2) Start adopting new pseudonyms. Use a different one on every site, and a password keeper to help you stay logged in. If you happen to forget, don't worry. Treat every account as disposable. These are not "you". This is not "your brand". These are merely tools that allow to into a walled garden party wearing the mask of anonymity.

3) Do not mix your two online personas. Keep your politics, jokes, and personality in your pseudononymous accounts. Keep your boring safe opinions and pictures of dogs in your primary account. Don't talk about anything in your real life in your pseudonymous accounts, even the weather. Reserve that kind of discussion for in-person friends only. If you make a mistake, just delete the account and make a new one.

Obviously, not viable for a new grad but it should be a goal. My career has been long with many failures but also notable successes and certain rare, valuable skills. In one recent case I was resigning my position to take some time off and do other things. I was senior, only a couple levels under the CEO at a very large F500 multi-national. The company really wanted me to stay on for a year or two more.

I generally liked the work and the people and they offered even more money to stay but for me one of the issues was that the inevitable HR policy creep was adding stuff like mandatory training sessions that were getting tedious and annoying. Basically, liked the work but hated the bullshit. So we made a novel arrangement. Any mandatory policy at the company requiring my attendance was optional for me. In the case of "specifically mandated and enforced compliance with a relevant government regulation" my boss had to explain why and just ask me. (I'm not unreasonable and there are a few SEC and state regs that they really can't just ignore).

This worked out very well and was a small but meaningful concession that really cost them nothing.

As far as I know, only the USA has gone so far as to ask for social media accounts for some visas. (I might be out of date)

E: I'm speaking more about job applications. The US Visa application requirement is of course already being litigated, and hopefully will soon not be a requirement any more.

That makes a lot more sense!

So, yeah, it absolutely does happen and to different (sometimes frightening) degrees.

I can assure you, our value over time exceeds that of dogmatic thinkers. That's because, by the time you believe something, it's no longer true and we know that to be a fact before you do because we don't buy into this story.

Most people are not on Twitter or Insta the only possible 'odd one' would be Facebook, and you can say you deleted your account a while ago.

That leaves not much.

We should probably also use a tool that just converts our posts into a generic style and remove any personal touches like the usual vocabulary, expressions, punctuation styles someone might use. Is there anything like that out there?

Robin Camille's master's thesis project[2] is one of the tools available to protect yourself against attacks like these. I had the idea to make something like this but learned that she beat me to it during my research phase.

[1] https://cran.r-project.org/web/packages/stylo/stylo.pdf

[2] https://github.com/robincamille/nondescript

If there was some service to normalize, or better yet randomize writing styles, I'd love to know about them.

Ideally, any site like reddit that allows pseudonymity would have a super lightweight way of creating multiple parallel new usernames for you to post under, with a way for you to see a coherent view of everything your multiple identities have posted, but where to everyone else, each identity looks like a separate user.

Police: it turned out Google Translate had a record of all their posts!

2) Start adopting a new pen name. Use different content on each site and use the password manager to stay in login. If you forget, don't worry. Treat all accounts as one-time accounts. that is not you. This is not "your brand". These are simply tools for putting on an anonymous mask and attending a walled garden party.

3) Do not mix the two online roles. Save your politics, jokes and personality in a pseudonym account. Keep boring and safe comments and dog pictures in your default account. Anonymous accounts do not talk about the weather in real life. Book such discussions only with family and friends. If you make a mistake, please delete your account and create a new one.

(English > Korean > Chinese > Hindi > English)

> Easy to fix: Google translates your text into several languages and then back to English

I'm actually a little surprised it was as close as it is. The form of the sentence has changed, but the meaning is still easy enough to figure out.

EDIT: Avoid adding Esperanto and Latin. That results in this:

> Easy to configure Google translates your text is in English and in other languages

4. Don’t use the same profile picture on multiple sites. Tineye will link them together.

For example the username of this month for HN is mumblerino.

It's like we need an 18th century Swami's guidance on how to deal with 21st century woes: 'let go of karma'.

If you get in fights online or are a member of some group that frequently experiences abuse (from inside or outside your community) then you should consider rebuilding your social media identities, giving up some of them, compartmentalizing your digital life so that your work or business don't overlap with your friendships or public persona etc.

