How to Be Anonymous on Twitter (X)

They say the internet is not truly anonymous. Law enforcement agencies can track users based on various data. However, there are always loopholes, and by following steps I'll introduce, it's possible to create Twitter accounts that are effectively untraceable.

How you are exposed

When using the internet, various types of data are sent to servers. The most significant piece of information is your IP address. An IP address is essential for exchanging data over the internet. Your IP address is allocated by your ISP (Internet Service Provider), which means users can be identified based on that.

IPv4 addresses are limited and often reused, i.e. identifying individuals may not always be possible. But with IPv6, it's down to the device level

If you do as you please on a BBS, the server logs your IP address, and if a court orders the owner to disclose information, they will hand over your IP address. Then they request further information from the ISP, which will hand over personal details linked to the IP address. And boom you'll get busted.

The flip side is, as long as your raw IP isn't exposed, it's extremely difficult to identify you. Besides IP addresses, browser and device fingerprints can also be used for identification, but without the IP address, they won't even know where you are.

How to Spoof Your IP Address

Mainly there are two methods to spoof your IP address.

  1. Directly changing the IP address sent from your device.
  2. Routing data through an intermediary server, which rewrites your IP address with its own.

Method (1) is technically simple. Using NAT, it’s possible to rewrite the IP address inside the IP header. However, if you do this on your device when sending data, you won't probablly be able to connect to the target website. Routers can detect and block spoofed IPs. Moreover, the TCP protocol requires a 3-way handshake to establish a connection. If the IP is rewritten, data will be sent to that address and communication will fail.

The viable option is method (2). Before data reaches its intended server, it passes through an intermediate server that replaces your IP with its own. The target server then sees the IP of this intermediate server. This server acts on your behalf, receiving data from the target server and forwarding it back to your real IP. This effectively disguise your raw IP.

For this purpose, you should use either Tor and VPN.

Tor

Tor, standing for The Onion Routing, is a technology where data is wrapped in multiple layers of encryption, like an onion’s skin, and passed through three random intermediate servers operated by volunteers.

Tor’s strength lies in routing data through three servers selected at random. Because data passes through three points, even if the site operator obtains logs from the exit node, tracing back to the user requires access to logs from the middle and entry nodes too, which are located around the world. Obtaining legal cooperation from all these jurisdictions isn't so easy.

The downside is Tor servers are volunteer-run. Users often don’t know who operates them and some servers are run by criminals or law enforcement. The limited number of volunteer servers means if someone gains control of most Tor nodes, such as KAX17, Tor’s anonymity can be compromised.

By the time traffic reaches the exit node, the layers of Tor encryption have been peeled off. If you don’t use E2E, whatever you send is visible to the exit node.

Another downside is slow speeds, making constant usage fricking irritating. Technically you can specify trusted servers for faster speeds but this sacrifices Tor’s fundamental anonymity principle.

VPN

VPN stands for Virtual Private Network and creates an encrypted, virtual network, so called VPN tunnel, between your client and a VPN server. For anonymity, it’s crucial to choose a provider carefully.

Setting up your own VPN offers no anonymity since you control the server.

Choose providers who:

  1. Declare a no-log policy audited by third parties.
  2. Have never handed user info to third parties.
  3. Operate servers in countries with strong privacy laws.

VPNs offer speed, stability, and versatility. You can select one fast server to communicate with, and the provider should maintain the server, giving high reliability. VPNs support P2P and high-speed streaming, while Tor is mostly for browsers.

The biggest VPN risk is if your provider betrays you, they can see your real IP, destinations, and unencrypted data if HTTPS isn't used. Also most decent VPN providers require paid subscriptions and free options are limited and feature-restricted.

Lost Anonymity

Even using VPN or Tor, anonymity can be compromised.

Leaks

Leaks mean your real IP address is unintentionally exposed despite VPN/Tor use. Two common types are DNS leaks and WebRTC leaks. Checking your client and browser settings can prevent these.

When using a VPN, DNS requests should go through the VPN, but misconfiguration may cause direct connection to DNS servers, exposing your real IP. This is a DNS leak.

WebRTC (Web Real-Time Communication) enables peer-to-peer audio, video, and data transfer. When leaking occurs, IP info is sent to STUN servers and through SDP packets it's exposed to the destination too. This is riskier than DNS leaks.

Disconnects from VPN/Tor

Every connection must ALWAYS go through the VPN or Tor. Set up a Kill Switch. If VPN/Tor disconnects, internet access is blocked.

Sharing Sensitive Info

Even if IP is hidden, if personal info like your real name, address, phone number, or bank account numbers are recorded or linked, they will eventually find you.

Powerful Adversaries

No system is perfectly secure. Any system can have zero-days. And you can easily imagine a powerful organization like the NSA hoards bunches of such vulnerabilities. They could break the encryption of VPNs or Tor. Popular protocols must be decently secure but who knows?

There’s also the possibility of backdoors. Some China and US-made routers come with hardcoded credentials. And never forget they can force logging or disclosure from VPN providers or Tor server operators worldwide.

How to Create and Use an Anonymous Account

How to Create

  1. Sign up with a trustworthy VPN provider, turn on Kill Switch, and always stay connected to the VPN.
  2. Install a privacy-focused browser. Brave is good.
  3. Use a privacy-first email service to create an email address.
  4. Obtain a disposable phone number for SMS authentication.
  5. Create a Twitter account using the email and phone number via the web.
  6. Remove the phone number linked to the Twitter account.

How to Use

  • Never connect to Twitter without VPN on
  • Use a web client only
  • Use a dedicated browser
  • Don’t use Twitter while logging into accounts tied to your real identity, namely Google
  • Avoid posting PII
  • Don’t get shoulder surfed

Takeaway

Just don’t be so evil and you'll prolly be fine idk