Category Archives: Internet security

Are Bloggers Protected By Freedom Of The Press? Wikileaks, The NSA Files And The Unanswered Questions

There is- obviously- a lot of interweb chatter about GCHQ and the NSA. But these questions remain unanswered:

Freedom Of The Press

Okay, we get it: the media is protected when it comes to revealing secrets (at least most of the time- they can be prevented from reporting on secret trials; the UK Guardian was threatened with criminal prosecution and subsequently destroyed the NSA files in its possession; and of course there are D-notices). The key case in the USA is the Pentagon Papers case. The online versions of newspapers are protected too. But. Bloggers are technically journalists. And it’s increasingly difficult to categorise “blogs” and “online magazines/newspapers” nowadays, especially with group blogs, blogs that are successful and morph into online magazines, online news sites which are hosted on blogging platforms, etc. This raises two important questions.

If bloggers are protected by freedom of the press, this happens…

First, let’s go with the assumption that bloggers enjoy the same protection as the press (or that bloggers are categorised as ‘journalists’ and blogs are categorised as ‘press’ for this purpose). Now, what does that mean for the protection of websites? What does it mean for Wikileaks? Either websites would have to be protected too, or Assange would’ve avoided a lot of trouble if he’d only hosted Wikileaks on WordPress. Of course there’s the argument that Wikileaks didn’t report on anything- it revealed documents in their entirety. But what if in the future a whistleblower leaks files to a website instead of a newspaper, or creates a website to report on the files? You’ve got yourself one fascinating legal debate.

If bloggers aren’t protected, this other thing happens…

Blogging might come under freedom of speech rather than freedom of the press. So if bloggers can be prosecuted under the UK’s Official Secrets Act (and the US equivalent), how to we distinguish between blogs and the press? A whole load of case law could come out of trying to answer this question. Is it all in the name- that whether you call your publication a ‘blog’ or ‘site’ versus calling it a ‘newspaper’ or ‘magazine’ would determine if you’re protected or not? Or would it be the platform it’s hosted on- meaning that a Blogspot or WordPress platform, even if you’ve got your own domain, would spell your undoing? Whether a publication is run by an individual or a group might count, too. Recognition by professional journalism organisations might be a good indicator to use, as would journalism qualifications held by the site’s writers. But this is arguably elitist- even classist. It would protect middle-class bloggers while prosecuting bloggers who didn’t go to university (or study journalism at university). It’s also rather arbitrary; under such a law I’d be prosecuted as my degree isn’t media-related but my friend who studied journalism wouldn’t be. This would put a lot of privelege and power to influence our thinking in the hands of a single group (those with journalism degrees).

Whodunnit? Or, Is Obama Taking The Fall For A Previous President?

Did David Cameron know about GCHQ spying on us through our webcams and storing millions of sexually explicit photos of us? Did he order it? (And for that matter, why aren’t we more pissed off?) The Americans seem to have the right attitude with their demand for an investigation (though sadly the USA has lots of people who criticise Snowden, which is something we don’t have here.) But given that sniffer technology has been around since at least the early 1990s, are Americans right to blame Obama- or is he taking the fall for an earlier president? Blame should also be attached to the culpable; those who kept the secrets. Yes, your local MSP or MP had no more idea than the rest of us and was probably unintentionally spied on (that’s the whole point of mass surveillance- it gets everyone). But those in the upper circles of government knew what was going on. Politicians. Administrators. Ministers and their assistants. The families and (because some people just can’t keep their mouth shut) friends of all these people.

The fact that a lot of the programs started in 2008 suggests Tony Blair over here and Obama or possibly Bush over there started the programs. But we’ve no way of knowing if the surveillance was started much earlier. You don’t have to be one of the country’s top cyber criminals to tap someone’s webcam; this site claims to cater to beginner hackers and offers advice on how to information about webcam spying, using viruses to remotely load keyloggers, and other fascinatingly horrifying things (the spy drone thing is unimaginative, though. Even I’ve thought of tying a phone or covert cam to a toy helicopter- sticking it inside is just showing off).

(The obvious solution is to put tape over your webcam but this can leave a residue. Try these webcam covers– profits go to the Electronic Frontier Foundation (EFF) which campaigns for civil liberties in the digital world. Though it’s a US organisation, we Brits definitely have an interest in supporting such nonprofits, as the NSA encourages GCHQ in its current surveilling of us (as well as spying on people all over the world). The NSA also recruits GCHQ into being culpable re spying on Americans, and invading Americans’ privacy is something I can’t condone any more than the invasion of our own.))

