13 min read

Shield Your Identity: Secure Sock Puppet Strategy

Shield Your Identity: Secure Sock Puppet Strategy

When any rando can dox you, speaking in public can lose its appeal fast.

It's hard to be a digital citizen today and go about your life without fear of annoying the wrong person.

There are many legitimate reasons for needing a secure sock puppet account and creating one can be a powerful:

  • 🗣️ Express an Unpopular Opinion / Activism: In many contexts, expressing dissenting views can lead to backlash or social ostracism. A sock puppet account allows individuals to share their thoughts without fear of personal repercussions, fostering open dialogue and encouraging diverse perspectives.
  • 🛡️ Protect Against Online Harassment: For those who have been targeted by harassment, a sock puppet account can provide a crucial layer of security. It enables individuals to engage in online spaces without exposing their real identity. Both are important for mental well-being and safety
  • 👤 Avoid Unwanted Attention: Many people may want to participate in online discussions or communities without revealing their identity due to personal or professional reasons. A sock puppet account allows them to engage freely without the risk of being judged or targeted based on their real-life identity
  • 🕵️‍♂️ Conduct Research or Investigate Anonymously: In fields like journalism, academic research, or private investigation, anonymity can be essential for gathering information without influencing subjects or compromising the integrity of the research. Sock puppet accounts can help maintain confidentiality and objectivity. 

Sock puppet accounts can serve many legitimate purposes, but don't we need transparency on social platforms? Not so much in our opinion. There is no doubt that bad actors also use sock puppet accounts and that's a problem. But platforms push for transparency primarily so they can monetize us, not because it's ideal for speech. Transparency on social media is not all that big tech would like you to think it is. Studies have found that the use of real identity in social transactions can actually hinder interaction. Durable pseudonyms seem to be best.

This guide provides a comprehensive strategy for building and maintaining a sock puppet account that shields your identity effectively.

To build a secure sock puppet account, you need an anonymous email address, username, handle, a burner phone for verification (if required), and tools to protect your privacy, such as a VPN and a privacy-focused browser. A sock puppet account allows you to create an online persona that is separate from your real identity, which can be crucial for privacy and anonymity in certain situations. Below is an overview of what you'll need and the steps involved.

What is a Sock Puppet Account?

A sock puppet account is an online identity used for purposes that require anonymity, such as research, activism, or avoiding online harassment. These accounts are designed to prevent linking back to your real identity.

But creation isn't as easy as it might sound. If you want a sock puppet account to stay anonymous, you need to build it such that it can't be traced back to you.

Key Components of a Sock Puppet Account

  • Develop a New Persona: Develop a cover and a legend for your sock puppet, including a realistic name, backstory, and profile details. A strong cover and backstory (legend) make your sock puppet more believable and less likely to raise suspicion.
    • Identity Generators: Use tools like Fake Name Generator to create a new persona with realistic details, ensuring your cover story is consistent and credible.
    • Profile Picture: Use generate a realistic but fake profile picture. Services like This Person Does Not Exist might help.
  • Use a Burner Phone: Purchase a burner phone or prepaid SIM in cash to prevent linking your sock puppet activities to your personal life. This ensures that any verification process does not connect back to your main number or personal identity.
    • Recommended Services: Use TracFone or Lycamobile for easy-to-use, no-contract options.
  • Use a VPN: A VPN masks your IP address, making it appear as if you are accessing the internet from a different location. This is crucial for maintaining privacy and preventing your real IP from being traced back to you.
  • Use Tor Browser: Tor Browser routes your traffic through multiple nodes, making it much more difficult to trace your real IP address. This additional layer of privacy is important to keep your activities anonymous.
    • Download: Get the Tor Browser from the official Tor Project website.
  • Use Anonymous Email: Use an anonymous email provider to keep your communications private. This prevents any email correspondence from linking back to your personal accounts.
    • Recommended Services: ProtonMail offers end-to-end encryption and does not require personal information for sign-up. Tutanota is another great option for secure communication.

Why So Many Security Hoops?

Because you don't want to be caught out. The amount of security you need depends upon your situation. If you're hiding from really bad people, ​creating an account that might attract a lot of followers, or performing a very sensitive investigation, you do not want someone to connect you back to this new account.

