
How to Run a Rogue Gov Twitter Account with Anon Email Address and Burner Phone - secfirstmd
https://theintercept.com/2017/02/20/how-to-run-a-rogue-government-twitter-account-with-an-anonymous-email-address-and-a-burner-phone/
======
schlowmo
> "And finally, keep in mind that after all this, Twitter can always kick you
> off for their own reasons."

The problem with

anonymous e-mail address + burner phone + always use TOR to access the account

is that this doesn't play out well in the medium term. This triggers various
automatic "anti-abuse" measures on Twitters side. Those measures include:
random prompt for re-verification of the phone number, which fails with the
burner phone number used to create the account.

It's hard (if not impossible) to maintain such an account in the long run
while protecting ones identity.

~~~
mirimir
It is indeed hard to maintain Twitter accounts via Tor. Establishing accounts
via Tor, using burner phones for verification, isn't hard. And there's no
problem reading feeds via Tor. But tweeting via Tor, in my experience, is
indeed a crap shoot. So is tweeting via commercial VPN services.

What seems to work is tweeting via private VPNs, running on anonymously-leased
VPS. To route that VPN through Tor, you just run the VPN server (in TCP mode)
on the VPS as an onion service.

But there's still the risk of cellphone re-verification. So for long-term
accounts, you need a persistent number. One solution is to have trusted
friends in other jurisdictions, who can activate the number for you when
needed.

~~~
stagbeetle
There are "Burner" apps out there that give you a different phone number.

I'm unsure if it'd be easier to maintain. But off the top of my head I'd think
it'd be easier to spoof.

~~~
schlowmo
Almost all numbers from free "burner apps"[0] I came across are already burned
for all major Social Networks (probably because someone else already used
those numbers for registration).

I don't know if it works with paid services, but then you have the problem of
paying for it anonymously.

[0] I guess you mean those services which offers some mobile numbers for
receiving SMS to anyone without registering.

------
zepolud
It would be very irresponsible to recommend buying a burner phone to people
trying to stay anonymous. At the very least, it would give away your location
even if you somehow manage to remain unrecorded by street CCTVs in the
vicinity of the shop at the time of purchase. Assuming it is even possible to
buy one without providing full personal details, as is required by law in most
of the EU.

Twitter now not only gives platform to powerful demagogues, it is also
actively stifling dissent by effectively disallowing anonymity.

~~~
semi-extrinsic
FWIW, in the UK you can buy a burner phone and SIM in cash without giving away
any personal details at most supermarkets (at least Tesco and Sainsbury's).
With the new EU regulations removing roaming charges, you can fly to London on
holiday, and buy a UK burner phone anonymously with two years of data on it
that's enough for heavy Twitter use in all of the EU for £240 + phone cost.

If you're under enough surveillance that your adversary will follow you on
holiday and track all your supermarket purchases, you have bigger problems.

~~~
zepolud
> If you're under enough surveillance that your adversary will follow you on
> holiday and track all your supermarket purchases, you have bigger problems.

Problem with modern surveillance is not that somebody is actively tracking
you, it's the ability to retroactively track you back with perfect accuracy
soon as you become become an inconvenience.

~~~
semi-extrinsic
Sure, for digital surveillance I get this concern. But when we're talking
about identifying that "on holiday, subject X spent some of that cash he
withdrew on a burner phone at a random supermarket he visited, not just on ice
cream and beer", then you really need significant HUMINT resources.

~~~
gknoy
> for digital surveillance I get this concern

In the context of maintaining digital anonymity against a state-level
adversary, I think that considering retroactive unmasking as part of the
threat landscape is quite reasonable.

The situation one is trying to avoid is:

\- Tyrant in power \- You try to be anonymous \- You fail, because you didn't
take enough steps to protect your tracks (when buying the phone, leasing the
VPS, accessing the VPS, etc) from retroactive investigation \- You are now
fired / jailed

Surveillance is ubiquitous enough that I suspect anonymity is nearly binary in
nature.

------
jbg_
Can avoid having to buy a phone using [https://dtmf.io/](https://dtmf.io/)
(disclaimer: I made it)

~~~
xkxx
> 🇦🇺🇦🇹🇧🇪🇨🇱🇨🇿🇪🇪🇫🇮🇫🇷🇩🇪🇭🇰​🇭🇺🇮🇪🇮🇱🇱🇹🇳🇱🇳🇴🇵🇱🇸🇪🇨🇭🇬🇧

What does all those letters I see mean? I see only flags of France, Germany
and the UK. Maybe it has to do something with fonts installed on my computer.

~~~
teach
I parse those as ISO 3166-1 alpha-2 country codes:

AU AT BE CL CZ EE FI FR DE HK HU IE IL LT NL NO PL SE CH GB

Australia, Austria, Belgium, Chile, Czech Republic, Estonia, Finland, France,
Germany, Hong Kong, Hungary, Ireland, Israel, Lithuania, Netherlands, Norway,
Poland, Sweden, Switzerland, United Kingdom

Turns out they're in alpha order by country name, too.