But just as the NSA files are not up to date, so they might not go back all the way. The problem with analysing the files is that they were self-selected by one person so may not be representative; we also get the information second-hand through the filter of the Guardian’s agenda and profit concerns- the fact that by their own admission they have consulted with Downing Street and UK and US intelligence agencies over 100 times before publishing the NSA stories hardly inspires confidence. (Though I’m not saying they shouldn’t consult- national security and the safety of individual spy agency employees are very real concerns. The Guardian probably chooses to consult the government to avoid prosecution; as they have their own legal team the risk of government intimidation or exaggeration of legal consequences is probably minimal).This makes it difficult to deduce what kinds of programs GCHQ is likely to be deploying now: was Optic Nerve discontinued because the experiment is over forever? Or was it junked in favour of a more comprehensive program? Though it’s probably safe to assume that MMO games, webcams and popular apps will be targeted.

We need an investigation to find out 1) Whodunnit and 2) Whocontinuedit (probably lots of people had a hand in developing, refining, and testing the programs over the years.) Whodunnit could be anyone from Thatcher to Gordon Brown or perhaps it all started earlier, or maybe GCHQ acted without authorisation from government. But even if the investigation reveals everything the freedom-oriented want to know, we’ll probably have to wait much longer to know what would’ve happened if Edward Snowden had given one of his flash drives to a blogger.

Advertisements

How To Stop NSA, GCHQ or press surveillance

There are many reasons why you might need anonymity online. Journalists, whistleblowers, bloggers and activists benefit from staying anonymous. So do people who might be discriminated against for expressing themselves, such as certain communities, religious groups and sex bloggers. Even if none of that applies to you, the NSA’s global reach means that it’s wise to protect your privacy even if you don’t live in the USA (and we Brits have GCHQ to worry about too). We can’t trust security companies to protect us, as they have secret deals with the NSA to keep security weak. Here are five ways to protect your privacy and anonymity online – operating systems, privacy while communicating, browsers and VPNs/proxies.

Operating Systems

The Tor Project has released the operating system Tails– the “Amnesiac Incognito Live System”- which helps you use the internet anonymously and access censored sites. Tails can be downloaded onto flash drives, DVDs and SD cards and is designed to be used independently of the computer’s built-in operating system (i.e. Windows 8). It leaves no trace.

Linux is said to be more secure than Windows or Mac, though as it doesn’t have a GUI, you’ll have to manually type commands. Which means us non-techie folks will struggle to use it. Debian and other Linux-based but non-manual operating systems might be better alternatives. The hacktivist group Anonymous has released its own operating system which is based on Linux. It’s called Anonymous-OS.

Anonymizing browsers

The Tor browser has just been updated to the 3.5 Tor browser bundle, which is faster. It’s basically the Mozilla Firefox browser, but with an important difference: Tor is an onion routing service designed for the US Navy and it routes your internet traffic through several relays. The EFF explains how Tor and HTTPS encryption works here. This means that if a hacker/journalist/the NSA is surveillancing you, they can’t see which sites you’re looking at or know your physical location. This is invaluable if you’re accessing sites which are prohibited in your country- which Tor also lets you do! Yes, you can see censored sites while using Tor. It’s also really handy because the Tor browser can be downloaded onto a flash drive for anonymity on the go- there’s also a version for android phones. Tor is used by police in sting operations, individuals and companies, and was recently used by the US military. A year ago I product-tested Tor and reviewed its pros and cons, and how to use it.

The Pirate Bay released an anti-censorship browser in August 2013 which proved very popular. It is also based on the Firefox browser and uses the Tor network. This browser allows you to view censored sites but as it’s only intended to circumvent blockades, it shouldn’t be used to protect your anonymity without any other protection.

Browser add-ons can protect you, too. The Firefox browser is safer than Internet Explorer and most other browsers. You can download the Ghostery add-on which protects against trackers and shows you which websites are tracking you. Most websites have programs which track your movements when you navigate to or away from the site. This is for marketing purposes, but it can be used to put viruses into your computer so Ghostery is good for virus protection in a way that Tor isn’t. Police may also use this kind of tracking to catch you if free speech is not protected where you are. Lifehacker claims that Disconnect works better than Ghostery. I’ve tried Disconnect in the Google Chrome browser and it doesn’t have the list of trackers that Ghostery has an option to have, though it shows how many trackers are being blocked. Disconnect automatically blocks Facebook, Twitter and Google from tracking you. Disconnect seems to be faster and less “invasive” than Ghostery, so it’s my personal preference.

Communicating privately (email, blogging, social media)

If you’re trying to communicate securely, dropping information into pastebins is much safer than blogging. IRC chatrooms can protect your identity and are sometimes used by journalists and their anonymous sources for this reason. Alternatively, Hushmail is an encrypted email service which is free, though the storage space is very limited if you don’t want to pay for an upgrade. Microsoft’s email service and Gmail are more secure than other email services. The EFF has a guide on anonymous blogging and Global Voices Advocacy has one on how to blog with WordPress and Tor (though things may have changed since it was published). Fearless Blogging is a blogging platform designed for anonymity. As for social media, changing your Facebook settings to ‘private’ is very simple but posts could still show up elsewhere on Facebook. An anonymous Twitter account that you only access while using a VPN or Tor might be a better bet.

