Anonymous SM accounts - any dangers?

[RealityNotEssentialism]

Hi all

Not to sound paranoid but I started thinking about this when reading about the Kate Scottow case. How do people like Hayden find out the identities behind anonymous twitter accounts? Is it done through tracing IP addresses or what? If someone goes to the police or court with a complaint, do they get access to who is behind the account?

I ask because I work in a very woke industry. I can only express my views via an online twitter account. I don’t engage in spats with any TRAs. I have blocked the majority of them and just interact with other GC people. The email used for the account is a totally anonymous gmail one. I use a VPN on my phone and computer. I never engage in any behaviour that I would term harassment but I am obviously very critical of some TRA accounts. However, I tend to do this using screenshots, not linking directly. I have never told anyone what my real identity is.

Am I just being paranoid or is there a risk of me being hauled through the court if some TRA decides to target me?

Maybe you should own your views instead of harassing people behind an anonymous account?

ruby2020 and you are?

Not someone who attacks transgender folk online for their right to equality 🤷‍♀️

Didn't quite catch your full name there Ruby2020?

Ruby, as I said, I don’t harass people. I don’t engage with TRAs. That seems to make little difference to certain people who are serial litigants. I can’t own my reasonable opinions because it will have repercussions on my job, which is unwarranted but it is where we are.
But please reveal your own identity as you are so brave.

Hopefully someone will be along with technical advice. But I think we all need to understand that this is a totalitarian movement that started with the instruction #nodebate and has continued with the relentless intimidation & bullying of women (and many men) who dare to challenge their eradication of women's rights and identity.
Certain individuals and groups will relentlessly target whoever they choose. So we all need to protect ourselves, our careers and our families in every possible way. The basic tenets of a democratic society are of no interest to the anti-women extremists while misogyny runs through them as in a stick of rock.

I don't know how up-to-date it is but a while ago @haXXor offered a quick guide to cybersecurity:

www.mumsnet.com/Talk/womens_rights/3280241-Cyber-security-resources

And the Crypto Party hold regular events for those who find this stuff of particular interest.

bigbrotherwatch.org.uk/about/events/

Crypto Party UK Locations: www.cryptoparty.in/location#united_kingdom

Thank you so much Arran I will check that out. And this is definitely not me trying to get away with harassing people. There are some scary people out there who will stop at nothing to pursue aggressive litigation and I don’t want to end up in the firing line.

There are some scary people out there

It's sad but true that women seem to have a disproportionately rough time on Twitter - I'm horrified at the number of blue tick women who receive either proffers of violence or lewd advances via their DMs.

You're being usefully circumspect about your online safety.

My understanding is that it is to do with email addresses. They pretend to be you and request forgotten password email reminder. They are then shown a partial email address and can guess identity from there - assumes they have an idea of who you are already.

Ruby's anonymous account chiding others for using anonymous accounts is my favorite "do what we say, not what we do" TRA moment of the day.

Thanks Arran and Spinning and thanks for the tip about emails. I know this is how someone at Oxford University was outed but he had used his work email, so they could guess it was him. Mine’s got no personal info but it’s good to be aware all the same.

I just think of the stress that some women are placed under when someone tries to target them for a hobby. I don’t want to discuss the Scottow case while it’s ongoing but in that one she sent only 15 tweets over 6 months but was kept in a police cell. It’s ludicrous but very frightening.

No special cyber-skills were required to link Kate Scottow's various anonymous Twitter accounts. Just a bit of carelessness about sharing the same or similar information across different accounts combined with Google reverse-image search:

"She (Hayden) said she had been able to discover that the different anonymous Twitter accounts belonged to Scottow due to pictures of her dog, named Morrisey, which had been shared across the different accounts."

If Kate had also shared pictures of her dog on accounts that were public and not anonymous (Facebook maybe?) then that might have been enough to "unmask" her although the article does not say so.

It is hard to avoid those sort of accidental slip-ups that give the game away.

It is a bit like those "games" on social media that invite you to "find out your porn-star name" by combining your mother's maiden name with the name of your first pet, or the name of the street/road you live on. A gift to hackers - and to anyone seeking pieces of a jigsaw to put together and guess or confirm the identity of someone posting both anonymously and under their real name.

Other things to avoid include: posting from an anonymous account "I've just signed this petition!" with a link to a petition that lists the names of signatories. Better to wait a day or two before announcing that you have signed and maybe not use the words "just signed" or some innocent bystander might find themselves incorrectly doxxed as you.

Ruby's anonymous account chiding others for using anonymous accounts is my favorite "do what we say, not what we do" TRA moment of the day.

