How to openly maintain a single identity while keeping it private?

post by identity.key · 2022-04-03T00:53:47.096Z · LW · GW · 6 comments

This is a question post.

Contents

  Answers
    4 nim
    2 TLW
None
6 comments

Whenever I need to create an account on some platform I've not used before, I'm almost always[1] faced with a dilemma regarding my public username. I can simply use one that I already use elsewhere or I can come up with a new, unique one.

Both, in my view, have advantages and disadvantages:

The issue stems from the fact that I would like both "maintaining a single identity" of the first approach and "staying anonymous" / "keeping the identity private" of the second approach. Using the bio/about field as I mentioned above seems like the solution, but I feel like it hurts discoverability—something that I would like to have as part of "maintaining a single identity".

The reason I want to have both is that, while I appreciate being anonymous, thus being able to say more things in an open way, I would like to remain discoverable by other people who share similar interests as me, and not necessarily just one interest. I would like them to be able to look at my username on one platform, and be able to associate it with my activity on another, without them having to do much digging around my profiles to see the connection. I sometimes do this myself and am quite curious in what range of interests people can have and how they match with mine. But, at the same time, I don't want Big Data or just people with bad intentions to see any of the connections; some identities are also unfortunately linked to my real-world identity.

To that end, I have thought of making a website that would require a person to pass some form of a quiz, show what kind of interests they have (or they think I might have), before they are presented with links to my accounts on other services; but despite this being an interesting idea, it could just as well simply hurt discoverability—people might not realize something interests me or them and thus never learn about this interest[5] or may wish keep some of their interests private (i.e. don't want to explicitly enter their interests).

It's relatively easier to decide which interests to reveal to someone when you are already in contact with them privately, but to become in contact with them, you need to discover each other first.

This leads me to the questions: How could I balance remaining anonymous and keeping my interests private in general with remaining open to be discovered by people who have several matching interests / identify themselves similarly? Do many people even do the latter, or do they mostly begin communicating based on one interest (in which case, wouldn't it be inappropriate or off-topic to talk about other potential matching interests)?

 

  1. ^

    I don't necessarily face the dilemma when I really don't want the account to be associated with any other accounts I have and/or when I don't expect to be participating often anywhere where someone would want to read my username. The dilemma also comes up less when there isn't a (publicly-)searchable directory of accounts.

  2. ^

    Logging in with an account of another platform, where I already have an account, is also quite tempting because of its convenience.

  3. ^

    While writing this, I also thought of another case: it may be harder to interpret a bunch of random characters for screen reader users.

  4. ^

    As my usernames usually end up being somewhat identifying (i.e. refer to my interests), there are less opportunities to e.g. use some wordplay, but when I'm less limited by interests, I can choose something cool.

  5. ^

    This is actually discoverability in a different way—discoverability of new interests.

Answers

answer by nim · 2022-04-03T03:07:29.261Z · LW(p) · GW(p)

I personally keep my identities separated across platforms as well.

To address the problem of naming, I keep a list of names in my notes app. Sometimes strings or sounds cross my path which light the "this might make a good name someday" bulb in my head, but I can't recall them on command without writing them down then looking them up.

I find it helpful to think adversarially about what I say: If I wanted to track the person behind any of my accounts to a physical location, how would I do it? Being my own attacker helps me draw lines between what I find it appropriate to share where. Every bit of information that you share under the same identity increases an attacker's odds of finding you. For instance, sharing what company you work at is safe. Sharing what type of work you do is safe. Sharing what age you are, what gender you are, what ethnicity you are, what part of town you live in -- all safe on their own, but if someone had all those pieces at once, they could probably pinpoint you as a unique individual and look up your details in public records to find your address.

I decide whether to disclose information by how unambiguously it pins a given account to my physical identity or to another account. It's almost always fine to share superficial detail about a hobby, as long as a lot of people do it. For instance, you can share that you like playing reed instruments, or that you enjoy keeping fish. But if you get into greater detail -- if you build and play reproduction 17th century oboes, or if you're a regional champion competitive koi breeder -- you've probably doxed yourself.

It's also worth being clear about why you're separating your identities. I do it because I plan to live in the same place for a rather long time, so having my location found by anyone motivated to cause me problems would be disproportionately inconvenient.

Escalating acquaintanceship into friendship involves increasing trust and disclosing more personal information, regardless of whether it happens in physical or digital places. I think you'd do well to look closely at what you think others would gain by filling out the quiz that you propose, and look for ways that you could offer that to them directly with a lower chance of accidentally sharing more than you want to with someone you'd prefer to keep at a greater distance from yourself.

comment by Andrew Nelson · 2022-04-07T22:38:50.559Z · LW(p) · GW(p)

I like this approach of thinking adversarial about it. I’d done the same before signing up for my (eponymous) account here, but arrived at a different conclusion. Completely agree with all of your logic about combining public information to find private information.

