Identity Management

For those of you who are deep into platform manipulation and sockpuppetry, you will eventually become overwhelmed by the amount of separate identities or personas (and the accounts they each use to interact with the world through the internet) that you are using for your shenanigans.

Here are some strategies you can employ to streamline your operation on almost any operating system, by using simple best practices, without having to install a whole lot of fancy or proprietary software to get it done.

Most of these strategies are built around compartmentalization. How far you decide to compartmentalize is up to you, but the options are there, and employing some of them are recommended to reduce the possibility of devastating lateral movements in case of a data breach. Some compartmentalization will ultimately help you keep everything rigidly organized too, so it serves a dual-purpose here.

While you should be using this anyways, a Password Manager will drastically simplify the task of keeping track of usernames and passwords, and store them as portable & encrypted database files. Most decent password managers will let you create categories for your passwords. This means you can have a single category for each persona that you larp as, with all of that persona's accounts neatly stashed together inside.

Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support 2FA, biometric devices, and security keys such as YubiKeys. You can even store each identity file on its own separate VM or physical machine (more on that further down).

The weakest part of most computers these days is the web browser. Since the browser is what is actually interacting with 95% of what most users do with their computer in the modern age, this is where most unwanted things are going to find their way into your machine. You can roadblock many of these things by running your browser in a jailed container, with all its own unique local dependencies included inside the container as well. There are many ways to run a browser out of a container. Some container software, like Flatpak, doubles as a package manager and update service. Flatpak is great for daily driver software on main or a virtual machine, but it is not great for a million personas on a shared environment.

The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a portable browser, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros. They also give you a straightforward means to set aside unique bookmarks, cookie storage and browser extensions on a per-persona basis, catered to whatever that persona does online.

On Linux, this is best accomplished with AppImages.

For Windows users, you are looking for Portable Apps.

Employ variation in your browsers! When you visit a web site, your user-agent (and the rest of your browser's outward “fingerprint”) can be read and analyzed, and correlated with logs from elsewhere! While you shouldn't employ needless variation in the browser's security policy, you can throw these spooks off by using different extensions with each browser install, and/or using multiple types of web browsers. You want each persona to appear as though they are accessing the site from different machines with different configurations, so to blend in to the background noise.

To maintain the outward consistency of your identities across the internet, you should set up different Virtual Private Networks (or VPN's) for each of your personas. WireGuard is going to be your tool of choice for this one, as pretty much everyone supports it, and it is a million times faster & easier to work with than the only popular alternative: OpenVPN.

You can get as complex as you want with this one. You can download different premade configuration files from different accounts at different VPN providers, name them after your personas, and load up whichever one you need at the time. You can also have a pool of different configuration files that you select at random, for each persona as well. You can even have a configuration (or pool of configurations) for each individual website your persona goes to. The main thing you are trying to avoid, bare minimum, is using two different personas on the same IP address (or even the same geographic region).

WireGuard lets you jump between VPN profiles with simple commands. For example, in terminal this would look like:

$ wg-quick up profile_1
$ wg-quick down profile_1
$ wg-quick up profile_2
$ wg-quick down profile_2
$ wg-quick up profile_2_alt

Refer to the WireGuard article for a quick primer and best practices. You can use sites like What Is My IP Address, DNS Leak Test and IP.me to make sure your VPN configuration is working. Employ a VPN Kill Switch¹⁾ to prevent IP leaks.

With those basic identity-management skills out of the way, you can infinitely build on your setup by employing advanced compartmentalization practices. The combination you choose will be dependent on the infrastructure and hardware you have available, how much free time you have to experiment, and your own personal preferences. Here are a few directions you can go:

If you have the storage space and processing power, you can set up separate tailorized VM environments for each persona (enabling you to put your password database, unique browser install and VPN profiles, all in one place). This way, nothing leaves the VM, and it automatically boots into that persona's default VPN profile of choice on startup.

Another benefit of virtual machines, is that you don't have to restrict yourself to portable browsers, since the boundaries of the VM itself are now what keep things separated. However, it still helps to keep your browsers in jailed environments in the VM. You can bundle any chat applications associated with your persona into your VM as well. You can use any operating system or virtualization software you wish for this.

If you want to break things down further, each persona can have multiple virtual machines assigned to it. For example, you can assign to a single persona:

• A Kali VM for general chat and web browsing.
• An Android VM with social media apps and an alternative browser.
• A third VM running whatever with more alternative apps.

Just as using different web browsers can throw off people looking for the same repeat fingerprints, so can using different operating systems (which is easy since there are a million variations of Linux and BSD to choose from). You can even store each VM on its own separate keydrive. Whatever fits your workflow best. There is a near infinite amount of ways to set up this kind of software stack.

You don't have to jump to a virtual machine setup immediately, either. If you know nothing about virtual machines yet, maybe just move a couple of your more disposable personas to virtual machines first, then move the rest later when you are more comfortable with it. If you use different compartmentalization methods, you may not need virtual machines at all.

