Hexbear started during the 2020 BLM protests, where cops were using social media and internet presence to track down activists. They are still doing this, but with less vigor than when police stations were burning down.
This included things like using tattoos on naked bodies, etsy store receipts etc.
Just before the r/cth ban, there was also a problem with chasers and general, um… Pervy men. The space was generally masc, and steps were taken to reduce thirst-posting and the like.
These things combined means that people don’t post selfies or direct identifying information. People post their pets and artwork, but I know I have to make a decision about where and when I post things to make things non-trivial for cops or random chuds. I feel like a unique pet name, breed, and rough region could be enough to track someone down.
Even so, I think I’m bad at it. I feel like if someone knew me and read everything on hexbear they could ID me pretty easily (and I know multiple people in person on hexbear, but we’ve never exchanged usernames).
Idk if there are any hard and fast rules beyond the selfies and direct ID though. I should burn this account.
You must log in or register to comment.
This one hunna. I wish I could show you guys my pet and tell you all about him etc, he’s the best thing in the world and there are so many cool facts to share about him and his type of what he is. I’m very proud of him. But alas, it is not to be.
Someone prolific and popular here posted about a cringe food item they saw IRL and I immediately knew which country they’re from. Its hard to avoid not leaking your own info if you want to be a normal sociable and fun person on here.
I try to obfuscate by switching up my language here and there in certain ways but its not enough. my identity could be triangulated by matching metadata to posts linking out to eg youtube on the odd occasion i post a series of songs to the music comm in a given day. Fortunately other than framing Luigi for that time i shot the ceo I never really have to worry about threat vectors with the resources to ID me via that level of sophistication.
Remember to assess your threat model realistically. Problem is any random chud could recognise my pet without needing to be NSA tier, so while I dont have to be so paranoid as to avoid posting a series of music videos I’m watching, i do have to worry about shit like pets and tattoos and photos of my garden or of irl of any kind. I’m not a threat to anyone with power but my real world area does have natsocs with enough time on their hands to go walking in numbers masked up for shows of force.
I guess what I’m saying is be realistic, be reserved and dont get paralysed by the worst case scenario situations. Because we wouldn’t even be posting at all if we engaged in truly serious activities, or thought one day we might do something funny irl.
Remember they caught dread pirate roberts off a fkn historic old question he asked on stack exchange probably made long before he had any idea his little coding project might potentially attract serious heat. Its probably too late for any of us to scrub accounts and get away with cool hijinx
If you really mite do a hardcore direct action one day then yes, be paranoid af. Otherwise just make sure a nazi tourist on the site cant ID you because they happen to live nearby and see you on your daily walks with your ferret.
Hey look it’s the post that caused me to make a hexbear account
i can’t give this account up. i have alts but meh.
had to grab that 3 letter name.
i don’t communicate like this anywhere else on the web nor have i ever (or have i???)
so yeah pick a unique style and make it different. also be vague and lie lots.
there are a few people here i trust. we’ve shared some mutual info so i guess mutually assured destruction or some shit. but yeah i wince every time i see a real life selfie
here’s an idea: make a selfie but have it be AI generated
I’m pretty cavalier about my opsec just because my IRL activities are wayyyy more likely to land me in hot water than anything I post here, and all the local cops and fash already know I’m a communist because of organizing work and spreading the good word of the immortal science but I also get why we have these rules and try not to set too bad an example (except that one time I posted my halloween makeup because it was too cool not to share)
Honestly it’s pretty much impossible to be anonymous these days anyway so I guess I’ll live fast and die young
I do lie a lot though, I find that helps.
I got a DM from someone that thought I live in LA which is funny so I guess I am vague enough.
Someone here once was convinced my name was Terry.
This is now my head cannon. Gonna just start calling you Terry for the bit.
I think of it as; They might be able to find me, but if i can make them use up resources finding me that’s less stuff, people hours, resources, attention t hat they’ll have to find someone else. We might not be able to hide from them, but we can make it expensive to find us.
