Bitwarden’s works but could potentially make you stand out as that’s not a normal username formula that most people would use. What’s a method that would make you stand out the least?
1 Like
I don’t think there’s a particularly good answer to this question, unfortunately.
On one hand, using an automatically generated username may make you stand out because it’s not something most people use.
On the other hand, not using a fully randomly generated username runs the risk of the username being tied back to you in some way (human beings are pretty bad at coming up with random things).
With anonymity, there’s always strength in numbers. If you were able to come up with a method of generating truly random usernames that a significant amount of people adopted and used, then you’d blend in.
However, I do have to ask - is this really within your threat model? It feels like your username generation method is not the biggest threat to your anonymity. I would imagine things like your style of writing among other things would be much more of a tell-tale sign, especially if you’re re-using identities within the same circle/community, or if someone’s actually trying to track your different identities across the Internet.
3 Likes
I just use a random word generator for two words, trying to look for a couple that sounds “natural” i.e something the someone would actually use. That with an email aliasing service in my opinion is pretty good.
Of course, as matchboxbananasynergy said, you always have to account for your threat model.
2 Likes
Yeah, that’s what I do. It’s actually easier than coming up with a name. I’m terribly absent minded and my password manager makes my life much easier so that I can not care who I am where. I recommend https://www.samcodes.co.uk/project/markov-namegen/. You can download the website and use it offline because it’s just javascript and runs in your browser.
I was thinking about this a few days prior along with some other laterally related stuff. I reached the conclusion that one should use a large and public set of real usernames and combine two or three of them in some way.
For example, looking at Reddit’s r/privacy I see u/Virus288, u/xhxaz, and u/Ondrashek06. I can use these usernames because they’re coming from both 1) a large set of usernames; and 2) a publicly available set that many many people have access to. Combining the three, I would perhaps get xVirushek06.
This is technically how most people come up with usernames anyway. Our brain combines words from things we’ve seen in the past, adds some variation, and voila.
However, someone could theoretically predict that two accounts from two services are the same people based on how they combined it, but that’s very theoretical and highly unlikely if done securely.
Because of this, it’s important to mention that the large and public set of real usernames should be from something that can’t be traced back to you in any meaningful way. If anyone here looked at r/privacy recently, which is clearly a high likelihood, I’m sure they’d say “hey I’ve seen that username someewhere” and perhaps even do some extra digging.
But still, if my username had been xVirushek06 instead of the random strings of characters I chose, I’d definitely fly under the radar better.
People do that?
it mush have happen to me, yeah.
For example when I was younger I was hanging on multiples “generalist” forums online.
And from time to time I’d recognize an username and then start digging about it. For example I discovered one guy that I liked was a highschool physic teacher and his name.
So if you are really really into privacy, yes it’s worth consider random usernames, because people sometimes dig.
When the forums are international, it’s harder to recognize of course, but when it’s local (city, or country forums) or multiples forums about one topic (for example cinema forums) you’ll quickly find those guys that are very implicated and with the same or almost the same username.
And you start digging just because it’s the human nature, you’re just curious.