Hexbear started during the 2020 BLM protests, where cops were using social media and internet presence to track down activists. They are still doing this, but with less vigor than when police stations were burning down.
This included things like using tattoos on naked bodies, etsy store receipts etc.
Just before the r/cth ban, there was also a problem with chasers and leering objectification, and steps were taken to reduce thirst-posting and the like.
These things combined means that people don’t post selfies or direct identifying information. People post their pets and artwork, but I know I have to make a decision about where and when I post things to make things non-trivial for cops or random chuds. I feel like a unique pet name, breed, and rough region could be enough to track someone down.
Even so, I think I’m bad at it. I feel like if someone knew me and read everything on hexbear they could ID me pretty easily (and I know multiple people in person on hexbear, but we’ve never exchanged usernames).
Idk if there are any hard and fast rules beyond the selfies and direct ID though. I should burn this account.
Edit: removed reference to masculinity
lol
Skeleton at the bottom of the ocean meme
that is exactly how I feel
My biggest opsec is just deleting 90% of my post before I actually post them.
I have done that, but honestly hexbear is the one I’ve done the least with
There’s definitely value in spiking your posts with false data to obscure who you are and where you live. Lie about where you live or travel to, what car you drive or where you work/have worked. If you think you’ve revealed a bit too much about yourself, burn your account and make a new one, or better yet, gradually move from one account to another so it’s harder for people to track you to your new acct. Blur out backgrounds in photos you share that may have things like licence plates on cars, shop names or street signs. Think critically about how a drip feed of PII (personally identifiable information) may not be enough to pin you as one individual, but enough yo narrow it to, say, 100 or so who may go to a certain bar or venue, or live on a certain street. A sufficiently motivated chud may think that those odds are good enough to shift from online to offline work and potential harrassment.
For example, I once was a roadie for Pink Floyd, I drive a maserati and live at Mawson base in Antarctica where I research the interactions of penguin guano on endemic moss populations.
I’ve never heard anyone outside aad talk about the fucking moss lol
Yeh it’s its own whole thing. We also have to be careful about our other excreta impacting local microbiota. With warming on the continent even the hormones from our thawing peepee can leech and throw stuff out of whack.
Also my Maserati is purple
Does your Maserati do 185?
Hoo wee you bet it does 185 kph. I’ve only ever driven it at legal and appropriate speeds, though
I’m just a straight man living it big in New Mexico. I HATE weed not a fan of that at all. Love to go out with the boys and hunt some feral hogs such is life in texas
I am a 52 year old white man living in New Hampshire, working on growing my general contracting business and writing letters to the J6 patriots
I used to delete all my comments on occassion. Nowadays I just add false information about my self at times
This is the way.
Am I 20? Am I 40? Do I live in NYC or Arkansas? Who’s to say?
I’m posting from loch ness
You MONSTER
Actually I’m an ancap at heart, I work as a fintech consultant in a think tank and I believe the government should just let businessmen do business. Come at me
That’s crazy I work there too!
Wait a sec……
Is that you Charlie??? I’m frank we used to huff paint behind the Home Depot before work
No, I’m Charlie and damn I miss those days. I believe @iByteABit is Jeff in accounting.
I mean there’s definitely multiple power users here who have posted more than enough to be identified by a moderately determined adversary. I think the de facto rule really is just that users decide their own level of privacy, and the no-selfies policy is mostly useless.
Anyone who has ever posted any kind of payment service handle to /c/mutual_aid could be identified by the feds if they had a reason, for example.
Yeah, I could easily be found by feds based on my account here, even admit to the crimes I’ve done on here. I actually know how to do good opsec extremely well, for reasons I don’t want to get into. At some point, I stopped giving a fuck because of the negative experiences that I associate with that level of ospec are REALLY negative.
I’m also lucky that my life is pretty much protected from doxxing. With the way I live, someone could call my employer right now with everything I’ve ever said on Hexbear and my employer would only ask why they should give a fuck. I don’t have my own lease so all public info on my potential address is wrong and only doxxes my chud parents. I’ll also never get my name legally changed because I don’t trust the state, so that will never concern me
I would definitely be pretty easily identified, but I also don’t post anything here that I wouldn’t say to someone in person or to co-workers on company chats.