Also, the more time they waste on me, a boring nobody, the less time they’ll be spending harrassing actual productive comrades.
The first rule of hexbear is to not talk about hexbear.
should I get rid of my sandwich board?
i genuinely hope the cops identify and charge me with terrorism for my hexbear posts because you know what, I think this site DOES need a “stereotypical Hexbear” kind of person that’ll haunt their minds and I’m willing to be that…stay tuned folks
Hexbear needs its “r/antiwork mod on Jesse Watters” moment
my /c/selfcrit post after I show up on BBC Newshour talking about Hexbear is gonna be legendary
This account is the only one with this name but there are a couple users, i believe, who know my other handle. I’ve definitely got holes in my opsec but I’m pretty confident I’m low on the list of potential political prisoners.
I’m more worried about my cellphone data being used to track my IRL crimes so I usually just leave it at home
What crimes???
I mean there’s definitely multiple power users here who have posted more than enough to be identified by a moderately determined adversary. I think the de facto rule really is just that users decide their own level of privacy, and the no-selfies policy is mostly useless.
Anyone who has ever posted any kind of payment service handle to /c/mutual_aid could be identified by the feds if they had a reason, for example.
Yeah, I could easily be found by feds based on my account here, even admit to the crimes I’ve done on here. I actually know how to do good opsec extremely well, for reasons I don’t want to get into. At some point, I stopped giving a fuck because of the negative experiences that I associate with that level of ospec are REALLY negative.
I’m also lucky that my life is pretty much protected from doxxing. With the way I live, someone could call my employer right now with everything I’ve ever said on Hexbear and my employer would only ask why they should give a fuck. I don’t have my own lease so all public info on my potential address is wrong and only doxxes my chud parents. I’ll also never get my name legally changed because I don’t trust the state, so that will never concern me
I would definitely be pretty easily identified, but I also don’t post anything here that I wouldn’t say to someone in person or to co-workers on company chats.
They’re much more likely to use information from an account here to bolster a case against you for some action you took than to pre-crime you from your posts.
Your biggest threat here likely isn’t feds, but terminally online right wingers who can connect the dots and try to either harm you IRL, or like send your post history here to your boss.
“here random boss of some company i have no connection to: here’s an unrelated username to your employee and an IP addresses proving it’s them. maybe some unhinged shit trying to convince you their writing style is the same.”
but yeah it is a legit threat that’s why don’t put anything solid that can connect you to RL. no address, workplace name, etc. nothing that could be placed on a single page in an email and have the connection be instantly made. no HR department is going to read paragraph after paragraph of DIY OSINT that reads like one of those conspiracy walls with red string
(unless you work in a high security industry of some sort obviously)
One thing that I’ve thought about:
My phone and many others automatically sync their photos and downloaded images to my Apple or Google account. If the feds thought an account was yours, that would be an easy way to confirm it.
Imo it’s good to raze the account every year or so. I’ve been lazy and have let this one go for way too long
The thing that creeps me out most now is the availability to feed all our posts into LLMs. The tech exists now most likely to tie burner accounts together and form a more complete profile, so it’s not just what you put in an individual account but all of them. Not for chuds but for cops. I’m not even doing anything illegal but if at any point there’s a commie roundup, well…
I think I’m gonna join the bureaucracy next for another layer of opsec.
Give yourself brain damage every year to change the way you type. Or just switch between using ‘favorite’/‘favourite’, ‘color’/‘colour’, etc between accounts.
Only speak Toki Pona one year, only speak Esperanto the next…
Sent from Mdewakanton Dakota lands / Sept. 29 1837
Treaty with the Sioux of September 29th, 1837
“We Will Talk of Nothing Else”: Dakota Interpretations of the Treaty of 1837
When will someone scrape hexbear to train the ultimate TankieGPT
Would it make sense to use an offline open source LLM to rephrase your post before you make it to add an additional layer of obfuscation?
