new story if you feel particularly inspired or base your story on a “known” person’s story, a superhero, a fictional character from your favourite novel, or adopt a “collective identity” like Anonymous/Anonymiss or the Guerrilla Girls. In any case when you create an identity you should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in order to become credible.

This page offers some helpful tips for inventing a new identity: http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed

Credible persona

A virtual persona or identity can't be just a name with a mail address and a series of web accounts. If we keep all our normal identifying traits - such as our gender, job, attitude or the way we write - it might be possible for someone to connect the dots and connect our pseudonymous personas with our real identity.

  • Work: Our persona should have a job that is different from ours, but not so different that we don’t know anything about that field: for example, they shouldn’t be a surgeon if we don’t know anything about anatomy!
  • Skills and interests: Similar considerations should be made to select our persona's skills and the main topics they focus on and write about.
  • Linguistic fingerprint: This could be identified through a "stylometric analysis" that make it possible to identify the author of a particular text. To change this, we can start by using a spell-checker in our word processor to check for consistent typos and we could also think about adopting a different writing attitude. We could adopt one simple rule for each persona, making them shout by only using capital letters, or be a low-talker with a lower-case style, or very excitable, with a lot of exclamation marks.
  • Psychological attitude: A good rule of thumb is to give our persona depth by creating some "weak spots" - but choosing them carefully so that, if the weak spot is attacked, we are able to weather the strikes and even have some fun in the process.

In any case, we should always remember that on the internet, each one of our identities - even the one connected to our real name - is a “virtual” identity, and it is always better to decide what character traits we want to expose in each of them. Creating a somewhat fictional character can be a good idea even for our “real” online identity.

More about how to create a rounded character for our identities here: https://lilithlela.cyberguerrilla.org/?page_id=94049

Managing several identities

Once we have created several personas, it's important keep them separate in both our physical and digital lives. While keeping notes on our identities might help ensure that we remember our story, there are technical measures we can take to make sure that our profiles stay separate.

A good start is to create different browser profiles, mailboxes and social network accounts for each of our identities. A good method is to always use different apps for each account/identity and, if possible, to separate our identities per device or operating system (see 6. A different machine for each identity). To create multiple profiles with Firefox, visit: https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles . For Google Chrome, visit: https://support.google.com/chrome/answer/2364824 When creating a new mailbox, it is always a good idea to connect to the server’s website with Torbrowser and, if a contact email address is required, to think about using a disposable email address instead.

Disposable email addresses

For some activities and social domains we need to manage rounded personas, in order to gain a strong reputation and trust from other members of the community. In some cases, however, all we need is a disposable email address that we only need to use for opening an account in an untrusted platform.

Even if we decide to have just one identity online, using disposable email addresses prevents sites from building up a history of our activities and ensures that if that account gets compromised we can simply delete it and create a new one, keeping our digital life intact.

  • Using existing disposable email addresses: BugMeNot(http://bugmenot.com) allows people to share their email logins and passwords created for platforms with free registration, for anyone to use.
  • Tools to generate personal details: Fakena.me' (https://fakena.me) is a privacy-oriented '"fake name generator" that provides everything for you - from a credible name, birth date and (US-based) address, to a user name and password and a link to the connected guerrillamail mailbox. Another similar service, called Instant Internet Decoy (https://decoys.me) creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.

Another option is to create a mail alias - a different email address that is connected to our main mailbox. The advantages of this approach are that this email account will not expire, and if it gets compromised we can just dispose of it and create a new one. But of course if the alias receives a lot of spam, it will fill our main mailbox.

While not every mail service allows users to create mail aliases, this service is offered to every mail user of Riseup (https://we.riseup.net) and Autistici/Inventati (https://www.autistici.org).

Commercial social platforms

Whatever social networking platform we decide to use, you should always read its terms of service to check if they suit your purposes. To get a summary of the terms of service of many social networking platforms (and other web services), go to the website Terms of Service; Didn’t Read (https://tosdr.org).

When creating an account for a new persona on a social networking platform, use the browser profile you have created for that persona. Make sure to check the privacy settings so that you know what you are making public, who can see what you post, who can contact you, who can look you up and what your contacts can do (can they tag you in pictures? can they write on your "wall"?)

Also be very careful about the profile information you provide, as well as the profile picture and cover photo you use, as these are generally publicly available to anyone who looks for us in that social network, regardless of our privacy settings.

Make sure your contacts do not overlap with your other identities, and to make sure your different identities don't "follow" one another. It is particularly not a good idea to follow your pseudonymous personas with your real identity. If someone is looking to unmask one of these personas, the first thing they will look for is who the account follows, and who follows the account. For the same reason, we should avoid reposting posts or other content published by one account with another account.

