This is why I try to use the same name across websites. I want to be identified as the same person. Just resist the urge to post information you don't want others to have.
We often don't know what is or isn't information we don't want others to have, and it will be a lot harder, if not impossible, to delete it after-the-fact. Especially when you consider how it only takes a few innocuous data points to derive what might be information you'd rather not disclose.
The secret is multiple accounts. I too have a Brand Name Account(tm) I like to float around but it sure as heck isn’t this one.
Doing the multiple account thing isn’t as easy as it sounds though. Some sites like Reddit make switching between accounts incredibly easy while others aren’t so much. Plus laziness kicks in and soon enough your Brand Name Account gets tainted and you have to consider taking it out back to the dumpster.
Actually it should be the opposite. Claim one handle everywhere that you want people to associate as your “real” persona and then use unique names in places where you want to be controversial.
Actually, this makes it obvious why you should keep a page that contains all your links. It's easy to just make an account and pose as someone in order to destroy their reputation. It's also difficult to get unique accounts, often times my accounts overlap with existing names. Even my real name is shared with many people.
Employers who use technology like this are actually quite foolish to do so.
just to be slightly pedantic as there are still sites that have screen names vs account names where the screen name the public sees has no correlation with the account name (typically an email account).
so don't re-use email accounts across sites. SecOps matter
I have a somewhat common firstname.lastname@gmail.com and others with the same name use it pretty often. Surprisingly often it seems as if sites allow accounts to exist without email confirmation. I estimate at least 50% of the accounts out there that use my gmail is actually not me, and I like the idea of anyone trying to make sense of that data, if they can even guess that I am the Firstname Lastname that the address belongs to.
And this makes it obvious why you should use the same username everywhere!
When maintaining an official online public presence, or if you are privacy minded you likely want to "plant the flag" to stop others from impersonating you.
I strongly suggest the opposite. Collect everything and do on a personal site, do good seo on your pages, expose your content. Go totally anon for anything you don't want exposed of course. But you should expose as much of yourself as you're able and control the conversation.
Using online services require so much special attention it starts to weight up to the benefits given. Considering the risks, it is already in pair with the value delivered.
But then at this point we can take a username, take a user's posts on one site, train a LLM with these posts and ask the LLM to write comments in the style of that user on another forum/subject.
How do you even determine anymore if something is really written by someone?
Websites are already for a huge part written by bots/LLMs and we all know to take them with a huge grain of salt.
How long until we consider users posts aren't to be trusted anymore either?
It already started (impersonating usernames) for sure.
So what is this even tracking?
Heck, at this point it's nearly a guarantee we already have bots trained on outputs of other bots.
I wonder what the implication of all this is going to be.
>And this makes it obvious why you should use a unique username everywhere!
Actually I was disappointed by the post, I was hoping it will be able to find the same person regardless of the username through analyzing the writing style, what they are talking about, the timezone etc.
The username doesn't prove anything, anybody can take any username anywhere. If someone targets you, they can take usernames on platforms you haven't claimed your username yet and pretend being you and damage your reputation.
They are just gonna make fake accounts that look like yours and shitpost ahead anyways.
Social media has multiple problems, including authenticity, transparency, validity and verifiability. All of which don't exist and make it the optimum propaganda machine (referring to the criteria that Chomsky described) because it can be corrupted through multiple attack vectors.
If we want to survive this hellhole of misinformation, the mentioned criteria has to be implemented for the "next big platform" so that censorship and other legislative processes can be encountered with increased transparency and openness.
On a network/society scale it can't be driven by financial incentives to prevent corruption, ergo it must be financed by taxes. Preferably on an EU or UN legislative level to prevent political corruption of single state actors.
I don't think so. He doesn't care about the source code or want the source code. He just wants an executable file. If there was the exact same project that was closed source and had an .exe file he would have never even gone to the github.
