If you’re using an anonymity tool — Tor or something like it — to be anonymous on the internet, it’s really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you.
Whonix’s “Do Not” page is a guide to not screwing it up, from “Visit your Own Website when Anonymous” to “Do not Use Different Online Identities at the Same Time” and beyond.
Do not Disclose Identifying Data Online
De-anonymization is not only possible with connections / IP addresses, but also via social threats. Here are some recommendations to avoid de-anonymization suggested by Anonymous:
* Do not include personal information or interests in nicknames.
* Do not discuss personal information like location, age, marital status and so on. Over time, discussions about something inane like the weather could lead to an accurate idea of the user’s location.
* Do not mention one’s gender, tattoos, piercings, physical capacities or disabilities.
* Do not mention one’s profession, hobbies or involvement in activist groups.
* Do not use special characters on the keyboard which only exist in your language.
* Do not post information to the regular internet (clearnet) while anonymous.
* Do not use Twitter, Facebook and other social network platforms. This is easy to correlate.
* Do not post links to Facebook images. The image name contains a personal ID.
* Do not connect to same destination at the same time of the day or night. Try to vary connection times.
* Remember that IRC, other chats, forums, mailing lists and so on are public arenas.
* Do not discuss anything personal whatsoever, even when securely and anonymously connecting to a group of strangers. The group recipients are a potential hazardous risk (“known unknowns”) and could have been forced to work against the user. It only takes one informant to destroy a group.
* Heroes only exist in comic books and are actively targeted. There are only young heroes and dead heroes.
If any identifying data must be disclosed, treat it as “sensitive data” as outlined in the previous point.
DoNot [Whonix]
(via 4 Short Links)