Being truly pseudonymous

[sophie]

So, I read a post in synecdochic's journal just now discussing the geolocation feature that LJ had added to its IP logging feature to tell you where commenters were from (the feature is now removed), and it got me thinking that too many people don't really know how to truly be anonymous on the Internet. Tor, which is mentioned in the post, is good, but it's not nearly good enough if you just use it and do nothing else to protect yourself.

So what do you need to do to be truly anonymous on the Internet?

It is possible, but the answer to *that* question would sound very far-fetched to most people here. That's because most people don't really understand the concept of what anonymity actually is. As I ranted about in my post about 'real' names, anonymity means to not have a name. The trouble is, if you have an account on DW or LJ (which you probably do if you're reading this), then you do have a name - your username - and thus you are not anonymous. At the very best, you're pseudonymous - writing under an assumed name.

So for this post I'm actually going to cover an angle which is probably more relevant to people here, and that's how to make absolutely sure that nobody can connect your pseudonym to any of your other identities (which is what most people think anonymity is anyway). Most of these points are prerequisites to being truly anonymous anyway, and a lot of people will find even the list in this post to be over-the-top. That said, I'll cover being truly anonymous (or at least as anonymous as you can get) in another post at some point.

1. Firstly, don't post information about yourself. This seems pretty obvious, but as mentioned in synecdochic's post, a surprising amount of information can be found on the Internet, even when you have very little information to start with, because they posted information about themselves. (Which may not be a bad thing if you don't *want* to be pseudonymous, but if you do, it's definitely a bad thing.)
   
   Take a moment now to try Googling, say, your IM screen name, if you haven't done it before. (You may get better results if you put it in quotes.) Maybe nothing will come up, in which case, good for you! But more often than not you'll probably find that you'll get results from a lot of different places, and probably on the profiles of various forums. From there, someone could look at your posts on these forums and potentially find out a bunch of information about you. And remember, anyone can do this.


2. Don't allow anything that relates in any way to any of your other identities to crop up in anything from your pseudonym. (This is kind of a subset of the previous point, but the focus is slightly different as that was talking about information about *you*, whereas this is talking about mere relations to your identity.) For example, don't talk about your personal life; don't mention any nearby landmarks; don't even say when your birthday is. All of those can be used against you if you're trying to be truly pseudonymous.
   
   The IM screen name in point 1 is an example of the sort of information that relates to your identity. In that point we were using it as a step to find out actual information about you, but here we're focusing on the IM screen name itself, and why it's important not to even mention *that*. Which leads directly on to point 3...


3. Create new accounts for your pseudonym if you think you need them. If you're going to mention that you have an account on a site or service, make an account for your pseudonym on that site or service if you don't have one (even if you only use it to read stuff) and point to that. Otherwise, it can be inferred that another of your identities is on it, and that violates point 2 - not letting anything relating to your other identities crop up on your pseudonym.

You've probably noticed by now that these strategies rely on them being absolutely watertight. That's because being truly pseudonymous is actually a whole heck of a lot harder than being truly anonymous; it mainly involves maintaining strict controls on what you say. You have to do that for being anonymous, too, but being pseudonymous carries the extra risk of allowing people to have multiple pieces of information that can all be traced back to a single identity.

If you've ever used 4chan, you may know that it kind of toes the line between the two. It allows anybody to enter any name they like, and their message will be posted under that name. In this way it has the partial benefits of being anonymous (disregarding the content of your message, nobody but the server admin can tell it was actually you - somebody may have been posting under your name), while allowing people to distinguish people - with the caveat that people might use your name.

To allow somewhat more of an actual pseudonym, 4chan allows the use of so-called "tripcodes". A tripcode is basically a hash that the server creates of a password that the post author gives when posting their message. The idea is that the password identifies the user, and nobody else would know what that password was and thus couldn't recreate the tripcode. (That said, due to the birthday paradox, it's probably more likely than you think that two people will share the same password. It's less applicable to this situation than to birthdays, because passwords aren't chosen with equal probabilities, but still.)

Both methods - using or not using a tripcode - should be considered pseudonymous, even though the likelihood of someone else using your name is a lot higher when not using one. Even if it can't be *reliably* traced to a single identity, the likelihood is that anything posted under that name probably *is* you, because people don't post under other names randomly.

(For the record, I don't use 4chan myself, but I do know how it works.)

So, yeah, being truly pseudonymous is tough - tougher than being truly anonymous. In another post I'll talk about that. In the meantime, though, I'm kind of tired and need to rest. :D

Comments

[charcoalfeathers]

I started out that way with mine. Very carefully splitting off new accounts for everything in each service, and so on. Heck, I still do that. But I've let some personal info out to my access list over time anyhow. You can only be so pseudonymous and actually make meaningful friends. :S

There's a point to be made, too, about which direction you're pseudonymous. For example, I don't mind as much if my DW friends find the rest of me. I do mind if DW non-friends find the rest of me. I do very much mind if any of my "rest of me" people find me on DW. So it sometimes varies your strategy in that way too. (Though if you're not careful, they can still happen upon your pseudonym and match up characteristics.)

[jd]

There's something to be said for uniqueness of a pseudonym, as well. Try googling my DW username, as opposed to usernames I have elsewhere (especially my real name, haha.) The more common your pseudonym, the less people can find out about you.

[phoenix]

I've found that the easiest way to link identities is to see what people interact most with the pseudonymous identity, then look at /their/ contacts. If I created a pseud account, I'd likely want some of my closest friends to know about it. Bzzt, big mistake. It's very easy to recognise someone by their friends, particularly the unique combinations of friends from different subcultures.

[xaea]

you are so incredibly intelligent. do you know that?? you amaze me. ♥

[marahmarie]

and it got me thinking that too many people don't really know how to truly be anonymous on the Internet

OK. In my case, this is bollocks. I know how to stay anonymous. I'm simply trying to figure out (for about five years now) why I should have to. Why I must use Tor and anon proxies and fake names/emails/accounts/https or anything else. It pisses me off that there is zero protection of your identity and other personal details on the Internet. I don't use what I should use to hide/protect myself not because I don't know how to (I could give ya'll a five page tutorial on how to at the drop of a hat) but because I feel I shouldn't have to. No one should have to.

So yes, when LJ did the big auto-stalking reveal, there was my location plain as day for all who had IP logging turned on to see. LJ should never have made it that easy to see, though, period. They let us down. To go outside the realm LJ is responsible for: The very nature of IP allocation should not have made it so easy to figure out my or anyone else's location in the first place.

The Internet was not built with anything but pure trust in mind, which is a fabulous self-contradiction considering what it was invented for: highly classified/sensitive military communications. People praise the US for coming up with the military version of the Internet in the first place yet the locations of its users are completely transparent so how does it's default iteration protect anyone, much less our military? The way IP is allocated and so easily revealed makes it, not its users, stupid. Extremely so. We have the right to privacy online. We don't get it thanks to the way the Internet is designed. Change the design, not the way users have to use it to gain any privacy.

Short of that, if you want to drive yourself half-bonkers with the built-in difficulties and unreliability of most anonymizing proxies, go nuts configuring secure, invisible VPNs, creating sky-high privacy settings in every program/on every website you use, and faking half to most of your email names/online user accounts, then hey, guess you gotta do what you gotta do.

I say you shouldn't have to - the whole system needs to change.