Just to add on this. Don't log into any web based service / account from a machine you want to remain anonymous from. I'm going to use Google as an example. We are 0wned by Google. I would assume the same goes with yahoo and etc. It's the price one lives with for using free services. I don't care unless I want to remain anonymous.
On Mon, Nov 23, 2009 at 11:56 AM, Chris Merkel <[email protected]> wrote: > Also - never use your work computer to do anything related to the blog > on your work computer - use a live CD if need be. Rather than using > tor, find some way to post consistently from another part of the > country - that way you can't get pinned down to your local geography. > > > On 11/23/09, Michael Dickey <[email protected]> wrote: >> Here are some ideas, and the adoption of them really comes down to what >> exactly might be on the blog and just how damaging or embarassing it may be. >> >> - pick a pseudonym* and sign up for a free email account somewhere >> - set the email account to never show HTML/scripts/images in messages (just >> don't use it) >> - use that email address/psuedonym for signing up to and posting to the blog >> - never check/use that email from a work system or work network (ever!) >> - never post to the blog from a work system or work network (ever!) >> - never *visit* the blog from a work system or work network (ever!) >> - never search for the blog or your name in Google, Bing, etc on work >> system/network (ever!) >> (basically, don't leave anything that can be logged or harvested by work >> admins.) >> >> - don't tell anyone that you write the blog. Once you tell even 1 or 2 >> people... >> >> These few are in order of increasing effort: >> - could probably only use the blog and email from open networks (wireless >> hotspots) >> - could probably only use the blog and email via Tor *and* anon proxies >> (regularly verify!) >> - could probably only use a dedicated system/VM *and* browser for blog/email >> use >> >> - be careful following comment links or even your own links in posts; don't >> leave an IP trail in logs and reference reports. In fact, don't follow any >> of them from your home network or regular PC without Tor/proxies in between >> you and the destination. >> >> - be aware of those logs, for instance email checking logs (Gmail readily >> reports this now, for instance) or even blog usage/account logs. All it >> takes is one slip... >> >> - think about the content being posted. Do only 3 people know it, and she's >> one of them? Good luck, in that case. That's small enough that HR or even >> other authorities may be able to leverage interview tactics to elicit >> guilt/admission/lying. >> >> - be very aware of spelling/grammar habits/nuances that only she has, and >> change them. Or add new ones just for blog posts. Use no caps and smaller >> sentences if she is normally verbose and proper, etc. Watch the humor, dry >> humor, jokes, nicknames, and so on... >> >> One nice thing is that you can practice a lot of stuff, especially the >> writing habits at the end by putting up some silly blog and going to town >> and talk about nonsense; make stuff up. Then delete the blog and name/email >> and start again. >> >> Staying anonymous does sound easy, and it really can be. But this is in >> direct correlation to the value of the information she's posting on this >> blog. The more valuable, the more others will try to demask and the more >> effort she needs to employ. >> >> >> * picking a pseudonym is an art in itself. Pick something generic and >> Google-unfriendly, like "John Strand" or "Bob Smith." Don't get specific or >> special or unique. And pick something that maybe does sound like a real >> name. JollyRogerSaintNick68niou1 is probably a fake name. Jeff Rafter >> certainly sounds less fake. Then there is further art in fleshing out the >> pseudonym by signing up for some services (try to get a name that you can >> have something like jeffrafter at gmail.whatever; it just lends some >> credibility. And then giving your pseudonym some established >> background...I'll stop now. :) >> >> >> >> >> On Sat, Nov 21, 2009 at 7:48 PM, Mad Marv <[email protected]> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> A friend (not Bob) of mine wants to start a blog, but is really skittish >>> about her employer tracking it back to her if she posts something that >>> may rub a co-worker the wrong way. >>> >>> What steps can she take to ensure her anonymity aside from adopting a >>> random pseudonym? I was thinking about Fake Steve Jobs and what he must >>> have done to hide his true identity. Any thoughts? >>> >>> Marv >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.9 (MingW32) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >>> >>> iEYEARECAAYFAksImHYACgkQkOgHKNOb0dHvWwCeL34GEQvSRG/FxRDNL5Eads0g >>> dvAAnjPQ/2aGmzTliWGnFnGhJdrcmzJE >>> =aCLl >>> -----END PGP SIGNATURE----- >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> > > -- > Sent from my mobile device > > - Chris Merkel > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
