PaulDotCom mailing list archives
Anonymizing blog authors
From: marv at madmarvonline.com (Mad Marv)
Date: Mon, 23 Nov 2009 10:36:16 -1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was thinking of getting her a Dreamhost account and SSH tunneling to the server that hosts the blog. That way all footprints should lead back to the same IP address as the blog no matter where she is connecting from. Are there any loopholes I'm missing? I've had to setup SSH tunnels at my office for non-technical people to get around a networking fluke. It should be relatively easy to get her to follow the same steps. I was also thinking of registering the domain name w/ Godaddy's private registration option and setting up a DH account w/ the Wordpress 1-click install. Is this a safer route than starting a wordpress.com hosted blog? I'm personally biased towards using wordpress as the blogging platform, but is there a better option for anonymity? Thanks for all of the tips so far. I'm not sure how sensitive the content will be, but she understands that obfuscation is her responsibility. Marv Chris Merkel wrote:
Also - never use your work computer to do anything related to the blog on your work computer - use a live CD if need be. Rather than using tor, find some way to post consistently from another part of the country - that way you can't get pinned down to your local geography. On 11/23/09, Michael Dickey <lonervamp at gmail.com> wrote:Here are some ideas, and the adoption of them really comes down to what exactly might be on the blog and just how damaging or embarassing it may be. - pick a pseudonym* and sign up for a free email account somewhere - set the email account to never show HTML/scripts/images in messages (just don't use it) - use that email address/psuedonym for signing up to and posting to the blog - never check/use that email from a work system or work network (ever!) - never post to the blog from a work system or work network (ever!) - never *visit* the blog from a work system or work network (ever!) - never search for the blog or your name in Google, Bing, etc on work system/network (ever!) (basically, don't leave anything that can be logged or harvested by work admins.) - don't tell anyone that you write the blog. Once you tell even 1 or 2 people... These few are in order of increasing effort: - could probably only use the blog and email from open networks (wireless hotspots) - could probably only use the blog and email via Tor *and* anon proxies (regularly verify!) - could probably only use a dedicated system/VM *and* browser for blog/email use - be careful following comment links or even your own links in posts; don't leave an IP trail in logs and reference reports. In fact, don't follow any of them from your home network or regular PC without Tor/proxies in between you and the destination. - be aware of those logs, for instance email checking logs (Gmail readily reports this now, for instance) or even blog usage/account logs. All it takes is one slip... - think about the content being posted. Do only 3 people know it, and she's one of them? Good luck, in that case. That's small enough that HR or even other authorities may be able to leverage interview tactics to elicit guilt/admission/lying. - be very aware of spelling/grammar habits/nuances that only she has, and change them. Or add new ones just for blog posts. Use no caps and smaller sentences if she is normally verbose and proper, etc. Watch the humor, dry humor, jokes, nicknames, and so on... One nice thing is that you can practice a lot of stuff, especially the writing habits at the end by putting up some silly blog and going to town and talk about nonsense; make stuff up. Then delete the blog and name/email and start again. Staying anonymous does sound easy, and it really can be. But this is in direct correlation to the value of the information she's posting on this blog. The more valuable, the more others will try to demask and the more effort she needs to employ. * picking a pseudonym is an art in itself. Pick something generic and Google-unfriendly, like "John Strand" or "Bob Smith." Don't get specific or special or unique. And pick something that maybe does sound like a real name. JollyRogerSaintNick68niou1 is probably a fake name. Jeff Rafter certainly sounds less fake. Then there is further art in fleshing out the pseudonym by signing up for some services (try to get a name that you can have something like jeffrafter at gmail.whatever; it just lends some credibility. And then giving your pseudonym some established background...I'll stop now. :) On Sat, Nov 21, 2009 at 7:48 PM, Mad Marv <marv at madmarvonline.com> wrote:A friend (not Bob) of mine wants to start a blog, but is really skittish about her employer tracking it back to her if she posts something that may rub a co-worker the wrong way. What steps can she take to ensure her anonymity aside from adopting a random pseudonym? I was thinking about Fake Steve Jobs and what he must have done to hide his true identity. Any thoughts? Marv
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksK8j8ACgkQkOgHKNOb0dFr+wCeL4KtFIk8tROAnVLBljNn0VD6 DcUAni0ljXTo2l8MUQ2GavdsJWj5bgbR =iGMU -----END PGP SIGNATURE-----
Current thread:
- Anonymizing blog authors Mad Marv (Nov 21)
- Anonymizing blog authors Grecs (Nov 22)
- Anonymizing blog authors Michael Dickey (Nov 23)
- Anonymizing blog authors Chris Merkel (Nov 23)
- Anonymizing blog authors Mad Marv (Nov 23)
- Anonymizing blog authors Jack Daniel (Nov 23)
- Anonymizing blog authors Michael Miller (Nov 23)
- Anonymizing blog authors Chris Merkel (Nov 23)
- Anonymizing blog authors Adrian Crenshaw (Nov 23)