this post was submitted on 15 Dec 2024
183 points (98.9% liked)

chapotraphouse

13603 readers
681 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Slop posts go in c/slop. Don't post low-hanging fruit here.

founded 4 years ago
MODERATORS
183
OpSec and Hexbear (hexbear.net)
submitted 1 week ago* (last edited 6 days ago) by [email protected] to c/[email protected]
 

Hexbear started during the 2020 BLM protests, where cops were using social media and internet presence to track down activists. They are still doing this, but with less vigor than when police stations were burning down.

This included things like using tattoos on naked bodies, etsy store receipts etc.

Just before the r/cth ban, there was also a problem with chasers and leering objectification, and steps were taken to reduce thirst-posting and the like.

These things combined means that people don't post selfies or direct identifying information. People post their pets and artwork, but I know I have to make a decision about where and when I post things to make things non-trivial for cops or random chuds. I feel like a unique pet name, breed, and rough region could be enough to track someone down.

Even so, I think I'm bad at it. I feel like if someone knew me and read everything on hexbear they could ID me pretty easily (and I know multiple people in person on hexbear, but we've never exchanged usernames).

Idk if there are any hard and fast rules beyond the selfies and direct ID though. I should burn this account.

Edit: removed reference to masculinity

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 1 week ago

For voicing your opinion about activism,
I'd recommend to at least use:

  • A burner account,
    do not post your opinion through your daily account.
  • A paid, no-log VPN or Tor when posting.

Above should cover the needs of most people.
But if you think you're a high profile target,
then following would also be smart:

  • Alter you writing,
    do not post in similar writing as your main account, e.g. if you usually capitalize each sentence, don't, if you usually use emoji's, don't etc etc.
  • Use a privacy oriented OS to post on,
    e.g. no Windows, no Apple, no closed source Android fork, but do use QubesOS, or TailsOS, or GrapheneOS.
  • Only use chat clients with E2EE (End to End Encryption) and without identifiers, e.g. SimpleX.
[–] [email protected] 22 points 1 week ago (2 children)

I throw in a few lies here and there to keep em guessing.

[–] [email protected] 14 points 1 week ago

Roleplaying as an argie fredo is fun sometimes

[–] [email protected] 13 points 1 week ago (1 children)

This is also my strategy, it's good to always be practicing such an important survival skill. saul-your-honor

[–] [email protected] 21 points 1 week ago* (last edited 1 week ago) (3 children)

Remember. We all live in Liberal Mt.

[–] [email protected] 11 points 1 week ago

I've been doxxed

[–] [email protected] 9 points 1 week ago* (last edited 1 week ago)

Not me, I'm the One True Communist™

[–] [email protected] 8 points 1 week ago

Jokes on you, I live on Mount Wank, Germany!

[–] [email protected] 21 points 1 week ago

Hey look it's the post that caused me to make a hexbear account

[–] [email protected] 20 points 1 week ago* (last edited 1 week ago) (10 children)

Honestly it's pretty much impossible to be anonymous these days anyway so I guess I'll live fast and die young shrug-outta-hecks

I do lie a lot though, I find that helps.

[–] [email protected] 13 points 1 week ago (1 children)

I think of it as; They might be able to find me, but if i can make them use up resources finding me that's less stuff, people hours, resources, attention t hat they'll have to find someone else. We might not be able to hide from them, but we can make it expensive to find us.

[–] [email protected] 11 points 1 week ago* (last edited 1 week ago) (1 children)

Also, the more time they waste on me, a boring nobody, the less time they'll be spending harrassing actual productive comrades.

load more comments (1 replies)
load more comments (9 replies)
[–] [email protected] 16 points 1 week ago* (last edited 1 week ago)

One thing that I've thought about:

My phone and many others automatically sync their photos and downloaded images to my Apple or Google account. If the feds thought an account was yours, that would be an easy way to confirm it.

[–] [email protected] 15 points 1 week ago

My OpSec has been lacking recently across all social media. I need to set up a new internet identity entirely but I'm too lazy for that.

[–] [email protected] 15 points 1 week ago* (last edited 1 week ago) (1 children)

I'm a strong advocate of regular account restarts. I've probably been through 20 since the site opened, due a new one now really.

load more comments (1 replies)
[–] [email protected] 15 points 1 week ago

In addition to this (and because of the inevitably of just flat being honest when posting) I have a tendency to 1.) add deliberate misinformation occasionally to poison the info (like saying I grew up on the west side of Philly, just spending most of my childhood days shooting basketball with the boys), and 2.) burn accounts after enough time has passed. My current one is long overdue for that treatment.