There are times when Mumsnet really needs a "like" button.

👍😂

Ruby's anonymous account chiding others for using anonymous accounts is my favorite "do what we say, not what we do" TRA moment of the day.

It was pretty good but I think the best was S. Hayden, stating under oath, that ‘people cannot change sex’ is a ‘legitimate belief’.

Aha that’s interesting to know about the dog pictures. Agree that it’s very easily done. I have connected with loads of wonderful GC women on twitter but have a rule that I will never ever out myself even if the person seems trustworthy. I don’t post any personal information and put photos (just screenshots) through an app that removes all metadata. I’m still paranoid but I feel a little better now.

"They pretend to be you and request forgotten password email reminder."

but they'd have to know your email, or hack into your SM, to find it?

And then if they did, I use an email address for MN that I can't even remember I can't think there's any identifying info on it?

I agree, it's not just a problem if you plan to harass someone - I'm not advocating that! But if you have an MN account and are seen as GC, there's potential trouble for you at work, right there.

but they'd have to know your email, or hack into your SM, to find it?

Depending on your email provider, guessing the email address from the partial information and spoofing it are trivially easy to those who know about such things (not me but I do know people to whom it is trivially easy). They just re-set the password - take a look at the registered phone information (if any) and with the right set of skills, hacking, doxxing and general mayhem can ensue.

Arran really sorry to be thick

guessing an email address from partial information of what? and where from?

Make sure you don't have your phone number on your twitter account. Also make sure you don't have twitter set to put your current location on tweets

Thanks, Lang. Those are good tips.

As stated above, there's different levels of social engineering and collateral information collection which can be used to identify people by the lay person but I'd like to add that a VPN is no guarantee of anonymity; if you use a free provider, they're making their money some how and have little financial incentive to protect your anonymity, particularly if breaking yours is done for a generally accepted cause while a paid VPN will have some sort of paper trail (even if you use bitcoin, which has been demonstrated to be non-anonymous).

Also, bear in mind that, to even begin to approach some level of anonymity, every interaction in the chain between you and your commenting account (e.g. twitter) will have to be 'air gapped' from what you use for your daily online work. Go near any page in that chain while logged in and your identity is potentially compromised, this also applies to any site affiliated with providers in that chain. Keeping an account separate from what can be potentially investigated is incredibly onerous and, even with the very limited instruction I've received from workplace courses (more focused on personal security against protesters) there's a few holes in the linked guides which stand out (e.g. 2 factor being great against illicit hacking but massively complicating protection of identity). The same tools which allow the modern Internet to optimise the content delivered to your browser also provide a highly personal signature.

It might sound rather alarmist but I personally believe that the choice comes down to only ever saying things you'd be happy with being written on the side of your house and devoting every waking thought while you're engaged in actions connected with online commenting to maintaining a clean chain of information custody.

Thanks Gronky that’s good to know. I know that it’s essential to be really careful and that complete anonymity doesn’t exist.

I guess I am not seeking total complete anonymity (to the extent that the authorities wouldn’t know who I was). I don’t do or say anything illegal (even under its new broad definition), I don’t harass people or really engage in debate with TRAs, as I block them. I have a few hundred followers. It’s more for work. If we lived in a normal world, I would be happy to stand by my comments and retweets but obviously we don’t.

It’s more trying to work out how people like Hayden are able to figure out the identity of supposedly anonymous accounts and then sue them. I guess the dog photo thing makes sense. I just wanted to know whether someone like that can just waltz into a police station, complain about a tweet and be able to find out who sent it.

I have been on MN for 6 years and said lots of stuff on here. I look on my twitter account a bit like that. I don’t say anything illegal but I just want to stay anonymous. I note Hayden/Harrop haven’t sued any MN users so perhaps it’s easier to get info from places like Twitter.

Anyway, it’s good to be aware of the risks. Have made my twitter account private for now.

I have found that twitter is nowhere like real life thank god.

Speaking to people face to face is preferable to engaging with some bored and immature teenager who is trying to get a rise from you and organise a pile on, or a bot.

And yes - Ruby - people have been harassed, threatened, had their work approached, etc by anonymous people on twitter. And you are well aware which way the traffic goes there. So do think before you accuse people of acting in bad faith.

3 things you can do that cost nothing;
Use Protonmail for the email address.
Use a VPN, Opera web browser has one built in and its free.
Do not post any personal info on your account or in your settings, and turn off your location.

Its ironic that the first post assumes bad faith of women posting anonymously. If I say I am a safe person you have to take it at face value, that's how it works now. Your rules.