If things have gone sideways and you think people are already motivated to go after you, a determined person can pull your details together very quickly with a mixture of software tools, access to commercial databases, and some detective work. It's not difficult for someone with experience. In such a situation you should probably work with a commercial service like https://privacyduck.com which will do the work of erasing your digital footprints.

It's not cheap, last time I looked they charged $600/year or so and depending on your circumstances and vulnerability that might need to be budgeted as an ongoing expense. I'm sure there are other competitors int he same field but am not sufficiently informed to make comparisons.

This is the way. Ask yourself if you really need an online presence or to be part of fights online.

That said if they're more useful if you have reason to expect you're going to be doxxed. If it has already happened and your info found its way onto the dark web then you've got bigger problems.

Luckily that's not the OP's situation, but for a person who finds themselves unwillingly in the public eye and whose information has been exposed to malicious actors it's a difficult judgment call. If they're experiencing such harassment as to fear for their physical safety, that requires a lawyer's help, and probably involves moving home setting up a shell company to manage financial affairs/bills/property titles. That would generally be enough to shield one from inquiries other than law enforcement, but is obviously going to be very expensive. I'm not qualified to advise anyone on the specifics of how to go about that.

If you don't have such resources, think about moving - not so easy to track if you sublet - and most important, change your phone number. Switch to a pay-as-you-go service and use gift cards to develop a parallel financial identity. Your phone # is the biggest giveaway, followed by bills and property records. That won't hide you from private detectives or professional snoopers but will be sufficient to avoid an internet hate machine.

How does that work? (Sorry for maybe a bit silly question)

> setting up a shell company

Can't the doxxers find out who owns the shell company?

Or they won't know about the existence of a shell company? Or how does it work

> use gift cards

One would buy gift cards to oneself, use them oneself, right?

Transparency varies from state to state, but some states let you set up corporations with very little transparency, iirc Delaware specializes in this to the point that it's become a problem for financial laundering/tax avoidance, eg https://www.theguardian.com/us-news/2016/apr/06/panama-paper...

You can buy gift cards that work with Visa or Mastercard, and some vendors will let you reload them (I think Walmart does this). That would give you a fair degree of privacy for doing things online and in combination with other things make you invisible from all but very dedicated investigators (or law enforcement).

by the way, this article, while aimed at political activists, has lots of useful information and links on how to prevent and/or deal with such a situation: https://crimethinc.com/2020/08/26/doxcare-prevention-and-aft...

I'm grateful that I don't have any need for a commercial privacy service right now. I wish we lived in a world where such a service weren't necessary, but that doesn't seem to be the direction we're heading.

I agree with sibling comments here that the only way to really prevent someone from identifying you from your online personas would be to start over. If you want to truly be anonymous, you need to build these new personas with OPSEC in mind. The process includes 5 general steps:

1. Identify information you feel is critical. In your case, this could be anything that ties your online activity to your real life identity.

2. Identify your threat. This can be simple or complex depending on your needs. Are you concerned about hiding from pissed off gamers, hacktivists, or a nation state? Knowing the enemy you face will help you better understand their potential capabilities to find out information about you and how they could use this information.

3. Assess your vulnerabilities. Look at yourself from the viewpoint of the attacker. What information would you use to dox yourself?

4. Assess your risk. This can also be pretty involved depending on your vulnerabilities and threats. What could someone do with this information? How bad could you be hurt?

5. Apply countermeasures. Figure out how you can mitigate the risk you found above. This may include closing old accounts, creating new accounts, creating alternate personas, disinformation, heading off potential impact from a dox, etc.

Hope my ramblings helped.

Putting this in an OPSEC perspective makes the problem a lot clearer. Your reply complements anigbrowl's sibling comment, which gets into some options for countermeasures.

I do feel that I have a place in some online battles (or I'm just yelling into a whirlwind that someone else is controlling, but it can be fun), but I never link any of my identities. I take the stance that ideas are more powerful than solid identities.

Edit: Yes I agree, real world actions are much more powerful, and we should all spend less time online.