VPNS and proxy servers

Virtual Private Networks will protect your identity. You can set up one yourself or pay to use proxy servers or a VPN, but these companies could hand over your data to the government if requested. There are free VPN services available; this article lists the VPN services which take anonymity seriously (will not log user data or give information to the government). Tunnelbear has a kitschy, cute interface and according to Lifehacker it’s one of the best free VPNs. Lifehacker lists Hotspot Shield is another great free VPN; lately when you download Hotspot it claims to be a free trial, but my trial version is still going without any means of taking my money. The downside to Hotspot Shield is the ads, which are now pop-ups (still preferable to the previous eye-scorching self promoting banners). Hotspot Shield used to suddenly stop its protection and require me to reconnect, but it’s much less glitchy now. I’ve been using it for over a year (uninstalled it at one point, only to have the NSA scandal break and be on the search for a good VPN once again).

However no free VPN will ever be as secure as a commercial VPN- though there are some rubbish VPNs out there that take your money and claim to be quality. If you want a free VPN that might- no guarantees, though, I’m no techie and am only going by what I’ve read- give you good protection, the free VPN Komodo was developed for commercial use and allows you to control any of your computers from anywhere, though I’ve not tested this.

Remember you’re the one most likely to expose yourself

This is why I’m not properly anonymous. I’d mess it up. I’ve seen people plan to start anonymous blogs on public forums. I’ve seen anonymous bloggers reveal too many personal details or post to the wrong account. If you’re anonymous, don’t register for domains under your own name or Google Analytics could reveal your location and even your name. Never use the same photos or pieces of text for both identities if you’re serious about your anonymity, as your identities could be linked by looking up photos or putting text through programs designed to catch plagiarism. Google indexes comments, tweets, Facebook posts, wishlists, online purchases and public forum messages. There’s often a percieved mystery around doxing (finding an anonymous person’s real identity) but all a ‘dox’ is, is a quick Google, maybe a visit to a directory (such as Pipl).I know of one anonymous blogger and sex predator who was (rightfully) outed partly because of his purchase of certain books. So I’m choosing pseudonymity over anonymity- it’s less work. Even if it’s less secret and fun.

Anonymous blogging and Google Analytics: how Ewhois’ reverse lookup can reveal your identity

If you’re blogging anonymously, it’s always safer not to have your own domain because you could be traced through your Google Analytics ID. Your anonymous blog or pseudonymous online business may share the same ID as your non-anonymous sites, so if someone your identity then all they have to do is heck the ID of your anonymous site and one of your non anonymous sites, and they’ll have a match. Some tools which let you check Google Analytics or AdSense IDs will even tell you which other sites share the same ID, so all anyone has to do is type your site’s or blog’s address in and they’ll see all the sites you have.

To avoid this, just create a new Google Analytics account for your anonymous blog, or register for a domain anonymously.

Some bloggers and many sites use Google Analytics to check stats. However hosted domains (blogging platforms to you and me) like WordPress, Blogspot or tumblr are safe. Some articles allege that they are safe because they do not use Google Analytics; but this isn’t true because if you use the Ghostery browser add-on, it tells you that WordPress does use Google Analytics. Although I seldom venture over to Blogspot, the couple of times a Twitter link has taken me there while I product-tested Ghostery, Ghostery told me that Google Analytics was being used there, too. So I don’t know why blogging sites are safe while other domains aren’t, but it’s not because they don’t use Google Analytics.

This is how easily you can be found – I put the name of a site into Ewhois, a free site which offers reverse lookup for Google Analytics and reverse IP lookup. (Which means it shows you everyone who is using Google Analytics, so if you use it you can be found). Ewhois checks both Google Analytics and AdSense IDs. For ethical reasons I chose someone who is not anonymous and will not be harmed by anyone knowing which other sites they have, and who has themselves outed an anonymous person for no reason:

It literally takes a second; I did it while typing this post

It literally takes a second; I did it while typing this post

In just a few seconds Ewhois returned the results, which included all sites on the same IP address (which doesn’t necessarily mean they are owned by the same person, but are maybe just sharing an ISP) as well as a phone number, fax and approximate address, which I’ve redacted:

EWhois gives out lots of info about you in a second, and clicking the tabs below gives out even more.

EWhois gives out lots of info about you in a second, and clicking the tabs below gives out even more.

Worst of all, it reveals the name you used to sign up for a domain. In this case, the person is not anonymous (or, rather, used the same pseudonym she is known by to sign up to her domain). Had she used her real name, I would now know it (though her real name is published on the internet anyway; she is no longer anonymous which is why I chose her for this experiment.) And once you know someone’s real name, it’s easy to Google their address and occupation, even photos. So, your name and approximate location – and therefore your address and photo- can be found pretty much instantly – bad news if you’ve got a nasty colleague who would tell your boss you’re bitching about how awful your work is. (Or whatever you’re doing.) And if you’re using anonymity to say something that the authorities don’t want you to, they could be driving out to you immediately after putting your site into Ewhois and Goohling your address. You wouldn’t know they were coming.

