How Do I Start An Anonymous Blog?Category: primers
A 4 Minute Read
31 Mar 2017
Image by Alf Melin
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
Running an anonymous blog can be incredibly easy, or it can be incredibly hard, depending on what you mean by ‘anonymity’.
The Tech Part
If you just don’t want your readers to know who you are and don’t care about police or governments spying in on you, the simplest way to do this is to head over to Tumblr or Medium and sign up with an email address that is used only for Tumblr or Medium. As long as you don’t reveal your identity or location in your blog posts (more on that later), the average user will likely find this works well enough.
If you want to increase your level of anonymity, only log into both the email and Tumblr/Medium accounts while using a VPN or the Tor Browser. These will route your connection through other places in the world to obfuscate your location/identity. Tor does a better job at this, but I’d encourage you to read more about the differences between the two here).
On the other hand, if you want strong anonymity, to the point that only the most powerful and dedicated actors, like the NSA, will be able to deanonymize you, then your next course of action will depend on your technical ability. If you’re not tech-savvy or don’t know your way around a Linux/Unix system, then you will want to use an operating system known as Tails whenever you work on your blog.
Tails boots from a USB stick, and is specially designed to provide easy-to-use security and anonymity in which shooting yourself in the foot is made difficult. It is based on Debian (Linux), and routes all the internet traffic from your computer through Tor, a significant step up from the Tor Browser which only routes browser traffic through Tor. Moreover, Tails includes tools to help you maintain anonymity, like the Metadata Anonymization Toolkit, a small program that cleans any identifying information, like author names and modification dates, from files. Finally, Tails forgets everything you’ve done during your session after you shut it down.
If you are tech savvy, then using Whonix inside QubesOS is likely your best bet. QubesOS is an operating system that separates your digital life into different virtual machines, and Whonix is its own operating system that is specifically made to run inside virtual machines (VMs).
What Whonix does is it runs one VM, known as the Gateway, that routes all the traffic from another VM, known as the Workstation, through Tor; the Gateway is purely for routing, while the Workstation is where you will actually do work. The benefit of this is that if the Workstation VM gets infected with malware, it will still be very difficult to deanonymize you, much more so than if you were using Tails. Indeed, deanonymization would require breaking out of the virtual machine, which is hardly a simple task.
One last consideration is whether you are concerned about censorship. In other words, are you writing about something that might prompt Medium or Tumblr to shut down your account, or might prompt a government to block access to your writing? While this issue is slightly out of the scope of this article, do know that to protect against censorship you will need to not only set up your own webserver, but also a hidden service. A hidden service is a website that exists only on Tor or I2P, and I’d encourage you to learn more about them over at HowToGeek.
The Hard Part: Operational Security
No matter what technical solution you deploy, however, maintaining strong anonymity requires that you don’t reveal yourself in what you write. This is hard. Very hard. It only takes a few identifying pieces of information to narrow down who someone is. Some years ago, Bruce Schneier wrote an article that explains this issue well through the lens of data anonymization:
Using public anonymous data from the 1990 census, Latanya Sweeney found that 87 percent of the population in the United States, 216 million of 248 million, could likely be uniquely identified by their five-digit ZIP code, combined with their gender and date of birth. About half of the U.S. population is likely identifiable by gender, date of birth and the city, town or municipality in which the person resides. Expanding the geographic scope to an entire county reduces that to a still-significant 18 percent. “In general,” the researchers wrote, “few characteristics are needed to uniquely identify a person.”
In other words, by combining multiple data-points about someone you can narrow down their potential identity significantly, regardless of whether you have their name. If you write a post mentioning your birthday, another one mentioning your sex or gender, another one mentioning your state or province, and perhaps several that implicitly reveal your sexual orientation, you might just be identifiable.
Moreover, even the way you write can reveal who you are. Stylometry is essentially the study of the unique tendencies of a person’s writing, such that they can be identified. This is becoming increasingly powerful as machine learning algorithms improve, and resisting it by changing your writing style isn’t easy.
The lesson in this section is that you need to be very cautious of what you write and what information you reveal in your blog. In every word you write, you leave a clue as to who you are, and this is the most important thing to be aware of if you’re trying to be anonymous. So while the technology you use to protect your identity is important, it is vital that you don’t reveal who you are in other ways.