Most social networking platforms will display your location where they can. This function is generally provided when we interact with the platform using a GPS-enabled phone, but the network our computer is connected to may also provide location data. It's always a good idea to double-check your settings - particularly on photo and video sharing sites.

If we access social networking platforms via mobile apps, it is better to use a different app for each separate account, so as not to post something to the wrong account by mistake. There are several apps which can be used to manage your social networking platforms - it is, however, a good idea to use a different one for each identity, to reduce the risk of giving away your real identity.

Another trick to hide our trails is to publish from our various accounts at different times of the day. Some social networking platforms, like Facebook, allow users to schedule the publication time of their posts. To learn how to do this, read:

It can be a good idea to follow, from our pseudonymous profiles, other people who might reasonably be considered the real owners of that profile. To further distance our real identity from our pseudonymous identities, we can also write (and hashtag on Twitter) posts under our pseudonymous profiles about events that we are not attending, especially if they are taking place far away from us. It can also be fun to publish and then delete posts that look like we have exposed our identity, so as to further confuse anyone who may try to unmask us.

Alternative social platforms

Mainstream commercial social networking platforms like Facebook or Twitter can be extremely useful if our aim is to publicise as widely as possible an event we are organizing or a project we are launching.

However, if you're using one of these platforms it is important to be aware that:

  • these platforms have very strict terms of service that could justify their decision to close our accounts if they find that our contents go against their rules (for more, read: http://www.aljazeera.com/indepth/opinion/2013/05/20135175216204375.html)
  • users of these platforms are profiled, and information is sold to advertisers. If we add to this the ever-changing terms of service and the interactions with other apps and features that make it very difficult to understand clearly what actually happens to our data, the best solution is to limit the use of commercial social networking platforms to specific projects we want to publicise to a wide audience.

There are also alternatives available - social networking platforms that give much more freedom to their users and don't profile them.

  • There are alternatives that are community-based, distributed rather than centralized, based on free and open-source software and privacy-friendly. Among these, Diaspora (https://joindiaspora.com), Friendica (https://friendica.com), N-1 8https://n-1.cc/) and Crabgrass (https://we.riseup.net) are especially worth mentioning.
  • Other similar sites may be popular in different regions, so we way wish to explore other options.

Before choosing to use a social networking platform, we should ask:

  • Does it provide connection over SSL (like HTTPS) for all uses of the site, rather than just during login? Are there any problems related to encryption (eg related to encryption certificates)?
  • According to the platform's End User Licence Agreement, Privacy Policy and/or Data Use Policy, How is your content and personal data treated? With whom are they shared?
  • What privacy options are provided for users? For example, can we choose to share our videos securely with a small number of individuals, or are they all public by default?
  • Is the geographical location of the servers known? Under which territorial jurisdiction do they fall? Where is the company registered? How does this information relate to the privacy and security of our activity and information?

Creating a blog or website

Creating a blog can be as easy as signing up to a blogging platform and choosing a name and a "theme" or visual template. There are several blogging platforms that are both user-friendly and free, including the open-source Wordpress (Wordpress.com). Based on it, but with some tweaks for additional user privacy, are two security-oriented platforms that are managed by autonomous servers: Autistici/Inventati’s (A/I) Noblogs (http://noblogs.org/ http://noblogs.org) and Nadir’s BlackBlogs – (http://blackblogs.org/ http://blackblogs.org). To create a blog on either of these platforms, all that is needed is to have an email account hosted on an autonomous server (see https://www.autistici.org/en/links.html and https://blackblogs.org/policy respectively for a complete list).

If we want a complex graphic layout or need to install particular tools that are not offered by Wordpress and its plugins, we can create our own website. For this we need to get some space in a server through a webhosting service. There are many services out there, but since they generally aren’t free, the options to stay completely anonymous are reduced to creating a website with A/I, which by default does not connect the users of its services with real identities. To learn more about Autistici/Inventati’s webhosting service, visit: https://www.autistici.org/en/services/website.html

If we want to use our own domain name, bypassing payments and identifications may get difficult unless we use Bitcoin or another pseudonymous payment system. The personal data we will provide will not only be stored in the registrar’s internal archives, but by default will also be recorded in a database that can be easily queried by anybody through a simple command in a search engine (whois) or on several websites such as Gandi.net (https://www.gandi.net/whois). To avoid this, we can register our domain with the data of an association and use a prepaid credit card that is not connected to our own data (if available in our country). Alternatively, we can use a registrar like Gandi.net (https://www.gandi.net) that offers private domain registration for individuals whenever possible.

