WingNews logo WingNews GitHub [2]
top | item 13687929

How to Run a Rogue Gov Twitter Account with Anon Email Address and Burner Phone

229 points| secfirstmd | 9 years ago |theintercept.com | reply

135 comments

order
[+] schlowmo|9 years ago|reply
> "And finally, keep in mind that after all this, Twitter can always kick you off for their own reasons."

The problem with

anonymous e-mail address + burner phone + always use TOR to access the account

is that this doesn't play out well in the medium term. This triggers various automatic "anti-abuse" measures on Twitters side. Those measures include: random prompt for re-verification of the phone number, which fails with the burner phone number used to create the account.

It's hard (if not impossible) to maintain such an account in the long run while protecting ones identity.

[+] mirimir|9 years ago|reply
It is indeed hard to maintain Twitter accounts via Tor. Establishing accounts via Tor, using burner phones for verification, isn't hard. And there's no problem reading feeds via Tor. But tweeting via Tor, in my experience, is indeed a crap shoot. So is tweeting via commercial VPN services.

What seems to work is tweeting via private VPNs, running on anonymously-leased VPS. To route that VPN through Tor, you just run the VPN server (in TCP mode) on the VPS as an onion service.

But there's still the risk of cellphone re-verification. So for long-term accounts, you need a persistent number. One solution is to have trusted friends in other jurisdictions, who can activate the number for you when needed.

[+] elchief|9 years ago|reply
you don't need to burn the burner phone necessarily. Just take out the battery and store it somewhere safe.
[+] zepolud|9 years ago|reply
It would be very irresponsible to recommend buying a burner phone to people trying to stay anonymous. At the very least, it would give away your location even if you somehow manage to remain unrecorded by street CCTVs in the vicinity of the shop at the time of purchase. Assuming it is even possible to buy one without providing full personal details, as is required by law in most of the EU.

Twitter now not only gives platform to powerful demagogues, it is also actively stifling dissent by effectively disallowing anonymity.

[+] semi-extrinsic|9 years ago|reply
FWIW, in the UK you can buy a burner phone and SIM in cash without giving away any personal details at most supermarkets (at least Tesco and Sainsbury's). With the new EU regulations removing roaming charges, you can fly to London on holiday, and buy a UK burner phone anonymously with two years of data on it that's enough for heavy Twitter use in all of the EU for £240 + phone cost.

If you're under enough surveillance that your adversary will follow you on holiday and track all your supermarket purchases, you have bigger problems.

[+] gruez|9 years ago|reply
That was addressed in article

>Security cameras will probably record your face at the store. Most stores delete old footage on a regular basis, overwriting it with new footage. If possible, wait a week or two before you start tweeting so that the footage is already deleted by the time anyone tries to figure out your real identity.

[+] elchief|9 years ago|reply
you can always hire someone down-and-out or someone that doesn't take part in the normal economy to buy the phone for you, though of course there are risks with that too
[+] jbg_|9 years ago|reply
Can avoid having to buy a phone using https://dtmf.io/ (disclaimer: I made it)
[+] tyingq|9 years ago|reply
A pricing page would be nice. You mention a starting price, but that's not often the whole story.
[+] xkxx|9 years ago|reply
> 🇦🇺🇦🇹🇧🇪🇨🇱🇨🇿🇪🇪🇫🇮🇫🇷🇩🇪🇭🇰​🇭🇺🇮🇪🇮🇱🇱🇹🇳🇱🇳🇴🇵🇱🇸🇪🇨🇭🇬🇧

What does all those letters I see mean? I see only flags of France, Germany and the UK. Maybe it has to do something with fonts installed on my computer.

[+] thatcat|9 years ago|reply
Why did you decide not to support us #s?
[+] xkxx|9 years ago|reply
Can you elaborate on your technology stack? How do I get the phone numbers you provide for your users?
[+] mirimir|9 years ago|reply
What services do these generally work with?

Facebook? Google? Twitter?

And which not?

[+] corndoge|9 years ago|reply
The Intercept makes less and less sense over time as they run out of sensational stories to publish. Thanks for the weird opsec tutorials, I guess.
[+] tyingq|9 years ago|reply
I'm not understanding how this is a "rogue government Twitter account" versus just a "Twitter account".

Is it supposed to somehow look like an official government account?

[+] mgbmtl|9 years ago|reply
The twitter accounts are presumably run by people who are employed by agencies funded by the US government. They could lose their jobs or have funding problems because of this.

I think a more fair comparison would be to when scientists were gagged in Canada, under the Prime Minister Harper era.

One of many sad examples: http://www.cbc.ca/news/politics/harperman-tony-turner-scient... https://www.youtube.com/watch?v=Ei50lM6ab1c

Of course, it's not muzzling, it's "ethics violations".

[+] lotyrin|9 years ago|reply
It's meant to instruct hypothetical government employees working for agencies that were silenced, and wish to continue their public outreach, educating the public on issues that the current administration might disagree with.

It has an audience bigger than that (who will not likely need to go to such lengths to publicly voice dissent), but it's fairly clear about its intent.

[+] honksillet|9 years ago|reply
This is good information to have, but it was just as necessary during the previous administration.
[+] matt4077|9 years ago|reply
Nope, it wasn't.

