Protect Yourself Online
Only you are responsible for safeguarding your identity from being revealed to the wrong parties. Nobody can meaningfully tell you what safeguards you need in place for your specific situation without a lengthy information-gathering conversation and technical expertise in security and privacy. This blog post is a starting point – not an end-all guide to guaranteeing anonymity on the internet. There are ways to make de-anonymizing you extremely difficult, but they are not guarantees.
Basics of Digital Privacy
The basics of digital privacy applications for the uninitiated. These three suggestions are not foolproof, but they do give you a great start.
Use a secure device, by which I mean an iOS or Linux device. While you can use Windows and Android, you should be aware that both of these operating systems are very invasive to privacy and you're basically guaranteeing that Microsoft and/or Google will likely store your activities/interests.
Use a secure browser, and no, I don't mean Chrome (it sucks). I mean Tor or Mozilla Firefox, perhaps Brave if you'd like. If you're using Firefox, there are several add-ons you will want to add: Ublock Origin, NoScript, Decentraleyes, Canvas Blocker, and Firefox Containers are a good starting point. If you're on mobile, using a privacy browser that automatically removes your browsing history like Firefox Focus may be a good idea. DuckDuckGo is also a good app or browser to mention.
Ensure you're using an HTTPS connection at the very least. Using encrypted DNS is better, especially if you can add it to your router or your browser. Using a VPN is discussed below, but may or may not be a good idea depending on your circumstances.
Recommended Practices to Protect Your Anonymity
These are best practices for MAP communities in general.
Do not use your real name as your username or as part of your username. If you are currently using your real name, we strongly suggest that you change it as soon as possible.
Do not use an email address tied to your real identity for your social media or MAP-related accounts. Obtaining a “burner” email address from a variety of providers is free and easy. Such providers include Protonmail, Tutanota, GMX, Hushmail and others.
Do not use a nickname that you use elsewhere on the internet that is tied to your real identity. Minor attracted people have been outed by vigilantes in the past because of this reason. If you are currently using a nickname that you use in other non-related sites and is linked to your real identity, we strongly suggest that you change it as soon as possible.
Do not share your real name, location or any other information that could potentially lead to identifying you publicly in group chats or publicly (this includes pictures of yourself or your surroundings). Remember that anyone can pretend to be who they're not, so always use caution before revealing this kind of information to anyone, even in direct messages. There has been an instance in which someone operated in the MAP community for roughly 4 years before it was known they weren't who they claimed to be.
Respect others' anonymity. If you know other users by other names (real or not) from other sites or communities on the internet, do not assume everyone else knows them too. Always refer to them by the name they use in this community, and ask others to do that same with you.
Never click links, particularly shortened URLs, sent to you by people you don't trust. Some of these shortened links may be an attempt to log your IP address or download malware to your system, and can be disguised as appearing to look like YouTube links, etc. The same principle applies to email links and email attachments. If in doubt at all, check the URL via a link expander.
Be aware of what social engineering attacks are and how they can manifest. Know that there are phishing technologies that can very convincingly mimic a login page and gather your login information. Know that people can claim to be someone they aren't, and try to get information out of you. Know that despite many rules about confidentiality, nobody in any MAP community is going to be mad at you for privately inquiring about the legitimacy of any person or organization you're dealing with.
How to Stay Secure
Security is very different from privacy and anonymity, though there is some overlap.
Know what hacking is, and how you can prevent it.
Keep your passwords safe and random: Use a password manager, and use a different password for each account you have. Many free programs to manage passwords exist. I recommend: https://keepass.info Keepass has free open-source software for most operating systems, and has integration for Android and Apple devices as well as the capability of running entirely from a flash drive. There are others, such as Bitwarden, which rely on an online account. Why? If someone compromises your password on any account, the first thing they will try is using that combination on other common sites. Using a unique password for each site mitigates any one password putting the rest at risk.
Know what your privacy options are to avoid large companies from tracking you, your browsing habits, and your activities. This website has more information about a variety of technologies and recommended software, from browsers to VPN's.
Don't treat VPN's as an end-all anonymity tool. They're not, they have limitations depending on which VPN you're using, and there is legislation all over the world in different countries/localities that can impact how anonymous you are when using a VPN. Know that in most cases, your internet service provider can still see the IP address when you're on a VPN, even if it's not the one assigned to you by your router.
For the Paranoid
Similar to the previous section about security, it is your job to maintain good technology practices. Professionally, these practices are known as opsec, short for operational security, and infosec, short for informational security. This is a very simple overview of both.
Opsec is about ensuring you are technologically able to continue doing whatever it is you do. In the context of myself, since I am an advocate, this means having backup platforms with which I can do advocacy work in case one of them fails, or blocking people, or having multiple lines of communication available for people. Opsec does have some overlap with infosec.
Infosec is about ensuring the security of your information so that your data does not fall into the wrong hands. This includes things from the above section: Using a password manager, know what hacking is and how to prevent it, but it also includes things like deleting information so that it cannot be obtained later and choosing the services you use wisely. It also means guarding what information you do and do not share.
For those who are very serious (or paranoid) about their technology, I would recommend looking further into these two areas. There IS NOT a one-size-fits-all approach to either opsec or infosec. It is unique to you, what kind of attention you do or do not call to your online activities, and what your goals are.
Security practices can keep you safe, but they can also signal to a potential attacker that there is something you are trying to keep safe. The key to a good security plan is to balance out what your practices look like on the frontend. It is your job to find this balance for yourself and use the available tools here and elsewhere to make a plan and set goals that work for your situation.