A different machine for each identity

There are three approaches to digital security: the first one is security by obscurity, which is based on encryption, strong passwords and similar measures and acts as a first line of defence, as a deterrent that will discourage random attacks but is not likely to stop someone who is directly targeting us; then there is security by correctness, whereby software developers try to get rid of bugs that make their code vulnerable. But modern software is very complex, and it is almost impossible to do this job perfectly. Therefore, one of the most realistic, approach is security by isolation, which gives for granted that security measures can be vulnerable and focuses on harm reduction by stopping possible attackers from accessing the whole system that we want to secure.

If we use the same operating system for our several identities, no matter how carefully we separate our profiles we can still make a human mistake by, for example, connecting to a pseudonymous account through the browser profile we have assigned to our 'real' identity, or get infected by a malware that allows our attacker to monitor everything we do online, with all our identities. Both risks can be limited by using a virtual machine for each of our domains, and by reserving yet another virtual machine to opening untrusted attachments in order to avoid a malware infection.

As the name suggests, a virtual machine (VM) is basically a simulated computer with its own operating system, which runs as software on our physical computer. We can think of a VM as a computer within a computer. Installing and running a virtual machine is not very complicated, and there is very good documentation around. For our purposes of anonymisation, the best available option is to install Virtualbox, an open-source, cross-platform virtual machine monitor (https://www.virtualbox.org). Using Virtualbox, you can create a virtual machine, and then run an operating system on it called Whonix.

Whonix'

Whonix (https://www.whonix.org) is an operating system that aims at protecting our anonymity, privacy and security by helping you to use your applications anonymously. A web browser, IRC client, word processor and more come pre-configured with security in mind. Whonix is a complete operating system designed to be used in a virtual machine. It is also free software, based on Tor, Debian GNU/Linux and security by isolation. Whonix’s website offers a wide documentation: https://www.whonix.org/wiki/Documentation

Tails

Tails, or The Amnesic Incognito Live System, a free and open-source Linux distribution that can be started on almost any computer from a DVD, USB stick, or SD card and forces all its outgoing connections to go through Tor, blocking direct, non-anonymous connections. When we launch Tails, we have a complete operating system that comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc. With Tails, we can access the internet, communicate, and do all we need anonymously and securely and, after the computer is shut down, the system will leave no traces on the machine unless we ask it to do so.

Qubes OS

Qubes OShttps://www.qubes-os.org – is a free and open-source security-oriented operating system based on Fedora, a Linux distribution, and Xen, a virtual machine that allows us to separate the various parts of our digital life into securely isolated virtual machines. Qubes keeps the things we do on our computer securely isolated in these different VMs so that if one virtual machine gets compromised, the other won’t be affected. This way, we can do everything on a single physical computer without having to worry that one successful cyberattack harms our whole system, potentially revealing all the connections among our several identities.

What to choose

The three tools we have described – Tails, Whonix and Qubes OS – allow us to use a completely separate operating system for managing our alternate identities, and can be quite useful to make sure that we don’t reveal our true identity while we use the anonymous one(s).

Using Tails is pretty easy, and if what we need to do with our alternate persona needs a focus on anonymization, then it may be worthwhile to overcome the initial obstacle. Tails is a good option also if we have few resources, if we don’t have a computer of our own, or if we often use computers at internet cafes and want to be safer. But if on the other hand we need persistence and we want to keep some files or actions we have created we need to enable this option when we start the system. Tails is an established, respected project that has been developed for many years and is used by a wide community of people.

If what we need is both anonymity and security by isolation and we have a good machine – https://www.whonix.org/wiki/System_Requirements – where we can run Virtualbox and installing Whonix, according to the number of our alternative identities it seems a good solution that caters to all our needs and also offers an excellent documentation: https://www.whonix.org/wiki/Documentation. Nevertheless, Whonix, like Qubes Os, is a relatively recent project and the community using it is still rather small.

Qubes OS is a good choice if we want to keep all our activities inside our own computer without having to install anything else and if what we are trying to do is to effectively separate our identities rather than anonymize our activities in the web. It requires a very powerful computer – http://qubes-os.org/trac/wiki/SystemRequirements – and this can be a hindrance, but if we feel that we really need to protect ourselves against possible cyberattacks, the investment may be worth its while.

To sum up, none of these tools protects us from every threat, and we shouldn’t look at them as a magic potion that will make us invulnerable. Nevertheless, by using any of them, according to our needs and resources, we will raise the level of effort that an attacker will need to harm us, thus making an attack less likely. For a wider comparison among these and other systems, go to: https://www.whonix.org/wiki/Comparison_with_Others