I also tested to see if “Stella”‘s blog as well as Slutocracy could be found by Ewhois, and both of them can’t be found:

ewhois demo 3

This appears to prove that blogs on hosted domains like WordPress and Blogspot are safe. Obviously, don’t take my word for it because I only tried it out on two ‘anonymous’ bloggers – “Stella Marr” and myself – and neither of us are actually really anonymous; we’re pseudonymous. I know some real anonymous bloggers, but obviously I don’t want to know who they are. Knowing who someone is always carries a risk for that person even if you keep their identity a secret, because you can be tricked into revealing it or your computer can be hacked. And when people are anonymous, it’s more fun; they have this persona. Knowing their boring real names and jobs takes the fun out of it.

It may be safe to assume that blog platforms are much, much safer though – it still took time for journalists to find out who the bloggers Girl With a One Track Mind, Belle de Jour and NightJack are.

So, to recap:

Register for a domain anonymously or using a pseudonym

Don’t get your own domain, use a blog hosting platform

If you already have your own domain, create a new Google Analytics account for your anonymous sites

Or don’t use Google Analytics or Adsense

Protect your IP address (using the Tor browser) so Ewhois can’t show it even if it shows other stuff (though if Ewhois shows your name, there’s no point protecting your IP address).

 

If you want to check if you can be found, just go to EWhois here: http://www.ewhois.com/ .

Useful article on anonymous blogging and Google Analytics: http://www.wired.com/business/2011/11/goog-analytics-anony-bloggers/

How to blog anonymously by Brooke Magnanti (who blogged anonymously as Belle de Jour): http://sexonomics-uk.blogspot.co.uk/2012/05/how-to-blog-anonymously-and-how-not-to.html

My product testing and review of anonymous browsing and anonymous blogging downloads: https://slutocracy.wordpress.com/2013/01/30/review-of-anonymous-blogging-and-browsing-tools-product-testing-hotspot-shield-vpn-tor-and-ghostery/

 

 

Review of anonymous blogging and browsing tools (product testing Hotspot Shield VPN, Tor and Ghostery)

You know how women’s magazines are always testing and reviewing products like skin cream, hair straighteners and shampoo? And the results probably depend on which corporation paid them to say their product is the best? Well, for all you anonymous bloggers and subversive tweeters (as well as anyone else who’s sick of getting viruses all the time) here’s a product test/trial and review of software for anonymous browsing.

There aren’t a lot of free tools out there for anonymous browsing or anonymous blogging, unless you know how to set up your own VPN (Virtual Private Network) or are willing to pay to use proxy servers and other anonymizing tools. I’ve tested Tor, Firefox, Ghostery and a VPN (Hotspot Shield) for a week each, and I’ve also tried using them together.

Tor product review

(Get Tor here: https://www.torproject.org/download/download)

Tor is a browser based on the Firefox browser which allows you to browse the web anonymously by onion routing – that is, by switching to a different IP address every 10 minutes so nobody can figure out your IP address. If all you want to do is hide your IP address, Tor is a good choice.

The first page you see when Tor starts.

The first page you see when Tor starts.

Pros

The good bits about Tor is that it doesn’t run much more slowly than my regular browser (Firefox) or Internet Explorer (which is slower than Firefox). Because it’s a browser, you can browse anonymously using Tor while browsing normally using your usual browser at the same time. So the slowness isn’t really an issue because you only need to use Tor for the sites you want to stay anonymous on.

Tor can also be downloaded onto a flash drive so you can take your anonymity with you and use Tor on any computer in your university or internet cafe. (I didn’t try this).

There are also versions of Tor for android phones.

You have a lot of control with Tor, because you can change your identity (IP address) any time to make people who are looking for you think you’re someone else. Say you run a fetish site and are managing that site, but now you want to check your LinkedIn page that is under your real identity as a social worker. You just click on the Tor/Vidalia onion icon, click the ‘new identity’ button and now anyone tracking you won’t think that the fetish woman and the social worker are the same person.

peoducttestTirID

Tor has an added benefit of allowing you to access sites which are censored by your government. When you’re using Tor you will automatically be able to access prohibited sites (though obviously I’ve not been able to test this feature).

Tor was quick and easy to install.

Cons

While using Tor or any other anonymizing browser, it may be tempting to go on two website accounts or social media accounts at the same time (one in Tor and one in your usual browser), and that’s dangerous because you can accidentally post to the wrong account. (This is why I’m not anonymous; I would totally mess that up).

Tor can be a little slow to start; you have to click on the shortcut, then open the Tor file so the Vidalia program can start Tor.

When sending emails, it’s best to type and send an email within 10 minutes or it might not send. (This information is from the Tor site; I’ve never emailed in Tor so I don’t know how it affects emails).

