by Namcios and Christopher Allen
Pseudonymity Guide is a tutorial on how to securely create and operate a pseudonymous identity. It is intended to help activists, journalists, and others prevent or evade online stalking, doxxing, harassment, oppression, coercion, or censorship.
This guide is not meant to help malicious actors perform unethical, criminal, or illicit activities. It is written with the sole purpose of informing good-intentioned individuals, especially human-rights activists, about often-overlooked considerations and risks in online activities. Therefore, it provides insights and actionable steps that you can take to sanitize your online environment and habits. Additionally, this guide offers tips on creating and operating a new identity separate from your real-world identity.
NOTE: Be aware that this guide currently does not aim to help you guard against highly skilled, highly motivated actors with unlimited resources, for instance, high-profile nation-states or individuals with unlimited resources. In these cases, you'd need tactics that, at the moment, go beyond the scope of this guide.
Start by reading the introduction below. It provides you with an overview of this guide's sections and their primary goals, the course of action you will take, and the benefits you can expect to gain from this project.
In Section One, you will understand why you need privacy and why it is essential. Privacy is a fundamental human right that precedes many others. This guide will discuss these intricacies and present cases and examples when abuse of individual privacy has led to harsh consequences. Some negative side-effects of neglecting privacy are loss of freedom, less diversity in society, harassment, stalking, identity theft, permanent injuries to personal records or reputation, coercion, blackmail, and sometimes even death.
The interconnected digital world offers a unique tool for people to communicate, share ideas, and comment on other's developments or projects. Moreover, it can lead to the development of personal connections in the physical world. However, such ease of flow of information also enables people to invade each other's private spaces, often resulting in the aforementioned consequences. Hackers, governments, and motivated entities have a massive amount of online data to exploit, which they can leverage to influence people's behavior without their knowledge or consent.
This guide hopes that by becoming aware of the ever-increasing pile of data being collected on you and the possible consequences of having it fall into preying hands, you will change your relationship with the internet. More than ever, it is of utmost importance for everyone to think about what personal information they want and don't want to be made public online.
After you understand all the major moving pieces in online privacy, you will be prompted to think about your threat model in Section Two. The guide will provide you with a basic notion of a threat model, why it is crucial, and how you can develop your own. You can also expect links to resources for further research into the complex topic. A well-defined threat model will prevent you from trying to protect everything from everyone, something that is not achievable nor desirable. Instead, you will have a good understanding of who your adversaries are, what information or assets you need to protect from them, and what actions you can take to enforce your threat model. Clarity on these is paramount to ensuring the success of your advocacy.
Once you've defined what your threat model looks like, you will be ready to start creating a pseudonymous identity from scratch in Section Three. The benefits of separating your real-world identity from the one you use for your advocacy needs can compound over the long run. Ensuring that every human being can enjoy their dutiful rights is a good action, but one seldom secured by authoritarian regimes. In that case, your ability to shed light on the issues surrounding your community, or even humanity at large, can be empowered and facilitated by the correct use of a pseudonymous identity.
Before offering a step-by-step guide to creating a new pseudonymous identity, Section Three will discuss the technical choices you need to consider to make that happen securely. Your technical abilities and budget will be leveraged to explain what route you should take regarding a computer and a mobile phone and what software you want to have in them. These choices will tie back to the online privacy questions raised in Section One, as well as to the threat model you created in Section Two. Since human-rights advocacy and activism are increasingly done online, the tools you use to connect to and engage with the internet matter. The correct selection and usage of such devices will play a significant role in the successful safeguarding of your private information and assets from your adversaries.
Now that you know precisely what issues this guide aims to solve and the ones it doesn't, you can begin to understand why privacy matters in Section One's first file: Why Is Privacy Important?. You can also reference the table of contents below at any time.
SECTION ONE: PRIVACY
SECTION TWO: THREAT MODELING
SECTION THREE: A NEW IDENTITY
- 3.1: Technical Choices for a New Identity
- 3.2: Create Your New Identity
- 3.3: Operate Your New Identity
Pseudonymity Guide has been edited but should not be used for production tasks until it has had further testing and auditing.
August 2021
- Finish first version of the guide
September-October 2021
- Improve organization by separating guide into sections with clear objectives.
- Provide more clarity in README with an intro. What can the reader expect from the guide and what will they gain from it?
- Create "Why Is Privacy Important?" file
- Break up "Privacy Basics" into more granular files (steps to regain privacy, threat modeling, technology choices, etc.)
Unless otherwise noted (either in this /README.md or in the file's header comments) the contents of this repository are Copyright © 2021 by Blockchain Commons, LLC, and are licensed under the spdx:BSD-2-Clause Plus Patent License.