For people who want to have a professional social presence (FB/linkedin) as well as an anonymous one (Reddit etc), it’ll be super useful to see if the accounts are truly unlinkable. Moreover if you are opening a new anonymous account, maybe a good idea to search the new username using this tool to make sure it’s not “taken”
Stylometry tools may be useful if you already have a small candidate pool of suspected aliases. They produce too many false positives to be useful for blind cross-linking of accounts. Once or twice somebody has done stylometric analysis of HN accounts and I've looked at the results for my accounts. Even though I don't try to obscure style across accounts, stylometry didn't match my actual accounts with each other. My top matches were for accounts controlled by other people.
I specifically write with different perspectives, tones, and opinions on different sites in a probably vain attempt to mitigate this.
For example, on YouTube I use twitch slang, and on Reddit I use TikTok slang, and on TikTok I use reddit slang. On hackernews a use a slightly whimsical pedantically-infused undergrad tone.
Using stats this is called stylometry and I agree this will probably be easier at scale now. You can also match posting windows, pull additional features from database dumps/hacks.
Then people will start using browser extensions that automatically "fuzz" your writing style randomly. That is, if chasing anonymity is someone's true goal.
Interesting tool, but it generates false positives. Try Sherlocking some randomly generated usernames that cannot possibly exist and it will still return results for some of the URLs in its list.
I think the "non creepy" use is really just making people aware how easy it is to correlate all your different traces online. It's like when someone released on HN a tool that would link various HN accounts (and maybe Reddit accounts too IIRC), but by looking at commenter word choice similarity.
It makes people realize that actual anonymity online is a smokescreen.
I recently Googled myself, and in the first page of results I ran across some shit AI website that scrapes random web content about people and attempts to summarize it. It got my current occupation completely and comically wrong -- as in, it has nothing at all to do with tech.
If you're trying to figure out anything about me from social media or other such random web pages, I don't care to have anything to do with you, and I don't care what you're led to believe about me. I suppose this is born of privilege, but the only contacts I care to make are directly via people I already have a relationship with.
Clean up the online footprint for someone that hires you to do so before they run for office. I don't remember every single web site I've every signed up for going back to when I started using the Internet, and neither can you.
Internet Archive likely renders that point moot, no? There a plenty of sites that index tweets outside of Twitter for example... at least there used to be
To socially harass and drive to suicide anyone that doesn't conform to the dominate cultural outlook. Think that's creepy? Well, you just made the list!
I’ve successfully used Sherlock to track down a colleague that I only connected with on MeetUp. It’s an amazing tool. Worth running on your own usernames as an easy account inventory
Remember when IPv6 decided on 128 bit addreses and defaulting to /64 blocks because someone thought using a 48-bit MAC address as the IPv6 equivalent of a port was a good idea? Fast forward a decade or two and we realize how this is a PII leak issue so nobody does it but we're still stuck with 128-bit addresses (for those who use IPv6).
There are several things that are a security issue or simply a privacy issue. These include:
- Your username (as I assume this tool is demonstrating)
- Your email address. While this is treated as your "public identity" to some extent, I think we're rapidly approaching a point where we need to not do this;
- Your phone number; and
- Your profile pic. I would advise to never use the same pic across accounts and certainly don't use services like gravatar (if that's still a thing).
Email is particularly problematic because you can end up on spam lists if a site is compromised and you can't really identify where it comes from.
What I think we need is a more integrated solution for logging in and creating throwaway addresses (eg like SimpleLogin) so it's basically seamless. Gmail seems well-positioned to do this. I honestly don't know why Google hasn't done this.
Interestingly, Facebook Groups seem to handle this kind of anonymity reasonable well. Each group your in is a separate profile. You can't find out what other groups someone is in from either their personal identity or any group's identity. Weirdly, your FB profile is associated with any pages or profiles you comment on.
It should be clear to these companies by now that people want to silo their public identities (aka pseudonomity).
> Remember when IPv6 decided on 128 bit addreses and defaulting to /64 blocks because someone thought using a 48-bit MAC address as the IPv6 equivalent of a port was a good idea?
No, I don’t, and I’m well-aware of EUI-64.
IPv6 uses 128-bit addressing because some on the design committee or making comments on the drafts thought that 64 bits might not be enough.
Readit News
It makes pervasive tracking a lot harder.
Also when you do any research on health related topics, be extra privacy conscious.
