Mellow Root

How I stay reasonably anonymous online

I'm not wanted by the FBI, nor am I worried about my ISP watching me, and I don't care about Google knowing what I search for. What I am worried about is crazy people on the internet I might accidentally piss off, so I don't want to be easy to stalk. I'm also lazy, so I try to balance the effort and stalker risk to get the best bang for the buck. Described in this post are some things I do to be a bit harder to stalk.

Fake names

Often when registering accounts the first and last names are optional, in those cases just skip them.

Where names are mandatory, I generate them with for example this random name generator. I usually use the settings: First name only, avoid rare, only relevant countries, and randomize surname (but I try to switch it up sometimes.)

I want the name to sound legit (so maybe not John Doe) but still be common and give many hits on Google, this makes it more annoying to try to look me up. John Doe works if I don't care if they know it's not my real name, but I try to be inconsistent and don't use the same name for many accounts.

Random usernames

I don't want people to just Google my username and find my users on all other services. So what I do is randomize 1 to 3 words, maybe append a random year at the end of it, use leet speak sometimes, and sometimes use some username generator.

# Get a random word
shuf -n 1 /usr/share/dict/words

Switch it up and don't be consistent.

Masked emails

Don't use the same email on multiple sites. Even if it's often not shown publicly, sites get hacked and if you use firstname.lastname@gmail.com for your PornHub account it won't feel great.

If you're using the same email on multiple sites one can connect your different usernames. Finding database dumps of hacked sites with emails and usernames isn't hard, and many people collect them for exactly this reason.

It's tedious to manually create new email accounts for every service, but luckily there are services that can help us with it:

With these services, I get something like "aliases" unique to a service. So I still have only one inbox (I only use Fastmail), but I get multiple email addresses connected to it. That means I can have a unique email registered at each website/app I register at but need to monitor only one email inbox.

For throwaway accounts I use temporary email services:

The downside with temporary emails is that they're blocked on many services, and there is no password to access the inbox so don't use it for anything sensitive (anyone could do a password reset if you use it for an account somewhere, for example.)

Unique passwords

Don't use the same password on multiple sites, not only is it terrible from a security point of view but it's also bad from a privacy perspective.

As I mentioned in the section about emails, sites get hacked. If you use the same password (but different usernames and emails) on different sites people can figure out the accounts belong to the same person if it's leaked. And yes, this technique is used in the wild.

Use a password manager, 1Password is an excellent choice and it's what I use. 1Password integrates with Fastmail's Masked Emails so I can generate both email and password on the fly when signing up on a website.

Avatars/profile pictures

There is a technique called "reverse image search" which means you search for an image and Google (or Bing, or Yandex, or whatever you use) shows you all other places the same (or similar) image is used. By doing a reverse image search on a profile picture, people can see other places where you use the same image.

If possible, I don't use any profile picture or avatar, or use the default one. If I for some reason need or want a profile picture, I tend to generate one with:

Sometimes I find images by searching for something "random" on Google or similar, but I try to be mindful of copyright and never use a picture of a real person.

Multiple accounts

Sometimes I use multiple accounts for the same service if possible (e.g. multiple Reddit/Discord accounts for different purposes.) I do this to make it harder for people to profile me.

To avoid having to log in and out when switching accounts, I use Firefox containers, that way I can be logged in to different accounts in different tabs. In some cases I use Chrome profiles but that's a lot more work when using more than a few accounts.

Deleting comments

I usually delete comments, threads, or other content I put up on the internet after it has served its purpose. That means for example deleting my Reddit comments after a month or two, keeping my email inbox near empty (in case it gets hacked), deleting old accounts, and similar things.

To some extent, I feel a bit bad about this. Comments I make might be useful for people in the future, but hopefully I can share some useful knowledge on this blog to compensate.

Things I usually don't worry about

There are more things one can do that I don't feel the need to, but I figured I might as well mention some common ones:

#privacy