Chapter 11
In This Chapter
Deciding how anonymous you need to be
Understanding the basics of being anonymous
Getting into the technical details
Digging into resources on anonymous blogging
Ever been on a blog and had difficulty figuring out who is writing it? That might be intentional, especially if the topic of the blog is sensitive. Many bloggers who want to be heard in a public forum prefer to do so without using their real names.
Perhaps you are thinking about blogging about politics but hold a position where your political views shouldn't be common knowledge. Maybe you're a survivor of childhood abuse who wants to contribute to current discussion and help other adults, but without having your identity become common knowledge. You might work for an employer that you believe is engaging in unsafe business practices and feel ethically obligated to share that information; getting fired would mean you don't have access to office information any longer. Or perhaps you have a personal journal that details your essentially mundane life, but would just prefer for others not to know who you are.
Many bloggers rely on (perceived) anonymity to keep one aspect of their lives from becoming attached to the others. However, the nature of the Internet and digital identity means that it can be surprisingly easy to connect the dots from one Internet service to another. As potential employers, family members, potential relationship partners, and others research you, they may find information you want them to have, mixed right in with information that isn't appropriate. An Internet search on your name might return your risqué Flickr photos in the same list of results as your professional resume. Anonymity seems like the answer.
Also, this is not meant to protect you from being caught for doing anything illegal. Don't break any laws, and if you do, don't post anything about it on the Internet. Seriously.
The reasons for a decision to blog anonymously may be widely varied, and so are the potential consequences of being found out. What this means is that not every blogger needs the same level of identity protection. A teenager dishing on his friends might not want to get caught, but if he is, he's unlikely to face the risk of criminal prosecution (or worse) as would, say, a political activist in a country where free speech is not protected.
Give some thought to the level of protection you need, and to what might happen if your identity is exposed. If speaking your mind on your blog puts you at risk for jail time, physical harm, or prosecution, you clearly need to take the utmost levels of precautions as you go about setting up and publishing to your blog.
Those who choose to blog about topics their employers might object to, or even to blog about their employers, clearly also need to be very careful, although the consequences of being identified here are likely to involve finances rather than physical safety.
The next question is whether anyone is going to pursue discovering your identity. There are also those who might simply prefer to keep some facets of their lives separate from others. A soccer mom might prefer that her kids don't stumble across her personal musings on sexuality, for example — but in reality her kids aren't going to go looking for a blog like that, much less have access to technology or legal resources to connect the dots.
Having said that, keep in mind that anytime you reveal yourself as the author of an anonymous blog, even to a trusted friend, you crack the door open a little wider to that information becoming public. Many anonymous bloggers have been exposed not through complicated technical detective work but because someone chose to leak a secret.
While you're thinking about risks, consequences, and who might put two and two together, pause and give some thought to others who might be harmed if your identity was revealed. If you can be identified, and you've blogged about friends, family, former relationships, employers, and others in unflattering ways, or revealed sensitive information about them, you're creating the possibility of consequences affecting their lives, too. Risks that might be acceptable for you may not be so for others, particularly if they are put in harm's way unknowingly.
Clearly, you shouldn't use your own name or photo on your anonymous blog. Beyond that, there are still other basic precautions you should take while setting up protections for your identity. Most of them are based on good common sense.
It's obvious, but I'll say it anyway: No matter who you are, what your blog is about, or what might happen, every single anonymous blogger needs a pseudonym. A pseudonym is a fake name, preferably one that doesn't cleverly suggest your real name or provide any clues to who you really are. For example, “CEOsecretary” isn't a good pseudonym for that blog you write about how much your employer irritates you, but “Fed Up Worker” will do just fine.
The next step in anonymity is to set up a new e-mail address using your pseudonym. Regardless of the blogging service you decide to use, they all require you to have an e-mail address to get started, and you can't use an e-mail address that is associated with any of your real identifying information.
Create an entirely new e-mail account (and don't use any identifying information in the account settings). As well, don't import your contacts.
You can find many free webmail services out there. Ideally, you want to choose a service that offers a secure connection, such as Gmail (www.gmail.com
) or RiseUp (www.riseup.net
). A secure connection means that your visit to the e-mail website can't be spied on by technical snoopers. You have a secure connection if you can get to the e-mail website prefaced by https:// instead of http://.
How many times have you used the same password when signing up for a new web service? If you're like me, it's a bunch! Most people I talk to admit that they have one or two passwords they use in rotation, one that might be a little more secure than the other, or one that they use whenever there is a credit card involved.
Let me tell you a little story: Ravelry is a very popular knitting social network (www.ravelry.com
). Now, Ravelry is a great site for knitters — hardly a high-value target. The site also doesn't ask for much personal information and doesn't store financial data or other important records. But in June 2011, the site was targeted by hackers who managed to break into a server and capture many of the Ravelry community usernames and passwords. Although the passwords were encrypted, Ravelry was concerned that the hackers might be able to crack them. Ravelry recommended that all Ravelry members change their passwords on the site and stepped up security precautions.
