In the past, plenty of famous writers have, for one reason or another, preferred to remain anonymous. They did so by publishing their books under a pseudonym or pen name. Only their publisher needed to know their real identity.
In today's world, by contrast, publishing anything anonymously online is complicated. Internet service providers (ISPs) store records of what you are doing and when. Even worse, the entire internet and most sites you visit are full of ads and trackers designed to maximize the value of any piece of information that can be collected – and sold – about you.
We are here to describe how to create and operate a reasonably anonymous blog – reasonably, since nothing is 100% private nor secure. It's all about how much effort you are willing to put in.
The most important step, when you are dealing with one real name and one pseudonym, is to keep these two identities as separate as possible. If at any time they can be linked, game over. Encrypting your data is one thing, but of equal importance is protecting the simple fact that you have posted the data. Or had a conversation with someone. Or even just looked at a particular piece of information.
If you use the same computer for both identities, you run a high risk of mixing up your identities and therefore creating a link between the two. Performing all activities on the same machine also increases the risk of unintentionally acquiring malware.
Here are some options for minimizing this risk, on a scale from 1 (basic) to 5 (advanced).
Avoid this option as it will be extremely easy to accidentally mix up your identities.
Create two separate login accounts on your computer, one for each identity. For your pseudonym, use a dedicated, encrypted disk and a different browser. These steps will make it easier for you to keep your identities separate.
Running a separate virtual machine (such as VMware or VirtualBox) for each of your identities ensures even more separation between them. This also minimizes the risk of malware taking control of your entire computer.
Total separation is always best. Use an encrypted disk and unique, strong passwords that aren't used for anything else.
When you access the internet, you are assigned a unique IP address which is used to direct traffic to and from your computer. Any service that you normally use online keeps logs of which IP address is accessing its service and when. The first thing to do is to make sure you have an IP address that can’t be linked back to you. Her are several options, again from 1 (basic) to 5 (advanced).
Everything you do will be easy to link back to your home.
This is better than the option above, but your habits and locations can narrow down the search area quickly. If you fall into any habit, it will be relatively easy to identify you. If you access your blog even just once from your home by mistake, game over.
Bringing your normal cell phone with you to these places or paying for coffee with credit card instead of cash will make it even easier to link you to your activity.
The Tor network will assign you an IP address randomly anywhere on the planet every time you connect. In fact, you will be connected through multiple locations (multihopping) before you arrive at your intended destination, making it that much harder to trace your activity.
However, Tor's exit nodes are often black listed and therefore cannot be used with all services. Tor is also much slower than a VPN service.
By using a good VPN service provider that doesn't log anything about its users AND whose client software doesn't leak traffic, it becomes more difficult to link your activities back to you. To further cover your footprints, sign up and pay for such a service anonymously.
By using two different VPN services together, or by using one VPN service tunneled via Tor, you can be anonymous to both Tor and the VPN service provider. In other words, no one would have the whole picture about who you are and what you are doing.
This is easy to set up in Qubes OS but can be tricky on a normal computer. Using a VPN with your computer and connecting that machine to a router with Tor is one way to solve this issue.
When you sign up for a VPN service, preferably you won't need to provide any information that would allow the provider to link back to you, such as your credit card details, name, and email address.
Be sure the provider has a clear and unconditional no-fuss, non-logging policy.
If you can, avoid paying via bank or credit cards, both of which are traceable. Pay for the service with an untraceable option like cash or vouchers. Second choice is Bitcoin.
The media access control (MAC) address of a computer is a unique identifier assigned to network interfaces. If you frequently move around and connect to different WiFi networks, you might consider changing your MAC address each time you connect. If someone knows your computer's location at several different times, linking this data to online activities might become possible.
The internet browser you use for the blog should not be able to connect to the internet if your VPN is not running. Read our guide on how to configure a kill switch to prevent this from happening.
As mentioned before, the entire internet is designed with the purpose to track you. Install the tools mentioned in our guide on increasing your online privacy.
These tools will systematically block and remove cookies, ads, and other threats (such as protecting against WebRTC, DNS leaks, ensuring HTTPS, blocking ads, removing cookies, disabling Adobe Flash and Java).
Make sure you have read all the info above and are secured before continuing with the following steps.
You should create an entire fake identity that you always use when blogging – fake pen name, fake email account, fake country of birth. In other words, create a minimalistic story about your pseudonym that you stick to when signing up for your email and blog accounts. Always provide as little information as possible.
We signed up for an free email account with ProtonMail. Do not provide a recovery email!
Use your newly created pen name and email account to create the blog. You will be asked to verify your email address. We created a blog with WordPress.
Do not provide any personal information, and do not pay using credit card or bank wire which can be traced back to you. We chose the free plan.
Now we have a reasonably secure and anonymous pen name blog. But!
As we said before, if you post anything that can be linked to you, you will have destroyed all of your careful planning. Keep these last words of wisdom in mind.
Make sure you don't mention the blog or the pen name to anyone. This is most likely the hardest step.
Always disconnect and log out after accessing any blog-related information. Don’t leave your computer logged in to the blog or with open access to the encrypted disk.
Store all data related to the blog on an encrypted hard disk with a strong password. Make sure no one can access the data.
Encrypt the entire hard drive of your computer with a strong password and make encrypted backups.
Communicate using encrypted email and read our guide on the basics of encryption.
A photo’s metadata contains a ton of information about your camera and potentially where the picture was taken (GPS coordinates) and a timestamp. If you’re sharing images, there are a lot of details in the files that others can glean from. Make sure you remove unwanted metadata!
Posting a PDF, Microsoft Word document, or any type of document file may contain metadata, including the time of creation, location, your real name, and even company details if you used your work computer.
Microsoft offers the free Document Inspector for removing personal or sensitive information before you share an Office file. Similar tools for other formats exist. The best option is to not upload any files. Copy text only.
Consider using a YubiKey in order to protect from someone overseeing when you enter your password. YubiKey works by entering 50% of the password and having you type in the other 50%.