Oddbean new post about | logout
Jacob | Five Eye Tea | 3 months ago (raw) | root | parent | reply | flag 
 Depends on whether the antagonist government decides to subpoena the social network. Harder to do on a decentralized platform but still not impossible. Besides, there are ways to corollate posting and traffic patterns to the targeted account if they're really determined to find out who it is. That's why an anonymous account, only ever accessed via a VPN or Tor (only one or the other, it shouldn't be accessed via both) is the best way to do it... And be sure your VPN is trustworthy, like Mullvad or Proton VPN.
Hazey | 3 months ago (raw) | root | parent | reply | flag +1 
 Yes subpoena risk is real with centralized shitshows. Assuming VPN is a given, then an anon nostr account is better. It does not make you invisible, but to prosecute based on intelligence gathering is a whole next level of tyranny, a line thankfully not yet crossed.
Jacob | Five Eye Tea | 3 months ago (raw) | root | parent | reply | flag 
 That's true, but it's still a risk to the individual's freedom. An anonymous account using an encrypted email is ideal, particularly if you never open the account or the email on anything except Tor. And, of course, there are other vectors of attack, such as using OSINT or AI evaluation of your writing style. This is why you also need to take care not to mention any personal details, not interact with the same accounts as on your other social media and so forth. Finally, in terms of the AI evaluation, that's pretty difficult to get around but typing your messages in a completely different way would be helpful.

If I were in the UK and I wanted to use a centralized social network, my setup would be like this:

I'd run Whonix on a Linux laptop, since it routes through Tor and has all sorts of other protections that standard Tor Browser doesn't offer. I'd sign up for an encrypted email service such as Proton Mail (or maybe even one of the Tor email services), then use an alias forwarding to that email so that each social network has its own alias email. I'd be sure to only ever log into that email and that social network via Whonix on that laptop, I wouldn't even visit that account's page if I weren't in this setup. I'd also avoid posting unless it's important, and I'd avoid replying to any replies or messages. 

All private communications I'd need to do would be undertaken via either Session or SimpleX (probably the latter due to its capacity for private aliases for each group and contact, but Session's onion routing would be very helpful for anonymity). I might even look into ways to run private AI so I could throw my messages in an "is it AI?" reader and change things up until it looks like the messages are AI generated. That way, it not only reduces the ability for them to de-anonymize via writing style but it also would come up as AI-generated, making them think I'm just a bot.

I could even theoretically set up a live boot Tails USB with persistence so that I could use this setup on any PC instead of Whonix but I feel like that would be a bit overkill at that point since they'd be unlikely to waste THAT much effort and time to find me for free speech. In general, this probably seems like overkill but when your government is tyrannical like that, it's best to be extra cautious.

Now, in terms of decentralizes social platforms like Nostr, you could cut down on this a little. I'd still only access that anonymous account via Whonix but I wouldn't have to go so crazy with the email, email aliases and so forth. Nostr is great because of how decentralized and immune to censorship it is, but opsec mistakes could still land someone in a cell if the UK government decides to crack down even harder.
Hazey | 3 months ago (raw) | root | parent | reply | flag +1 
 Interesting idea to let your personal AI "fix" your messages before sending them, so that they look like generated text.
Jacob | Five Eye Tea | 3 months ago (raw) | root | parent | reply | flag 
 Yep, unfortunately, AI has made privacy even harder. It'd have to be run on a local AI that doesn't connect to the internet, though. Or, at the very least, one that doesn't require an account and can be used over Tor.