They’re much more likely to use information from an account here to bolster a case against you for some action you took than to pre-crime you from your posts.
Your biggest threat here likely isn’t feds, but terminally online right wingers who can connect the dots and try to either harm you IRL, or like send your post history here to your boss.
“here random boss of some company i have no connection to: here’s an unrelated username to your employee and an IP addresses proving it’s them. maybe some unhinged shit trying to convince you their writing style is the same.”
but yeah it is a legit threat that’s why don’t put anything solid that can connect you to RL. no address, workplace name, etc. nothing that could be placed on a single page in an email and have the connection be instantly made. no HR department is going to read paragraph after paragraph of DIY OSINT that reads like one of those conspiracy walls with red string
(unless you work in a high security industry of some sort obviously)
It’s good to practice opsec for sure, but I don’t think posting on Hexbear will ever get you in any sort of real trouble.
Even if anti-communism is in full swing, you’re more likely to get popped by someone at your local bar while you’re drunkenly rambling about Karl Marx than you are for posting to an obscure semi-anonymous forum.
Just remember that if you do end up in court and your posts here are linkable to you, you’ll have them read aloud to a jury.
i genuinely hope the cops identify and charge me with terrorism for my hexbear posts because you know what, I think this site DOES need a “stereotypical Hexbear” kind of person that’ll haunt their minds and I’m willing to be that…stay tuned folks
Hexbear needs its “r/antiwork mod on Jesse Watters” moment
my /c/selfcrit post after I show up on BBC Newshour talking about Hexbear is gonna be legendary
Afaik the implementation of Lemmy this is a real problem due to federation to other instances, you can post things here that end up somewhere you don’t want them to and if you delete them it’s not certain if they will also be deleted there as well. It’s been stated for a long time but it’s one or the other really, you can’t have a decentralized social media without federation, and you can’t have full privacy with federation. I might very likely be wrong about the specifics of this, but this should be also taken in account when considering to post something more personal.
- ∞ 🏳️⚧️Edie [it/its, she/her, fae/faer, love/loves, ze/hir, des/pair, none/use name, undecided]@hexbear.netEnglish25·10 days ago
This is correct. Anyone can implement the activity pub specification (what Lemmy uses for federation) without implementing the delete parts. Sending delete to a federated site is nothing more than a “pretty please remove this”
Edit: to be fair, anything put publicly on the internet can be downloaded and saved forever, its just that activity pub also pushes (compared to normally where things are only stored on one entity’s servers) stuff out to who knows which servers
- Use a VPN
- Limit personal identifying content that can be cross referenced. Example: I just got a plane ticket on Sunday to go to Bora Bora.
- Never post self identifying material. Example: here’s my new tattoo!
- If you post something time related that can lead to 2 or 3, change details. Basically, lie. Example: last week I went to Bora Bora. Really it was Fiji 3 months ago.
- Don’t give them a reason to want to investigate you. There’s plenty of Left leaning folk (some of whom probably are pretty far up in corporate and/or government spaces) who quite frankly aren’t worth going after. The time and energy it would take to round up people who just think differently, the opposition doesn’t have (most likely).
- Change your profile on the reg. Personally I don’t do this, or do I? (SEE #4)
- Go periods of time without posting. The more you post, the more you will likely have a signature in the way you post, what you post about, and who you interact with.
- Delete posts (not sure how effective this is but if I feel like my posts are rearing too close to #2 or #3 I’ll go back and delete them).
Anyhow I just booked my trip to Uzbekistan via cruise liner where I intend on instigating the revolution by introducing vegan pilaf. During this time I will only post Kelly emoji to convey my progress. o7 o7 o7
Go periods of time without posting. The more you post, the more you will likely have a signature in the way you post, what you post about, and who you interact with.
Nice try mods, you will never make me touch grass.
Go periods of time without posting.
I have no superiors to relieve me of my duty. You bulldozed them all to a mass grave for trying to free humanity.
My pets are the cutest but my op sec game is too strong
That’s pretty much my reason for never posting any of my overwhelmingly cute animals. Plus if I was in their position I wouldn’t want them posting my pictures online, no matter how cute I look.
Prove it
Good post and should be stickied.