I think my conclusion was different as 1) LessWrong is quite focused on long-term stuff, and while my interests or style change as time goes on, my name won’t so this future-proofs it; 2) I don’t expect to post anything particularly controversial (and could also make another account to do so as needed); and 3) I have a pretty common name (although I’d bet that if you searched my name on LinkedIn and played a game of “who would be most likely to be on LessWrong based on their jobs/interest/education”, your odds of picking me would be high :)

Curious to hear how others thought about the username thing?

answer by TLW · 2022-04-03T02:35:10.183Z · LW(p) · GW(p)

Here's one possible method. Note it works better the more people use it.

Generate a list of 16[1] diceware[2] passwords of length 1. Pick the one that you like best. Try it.

If the username already exists, repeat with length N+1 until you get something that works[3].

This is better than 'truly' random usernames for much the same reasons that diceware passwords are better than 'truly' random passwords. It's designed to be somewhat pronounceable and tokenizable.

  1. ^

    This parameter is tunable. 16 means you leak at most 4 bits of info here.

  2. ^
  3. ^

    Or skip directly to e.g. N=3.

6 comments

Comments sorted by top scores.

comment by Dagon · 2022-04-03T02:00:39.822Z · LW(p) · GW(p)

Who are you trying to confuse into keeping your identities separate?  Governments and big businesses use a LOT of data in their identity graphs to link accounts for things like fraud detection and ad delivery - the actual account name isn't all that important.  But the results of such linking isn't that horrific either.

If you just don't want to be noticed by regular humans across sites, you don't need much beyond deniability or a bit of doubt, which you get by default if you use a somewhat common username (say, Dagon, though the additional knowledge that I've been using it online since before the Internet existed is identifying to some).  And easily by using a minor variant on sites.

Or, as you seem to have done here, make throwaways whenever you want to dissociate from your "real" identity(ies).

Replies from: TLW, identity.key
comment by TLW · 2022-04-03T02:52:05.038Z · LW(p) · GW(p)

If you just don't want to be noticed by regular humans across sites, you don't need much beyond deniability or a bit of doubt

Depends.

If you mean 'some other random user on the site figuring out who you are', yes.

If you mean 'someone who knows you digging up dirt to toss the Twitter hoard at you', not so much.

Replies from: identity.key
comment by identity.key · 2022-04-03T18:17:15.008Z · LW(p) · GW(p)

I agree that deniability from a technical perspective (such as absence of a direct link from the account on one platform to the account on the other platform and vice versa) doesn't necessarily make it much harder to identify that it's the same person. On the other hand, even if the username, profile picture, etc. are exactly the same, one needs to be careful about associating the accounts too quickly, especially in the case of some common/simple username—it could just be a coincidence.

It seems that things like behavior and writing style are more important to keep similar or distinct—it would take a little while longer to pick them up for an outside observer, but they seem to be much more reliable signals for linking accounts; even if the user in question denies that both accounts belong to them, I think it's more likely that the observer just wouldn't believe them if they know the user's writing style.

Replies from: TLW
comment by TLW · 2022-04-09T22:00:04.167Z · LW(p) · GW(p)

On the other hand, even if the username, profile picture, etc. are exactly the same, one needs to be careful about associating the accounts too quickly, especially in the case of some common/simple username—it could just be a coincidence.

I agree with you. Unfortunately, many of the actors in my threat model wouldn't.

Style and behaviour[1] can leak a bunch of info, agreed. One approach that can mitigate this to an extent is to come up with a character that is a reasonable proxy for you on the subject, and have said pseudonym consistently attempt to emulate that character[2]. This is a good skill to have anyways[3].

  1. ^

    This is one reason to be cautious of rich text editors on websites. Leaking keystrokes as you are composing a post leaks far more info than the final text[4]. Typing in an external application and pasting in once you are done is less terrible.

  2. ^

    (And, to be clear, don't emulate said character otherwise!)

  3. ^

    It is useful for writing dialogue, and it is useful for modelling others in general.

  4. ^

    ...though even just the final text leaks a lot of info.

comment by identity.key · 2022-04-03T17:43:00.651Z · LW(p) · GW(p)

Who are you trying to confuse into keeping your identities separate?

This is a good question, I don't really have a specific threat model in mind. Obviously, I want "the bad guys" to know as little about me as possible, but I can't seem to easily define who they are and how I would identify someone as belonging to them before I had a chance to talk with that someone or at least observe their behavior for a while. Regarding the quiz idea in my question, them having similar interests (or knowing mine) doesn't guarantee that they aren't part of "the bad guys" either.

comment by TLW · 2022-04-03T02:29:47.653Z · LW(p) · GW(p)

it could just as well simply hurt discoverability—people might not realize something interests me or them and thus never learn about this interest[5] [LW(p) · GW(p)] or may wish keep some of their interests private (i.e. don't want to explicitly enter their interests).

Ditto, people could not think it's worth their time to fill out said quiz.