While Tor protects your anonymity, it doesn’t stop people from knowing that you are using Tor. Obviously even if journalists or your boss know you’re using Tor, there isn’t a lot they can do or infer from that. But if you’re in a region with few internet users, the fact that you’re using Tor can, ironically, make you stick out even more to anyone watching internet traffic (for example the police or government).

RESULTS: It’s the answer to all your anonymous needs on all your devices and wherever in the world you go. You can literally take anonymity anywhere. Just don’t forget to turn it on!

Ghostery product review

(Get it here: http://www.ghostery.com/download)

Ghostery is a browser add-on that just runs in your usual browser. It stops websites from tracking you. Most websites have programs which track your movements when you navigate to or away from the site. This is for marketing purposes, but it can be used to put viruses into your computer so Ghostery is good for virus protection in a way that Tor isn’t. (Because Tor just hides your IP address by routing your browsing through different computers to produce false IP addresses). So if you want to protect your computer from viruses, Ghostery is good virus protection. Police may also use this kind of tracking to catch you if free speech is not protected where you are.

Pros

Ghostery is very quick to install and you can see all the tracking stuff it is protecting you from, which is fun. It appears as a little blue cute ghost icon in your browser.

Look how much tracking is on popular site AOL.com. Ghostery blocks 3 trackers.

Look how much tracking is on popular site AOL.com. Ghostery blocks 3 trackers.

Ghostery can also be used together with Hotspot Shield. Because the Firefox browser is already a much more secure option against viruses and spying/tracking than the Internet Explorer browser, with Ghostery added to Firefox you will be really protected.

Because Ghostery is a browser add-on, you don’t need to start it up every time you go online (unlike Hotspot Shield and Tor) so it is simpler and there’s no risk of forgetting to turn it on.It’s supposed to make your computer run aster, but I didn’t notice this at all. However I don’t think it makes my laptop run slower.

Cons

You can fiddle with the settings in Ghostery but the default settings allow some trackers in. There are “4 trackers found on this page, 0 blocked” as I type this.

Unlike Tor you can’t download it and take it everywhere and there isn’t a mobile version.

Ghostery also doesn’t work with the Tor browser, though it can be added to most other browsers.

RESULTS: Great if you want privacy and antivirus protection, I’m keeping this on my computer! It’s the fast and easy solution, but if your life quite literally depends on being anonymous online, it’s probably not as safe a bet as Tor.

Hotspot Shield VPN review

(Get it here: http://www.hotspotshield.com/en )

Pros

Hotspot Shield is a downloadable virtual private network which protects your IP address and protects you from trackers. VPNs also can protect you from viruses and ID theft. I haven’t tried putting Hotspot Shield on a flash drive and using it on a public computer, so I don’t know if you can do that. There are versions for other devices too.

This was relatively quick to install.

VPNs are supposed to be the safest way to stay anonymous online, so this is a must-have if you’re really serious about your anonymity. It also saves you the bother of creating your own VPN, which can be complex, or of paying to use a VPN service. Hacktivists, hackers and criminals such as identity thieves and paedophile rings use VPNs, and they’re usually only caught when police trick them into thinking they’re operating in a safe space. So you can guarantee you’ll be hard to find with a VPN.

Hotspot Shield is very easy to use – you just click a button and wait for it to connect to the internet; then you’re protected. The icon in your browser tells you if you’re protected or not.

A great thing about Hotspot Shield is the fact that once downloaded, it downloads into all your browsers – including Tor. This is great because it gives you double protection – even if your VPN fails and ‘They’ find your IP address, it’s the wrong one, because you’ve got Tor.

Hotspot Shield also works with a Firefox browser which has Ghostery installed, for those who don’t want to use Tor.

It’s faster than Tor but is still a little slower than regular browsing.

Cons

The cons of Hotspot Shield are the ads. There are lots of ads – new ads every time you navigate to a new page, and they force the page a little lower down your screen. So it’s really annoying. You can upgrade to the elite version – which you pay a subscription fee for – if you don’t want the ads.

Another con is the fact that, like Tor, you aren’t protected until you turn Hotspot Shield on. And it’s easy to forget to turn it on because it doesn’t have its own browser window like Tor. However sometimes it does show a warning message that privacy is turned off, which helps.

Hotspot can suddenly switch itself off, and it didn’t tell me when that happened. I noticed that the icon was yellow instead of green so I clicked on it. However I was able to fix it by clicking on the icon, which directed me to the Hotspot site and downloaded something into the computer. After that, Hotspot Shield worked again.

RESULTS: A great go-to if you only want anonymity for particular sites. For those more serious about being anonymous, if the ads hurt your eyes then make Ghostery or Tor your staple and turn on Hotspot Shield for that extra protection when you need it (like blogging about what an idiot your president is or uploading photos of the fun you had in your BDSM dungeon, whatever floats your boat).