I can't help but wonder if people afraid of "doxxing" are paranoid or really posting stuff they'd never say in person (in which case you probably don't want to be posting them).

I understand that people get unfairly fired for social media posts. But that's what it is, an unfair firing. Why work at this kind of a place? And if you're very open about your beliefs you probably won't get yourself into this kind of a situation in the first place.

I have a friend who had death threats sent to her parents. These people are vicious and relentless.

If you are the generally paranoid though, never publish photos from around your home, never make online purchases with home delivery, but choose midpoints like post stations to collect them.

Assume that if you type your info somewhere, it would be sold and will pop up somewhere. Currently my name, home address, and phone are published in a american data broker website. If I want them removed, I need to send them an id with even more personal data and even then they insist that it will be hidden from public view, not deleted. I need a lawyer if I want the situation delt with properly.

In case that you have too much results on your name, you can add keywords like "home", "home address", "phone number", and the like. Additionally, you can add the exact values, but those will be visible for the search engine, and maybe for someone who is smart enough to go through all queries in google trends that include your name.

You will leave traces of information no matter how hard you try if you spend enough time on any site.

Btw, did you know that even if you ask dang to rename your account - people can easily find you by searching on hn.algolia.com because they don't auto update indexes on renames?

Same for many other sites. There are many indexes and archives that never update old data and won't care about GDPR requests.

You can additionally try to make yourself not stand out in real life: Choose a non-flashy style of dress. Black hoodie, hat, glasses, mask. Something that dozens of other people will be wearing at such events.

It's interesting how the virus has caused far more widespread acceptance of wearing a mask in public, something that would arouse suspicion only a year ago. Covering most of your face no longer causes others to notice you.

That might be fine, need not be a problem. (Maybe)

Instead, he or she (or others in politics) might get doxxed about things unrelated to politics that s/he wants to keep private.

Which might have worse consequences if beinga bit well known because of politics

Keeping totally separate identities across different services is key (using unrelated usernames, avatars, emails for every service). It’s also extremely difficult and unpractical to pull off.

In most doxxing cases perpetrators manage to get access to a single service and use it as a foothold to penetrate to other services. For example, someone learns your email from a forum, somehow hacks your email, gains access to Dropbox and finds the scan of your passport, driver's licence and social security card. Email in general is the key one's digital kingdom so the surest way to minimize the blast radius is to keep everything separate and unrelated.

Edit: typos

I've actually considered just scrubbing most of my online posts on social media (not that it's absolute) and using a chromebook + prepaid burner phone for new online personas per site. I've always tried to be honest about myself, my thoughts and opinions... that said, people are getting truly crazy out there.

Of course, you’d grow much slower, and maybe it’s impossible to get that kind of site to a critical mass of contributors. But it seems worth trying :)

Why can i do this? Sounds like you know the problem already and want a push ;)

A lot of people I know have, no photo of their face, and not their real full name, and goes without saying totally private. Use Facebooks feature to check you have no accidental public ones.

Using photos people have taken from their house, I've found the location and unit numbers before. So all these need to be private if you are really worried.

Wives/husbands/family are good attack vectors. Not much you can do here to begin with. But you want things locked down to at least friends of friends.

I shouldn't be able to easily escalate from necessary public profiles to private ones.

But it's all about working towards the goal. Just make a start. Every little bit reduces the chance you'll get doxxed. You might just have to be the stronger gazelle.

Maybe privacy is dead, maybe it's about having a job you can't be fired from or a gun in the house? Some peoples incomes depend on the public profiles.

Fun doxxing trick: 80% of the time your "first-friend" on social media is your significant other.

Honestly, if you opt out of social media, you'll save yourself a lot of headache trying to lock it down. You'll make mistakes. And if you don't, then your spouse will. Or your friend. Or your coworkers. They'll upload a photo of you, or leave their account public, or get their account hacked... The only way to win is not to play.

https://www.amazon.com/dp/B0898YGR58

This guy sells books on both sides, OSINT and privacy.

I run my own mail server, and I have a domain registered for handling incoming mail. Every single website, and I mean every single one, has a different email address under that domain.

Now, while it could be relatively easy to correlate all usernames with domain part of the email, I make it as difficult as possible.