The culture generally leans towards anonymity but there’s some leeway for how much you personally.fond necessary. I’ve got a record, anything I post here really doesnt matter, it’s posting consistent with my arrest record. But I still try to.be vague and keep a general culture of relative anonymity going on. I’ve described my tattoos but I’d never post a picture of them, I’ll post pics of the inside of my house but not my house. If you go through my lists it’s pretty easy to tell.ehat city I live in but I’ve never explicitly said so. I’d say probably my piss poor level of personal security is thr bare minimum and I’m a bit internationally sloppy cause if feds are looking me up.its gonna get a we’ll established file and it’s a waste of their time. Others, maybe not so much. Just be cautious, there’s people out here to whom jail is less of a big deal. Be a cautious cat as standard practice.
Electronic Frontier Foundation has a good collection of articles and guides that are not just practical but teach you how to think about your own particular situation: Surveillance Self-Defense
First thing is you need to think about your “threat model”. Which means what information are you trying to protect, and why? There is no universally “best” way to do anything. Tactics that might increase security/privacy in one situation might impair it in another. Like if you are trying to avoid getting doxxed by random internet people who take a dislike to you that’s one thing, but if you are trying to avoid government (which government(s)?) spying that’s another. If you are trying to avoid government spying, is it to avoid legal prosecution, or to avoid covert interference in your organizing (ala COINTELPRO)? They can be totally different kinds of surveillance so you need to have different strategies to avoid them.
Also need to consider that making an extremely elaborate or onerous plan that you will never bother to actually enact, or requires a high degree of technical skill or perfect execution might not be practical. They might interfere with your purpose too much.
This page covers the basics of how to think about your own goals, fears and priorities. It’s very generic but is a good overview. It’s really key to think about this ongoing to avoid falling into the trap of following advise that might be perfectly reasonable for another person but counter productive for yourself.
The first rule of hexbear is to not talk about hexbear.
should I get rid of my sandwich board?
I know I’m bad about it. I delete my account every couple of months but I bet a dedicated person could track me down based on my posts.
Though I’ll say that in the real world I’ve gotten more guff for not having a mainstream social media account than for openly expressing my communist views. Even lost a job offer over it once (though I consider that a bullet dodged) because I had shared with them my linkdin acct that only has my resume and they wanted to check a Facebook acct that I’ve never had.
Imo it’s good to raze the account every year or so. I’ve been lazy and have let this one go for way too long
The thing that creeps me out most now is the availability to feed all our posts into LLMs. The tech exists now most likely to tie burner accounts together and form a more complete profile, so it’s not just what you put in an individual account but all of them. Not for chuds but for cops. I’m not even doing anything illegal but if at any point there’s a commie roundup, well…
I think I’m gonna join the bureaucracy next for another layer of opsec.
I delete my account whenever I make a really bad comment and want to avoid the heat, or when I smoked too much weed and got paranoid.
So about every 3 months.
or when I smoked too much weed and got paranoid.
Weed paranoia is the key ingredient to robust OpSec tbh
Give yourself brain damage every year to change the way you type. Or just switch between using ‘favorite’/‘favourite’, ‘color’/‘colour’, etc between accounts.
Only speak Toki Pona one year, only speak Esperanto the next…
Sent from Mdewakanton Dakota lands / Sept. 29 1837
Treaty with the Sioux of September 29th, 1837
“We Will Talk of Nothing Else”: Dakota Interpretations of the Treaty of 1837
When will someone scrape hexbear to train the ultimate TankieGPT
Asking TankieGPT the ultimate question about Communism and it replies with “Beanis”
That’s what BlackMoldFutures was.
Would it make sense to use an offline open source LLM to rephrase your post before you make it to add an additional layer of obfuscation?
For voicing your opinion about activism,
I’d recommend to at least use:- A burner account,
do not post your opinion through your daily account. - A paid, no-log VPN or Tor when posting.
Above should cover the needs of most people.
But if you think you’re a high profile target,
then following would also be smart:- Alter you writing,
do not post in similar writing as your main account, e.g. if you usually capitalize each sentence, don’t, if you usually use emoji’s, don’t etc etc. - Use a privacy oriented OS to post on,
e.g. no Windows, no Apple, no closed source Android fork, but do use QubesOS, or TailsOS, or GrapheneOS. - Only use chat clients with E2EE (End to End Encryption) and without identifiers, e.g. SimpleX.
- A burner account,