Twitter Activist Security

Guidelines for safer resistance

Many people are starting to get politically active in ways they fear might have negative repercussions for their job, career or life. It is important to realise that these fears are real, but that public overt resistance is critical for political legitimacy. This guide hopes to help reduce the personal risks to individuals while empowering their ability to act safely.

I am not an activist, and I almost certainly don’t live in your country. These guidelines are generic with the hope that they will be useful for a larger number of people.

Existing Activist Accounts

This is good. Do not reveal information to anyone.

These guys broke pretty much every rule I have on safety, but they did use some clever techniques. Firstly they used an old account created in the UK, where US political witch hunts carry less weight. Secondly, they used a number of authors to make stylometric analysis of tweets more difficult. The more authors, the harder it is to narrow the suspect list. Finally, the content for tweets was provided via a cut out – the info was sent to an author who then crafted the post from outside the US. Of course, the security of the connection from the author to the poster is another problem.

Security Principles To Live By

The basic principles of operational security are actually very simple, they’re what we call the three Cs:

There is more to serious counterintelligence, of course, but keep these three concepts in mind. The two most important concerns will be compartmentation and concealment. In practice this means that you need to separate your resistance Twitter account from your personal life completely.

Compartmentation Rules

Concealment Rules

Practice makes perfect

Amateurs practice until they get it right, professionals practice until they can’t get it wrong

These are a lot of complicated operational rules and guides you’ll have to follow strictly and with discipline. If you “learn on the job” your mistakes will be linked to the account that you’re trying to protect. It would be best that you go through the steps and practice these rules on a non sensitive account. Make sure you’re comfortable with them, that you know how to use the tools, that you understand what you’re supposed to do and why.

Some underground organisations have something they call “the first and last mistake,” which is when you break a security rule and it leads to discovery and exposure. You’re the resistance, you need to make sure you can use the tools of resistance without mistakes – so practice where it is safe, get the newbie mistakes out of the way, and then implement and operate safely where it matters.

The Adversary

There are a number of major adversaries that could lead to deanonymization of the account user. These include, but are probably not limited to:

The capabilities, intent, and opportunity are different for each of them, and require different techniques to prevent exposure and protect yourself. Although it may seem daunting to face this much investigative power, there is a great deal of control that you have to protect yourself. Much of it does not require a lot of hard work, although maintaining a strong security posture for prolonged periods of time will require discipline.

Do: remember that most of the time authoritarian regimes don’t bother with going after small fry. It is unlikely that the full force of the state will be brought against you unless you are perceived as a problem. Your biggest threat is probably going to be talking too much, and your biggest risk is probably going to be losing your job (or similar) along with some public attention and scrutiny for a newscycle or two. It may be unpleasant, but you’ll survive. Fear of the thing is worse than the thing itself, try not to stress over it.

Mental Health Risks

Once you have mastered and implemented the technical protections and the security procedures to protect yourself, the biggest threat you will face is yourself. Creating and maintaining a secret identity can be extremely stressful and requires developing a sort of compartmented identity, a sharded ego, a fractured self. This can be very distressing and dangerous to your mental health in the long run, which is why spy handlers spend a lot of time acting as psychologists for their spies — providing the only safe place where they can speak freely about themselves and their concerns.

Do: seriously consider seeing a professional psychologist where you will be protected by patient confidentiality laws, and you will be able to talk freely about the stresses you’re under. Something to consider if it starts to feel too much.

Here are some security aware mental health experts:


As a web service, Twitter collects (and purchases from data brokers), a great deal of information about their users. This information will be available to the authorities, and to some extent the public, via subpoena and old fashioned leg work.


Additional information that is available to Twitter includes:

This information is permanently stored at Twitter and can be collected by a legal authority at any time. The authorities will want everything, all historic data, and they will look for leads. The FBI has significant expertise in handling Tor and will quickly eliminate known Tor exit nodes. Any VPN will be targeted to turn over their information, which will probably include easily identifiable billing data. A VPN running on a private host (such as Algo, or Streisand) will be followed by a request for data from the server provider – again, billing records and the IP address used to create the account will be most damning.

The safest option is to use Tor, and use it religiously. From the first signup, through every tweet and interaction.

An alternative practice would be to repurpose an old account created by someone else who will not betray you. This is still risky because the more people know about the account and the identity behind it, the more likely that info will seep out. And of course, once you have the account, always use Tor.

Short version

Support more content like this.

Update, 3 weeks later: Micah Lee wrote a similar piece over at The Intercept.