These magazine product trials usually announce a winner, and I’d probably say Tor is the winner for being an all-rounder. But please don’t take these results too seriously because I’m not really an anonymous blogger (I define ‘anonymous’ as ‘not revealing your identity to anyone’ but this blog is on my Facebook) so was never in danger of being doxed/hacked/having my identity revealed while doing this product testing. And anyway this blog certainly isn’t newsworthy so it’s very unlikely that someone would try to reveal my identity. Also, I wasn’t able to test how these tools help you avoid state/police surveillance.

When using anonymity tools that slow down your browsing, try using Firefox if you want to balance out the slowing-down effect with a faster browser, and/or disable all the browser add-ons you don’t need. A lot of these add-ons make your internet browsing slower because they send information about your browsing habits back to the corporations. (This also compromises your privacy). If you’re using a dongle or other wireless connection, this can eat up a lot of your data allowance, meaning that you buy lots of data that just gets thrown away without being used.

Articles on how to blog anonymously

A great guide by Dr Brooke Magnanti (Belle de Jour) with info about anonymizing technologies and tops on what not to do: http://sexonomics-uk.blogspot.co.uk/2012/05/how-to-blog-anonymously-and-how-not-to.html

Tips (including anonymously registering domains and avoiding search engines) by the EFF organisation: https://www.eff.org/wp/blog-safely

Guide to blogging with WordPress and Tor by Global Voices Advocacy – Tor isn’t compatible with WordPress any more, but it’s still a useful guide to blogging with Tor: http://advocacy.globalvoicesonline.org/projects/guide/

Get an anonymous blog here, on a platform designed for anonymous blogging (no signup needed): http://fearlessblogging.com/

How to fix your Google print after you’re outed online: blogging, anonymity and SEO

This isn’t intended to be used by trolls or people who deserve to be outed. But hey, if they find it, they find it. The internet is a jungle and should be run under the law of the jungle, and not policed any more than is absolutely necessary.

This is a detailed, comprehensive guide, not a 6-step WikiHow. You can scroll down to DIVERSION for intercepting employers’ and others’ Google searches by SEO blogging, or scroll down further to DISCREDITING for info on refuting the claims of those who out you. Scroll down to DYSFUNCTION for quick stuff you can do right now in another tab while you read this (also relevant to protecting anonymity).

A QUICK WORD ON WHY I WROTE THIS

The techie site Lifehacker once offered an article on ‘How to commit internet suicide’ but forgot to mention forum posts and blog comments which you cannot delete. The day I saw that article, I considered writing this. (Lifehacker is a joke anyway; its information is only useful if you don’t own the product it is talking about and can’t be bothered googling the info).  It is almost impossible, if not actually impossible, to commit internet suicide and in any case you’ll probably find yourself on the internet again when you manage a new project at work or someone mentions you online or something. It’s also unneccessary when you’re just trying to get rid of a few posts.

If you’re anonymous, especially an anonymous blogger, it’s worth having a game plan for if you lose your anonymity (whether because one of your ‘friends’ outs you, a journo finds you, someone online who doesn’t like you doxes you, or you out yourself accidentally through posting to the wrong account or letting slip your real name). The best anti-tracking, IP address protecting technology in the world is pretty useless if your own friend outs you or you post too many personal details. I’m not saying don’t post personal details, just know it is a risk you are choosing to take if you do so. If being outed would not be a disaster (or you don’t want people claiming to be you, or are planning to out yourself in future) then posting identifying information may not be a problem. Ironically, though, it may mean that you can not expose much identifying information on your non-anonymous or real identity accounts.

Now, I wouldn’t know much about how to blog anonymously, but although there are articles on how to blog anonymously, the issue of how to go back to being anonymous after outing isn’t that well written on.

Anonymous blogging and sometimes anonymous tweeting or posting to Reddit always comes with the risk of being outed and losing anonymity, but although you can’t completely regain anonymity after outing, you can at least stop employers and friends from finding out. Google and other search engines will keep the record for ever, but pushing Google search results down the page will mean that the only people who know your identity will be those who are trying to dox or hack you, and you’ll be safe from family and your boss. You’ll stay anonymous and maybe (depending on the situation) even be able to get back to blogging anonymously.

How to regain anonymity and fix your Google print once you’re outed

So, you’ve been outed for anonymous blogging, whistleblowing, being gay or transgender, your lifestyle, sex blogging, posting pornography, social media trolling, having previously been a call girl, Reddit trolling, being any kind of sex worker or trolling anywhere. Perhaps a bully has written nasty things about you online, or even posted naked photos of you online with your details and you can’t get the content taken down and don’t want people to see it. Or, you’re still anonymous but want a game plan for if you do get outed (if you post lots of personal information or tend to post to the wrong account then you probably should have one).

The key to fixing being outed is SEO – Search Engine Optimisation. My job is writing blogs for SEO marketing purposes. So if you’ve been outed and there are 20 websites outing you, you just need to create other websites and blogs with lots of mentions of your name and Google will pick them up. When someone searches your name, the sites that out you will be a few pages back.

