Feminists have been doing digital, anonymous media praxis for a long time. The internet affords us many great opportunities, but also a larger footprint should we want to stay anonymous. The reasons for anonymity are clear: anti-racist and feminist activists are met with threats and acts of physical violence from social institutions with those types of power, while institutions with less purchase on physical violence rely on litigiousness. Anonymity is a great political tool.
That being said, there is no such thing as absolute anonymity. From server handshakes to video and keystroke surveillance, someone always knows – this should be your number one assumption. That being said, this post is dedicated to helping feminists understand how to do almost-anonymous (or resource intensive anonymity, from the perspective of institutions) activism.
Activism is not something you do alone, for many reasons. What you might be doing in the crevices of anonymity may be fully legal and lawful. But, when it challenges an institution, they will use any tactics (lawsuits, falsified reports, ToS violations, etc.) to shutdown and/or punish dissent. You should always work within a networked activist group that understands and takes on that risk collectively, and that has mobilized resources and contingency plans for litigiousness: a defense fund, destruction protocol, phone tree, etc. Safety, solidarity, and security, in all of its definitions, should be the first thing discussed in any collective action.
Second, you should always be as secure and confident as possible. That means understanding (or collaborating with someone who understands) the ways public networks and communication infrastructures may be used (secure), and the blindspots in that network (confidence). I point out some of the bare minimum things you should consider here, but nothing is a replacement for specialist knowledge and experience.
Browsing, Forums, Networking
I want to start with dark web forums and browsing. If you’re looking for advice on account-based services, which are a whole other can of worms, read below.
Information is power, particularly in activist work. Sometimes, information requires extensive searching through institutional pages, documents, and the like. If you work somewhere like a college or university, your IT department is constantly monitoring web traffic of suspected activists. In some instances, your searches may display differently as an institution can key its server to detect connections from specific locations, and block or spread disinformation. To get around this, you need to get yourself a suite of anonymity tools.
The best solution for beginners is Tor. You can click here to download it. Some places block Tor downloads – no matter, just send an email to firstname.lastname@example.org with no subject and the name of your OS in the body (i.e., windows, osx, linux – it is case sensitive, so use lowercase). Install it and connect directly. You should be sure to visit only pages with SSL/TSL encryption (HTTPS), and the Electronic Frontier Foundations HTTPS Everywhere default add on should help you with that. If you find yourself not on an HTTPS site, simply click the button to disconnect and reconnect through a new pathway.
This method works for searching out information in most instances when you are on a privately owned network connection (i.e. your home wifi). But there are two exceptions you must be aware of: public networks and company machines. First, when you connect to a public network (i.e. library or college), everything from your physical machine goes through the physical network. Tor cannot protect you here – see the next part for how to get around that. Second, if you use a machine purchased by your employer, they are already monitoring your every action, and can see what you search in Tor, regardless of where or when you do it. In these two circumstances, Tor cannot protect you.
If you want to send anonymous messages or updates, be sure to use private accounts (i.e. Hotmail, yahoo, etc.), and not institutional accounts (your email or any email using .gov, .edu, or .org). For sending absolutely anonymous sender emails, consider using something like GuerillaMail that lets you create customized, disposable email addresses.
But, there is a solution: don your favorite hat and glasses, get yourself a fake mustache, and go use a public terminal at a library or college. University and college libraries are some of the most informationally secure places around – UMass went so far as to install Tor on all of their public browsers to insure the security of their patrons. Using a public terminal guarantees that no one knows who you are on the network side (no login), and your disguise should protect you from the surveillance side.
What if you want to blog, or log in somewhere? That’s next.
Sometimes you need to log in to services to get your activist on. That’s fine, but requires a couple extra pointers.
What you do on Tor should only ever be done on Tor. Do not copy and paste from any software you’ve ever registered. Do not connect to your usual Gmail address. The webernet is a Darwinian hole, where people trade digital tracking favors on a regular basis. Mind you, when I’m asked by a supervisor to “track user so-and-so down,” I do a meh-level google and IP search, and tell them what I found. As long as you don’t connect to your usual sign in accounts using Tor, you should be fine. As long as you don’t copy and paste from software you’ve licensed or filled in contact information for, you’re fine. Otherwise, you could be screwed.
When working with account based systems always do it on a private network (i.e. home or business, not government subsidized, or owned by any of the entities you’re working against). You should start your session by creating disposable email accounts on tor, from a system/machine with nothing logged in (I’m looking at you chrome plugins). This can be done through gmail or Hotmail (GuerillaMail is typically blocked as an account creation mail bc of spam/hacking). This is now your tor email. Everything you create on tor should go through your tor mail. You should never use your tor mail when not on tor. Ever. Period. Never. Don’t even think about it.
You can now use this email to create accounts for other things. Here is a guide for anonymous blogging via Tor. The general rule of thumb: don’t use any nickname/handle/username that can be traced to you. Randomize all of your passwords and write them down on a piece of paper, with codewords for what they belong to. These steps should keep you safe in legal web activity.
If you’re going to do something that could be considered in a legal gray zone, or that someone might interpret as unlawful (i.e., they could find some grounds to sue you for funzies or bc you caused real damage), you should add an extra precaution: get that disguise out and head to the library. Follow all of the steps above on a public terminal (no Tor required), and enjoy yourself. Again, the disclaimer: this type of work is dangerous, and if you are poking a bear with a lot of fellow bears, some cubs, and a lot of honeypots, you will want to be sure that you have a defense fund and network to rely on when the shit hits the fan. It’s always a ‘when’ question, not an if question. Eric Holder announced back in 2014 that all Tor users “will not be treated as United States person, unless such person can be positively identified as such,” meaning once you’re on Tor, you have no constitutional rights. There are also rewards, like in Russia ($100,000, which is more insult than award), for the programmer who can create applications that consistently decode Tor exit relays. And, of course, the US can always just seize your computer under the patriot act (see above re: your citizenship on Tor).
So, there you have it. Now, you’re not going to be Legion with these beginning steps. But, now you a start to thinking about your anonymity in doing activism online. And remember, no amount of technology will ever replace good ol’ safety and solidarity.