And if you are not careful, there are a heck of a lot of ways a forensic investigator can make that connection. Take a look at this Ryan Macbeth video where he uses Open Source Intelligence to investigate who is behind the EndWokeness account on Twitter/X.

Sock Puppets Ending Badly

Things have gone badly for many politicians and executives when they were caught cross posting, proven to have sock puppet accounts, or simply suspected/accused of having such accounts.

🌪️ Confirmed Sock Puppet Use with Significant Fallout:

😧 Confirmed Sock Puppet Use with Less Severe Consequences:

🤔 Cases with Strong Suspicions/Accusations:

  • Kevin Durant (NBA Star)
    Durant's accidental third-person tweet strongly suggested burner account use. While embarrassing, the fallout was mostly reputational.
    Source: ESPN: Kevin Durant Open Up About Infamous Twitter Burner Account
  • J.K. Rowling (Robert Galbraith)
    Circumstantial evidence pointed to Rowling using this pseudonym on Twitter, but it was never definitively proven.
  • Ron Johnson (CEO of J.C. Penney)
    Accusations of sock-puppetry coincided with Johnson's firing, but his poor performance was likely the primary factor.
  • Louise Mensch (British MP)
    Mensch faced accusations but denied them. The similarities between the accounts and her online persona raised questions.
  • Scott Guthrie (Microsoft Executive)
    Guthrie's burner account defending Microsoft Azure was quickly deleted after being exposed.
  • Jacob Rees-Mogg (British MP)
    Suspicions of sock puppet use arose due to accounts strongly aligned with Rees-Mogg's views, but no definitive proof emerged.
  • James Gunn (Director)
    Speculation about Gunn using burner accounts added to the controversy surrounding his old tweets, contributing to his temporary firing from Disney.
  • Monica Lewinsky
    Rumors of Lewinsky using sock puppets persisted, but no concrete evidence was ever presented.
  • Rick Pitino (College Basketball Coach)
    Pitino denied accusations of using fake accounts to monitor criticism, and no evidence was found to support the claims.

Privacy Concerns to Keep in Mind

  • Browser Fingerprinting: Tools like Privacy Badger or uBlock Origin can help reduce the risk of fingerprinting. Browser fingerprinting will tie your device to an account. If it ties multiple accounts together... your privacy is at serious risk.
  • Anonymous Payments: Use prepaid cards or cryptocurrency to avoid linking payments to your identity. See our guide here for how to pay with privacy. For highest anonymity, we recommend Vanilla Visa/Mastercard Prepaid Cards.
  • Avoid Real Connections: Never follow or interact with people you know in real life. Those connections, especially early in an account's life, are often big clues to its real owner.
Our Recommendations to Reduce Risk

Here are the detailed step by step instructions for creating secure sock puppets.
[Wire subscribers and ObscureIQ clients]

Step 1: Develop Your New Persona

Creating a Believable Sock Puppet Persona

Create a Cover and Legend for your sock puppet.

  • Define Your Purpose & Security Needs
Threat Model: Understand who you are hiding from. This determines the level of detail and security required for your sock puppet. High-stakes privacy or delicate investigations demand strong anonymity measures. We always want our clients using secure communications. How far you go to wipe the connections back to you depends on the level of risk.

Do you want people to be able to trace the account back to you? Most sock puppets are pretty easy to unmask.
Ethical Considerations: Using sock puppets for stalking or harassment is unethical and potentially illegal. Never use these techniques to harm others.
  • Document Everything
    • Detailed Notes: Keep comprehensive records of your sock puppet's persona, activities, and account details. This helps with long-term maintenance and account recovery.
    • Password Management: Use a password manager to securely store and manage your sock puppet's login credentials.

Define Your Cover
This is the outward-facing identity you present to the world. For example, a 30-year-old male marketing consultant named John Smith living in Chicago, active on Twitter and LinkedIn, sharing articles about marketing trends and industry news.

Tools that can help: Character Generator, Fake Name Generator, Faux ID Generator, Merlin Profile Pic Generator, This Person Does Not Exist.