If you’ve ever googled a public figure, celebrity or online community, you might have noticed that Twitter, Facebook, LinkedIn etc are sponsored sites that are right at the top of the page when you search a group’s or person’s name. Blogging sites like tumblr, blogspot and WordPress are usually under these, followed by all other sites. This is great, because it means you only have to create a couple of social media accounts and a few blogs to push the outing results onto the next page. You can create more if you want to push the outing results back further. (You can also ask Google to remove the content, but it takes months and you need a good reason such as libel).

DIVERSION (SEO BLOGGING)

This sounds like lots of work but it’s not. Imagine your name is Kathryn Simpson. If you’ve been outed then all you have to do is create a blog for Google to pick up. For maximum optimisation, make your name the blog title/address e.g. kathrynsimpson.wordpress.com, or if that’s been taken then thekathrynsimpson.wordpress.com, etc. Then for all your blog posts put ‘Kathryn Simpson’ in the title for maximum SEO, and mention your name multiple times in each post. If there’s a search term that people might associate with your name (for example, what you were outed for or where you work) then put that after your name in the content, for example if you’re outed for being a furry then put ‘Kathryn Simpson furry’. Obviously the content can’t out you, and it has to be believable – you can’t just put that phrase all the way through or people will suss what you’re up to. Instead, deny it by making your posts about how those accusations are libel: “Lately some blogs have gone up about Kathryn Simpson furry, though this is not true and it is unclear why people are blogging about Kathryn Simpson being a furry.  It is unclear whether this amounts to cyberbullying of Kathryn Simpson, or perhaps even libel as the allegations that Kathryn Simpson is a furry are not rooted in fact. This Kathryn Simpson furry thing might just be a plea for attention. Or perhaps a misunderstanding; we don’t yet know. More details as they arise.”

You only have to use the SEO term ‘Kathryn Simpson furry’ TWICE for it to work! Although if many people are blogging against you, and if those blogs are also on WordPress or Blogger, try to use it as many times as you like. Using the terms ‘Kathryn Simpson’ or ‘furry’ on their own isn’t that good but they can help if used a few times. Think of it like getting some hot guy to sleep with you – make your blog/site the one Google picks out from all the competing blogs. Bombard Google with your terms until he’s so dazzled that he crumbles and says yes.

Create a template that you can use to do this and replicate it on as many different blogging platforms as you can (especially Blogger, WordPress, tumblr and blogspot). However don’t replicate it 100% or Google will sense that the content is copied and will only show your first blog. You have to change a word in each line, because even one line of copied content will make a blog post or article useless.

Do not blog as yourself, or people will not believe you (though having one SEO blog under your name is okay, but don’t blog as yourself on multiple blogs and sites). Or, better yet, pretend to be a bot (an advertising or scam program which runs hacked blogs/sites for marketing purposes).

If you want to know which search terms are most used to google you, or which search terms lead people to the sites which out you, there are programs for that. But for these programs to be of much use, you would have to be mildly famous (or infamous) in which case these tricks aren’t going to help you. However, these tricks will:

1.Stand by what you did and don’t be ashamed.

2.Or, if it was bad, apologise but try to convince people it wasn’t such a big deal.

3.Write a blog or book about it, or, like Brutsch, get interviewed on TV.

For most people, the search terms used to find them will be their name, perhaps combined with their location, workplace or occupation. So Kathryn’s potential employer might find her by searching ‘Kathryn Simpson writer’. So you can intercept these searches like this:

Kathryn Simpson, a Glasgow writer, has been accused of being a furry by some random people on the internet. These people don’t appear to be from Glasgow or anyone that the writer knows, but this is unclear and time will tell. As well as writing lies about writer Kathryn Simpson, some of these bloggers appear to be targeting other writers, though none in the Glasgow area. Unfortunately for Kathryn Simpson, searches for Kathryn Simpson writer, Kathryn Simpson Glasgow and Kathryn Simpson furry lead people directly to the whole Kathryn Simpson furry mess.”

Again, you just have to use ‘Kathryn Simpson Glasgow’ and ‘Kathryn Simpson writer’ twice for it to work, and using the terms separately will also help.

DIVERSION (SEO BLOGGING: HOW TO PRETEND TO BE A BOT)

This is easy, and actually you can make your outers’ blogs work against them by linking to their blogs. This sounds counterproductive, but remember people are going to see your enemies’ blogs anyway.