Additionally, some handles are further separated. For example, my professional handles (so stuff I use at work but on my name, my GitHub public email, and similar stuff like that) are under other domain names from a professional (paid) email service. And even those aliases get changed over time (damn you automated email crawlers).

So even if the database of a website was leaked and my mail was in that database, I would , as soon as I’m made aware of the breach, delete the account immediately and instruct my mail server to discard all incoming mail to that address. Of course, every online identity of mine has a different name. This onr has a Japanese name, but I have others with common American names, tongue twisters, and sometimes keysmashes. Good luck correlating it all.

You're comment is more like "stop your eyes stinging when you're in the pool by never going in the pool", but they're looking for mitigations not avoidance.

But the rules change at random, what is perfectly fine to say one day may not be the next.

If you want to prevent somebody who knows your identity from finding your phone number, address, etc... good luck. Whether somebody can find that would pretty much boil down to how much effort they’re willing to invest.

Source: I used to do some of these sorts of OSINT investigations as part of a fraud investigations team.

Which is a problematic turn of events. When I grew up, the western world was not like China or Eastern Europe, as it is now. So you didn't use pseudonyms, because your name was your brand. Only immature kids or lgbt people used pseudonyms, the rest was honest, and it helped you with your job prospects. Now a new wave of fear, bullshit and lies has taken over cooperate and public matters. You can now even trust the Eastern Europeans more than westerners.

The above is not complete snark: a friend's brother, whose daughter's fiesta de quinceañera I'd attended, was put in a coma working full-time for a fellow who employed two full-time accountants as part of his "family office" but who was not only too cheap to carry insurance but then even explicitly said the brother, as an independent contractor, should've had his own and refused to contribute anything towards his medical bills. I spent an afternoon trying to track down assets, and the structure I managed to reveal was ... interesting.

I'd never heard of that before.

Miniscule levels of risk are not worth worrying about, unless you are a figure in the public spotlight or likely to be a person of interest to police or intelligence orgs, in which case you should probably seek advice specific to your situation.

This is really the key takeaway I'm getting from your comment and others so far: what is meant by doxxing and what I can do about it are very context-specific.

Edit: Sounds like it's too late for you, but don't be an activist online using your real name unless you have some real, physical security.

Stay quiet and mainly share content about food, gardening, and occasionally programming.

do your family a favor and remove them too

But it's not going to save you from the mob. Things that are quite reasonable can still set off the mob, because the mob is very much not reasonable.

It may not be possible to have different spheres of life cohabitate peacefully, especially if the doxxing involves shining light on old character flaws you’ve since remedied, but thanks to the digital world we live in, can be easily surfaced. I’d say “get off social media forever” to at least prevent your self 20 years in the future having this same worry about whatever it is you are innocently sharing this month, but that always seems to draw a gasp from people who apparently can’t imagine life without the internet.

Seems to me that everyone who has ever been doxxed is doing “something” that draws attention to them. That doesn’t make it right, but I haven’t heard of doxxing of any quiet Amish families, or guys building cabins in the woods minding their own business.

It’s usually some loudmouth on some open source software forum, or some politician’s operative, or someone being a potential whistleblower.

What you are asking is, in essence, how can I keep from getting punched in the mouth? It’s not too difficult, if you think about it. Someone randomly punching you in the mouth “for no reason” is about as statistically probable as being struck my lightning twice in the same week.

Some people attack punches more than others. I’m not saying it’s right, or even deserved. Just that there are life choices that can increase the odds.

Maybe what you’re really asking is how can I avoid the risks of some life choices I am making or want to make?

All the advice here will only partially mitigate the risk. The only real way to eliminate it would be to make different choices to stop unwanted attraction.

I somewhat laughed at all the “privacy” tips here. My friend, if you tick off the wrong person, they will find you or hire someone good to do it for them. And if doxxing is their chosen revenge, you can’t choose to then decide to be a quiet mild-mannered ordinary citizen when you already opened your mouth and drew attention to yourself.

I’m sure everyone who flips someone off across the street wishes the same when they see the scrawny guy reach into his jacket and pull out a gun.