In most cases, the authors, copyright, and license for each file reside in header comments in the source code. When it does not, we have attempted to attribute it accurately in the table below.
This table below also establishes provenance (repository of origin, permalink, and commit id) for files included from repositories that are outside of this repo. Contributors to these files are listed in the commit history for each repository, first with changes found in the commit history of this repo, then in changes in the commit history of their repo of their origin.
File | From | Commit | Authors & Copyright (c) | License |
---|---|---|---|---|
exception-to-the-rule.c or exception-folder | https://github.com/community/repo-name/PERMALINK | https://github.com/community/repo-name/commit/COMMITHASH | 2020 Exception Author | MIT |
Pseudonymity Guide is a project of Blockchain Commons. We are proudly a "not-for-profit" social benefit corporation committed to open source & open development. Our work is funded entirely by donations and collaborative partnerships with people like you. Every contribution will be spent on building open tools, technologies, and techniques that sustain and advance blockchain and internet security infrastructure and promote an open web.
To financially support further development of Pseudonymity Guide and other projects, please consider becoming a Patron of Blockchain Commons through ongoing monthly patronage as a GitHub Sponsor. You can also support Blockchain Commons with bitcoins at our BTCPay Server.
We encourage public contributions through issues and pull requests! Please review CONTRIBUTING.md for details on our development process. All contributions to this repository require a GPG signed Contributor License Agreement.
The best place to talk about Blockchain Commons and its projects is in our GitHub Discussions areas.
Gordian System Discussions. For users and developers of the Gordian system, including the Gordian Server, Bitcoin Standup technology, QuickConnect, and the Gordian Wallet. If you want to talk about our linked full-node and wallet technology, suggest new additions to our Bitcoin Standup standards, or discuss the implementation our standalone wallet, the Discussions area of the main Gordian repo is the place.
Wallet Standard Discussions. For standards and open-source developers who want to talk about wallet standards, please use the Discussions area of the Airgapped Signing repo. This is where you can talk about projects like our LetheKit and command line tools such as seedtool, both of which are intended to testbed wallet technologies, plus the libraries that we've built to support your own deployment of wallet technology such as bc-bip39, bc-slip39, bc-shamir, Sharded Secret Key Reconstruction, bc-ur, and the bc-crypto-base. If it's a wallet-focused technology or a more general discussion of wallet standards,discuss it here.
Blockchain Commons Discussions. For developers, interns, and patrons of Blockchain Commons, please use the discussions area of the Community repo to talk about general Blockchain Commons issues, the intern program, or topics other than the Gordian System or the wallet standards, each of which have their own discussion areas.
As an open-source, open-development community, Blockchain Commons does not have the resources to provide direct support of our projects. Please consider the discussions area as a locale where you might get answers to questions. Alternatively, please use this repository's issues feature. Unfortunately, we can not make any promises on response time.
If your company requires support to use our projects, please feel free to contact us directly about options. We may be able to offer you a contract for support from one of our contributors, or we might be able to point you to another entity who can offer the contractual support that you need.
The following people directly contributed to this repository. You can add your name here by getting involved. The first step is learning how to contribute from our CONTRIBUTING.md documentation.
Name | Role | Github | GPG Fingerprint | |
---|---|---|---|---|
Christopher Allen | Principal Architect | @ChristopherA | <[email protected]> | FDFE 14A5 4ECB 30FC 5D22 74EF F8D3 6C91 3574 05ED |
Namcios | Lead Author | @namcios | <[email protected]> | 55A2 4BE0 AEE5 DB41 52C6 A410 8E3A 3683 1726 9AB4 |
We want to keep all of our software safe for everyone. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. We are unfortunately not able to offer bug bounties at this time.
We do ask that you offer us good faith and use best efforts not to leak information or harm any user, their data, or our developer community. Please give us a reasonable amount of time to fix the issue before you publish it. Do not defraud our users or us in the process of discovery. We promise not to bring legal action against researchers who point out a problem provided they do their best to follow the these guidelines.
Please report suspected security vulnerabilities in private via email to [email protected] (do not use this email for support). Please do NOT create publicly viewable issues for suspected security vulnerabilities.
The following keys may be used to communicate sensitive information to developers:
Name | Fingerprint |
---|---|
Christopher Allen | FDFE 14A5 4ECB 30FC 5D22 74EF F8D3 6C91 3574 05ED |
You can import a key by running the following command with that individual’s fingerprint: gpg --recv-keys "<fingerprint>"
Ensure that you put quotes around fingerprints that contain spaces.