But there are larger implications for any Ravelry community member who might have used the same username and password on another site. If a hacker tried those usernames and passwords on another, more sensitive site, such as a bank site or a photo sharing site, some of those usernames and passwords would probably work. Long story short, choose unique usernames and passwords for any service that you really want to protect — like an anonymous blog.
It's a good idea to change your passwords frequently. It's also a good idea not to write down your passwords or record them anywhere (especially on your computer). Of course, none of this does you any good if you can't remember your passwords as a result, so experiment with some set of good password practices that still lets you log into your services.
I'm a fan of the PC Tools Secure Password Generator (www.pctools.com/guides/password
), which lets you generate a random set of characters to create a truly strong password.
Your safest bet to maintain your anonymity is to choose hosted blogging software (I talk more about this in Chapter 3) that doesn't require you to have a domain, web hosting, or to buy a license.
Two options are
www.wordpress.com
)www.blogger.com
)One way you might inadvertently give clues about who you are is to suggest what time zone you are in based on when you post to your blog. Consider changing the times and dates of your posts so that they go live at times when you might be asleep or otherwise occupied, but don't go so far as to never post at a time that would be appropriate for your time zone.
Changing the time and date also divorces when you're online and posting from when the post is published, which makes it a little harder to correlate Internet access to a specific person. This can help if someone is trying to track down your identity by accessing log files of when your computer is on the Internet, or when your blog software was accessed.
You are far more likely to be identified because of what you are writing or posting than anything else. Be extremely careful about details that provide clues to who you are, where you are, what you do, and so on.
Be very cautious about giving specifics. Here are six examples:
Any single detail likely won't be enough to identify you, but cumulatively they may paint the picture for a savvy reader. This becomes a bigger issue over time: The longer you blog, the more information about yourself you have provided.
Remember that photos are records of a particular time and location, so if you put one on your blog that you took, you're telling the world that you were at that location at that time. It's a good idea to remove that photo from your computer and your camera card, and certainly you shouldn't post it anywhere else on the Internet. You also want to scrub any meta information out of the image itself.
Publishing harmful information about another individual is a good way to get him interested in figuring out who you are so that he can stop you or pursue legal action.
Now I talk about the big guns. You have a blog and you really need to make sure you aren't identified as the author. For starters, don't do anything that involves making a credit card payment, such as register a domain name, buy a blog software license, or sign up for web hosting. Your credit card information isn't on your blog, but a financial transaction that ties you to the domain of your anonymous blog is a quick route to identification.
The primary technical consideration for maintaining anonymity online has to do with your IP address. An IP address, or Internet Protocol address, is a numeric identifying number assigned to every single device that connects to the Internet, from your computer to your smartphone. An IP address identifies the device uniquely and works like a mailing address to tell other computers how to find that device.
Every time you go online, you leave a history that includes this IP address, whether all you do is send an e-mail or post a comment on a blog. This means that if you set up an anonymous blog and the IP address of the device you use to post to the blog can be traced to you, the blog can be attributed to you as well. In fact, some webmail services even include the IP address as part of the header in e-mail messages you send.
An IP address can be permanent — a web server is typically always located at the same IP address — or it can be dynamic, which is the case for most home computers on the Internet. If you access the Internet via an Internet Service Provider, sometimes the IP address is assigned at the time you actually connect to the service. That means your IP address changes, but it can still be traced to the ISP and the right legal pressure can force an ISP to give up the records of which customers used what IP addresses when.
Clearly, hiding your IP address is necessary for the highest level of identity protection. This is not a simple process, but there are ways to do this. The resources at the end of this chapter can help, and you can also look into:
www.anonymizer.com
)www.torproject.org
)www.psiphon.ca
)Even after you implement a good IP address strategy, there are some other important technical ways of protecting yourself. You may not need to do all of these, but remember that every additional precaution lessens your chances of being identified. Here are eight recommendations:
www.truecrypt.org
) is a good open source tool for Windows and Mac.http://security.tacticaltech.org/glossary#Eraser
) or Ccleaner (www.piriform.com/CCLEANER
).Keep up to date on the technical issues involved. Don't assume that you've set things up that will protect you permanently. The Internet is a very fluid place: Technology and tools change constantly, and having all your bases covered today is no guarantee that you will be safe tomorrow. For instance, simply upgrading your browser to the latest version has implications for security!
This goes for legal issues around anonymity as well. Know the laws in your country, or those that apply to you, so that you can be deliberate about what laws you violate (if any) or what the consequences might be if you are identified.
Above all, don't take my word for any of this! You should do your own research so that you can blog anonymously with confidence. Here are four of the resources I used to research this topic:
www.eff.org/wp/blog-safely
)http://advocacy.globalvoicesonline.org/projects/guide
)http://irevolution.net/2009/06/15/digital-security
)http://ht4w.co.uk
)