[Pauldotcom] Anonymizing blog authors
marv at madmarvonline.com
Mon Nov 23 20:36:16 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
I was thinking of getting her a Dreamhost account and SSH tunneling to
the server that hosts the blog. That way all footprints should lead
back to the same IP address as the blog no matter where she is
connecting from. Are there any loopholes I'm missing? I've had to
setup SSH tunnels at my office for non-technical people to get around a
networking fluke. It should be relatively easy to get her to follow the
I was also thinking of registering the domain name w/ Godaddy's private
registration option and setting up a DH account w/ the Wordpress 1-click
install. Is this a safer route than starting a wordpress.com hosted
blog? I'm personally biased towards using wordpress as the blogging
platform, but is there a better option for anonymity?
Thanks for all of the tips so far. I'm not sure how sensitive the
content will be, but she understands that obfuscation is her responsibility.
Chris Merkel wrote:
> Also - never use your work computer to do anything related to the blog
> on your work computer - use a live CD if need be. Rather than using
> tor, find some way to post consistently from another part of the
> country - that way you can't get pinned down to your local geography.
> On 11/23/09, Michael Dickey <lonervamp at gmail.com> wrote:
>> Here are some ideas, and the adoption of them really comes down to what
>> exactly might be on the blog and just how damaging or embarassing it may be.
>> - pick a pseudonym* and sign up for a free email account somewhere
>> - set the email account to never show HTML/scripts/images in messages (just
>> don't use it)
>> - use that email address/psuedonym for signing up to and posting to the blog
>> - never check/use that email from a work system or work network (ever!)
>> - never post to the blog from a work system or work network (ever!)
>> - never *visit* the blog from a work system or work network (ever!)
>> - never search for the blog or your name in Google, Bing, etc on work
>> system/network (ever!)
>> (basically, don't leave anything that can be logged or harvested by work
>> - don't tell anyone that you write the blog. Once you tell even 1 or 2
>> These few are in order of increasing effort:
>> - could probably only use the blog and email from open networks (wireless
>> - could probably only use the blog and email via Tor *and* anon proxies
>> (regularly verify!)
>> - could probably only use a dedicated system/VM *and* browser for blog/email
>> - be careful following comment links or even your own links in posts; don't
>> leave an IP trail in logs and reference reports. In fact, don't follow any
>> of them from your home network or regular PC without Tor/proxies in between
>> you and the destination.
>> - be aware of those logs, for instance email checking logs (Gmail readily
>> reports this now, for instance) or even blog usage/account logs. All it
>> takes is one slip...
>> - think about the content being posted. Do only 3 people know it, and she's
>> one of them? Good luck, in that case. That's small enough that HR or even
>> other authorities may be able to leverage interview tactics to elicit
>> - be very aware of spelling/grammar habits/nuances that only she has, and
>> change them. Or add new ones just for blog posts. Use no caps and smaller
>> sentences if she is normally verbose and proper, etc. Watch the humor, dry
>> humor, jokes, nicknames, and so on...
>> One nice thing is that you can practice a lot of stuff, especially the
>> writing habits at the end by putting up some silly blog and going to town
>> and talk about nonsense; make stuff up. Then delete the blog and name/email
>> and start again.
>> Staying anonymous does sound easy, and it really can be. But this is in
>> direct correlation to the value of the information she's posting on this
>> blog. The more valuable, the more others will try to demask and the more
>> effort she needs to employ.
>> * picking a pseudonym is an art in itself. Pick something generic and
>> Google-unfriendly, like "John Strand" or "Bob Smith." Don't get specific or
>> special or unique. And pick something that maybe does sound like a real
>> name. JollyRogerSaintNick68niou1 is probably a fake name. Jeff Rafter
>> certainly sounds less fake. Then there is further art in fleshing out the
>> pseudonym by signing up for some services (try to get a name that you can
>> have something like jeffrafter at gmail.whatever; it just lends some
>> credibility. And then giving your pseudonym some established
>> background...I'll stop now. :)
>> On Sat, Nov 21, 2009 at 7:48 PM, Mad Marv <marv at madmarvonline.com> wrote:
> A friend (not Bob) of mine wants to start a blog, but is really skittish
> about her employer tracking it back to her if she posts something that
> may rub a co-worker the wrong way.
> What steps can she take to ensure her anonymity aside from adopting a
> random pseudonym? I was thinking about Fake Steve Jobs and what he must
> have done to hide his true identity. Any thoughts?
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Pauldotcom