Running a pseudonymous social media account

Here are some tips for running a pseudonymous social media account without being de-anonymized.

Why should you create a pseudonymous social media account?

When you post under your real name, anybody--including law enforcement--can use what you say against you. Not using your real name on the Internet adds a layer of security.

However, you should take the following steps to make sure that your pseudonymous account is not connected to your real identity:

Use a new email address and phone number that you have not shared with anybody else.

If you use share the same email address or phone number between your pseudonymous account and your real-name account, then people that are connected to your real account may be recommended to follow your pseudonymous account--potentially de-anonymizing you.

Sharing email addresses and phone numbers between the two accounts also lets employees at the social network and law enforcement figure out that they are connected.

Other people may be able to figure out that the accounts are connected by requesting password resets for both accounts and seeing if the social network responds with what email address the password reset email went to.

Do not follow or friend any social media account that you have connected with via your real account.

It is possible for your adversary to use connection information on social networks to guess that your pseudonymous account and real account are related--even if the two accounts are not directly connected.

The safest thing is for your pseudonymous account to completely avoid the network of accounts that your real account interacts with. The two accounts should never be present in the same social circle.

Fill out security questions with answers that nobody can guess.

Do not share security questions and answers between your pseudonymous account and your real account.

Do not use security questions and answers based on your real personality.

Instead, fill security question fields with random password-like answers--making sure to save the questions and answers in a password manager like 1Password so that you don't forget.

Make sure none of your posts are tagged with your location.

Many social networks like to annotate your posts with your GPS location. Always check every post to make sure the location is not attached. It may be possible to deny location permissions to the social network's app or website on your phone or laptop for additional security.

Log into your account using a Virtual Private Network (VPN).

If you log into your pseudonymous account without a VPN, it makes it easier for the social network or law enforcement to de-anonymize you.

Do not use the same VPN provider to connect to your pseudonymous account and your real account. You want to use different VPNs that will show different IP addresses to the social network.

You can read more about VPNs here.

Never open any links or attachments sent to you via Direct Message.

It is possible that an attacker is sending you links or attachments that give away your IP address or other location information when you try to open them. This may be a difficult rule to follow because many activists may have to open attachments to do their job, but beware that any attachment or link can give away your position.

Do not use your pseudonymous account to log into other websites. Do not use your account to authorize third-party applications.

When you log into a third-party website or app with your social media account, the website or app often gets to download information from your social media account. This can include private information like your Direct Messages.

Facebook offers guidelines for how to audit and remove third-party apps you may have already connected. Twitter offers similar guidelines.