Docker containers are another way to further compartmentalize things with a form of pseudo-virtualization. This is especially useful in environments with limited resources, a shared environment where you cannot run full virtual machines, and the cloud. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable containerized browsers for each of your personas with common off-the-shelf components, with the added security of OS-level virtualization.

For example, you could use HumphreyBoaGart/vmask to deploy an instance of Mozilla Firefox, with all its dependencies and your chosen VPN profile built into the container as well.

You can use entirely different pieces of hardware for each persona to further compartmentalize them. There are many ways you can do this. For example:

• You can have a keydrive with its own operating system, for each persona.
• You can split 2FA functions across multiple hardware keys, for each persona.
• You can put each persona on its own laptop or phone, which no other persona of yours will have access to.
• You may run each persona from separate virtual servers, out of different datacenters in the cloud, each paid for by different names with different anonymous payment methods.
• A persona whose character background involves video games might want to make use of browsers and apps on a gaming console (running through a VPN on your local network) to sell the fingerprint. That persona might communicate with people from that console's chat applications, as opposed to another persona, who might just use Signal or Proton Mail on a VM elsewhere.
• You may use airgapped offline devices for things like drafting posts, reading ebooks, listening to music, tracking to-do lists, or managing your personal life, preventing unintentional bleedover onto machines where you do work online, where every nuance of your habits can be studied by AI. If you are using hardware 2FA, make sure you have a spare airgapped key or two stashed away somewhere, so you can get back into your personas if your devices are stolen or lost. PIN-protect the airgapped key in case it is stolen.

Again, it all depends how far you are willing to go, and what physical resources are available to you. In some cases, it may be a lot of unnecessary extra work or money. If you have the right hardware on hand, or the right conductive habits, it may actually create less work for you in the long run. Experiment with throwaway personas and see what works best for you.

Hey kids, don't fly too close to the sun!

In the film industry, it helps some actors if they mentally become the persona they are portraying - never breaking character. This is a key technique of Method Acting, and it is one that is equally-applicable for internet larpers. Not breaking character between persona changes is known to reduce the chances of various out-of-character slip-ups, though your mileage may vary. Many Anons do not need this trick at all.

It should be noted that mental compartmentalization has long been exploited by various cults and governments, dating back to the Ancient World. Because of this, it is no surprise that modern governments have figured out how to exploit people prone to splitting, dissociation or other DID/MPD behaviors, for the purposes of information security & mind control. (The Ministry of Occult Sciences notes that people with temporal lobe dysfunctions are sometimes exploited in this manner as well.) Anonymous has verifiably encountered cases where two personas online didn't even know they were part of the same host body. Conversely, some Anons with DID deliberately make full conscious use of their system's quirks to compartmentalize their multiple digital presences, as a safeguard from external threats or saboteurs.

Be careful that you do not fall into any rabbit holes, and DO NOT forget your totem. Inexperience and poor emotional regulation can be a serious Achilles' Heel when dissociating, and send you down an endless dark path from which you may never return. Furthermore, while multiple personalities (for those without DID) can be manifested purely meditatively without external assistance, some Anons claim to channel volatile daemonia to get the job done instead. Pharmakeia & recreational drugs offer another unstable portal into this mindset. If you are not careful when you immerse yourself in this kind of manner, you could end up dead, just like Heath Ledger after he used this method to portray the Joker in the 2008 film, The Dark Knight.

Oh, and DO NOT under ANY CIRCUMSTANCES let ANYBODY induce this state in you with hypnosis, group ayahuasca ritual, occult ceremony, or any type of guided meditation! This basically gives someone a rootkit into your brain. If you cannot remain in control on your own while doing this, then it should go without saying that you SHOULD NOT be doing it at all!

• If you are not compartmentalizing your personas on their own unique VM's or devices, and instead run them all from the same machine, you might want to consider using multiple user accounts for each persona if possible. This is easier on Linux than Windows, as you can simply open a new shell in your environment and run su to jump to that persona's user account, where its VPN profile, passwords and browser are stored. Make sure the data for all the relevant files/folders is chmodded to 600/700. This way, if the browser is compromised, lateral movement to your other personas and their accounts is (somewhat) impeded. This method also lets you set up automated VPN connections upon logging in with su (using the .bash_profile or .bashrc file) so you can just open the shell, start the browser, and get to work.

• The usernames, public handles and email addresses of your personas, and the filenames of things used by those personas, do not have to match each other, at all. This is a useful obfuscation technique, if you can mentally keep track of it for it to be practical on the fly. Some people employ ciphers, rhymes or memories to keep track of which file or account goes to which persona. Some people throw it in maps or spreadsheets. Other people can remember without any of these things. Either way you do it, this will absolutely confuse intruders & spies that are trying to make sense of what goes where.

• If you are using Linux or MacOS, aliases & shell scripting (or PowerShell scripting on Windows) can further automate & simplify the execution of many of the tips on this page. Since the methods described here use common implementations of free software, they are quite conductive to being used as part of custom scripts, if you know some programming basics.