07 March 2017

Good Advice on Privacy

Over at The Intercept, they have an article on how to run an anonymous twitter account with as much security as possible.

This is important if you are, for example, a disloyal bureaucrat serving under your Trumpian overlords

The basic steps are as follows:  (with my comments indented with lower case letters)
  1. Buy a burner prepaid phone with CASH.
    1. Get a cheap feature (non-smart) phone.  Some of them actually have keyboards.
    2. Remember, your face will probably be recorded at the 7-Eleven, or whatever, so wait 2-3 weeks until they overwrite the old records, or at least wear a hoodie and sunglasses.  (Parking a few blocks away would be a good idea as well)
    3. Don't turn on the phone at home at work.  Better yet pull the battery.
    4. If you want to use the phone, choose a place, a very public place (like the Lexington Market Metro stop, and ONLY use it there.  I used to take the Lexington stop to work every day, which is why I know the location)
    5. Don't buy a smart phone as a burner, they are privacy sink holes.
  2. Get a TOR compatible browser.
    1. Use a browser designed for this from the start, and not to rely on addins.
    2. You could also use I2P instead of TOR, I do not know the relative merits. 
    3. Note that there is significant evidence that much of TOR's funding might have come via the US state security apparatus, so be careful.
  3. Get a TOR based email service.
    1.  Again, you could use I2P.
    2. Listed in the article are SIGAINT, Riseup, and ProtonMail.
  4.  Activate the phone using the TOR browser.
  5. Determine your phone number.
  6. Create your Twitter account using your the TOR browser, and enter in the phone's number.
  7. Go to your special place (1. d.) and get the confirmation text, and then enter it into the confirmation.
    1. In the Lexington Market case, there is a Starbucks down the street, so TOR the wifi, and probably do the hoodie and sunglasses thing.
  8. Be circumspect about who you talk to.
  9. Be circumspect about who you might communicate with via TOR.
  10. Consider rebooting your machine into a secure operating system before accessing Twitter, such as "Tails, or  Qubes with Whonix," which can boot from a memory stick.
  11. (on edit) I shouldn't need to say this, but never use the phone for anything else but your tweeting, or in the case elucidated below for that.
Read the rest of the article, and then leak away.

BTW, all of part 1 should also apply to giving a burner phone to a reporter to leak.  Only use it at a specific place, and have it off, or better yet, the battery out, when not in use.

You don't want someone using traffic analysis to figure out who your are.

This has been a public service announcement of Matthew's Saroff's Beer (and Laptop) Fund and Tip Jar.

Please give generously. 


    Post a Comment