Example: the was a State Department "dissent memo" against Obama's unwillingness to bomb/send ground troupes to Syria. Result: they got an answer (basically "this decision is hard, we share your concerns, but ultimately decided against a new war...") and that was it.

Same situation now: Spicer: "If you don't agree with us, you should quit. Diplomats should either get with the program or they can go.”

[+] pfarnsworth|9 years ago|reply
You need to turn off the phone and take out the battery every time you use the burner phone. They will be tracking the cell towers that you use, so going back and forth to the same cell towers means they can figure out pretty closely where you work and live.
[+] rdiddly|9 years ago|reply
Well it's another security/anonymity guide for beginners. ("An IP address is a set of numbers that identifies a computer...")

I'm always torn on these... like is a little info better than none, or worse than none? Example: "Tor is better than a VPN." Sure, except when the exit node is compromised, and the VPN service is a "no log" service. (Granted you would have to verify or trust any such claim.)

[+] thimk|9 years ago|reply
I may regret commenting in my real name, but I still have a vestige of belief in open opposition. For now, though, I cannot enter the US without giving my Facebook password. I have no doubts that as the new government settles in, it will up the ante on everything which could be construed as active opposition. This IS a fascist regime. It just hasn’t gotten hold of its true tools yet.
[+] xgbi|9 years ago|reply
Is this actually legal? I mean, these are public institutions funded by the people of the US. They should be allowed to communicate, no?
[+] josho|9 years ago|reply
Canada went through this a few years ago with a conservative government.

It wasn't that scientists were not allowed to communicate with the public, it was that they had to work through the PR department. The PR arm of the institutions would delay, filter, and even edit publications that touched on sensitive areas (eg. Anything remotely connected to climate change--like even fisheries related data).

Fortunately, Canada came through this period. But we did see the closure of research stations and destruction of scientific data.

So, to answer your question, many legal steps can be taken to stop, slow, of even eliminate scientific communication.

[+] nradov|9 years ago|reply
Yes it is legal for the head of the executive branch to set rules on how his underlings are allowed to communicate (except as otherwise prescribed by federal law).
[+] unknown|9 years ago|reply

[deleted]

[+] mirimir|9 years ago|reply
This is cool, and stuff, but what does it accomplish to have just a Twitter account? The hard part, I think, is protecting key datasets. Which now means leaking them. That takes some real OpSec.
[+] newman314|9 years ago|reply
Wasn't it just said recently not to use Tor Browser? Why is it being recommended here?
[+] motyar|9 years ago|reply
Why don't just outsource all things?
[+] mozumder|9 years ago|reply
> As soon as you power on your burner phone, it will connect to cell phone towers, and the phone company will know your location. So, don’t activate your phone, or keep it powered on at all, at your home or office — instead, go to a public place, like a coffee shop, before activating your new phone. Keep it powered off while you’re not using it.

Actually, don't go to a coffee-shop, either. They might have security cameras that can record you, that police can use to find out who you are.

Go into the park or forest, or any place without security cameras when using your burner phone.

[+] CurtMonash|9 years ago|reply
And don't carry another phone while you're doing this. Or, if you do, turn the power off.

(If turning the power off isn't enough to protect you, then you're probably in that group of people for whom none of these measures will wholly suffice.)

[+] elastic_church|9 years ago|reply
Too bad sigaint is down right now, and the darknet is pissed!
[+] jff|9 years ago|reply

[deleted]

[+] untog|9 years ago|reply
> Remember all the people who got disappeared right after the election because they tweeted at Trump with their real name Twitter account?

You're comparing apples and oranges here. If you work in government (and I'm in no way convinced most of these rogue accounts actually do), then the Trump administration can absolutely "disappear" your job if they trace the account back to you.

The dangers of using a real name account are very different for private citizens than they are for government employees. This is in no way specific to Trump.

[+] jdavis703|9 years ago|reply
While the example content of the article was slightly irreverent I think the bigger point is that there are people such as government workers and contractors, family members of them, etc, who want to talk about sensitive issues anonymously. No one has to disappear to CIA black sites for people to feel threatened, merely the threat of loosing your job is enough to silence many.
[+] stonogo|9 years ago|reply
How about taking all these steps so you can publicly air an informed opinion about your field of expertise without getting fired for it by a president whose catchphrase is literally "you're fired"?
[+] theptip|9 years ago|reply
The fear is that you'd lose your job, not be disappeared.
[+] ballenf|9 years ago|reply
Lots of companies have anti-Tweet policies. Enforcing such policy at these companies is not usually called "retaliation". It's just called HR doing its job.
[+] cmdrfred|9 years ago|reply
It seems everything from the left has to have this faux "resistance" air to it. The truth is they are pushing the same narratives that the FBI, CIA, NSA, numerous billionaires, the majority of the media and the majority of the voting electorate push. Conservatism is the counter-culture movement now. It's like the left grew up and decided to become "the man" that they had railed against in my youth.
[+] unknown|9 years ago|reply

[deleted]

[+] CurtMonash|9 years ago|reply
Careful with that analogy. Hitler is distinguished from other authoritarian leaders in 3 ways that echo Trump:

-- He led a particularly rich and powerful country.

-- He and his followers were particularly good at mass-media PR.

-- He is particularly famous.

But he's also distinguished in other ways that do NOT echo Trump, most notably in his mass murders.