I delete my account whenever I make a really bad comment and want to avoid the heat, or when I smoked too much weed and got paranoid.
So about every 3 months.
or when I smoked too much weed and got paranoid.
Weed paranoia is the key ingredient to robust OpSec tbh
In addition to this (and because of the inevitably of just flat being honest when posting) I have a tendency to 1.) add deliberate misinformation occasionally to poison the info (like saying I grew up on the west side of Philly, just spending most of my childhood days shooting basketball with the boys), and 2.) burn accounts after enough time has passed. My current one is long overdue for that treatment.
Electronic Frontier Foundation has a good collection of articles and guides that are not just practical but teach you how to think about your own particular situation: Surveillance Self-Defense
First thing is you need to think about your “threat model”. Which means what information are you trying to protect, and why? There is no universally “best” way to do anything. Tactics that might increase security/privacy in one situation might impair it in another. Like if you are trying to avoid getting doxxed by random internet people who take a dislike to you that’s one thing, but if you are trying to avoid government (which government(s)?) spying that’s another. If you are trying to avoid government spying, is it to avoid legal prosecution, or to avoid covert interference in your organizing (ala COINTELPRO)? They can be totally different kinds of surveillance so you need to have different strategies to avoid them.
Also need to consider that making an extremely elaborate or onerous plan that you will never bother to actually enact, or requires a high degree of technical skill or perfect execution might not be practical. They might interfere with your purpose too much.
This page covers the basics of how to think about your own goals, fears and priorities. It’s very generic but is a good overview. It’s really key to think about this ongoing to avoid falling into the trap of following advise that might be perfectly reasonable for another person but counter productive for yourself.
- Use a VPN
- Limit personal identifying content that can be cross referenced. Example: I just got a plane ticket on Sunday to go to Bora Bora.
- Never post self identifying material. Example: here’s my new tattoo!
- If you post something time related that can lead to 2 or 3, change details. Basically, lie. Example: last week I went to Bora Bora. Really it was Fiji 3 months ago.
- Don’t give them a reason to want to investigate you. There’s plenty of Left leaning folk (some of whom probably are pretty far up in corporate and/or government spaces) who quite frankly aren’t worth going after. The time and energy it would take to round up people who just think differently, the opposition doesn’t have (most likely).
- Change your profile on the reg. Personally I don’t do this, or do I? (SEE #4)
- Go periods of time without posting. The more you post, the more you will likely have a signature in the way you post, what you post about, and who you interact with.
- Delete posts (not sure how effective this is but if I feel like my posts are rearing too close to #2 or #3 I’ll go back and delete them).
Anyhow I just booked my trip to Uzbekistan via cruise liner where I intend on instigating the revolution by introducing vegan pilaf. During this time I will only post Kelly emoji to convey my progress. o7 o7 o7
Go periods of time without posting.
I have no superiors to relieve me of my duty. You bulldozed them all to a mass grave for trying to free humanity.Go periods of time without posting. The more you post, the more you will likely have a signature in the way you post, what you post about, and who you interact with.
Nice try mods, you will never make me touch grass.
lol
Skeleton at the bottom of the ocean meme
that is exactly how I feel
Afaik the implementation of Lemmy this is a real problem due to federation to other instances, you can post things here that end up somewhere you don’t want them to and if you delete them it’s not certain if they will also be deleted there as well. It’s been stated for a long time but it’s one or the other really, you can’t have a decentralized social media without federation, and you can’t have full privacy with federation. I might very likely be wrong about the specifics of this, but this should be also taken in account when considering to post something more personal.
21·22 hours agoThis is correct. Anyone can implement the activity pub specification (what Lemmy uses for federation) without implementing the delete parts. Sending delete to a federated site is nothing more than a “pretty please remove this”
Edit: to be fair, anything put publicly on the internet can be downloaded and saved forever, its just that activity pub also pushes (compared to normally where things are only stored on one entity’s servers) stuff out to who knows which servers