Doing the multiple account thing isn’t as easy as it sounds though. Some sites like Reddit make switching between accounts incredibly easy while others aren’t so much. Plus laziness kicks in and soon enough your Brand Name Account gets tainted and you have to consider taking it out back to the dumpster.
Such is life I guess.
Self-censor you mean?
I personally like that information anonymous account `William Shakespeare` posted around 1585–1613.
Deleted Comment
so don't re-use email accounts across sites. SecOps matter
When maintaining an official online public presence, or if you are privacy minded you likely want to "plant the flag" to stop others from impersonating you.
Deleted Comment
How do you even determine anymore if something is really written by someone?
Websites are already for a huge part written by bots/LLMs and we all know to take them with a huge grain of salt.
How long until we consider users posts aren't to be trusted anymore either?
It already started (impersonating usernames) for sure.
So what is this even tracking?
Heck, at this point it's nearly a guarantee we already have bots trained on outputs of other bots.
I wonder what the implication of all this is going to be.
Actually I was disappointed by the post, I was hoping it will be able to find the same person regardless of the username through analyzing the writing style, what they are talking about, the timezone etc.
The username doesn't prove anything, anybody can take any username anywhere. If someone targets you, they can take usernames on platforms you haven't claimed your username yet and pretend being you and damage your reputation.
>Sherlock: Hunt down social media accounts by username
I don't know why you would have been hoping for this. The title isn't exactly ambiguous.
They are just gonna make fake accounts that look like yours and shitpost ahead anyways.
Social media has multiple problems, including authenticity, transparency, validity and verifiability. All of which don't exist and make it the optimum propaganda machine (referring to the criteria that Chomsky described) because it can be corrupted through multiple attack vectors.
If we want to survive this hellhole of misinformation, the mentioned criteria has to be implemented for the "next big platform" so that censorship and other legislative processes can be encountered with increased transparency and openness.
On a network/society scale it can't be driven by financial incentives to prevent corruption, ergo it must be financed by taxes. Preferably on an EU or UN legislative level to prevent political corruption of single state actors.
Tools like these insult the users' intelligence and generate needless drama[1] the only data needed are the urls from https://github.com/sherlock-project/sherlock/blob/master/she...
[1] https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to...
Staying anonymous is very difficult
For example, on YouTube I use twitch slang, and on Reddit I use TikTok slang, and on TikTok I use reddit slang. On hackernews a use a slightly whimsical pedantically-infused undergrad tone.
Fun post applying it to HN, not sure if the site is still live: https://news.ycombinator.com/item?id=33755016
Deleted Comment
It makes people realize that actual anonymity online is a smokescreen.
If you're trying to figure out anything about me from social media or other such random web pages, I don't care to have anything to do with you, and I don't care what you're led to believe about me. I suppose this is born of privilege, but the only contacts I care to make are directly via people I already have a relationship with.
Deleted Comment
Deleted Comment
so what are you lesser relevant people worried about exactly?
There are several things that are a security issue or simply a privacy issue. These include:
- Your username (as I assume this tool is demonstrating)
- Your email address. While this is treated as your "public identity" to some extent, I think we're rapidly approaching a point where we need to not do this;
- Your phone number; and
- Your profile pic. I would advise to never use the same pic across accounts and certainly don't use services like gravatar (if that's still a thing).
Email is particularly problematic because you can end up on spam lists if a site is compromised and you can't really identify where it comes from.
What I think we need is a more integrated solution for logging in and creating throwaway addresses (eg like SimpleLogin) so it's basically seamless. Gmail seems well-positioned to do this. I honestly don't know why Google hasn't done this.
Interestingly, Facebook Groups seem to handle this kind of anonymity reasonable well. Each group your in is a separate profile. You can't find out what other groups someone is in from either their personal identity or any group's identity. Weirdly, your FB profile is associated with any pages or profiles you comment on.
It should be clear to these companies by now that people want to silo their public identities (aka pseudonomity).
No, I don’t, and I’m well-aware of EUI-64.
IPv6 uses 128-bit addressing because some on the design committee or making comments on the drafts thought that 64 bits might not be enough.
Privacy addresses are random and periodically rotated.
The IPv6 equivalent of a port is a port.