    • Basic Identity:
      • Tools that can help
        Character Generator, Fake Name Generator, Faux ID Generator
      • Username and Handle: Choose a username and handle that cannot be traced back to you. Avoid using any names or handles you've previously used.
      • Name: Common and believable, fitting the persona's age, ethnicity, and location.
      • Age and Gender: Aligned with the intended activities and interests.
      • Location: Real but not overly specific.
      • Occupation: Plausible and consistent with interests and online behavior.
    • Online Presence:
      • Tools that can help
        Merlin Profile Pic Generator, This Person Does Not Exist. PicsArt Profile Pic Maker, Fotor Avatar Creator, ArtGuru.ai
      • Visual Identity: Use a relevant profile picture that aligns with the persona's interests. Avoid procedurally generated faces (these can be easy to recognize as fake) or using other people's images (it can put them in danger). It might be wise to use a non-photographic image if you can get away with it.
      • Language Proficiency: If you plan to interact with your target, ensure you can fluently communicate in the persona's chosen language.
      • Social Media Accounts: Profiles filled with believable information and consistent interests.
      • Online Activity: Simulate genuine online activity (posting, commenting, interacting) with consistent frequency and engagement.
  • Define Your Legend: This is the detailed backstory supporting the cover, making the persona feel real. For example, John grew up in a suburb of Chicago, went to a state university, worked for a small marketing agency before moving to his current company. He's single, enjoys craft beer and hiking, and is a fan of the Chicago Cubs.
    • Background:
      • Education and Work History: Plausible and aligned with age, location, and occupation.
      • Family and Relationships: Details about family and relationships add realism.
      • Life Events: A timeline of events that shaped the persona's personality and worldview.
  • Maintaining the Illusion:
    • Personality and Interests:
      • Personality Traits: Consistent likes, dislikes, and interaction styles.
      • Interests: Believable and aligned with the background and online activities.
      • Writing Style: Consistent with the persona's personality and education level.
    • Consistency: Maintain consistency. All elements of the cover and legend must align. Ensure consistent information across all accounts associated with the sock puppet. Avoid contradictions in career, location, or interests.
    • Avoid Contradictions: No conflicting information or actions that break character.
    • Maintain the Barrier: Never link your real data or interests to your sock puppet. This can create a trail back to your true identity.

Setting Up a Sock Puppet Account

Step 2: Use a Burner Phone

  • Burner Phone Number: While using a phone number not linked to your real identity is ideal, obtaining one can be challenging. Services like Google Voice or burner apps like burner or Hushed might be options, but some platforms have started cracking down on their use for account creation.
  • Physical Burner Phone: The alternative is to purchase a physical burner phone or prepaid SIM with cash and keep it separate from other personal devices to avoid linking your sock puppet activities to your personal life.
      • Recommended Services: We like Lycamobile because of their less strict identification requirements (in many cases). But coverage can be poor at times.
    • Physical Acquisition Best Practices:
      • Cash is King: Purchase the phone and SIM card with cash from a store with minimal surveillance (avoid big chains with cameras everywhere).
      • Location Matters: Buy the phone far from where you live and where you'll use it. Consider a town you're just passing through.
      • Disguise: Alter your appearance slightly when buying the phone (hat, glasses, different clothes).
    • Physical Usage Best Practices:
      • Power Off: Keep the phone powered off when not in use to avoid location tracking.
      • Limited Use: Only use the phone for its intended sock puppet purpose. Don't install personal apps or use it for personal communication.
      • Physical Security: Store the phone securely when not in use. Consider a Faraday bag to block signals.
      • Disposal: Destroy the phone and SIM card when you're finished with them. Don't just throw them away.

Step 3: Use a VPN

  • VPN: Use a reputable VPN with a strict no-logs policy to mask your IP address. This is essential to maintain your anonymity and protect your connection. A VPN can mask your IP address, but many popular platforms flag known VPN servers, which could raise suspicion. Choose a provider with a wide range of server locations. Avoid free VPNs - they can and often will compromise your privacy.
      • Recommended VPNs: Use NordVPN, ExpressVPN, or Mullvad, which offer strong privacy policies, no-logs guarantees, and lots of servers.

Step 4: Use Tor Browser and Tools

  • Use Tor Browser: alongside your VPN for added anonymity. Tor routes your traffic through multiple nodes, making it harder to trace your real IP address.
    • Limit browser fingerprinting by disabling cookies & tracking. This can be done with browser extensions like Privacy Badger or uBlock Origin to block tracking scripts that could fingerprint your browser.

