Perfect OpSEC - Become Invisible Online
This series is for educational purposes only. To get back to top-level table click here.
Mitigate Author Profiling
Full credit for this content goes to /u/batmanrobin of dread, from this post. A shocking amount of information can be gained by just having access to a large sample of someone's writing online. Think about thousands of social media posts, a blog they write (haha I'm in danger) or whatever it is. You can read more about this from Wikipedia in the references.
UPDATE
I took an evening and built out a tool to mitigate this entirely offline, check it out here: https://github.com/salmonsec/AuthorLoki
The Guide
Here's /u/batmanrobin
's guide on how to prevent this being used on you:
Pitfall: Grammarly and translate. Google without a doubt collects, mines, and profits from the text passed through these services. At a minimum, the text that you enter on Grammarly and Google will be visible to LEO if they chose to intercept it.
Solution: Use an offline spell checker and translator if your OPSEC calls for it. If you expect that state-sponsored agencies will be targeting you, then you should do your research into getting a python script for translating text and a python script for correcting grammar and utilize both over an anonymized connection.
- Open a new TOR browser instance with a new TOR identity and navigate to protonmail.com
- Manually type in a Username, Password, but leave the recovery email field blank (IMPORTANT)
- You will be prompted for verification because you are accessing Protonmail over TOR. If solving a captcha is an option, which it rarely is, do that. It may require a couple of tries with new TOR identities, but once you get an option to verify with receiving a code to an email, select that option.
- Go to duckduckgo.com and search disposable email. You will want to go a few pages deep on the search results to find the lesser-known disposable email providers that aren’t blacklisted by Protonmail. Keep trying different disposable emails until it lets you use one for verification successfully.
- Once you have entered the verification code and you are in the email. Be a good lad and enable 2FA in security settings. (The KeepassXC password manager that comes with tails will let you generate a TOTP (2FA code) with it)
- Go to Grammarly.com and register a new account. Make sure to uncheck the “Share your data” option (doubt it does anything). Use the Protonmail you created.
- Once you are logged into Grammarly you should be able to create a new document in its web UI. You should now have 2 different tabs open. One should be on translate.google.com and the second tab should be on a blank Grammarly document.
- Prepare the text/post/etc that you want to mitigate Author Profiling/Linguistic Forensics for and paste it into the Grammarly online document.
- Use Grammarly to verify that there are no grammar or spelling errors and correct any that exist.
- On the translate to google tab, paste the Grammarly corrected text into the text to translate box. You will want to use google translate to translate the text from (SOURCE Language to Language #1 to Language #2 and so on. For example, I would translate from English to German and from German to Spanish, and from Spanish to English.
- At this point I would take the results from google and paste them back into Grammarly and correct any new grammar/spelling errors.
- Conduct one final review of your post to ensure there aren’t any formatting issues.
- You are now good to post your text in a location that is potentially monitored by LEO without sufficient forensic analysis linking your Twitter posts to your anonymous persona.
Conclusion
Try to digest the content here, this guide may very well be focused on someone with a lower risk profile but the process could be easily implemented to run all-local. This may even be a tool I go out and build, could be fun!