Also - never use your work computer to do anything related to the blog on your work computer - use a live CD if need be. Rather than using tor, find some way to post consistently from another part of the country - that way you can't get pinned down to your local geography.
On 11/23/09, Michael Dickey <[email protected]> wrote: > Here are some ideas, and the adoption of them really comes down to what > exactly might be on the blog and just how damaging or embarassing it may be. > > - pick a pseudonym* and sign up for a free email account somewhere > - set the email account to never show HTML/scripts/images in messages (just > don't use it) > - use that email address/psuedonym for signing up to and posting to the blog > - never check/use that email from a work system or work network (ever!) > - never post to the blog from a work system or work network (ever!) > - never *visit* the blog from a work system or work network (ever!) > - never search for the blog or your name in Google, Bing, etc on work > system/network (ever!) > (basically, don't leave anything that can be logged or harvested by work > admins.) > > - don't tell anyone that you write the blog. Once you tell even 1 or 2 > people... > > These few are in order of increasing effort: > - could probably only use the blog and email from open networks (wireless > hotspots) > - could probably only use the blog and email via Tor *and* anon proxies > (regularly verify!) > - could probably only use a dedicated system/VM *and* browser for blog/email > use > > - be careful following comment links or even your own links in posts; don't > leave an IP trail in logs and reference reports. In fact, don't follow any > of them from your home network or regular PC without Tor/proxies in between > you and the destination. > > - be aware of those logs, for instance email checking logs (Gmail readily > reports this now, for instance) or even blog usage/account logs. All it > takes is one slip... > > - think about the content being posted. Do only 3 people know it, and she's > one of them? Good luck, in that case. That's small enough that HR or even > other authorities may be able to leverage interview tactics to elicit > guilt/admission/lying. > > - be very aware of spelling/grammar habits/nuances that only she has, and > change them. Or add new ones just for blog posts. Use no caps and smaller > sentences if she is normally verbose and proper, etc. Watch the humor, dry > humor, jokes, nicknames, and so on... > > One nice thing is that you can practice a lot of stuff, especially the > writing habits at the end by putting up some silly blog and going to town > and talk about nonsense; make stuff up. Then delete the blog and name/email > and start again. > > Staying anonymous does sound easy, and it really can be. But this is in > direct correlation to the value of the information she's posting on this > blog. The more valuable, the more others will try to demask and the more > effort she needs to employ. > > > * picking a pseudonym is an art in itself. Pick something generic and > Google-unfriendly, like "John Strand" or "Bob Smith." Don't get specific or > special or unique. And pick something that maybe does sound like a real > name. JollyRogerSaintNick68niou1 is probably a fake name. Jeff Rafter > certainly sounds less fake. Then there is further art in fleshing out the > pseudonym by signing up for some services (try to get a name that you can > have something like jeffrafter at gmail.whatever; it just lends some > credibility. And then giving your pseudonym some established > background...I'll stop now. :) > > > > > On Sat, Nov 21, 2009 at 7:48 PM, Mad Marv <[email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> A friend (not Bob) of mine wants to start a blog, but is really skittish >> about her employer tracking it back to her if she posts something that >> may rub a co-worker the wrong way. >> >> What steps can she take to ensure her anonymity aside from adopting a >> random pseudonym? I was thinking about Fake Steve Jobs and what he must >> have done to hide his true identity. Any thoughts? >> >> Marv >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iEYEARECAAYFAksImHYACgkQkOgHKNOb0dHvWwCeL34GEQvSRG/FxRDNL5Eads0g >> dvAAnjPQ/2aGmzTliWGnFnGhJdrcmzJE >> =aCLl >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > -- Sent from my mobile device - Chris Merkel _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