~~~
jameskegel
When I imagine, in my head, "hmm, how can I present a string of 20 x 2 chars,
what is the best way I can confuse the reader?" this is the exact solution I
come up with, also.

------
corndoge
The Intercept makes less and less sense over time as they run out of
sensational stories to publish. Thanks for the weird opsec tutorials, I guess.

------
tyingq
I'm not understanding how this is a "rogue government Twitter account" versus
just a "Twitter account".

Is it supposed to somehow look like an official government account?

~~~
mgbmtl
The twitter accounts are presumably run by people who are employed by agencies
funded by the US government. They could lose their jobs or have funding
problems because of this.

I think a more fair comparison would be to when scientists were gagged in
Canada, under the Prime Minister Harper era.

One of many sad examples: [http://www.cbc.ca/news/politics/harperman-tony-
turner-scient...](http://www.cbc.ca/news/politics/harperman-tony-turner-
scientist-investigation-1.3207390)
[https://www.youtube.com/watch?v=Ei50lM6ab1c](https://www.youtube.com/watch?v=Ei50lM6ab1c)

Of course, it's not muzzling, it's "ethics violations".

~~~
blakecallens
> presumably

And that's the problem with this whole article.

~~~
mgbmtl
I don't see why. It's good advice no matter what, for current or future
employees. Not to mention the author's background..

------
honksillet
This is good information to have, but it was just as necessary during the
previous administration.

~~~
matt4077
Nope, it wasn't.

Example: the was a State Department "dissent memo" against Obama's
unwillingness to bomb/send ground troupes to Syria. Result: they got an answer
(basically "this decision is hard, we share your concerns, but ultimately
decided against a new war...") and that was it.

Same situation now: Spicer: "If you don't agree with us, you should quit.
Diplomats should either get with the program or they can go.”

------
pfarnsworth
You need to turn off the phone and take out the battery every time you use the
burner phone. They will be tracking the cell towers that you use, so going
back and forth to the same cell towers means they can figure out pretty
closely where you work and live.

------
rdiddly
Well it's another security/anonymity guide for beginners. ("An IP address is a
set of numbers that identifies a computer...")

I'm always torn on these... like is a little info better than none, or worse
than none? Example: "Tor is better than a VPN." Sure, except when the exit
node is compromised, and the VPN service is a "no log" service. (Granted you
would have to verify or trust any such claim.)

------
thimk
I may regret commenting in my real name, but I still have a vestige of belief
in open opposition. For now, though, I cannot enter the US without giving my
Facebook password. I have no doubts that as the new government settles in, it
will up the ante on everything which could be construed as active opposition.
This IS a fascist regime. It just hasn’t gotten hold of its true tools yet.

------
xgbi
Is this actually legal? I mean, these are public institutions funded by the
people of the US. They should be allowed to communicate, no?

~~~
josho
Canada went through this a few years ago with a conservative government.

It wasn't that scientists were not allowed to communicate with the public, it
was that they had to work through the PR department. The PR arm of the
institutions would delay, filter, and even edit publications that touched on
sensitive areas (eg. Anything remotely connected to climate change--like even
fisheries related data).

Fortunately, Canada came through this period. But we did see the closure of
research stations and destruction of scientific data.

So, to answer your question, many legal steps can be taken to stop, slow, of
even eliminate scientific communication.

------
mirimir
This is cool, and stuff, but what does it accomplish to have just a Twitter
account? The hard part, I think, is protecting key datasets. Which now means
leaking them. That takes some real OpSec.

------
newman314
Wasn't it just said recently not to use Tor Browser? Why is it being
recommended here?

------
motyar
Why don't just outsource all things?

------
mozumder
> As soon as you power on your burner phone, it will connect to cell phone
> towers, and the phone company will know your location. So, don’t activate
> your phone, or keep it powered on at all, at your home or office — instead,
> go to a public place, like a coffee shop, before activating your new phone.
> Keep it powered off while you’re not using it.

Actually, don't go to a coffee-shop, either. They might have security cameras
that can record you, that police can use to find out who you are.

Go into the park or forest, or any place without security cameras when using
your burner phone.

~~~
CurtMonash
And don't carry another phone while you're doing this. Or, if you do, turn the
power off.

(If turning the power off isn't enough to protect you, then you're probably in
that group of people for whom none of these measures will wholly suffice.)

------
elastic_church
Too bad sigaint is down right now, and the darknet is pissed!