[–] [email protected] 14 points 1 week ago (1 children)

I don't think there are any rules, just recommendations. If a person is already publicly known, it probably doesn't matter if they keep being open about it here.

load more comments (1 replies)
[–] [email protected] 14 points 1 week ago (1 children)

i can't give this account up. i have alts but meh.

had to grab that 3 letter name.

i don't communicate like this anywhere else on the web nor have i ever (or have i???)

so yeah pick a unique style and make it different. also be vague and lie lots.

there are a few people here i trust. we've shared some mutual info so i guess mutually assured destruction or some shit. but yeah i wince every time i see a real life selfie

here's an idea: make a selfie but have it be AI generated

load more comments (1 replies)
[–] [email protected] 12 points 1 week ago (3 children)

The thing i personally think people should be focused on is compartmentalizing their internet activity. Cross-site tracking is pretty much everywhere these days. So if you have a twitter, instagram, lemmy, reddit, pintrest, whatever it is you do online. If you do not want your activity on lemmy to be linked back to those accounts you should be using a different browser for lemmy, preferably something like Librewolf. Privacy focused. If your really feeling paranoid go ahead and use TOR browser to login to lemmy. Assuming they dont block TOR connections here I've never tried.

Burning your accounts not a bad idea either. Back when i used reddit id make new accounts regularly and never use the old ones again. With lemmy i dont bother tho. Even if you make a new account regularly on a site as small as this its pretty easy to see if an account showed up around the time your old one went inactive and then followed all the same communities your old one did. Not a big assumption that is your new one then. the way you type, and words you use can also be fingerprinted and used to ID you across accounts. Of course you can take steps to prevent this type of tracking too if you want.

If what you want tho is to not get some chud sending you death threats thats pretty easy to accomplish. Make yourself a new account, dont post any personal photos, and only give very vague information about yourself. For example, How old are you? I'm in my 30s, 20s, etc. Dont say the exact number. Whats your name? Its Xiisadaddy as far as your concerned. Whats your gender? Irrelevant need to know only. Chuds arent that smart. They can only find you if you hand it to them on a silver platter.

Now let me see if i can find out some info about you from this account: Based on your profile just a quick glance tells me, your a woman, live in australia, seems like maybe you or someone you know was in the military, you live in an area with public transport that isnt good, a food desert, your landlord has a meth test cause in your lease, probably live in an apartment building, you have a niece, and siblings, and are autistic. I'm guessing late 20s, early 30s? Took me maybe 10mins to get all that. Don't feel like putting in more effort, but yeah id say you need a new account. Thats some pretty specific stuff an internet stranger just found out about you in 10 minutes. (reply to this and let me know if you want me to delete this comment btw so its gone too if you decide to get rid of your account)

Funnily enough ive been considering making a new one too this might be what pushes me to do it.

[–] [email protected] 11 points 1 week ago (2 children)

Even if you make a new account regularly on a site as small as this its pretty easy to see if an account showed up around the time your old one went inactive and then followed all the same communities your old one did.

Fortuntely, I only follow the defaults and the last time I burned my account Hexbear closed down new accounts for three days >.>

I think my main cross-account doxxing would come from artwork I personally have been created and I think both communities would enjoy. Reverse image search would out me pretty fast, especially if the post gets no traction (if a post goes viral, then its more likely it would be posted by a rando).

(I think being on hexbear and autistic doesn't actually change anything)

[–] [email protected] 10 points 1 week ago

Hexbear + Autistic is pretty much just Hexbear

[–] [email protected] 7 points 1 week ago (1 children)

Well a lot of sites track you across sites by fingerprinting your browser, cookies, stuff like that. So you dont necesarilly have to do anything for that. Its why using a different web browser helps.

[–] [email protected] 7 points 1 week ago (4 children)

How does using a different web browser per se compare to using a user-agent switching extension?

Sent from Mdewakanton Dakota lands / Sept. 29 1837Treaty with the Sioux of September 29th, 1837

"We Will Talk of Nothing Else": Dakota Interpretations of the Treaty of 1837

[–] [email protected] 8 points 1 week ago

Browser fingerprinting is complicated, there is a lot more than just user-agent.

[–] [email protected] 8 points 1 week ago

using a user-agent switching extension?

If you mean the Firefox Multi-Account Containers extension, then that's fine (although I have issues with cookie management in that), but just switching a user-agent is not enough to stop fingerprinting and cookies. Some new features like cookie bounce protection in the latest update and the enhanced tracking protection can kind of prevent this leakage, but remember that it's a numbers game and you need to be lucky always to not give anything away that could link your account to an off-site account.

[–] [email protected] 8 points 1 week ago (1 children)

Tracking scripts use way more than the user agent. In fact, only changing your user agent makes you stand out more. See EFF’s site.

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 11 points 1 week ago (1 children)

This account is the only one with this name but there are a couple users, i believe, who know my other handle. I've definitely got holes in my opsec but I'm pretty confident I'm low on the list of potential political prisoners.

I'm more worried about my cellphone data being used to track my IRL crimes so I usually just leave it at home

[–] [email protected] 10 points 1 week ago

What crimes???

load more comments
view more: ‹ prev next ›