All you have to do is the same thing, except with a spammy tone. It’s actually easier because you don’t have to care if the SEO looks contrived, and you can put in as much SEO as you want:

“Are you looking for Kathryn Simpson furry? We have lots of Kathryn Simpson furry! Furry Glasgow fans of Kathryn Simpson will love this. Free Kathryn Simpson furry.We have many furry girls, designer watches, furry dating sites, cam furry writer in Glasgow, anything you can think of for Kathryn Simpson furry! Free miracle treatment WILL CHANGE YOUR LIFE! Mum is 65 and looks 40 Buy Kathryn Simpson furry now! Kathryn Simpson live free Kathryn Simpson BUY KATHRYN SIMPSON FURRY GLASGOW KATHRYN SIMPSON FLUFFY KATHRYN SIMPSON CUDDLY GLASGOW KATHRYN SIMPSON WRITER KATHRYN SIMPSON TEACHER KATHRYN SAMPSON FURRY KATHRYN SUMPSON FURRY KATHRINE SIMPSON free live girls free live girls GREAT DEAL ON CAR INSURANCE” and so on and on.

That way, even if people do find the blogs that outed you, they look less legit after scrolling through your spam sites. Putting different spellings and similar words adds to the spam feel. If you’re outed for being a sexworker, try words like girl, cam girl, live girls, etc. If you’re outed for being kinky, try words like coily, curly, twisted, bendy, etc. Bad or non-existent grammar is also your friend. And be sure to chuck in gems like “mum is 50 but looks 20 DISCOVER HER SECRET” and “free diet pill LOSE 2 STONE IN 2 DAYS” or “8 ways to lose weight fast”.

DISCREDITING: LINKING TO BLOGS WHICH OUT YOU

Now that you’ve done your SEO blog about how it’s libel, link to the blogs as examples of that libel. Say you will post more links if you find any. You don’t have to link to all the blogs, just the ones that come up first in a Google search. Once you’ve discredited a few, you discredit them all. Making up a story like this: “I’d been pestered by certain bloggers ever since drama got started last June on an [insert hobby here] site. Well I knew the knobs were immature little pricks, but I didn’t think they’d actually do this: [link to site]”. You could also use a popular site’s name (such as a new comments section) as the place where the trouble started.

For your spam blog(s) (if you’re doing spam blogs) write stuff like this: “For Kathryn Sammpson go here buy Kathryn Sumpsonn NOW!” Chances are, most people won’t click, and when they see those same blog addresses further down their Google search, they won’t click on them. Even if they do click on your links, they’ll be very doubtful about the content of the blogs, which is a much better result than if you didn’t link and they just saw the blogs via Google.

With SEO blogging, you just want to divert people to your SEO blog, whether you’re making up a convincing ‘it was libel’ story or not. With discrediting, however, you might want to think about a really believable ‘it was libel’ story with much less SEO to make it more believable. Consider linking to this Discrediting blog from your LinkedIn/Facebook accounts or your existing website. Commenting with your Discrediting lie-fest on blogs and sites which out you is a good move, though they may delete the comments. You could also try commenting under other identities so they don’t delete the comments.

DYSFUNCTION (BECAUSE I COULDN’T THINK OF A BETTER ALLITERATIVE WORD)

These tips are also good for protecting anonymity if you haven’t been outed. They might interfere with you networking if you can’t be found, so if networking is essential for your work then try to do this stuff on social media networks you don’t use.

The point of search engines is to pinpoint the information. You need to make those searches go all over the place. By this stage, you’ve done that to an extent – you’ve got several “it was libel” blogs and maybe one or two spam blogs; you’ve created social media accounts with your name. Now it gets easier and more fun.

Create several social media accounts with the same name or display name so Googlers will be confused. You can change a middle initial each time. Facebook and LinkedIn let you have as many same name accounts as you want; they just require a different email address every time. Mail.com grants you unlimited aliases with just one (free) account. With Twitter you can have many accounts with different account names but the same display name, which Google does pick up.

With these accounts, create different locations, ages and jobs. This will really confuse Googlers or anyone trying to dox you, because it effectively gives them more leads to follow up. Doxing is like being a detective; you eliminate all the possible suspects until you have one left. (If you’re still anonymous it’s worth doing this because it will add hours or days onto the doxer’s time, and they won’t be sure which of several identities is yours until they find any blog posts or forum comments where you give out personal information.) Have a few accounts that are nearly you – i.e. a Kathryn Simpson who’s a chef in Glasgow, or a Kathryn Simpson who’s a writer in London. This will confuse them more. You don’t need photos, because if the person already knows what you look like having photos of others will just let them know the fake accounts are not you. Because social media sites come up first in a Google search, creating just a few will push the outing sites further down.

Create other blogs and websites about yourself – showcase your art, cookery, mountain biking adventures, your childhood, your thoughts about films or music, or advertise a service! These can be true; the more sites you have, the further the blogs that out you will be pushed down the Google Search. Or create a blog all about how you suffered from the lies of those who outed you.

OR..

Admit it and run with it. Even if you’ve done something bad like trolling, people might want to hear your story. Start a blog about why you did it and your experiences being outed, fired or jailed or whatever happened to you.

Admit it and play it down. Emphasise how people are exaggerating what you did and how it was nothing special really.

Hack their blogs off the web…but if you knew how to do that, you wouldn’t be reading this post, would you? ;-D

Love, Slutocrat

%d bloggers like this: