pop(Pika):
The other day I made a mistake and left a comment on someone's blog under my own first name instead of the pseudonym. I deleted it as soon as I noticed, but then I got a bit paranoid if anyone could see who I am just from that one single comment. So I googled my first name.
And got the shock of my life.
I am there, my workpage pops up immediately, right on the first page of results...
How googleable are you?I meant to post about this topic months ago, but found myself struggling with how to appropriately discuss it. The problem with me writing a post like this is I could give hints on how to 'out' someone who is blogging/internetting pseudo anonymously, and I don't really want to do that for obvious reasons. The good news is that most of the techniques to de-anonymize bloggers remain firmly in the realm of researchware, but I wouldn't bank on that being the case for too much longer.
Instead, I'd like to suggest a few defensive things pseudo anonymous netizens can do to help maintain their anonymity. Some of these suggestions are social, some are technical, but nearly all are grounded in the privacy literature.
1) Don't tell anyone you know in your open (non-anon) life about your pesudo-anonymous identity/blog. Someone will tell someone, and the next thing you know someone posts something somewhere revealing your real name. People are awful at keeping secrets, and if you ever become a famous (or controversial) blogger you run the risk of someone accidentally (or purposely) outing you.
2) Don't write things that would be devastatingly embarrassing for you if you were outted. As I said, right now it's easy to be a little bit anonymous online, but I would not at all bet on that trend continuing. I saw a paper presented at a conference recently that scared the crap out of me, so do take heed.
3) If you blog, turn on the comment approval settings. If you use facebook or other social networks, even if it's under your pseudonym, turn on the settings to approve your wall posts / picture sharing / etc. Seriously, lock that puppy down. Better to introduce a delay then suffer the consequences of someone commenting, "Great post, Imelda D! See you at lunch tomorrow."
4) Never forget: once it's out there, it's out there. There are no takebacks in the era of RSS feeds and google. There is no ephemerality. Be extra careful when you post something not to sign your real name, discuss something specific about your location, etc. You have absolutely no idea who is subscribed to get a blog's comments, and once their RSS reader grabs it, there's nothing you can do.
5) There is a lot of literature on how people can infer your identity based on your interests, social network friends, etc. (See references in this post). Some people who work in the security/privacy fields make their name on this kind of thing, no pun intended. Again, this supports my first suggestion to keep your pseudo-anonymous life and your non-anonymous life as separate as possible. If you need to share something personal, change some details here and there. You know, say you love dogs instead of cats.
6) Use Tor, or another anoymizer web browsing service when visiting other people's blogs/websites. Definitely anonymize your IP when commenting elsewhere under your pseudonym. While Google Analytics provides a slight layer of anonymity and lets your individuality get lost in the noise, not all trackers are so gracious. Remember, every time you hit a webserver, your IP address is logged. It is trivial to deduce who you are based on your IP. So you are completely relying on the good graces of the website/blog owner not to out you. By using an anonymizer, you can at least protect yourself a bit better.
I think that's it for now. Happy pseudo-anonymous blogging!