Step 5: Use Anonymous Email

  • Temporary Email Service: Creating an email address specifically for your sock puppet account is crucial. Avoid using your real name or any identifying information. Consider using a privacy-focused email provider like ProtonMail or Tutanota.

Enhancing Your Sock Puppet Account

Develop the Sock Puppet Presence

  • Post Regularly: Stay active and engage authentically, but avoid sharing anything that could be linked back to your real identity.
  • Legend Development: Consistently build the backstory of your persona, including interests and activities that align with your cover.

Activity Precautions

  • Limit Engagement: Avoid interacting with personal contacts or engaging in ways that could expose your real identity.
  • Turn Off Location Settings: Disable geolocation features to ensure no accidental location sharing.

Get a Verification Checkmark

  • Why You Want It: A verification or checkmark can really amplify your voice. It can also make it easier to accomplish other goals. If you are using the sock puppet for an investigation, a checkmark can be a trust indicator that make your cover story more believable.
  • Anonymous Payments: Use prepaid cards or cryptocurrency to maintain anonymity when paying for verification on platforms like Twitter/X. See ObscureIQ's Guide to Payment Privacy.
    • Cash Purchase: Buy prepaid cards with cash from various stores.
    • Varying Amounts: Purchase cards with different amounts to avoid creating a pattern.
    • Online Use: Use the cards for online purchases only. Don't use them for in-person transactions.

Adding Followers and Growing Your Account

  • Organic Growth: Create engaging content, post consistently, use hashtags, and interact authentically.
    • Engaging Content: Create valuable and shareable content that resonates with your target audience.
    • Consistent Posting: Maintain a regular posting schedule to keep your profile active and visible.
    • Use Hashtags: Employ a mix of popular and niche hashtags to enhance discoverability.
    • Engage Authentically: Respond to comments, ask questions, and interact with followers to build relationships.
    • Collaborate: Partner with influencers or similar accounts to expand your reach.
  • Artificial Growth: Use follow-for-follow tactics, host giveaways, or use paid promotions. Purchase followers from reputable providers, but ensure they are real and active accounts.
    • Follow-for-Follow: Follow users in your niche and engage with their content to encourage reciprocation.
    • Contests/Giveaways: Host contests that require participants to follow your account for entry.
    • Paid Promotions: Utilize social media ads to target specific demographics and boost visibility quickly.
  • Buying Followers: Buying followers can be risky, but if you choose to proceed, here are some best practices to minimize detection.
    • Opt for Quality: Purchase followers from reputable providers that offer real, active accounts rather than bots or fake profiles. This helps maintain engagement levels and reduces the likelihood of account penalties.
    • Gradual Increase: Instead of a sudden spike in followers, opt for a gradual increase (drip-feed) to mimic organic growth patterns. This minimizes red flags with algorithms.
    • Focus on Niche: Target followers relevant to your niche to enhance engagement and authenticity, making the account appear more legitimate.
    • Engagement Emphasis: Choose services that provide followers who are likely to engage with your content, improving overall interaction rates.
    • Monitor Activity: Regularly check the quality of your followers and remove inactive or suspicious accounts to maintain a healthy follower base.
Our Final Thoughts: Stay Smart and Anonymous

Final Tips and Practical Advice for Anonymity

Creating your sock puppet account is really only the beginning of the security requirements. To stay safe, you need to take care with your posting as well.

  • Avoid Cross-Posting: Never reuse content that could link your sock puppet to other accounts.
  • Maintain Consistency: Stay consistent with your persona, avoiding any personal habits or information that could compromise your anonymity.
  • Be Cautious with Identity Details: Make sure every detail matches your cover and legend, without leaving gaps that could raise suspicion.
  • Maintain Device Separation: Never mix personal devices with your sock puppet activities.
  • Stay Vigilant with Location Data: Double-check all settings to ensure no accidental location sharing.

Following these steps will help you keep your sock puppet account anonymous and secure, safeguarding your privacy in the digital space.

If this seems like too much work, you can always call ObscureIQ and hand off the heavy lifting.