Running a pseudonymous social media account
Here are some tips for running a pseudonymous social media account without being de-anonymized.
When you post under your real name, anybody--including law enforcement--can use what you say against you. Not using your real name on the Internet adds a layer of security.
However, you should take the following steps to make sure that your pseudonymous account is not connected to your real identity:
If you use share the same email address or phone number between your pseudonymous account and your real-name account, then people that are connected to your real account may be recommended to follow your pseudonymous account--potentially de-anonymizing you.
Sharing email addresses and phone numbers between the two accounts also lets employees at the social network and law enforcement figure out that they are connected.
Other people may be able to figure out that the accounts are connected by requesting password resets for both accounts and seeing if the social network responds with what email address the password reset email went to.
It is possible for your adversary to use connection information on social networks to guess that your pseudonymous account and real account are related--even if the two accounts are not directly connected.
The safest thing is for your pseudonymous account to completely avoid the network of accounts that your real account interacts with. The two accounts should never be present in the same social circle.
Do not share security questions and answers between your pseudonymous account and your real account.
Do not use security questions and answers based on your real personality.
Instead, fill security question fields with random password-like answers--making sure to save the questions and answers in a password manager like 1Password so that you don't forget.
Many social networks like to annotate your posts with your GPS location. Always check every post to make sure the location is not attached. It may be possible to deny location permissions to the social network's app or website on your phone or laptop for additional security.
If you log into your pseudonymous account without a VPN, it makes it easier for the social network or law enforcement to de-anonymize you.
Do not use the same VPN provider to connect to your pseudonymous account and your real account. You want to use different VPNs that will show different IP addresses to the social network.
It is possible that an attacker is sending you links or attachments that give away your IP address or other location information when you try to open them. This may be a difficult rule to follow because many activists may have to open attachments to do their job, but beware that any attachment or link can give away your position.
When you log into a third-party website or app with your social media account, the website or app often gets to download information from your social media account. This can include private information like your Direct Messages.
Facebook offers guidelines for how to audit and remove third-party apps you may have already connected. Twitter offers similar guidelines.