Protect Yourself Online
Only you are responsible for safeguarding your identity from being revealed to the wrong parties.
Recommended Practices to Protect Your Anonymity
Do not use your real name as your username or as part of your username. If you are currently using your real name, we strongly suggest that you change it as soon as possible.
Do not use an email address tied to your real identity for your social media or MAP-related accounts. Obtaining a “burner” email address from a variety of providers is free and easy. Such providers include Protonmail, Tutanota, GMX, Hushmail and others.
Do not use a nickname that you use elsewhere on the internet that is tied to your real identity. Minor attracted people have been outed by vigilantes in the past because of this reason. If you are currently using a nickname that you use in other non-related sites and is linked to your real identity, we strongly suggest that you change it as soon as possible.
Do not share your real name, location or any other information that could potentially lead to identifying you publicly in group chats or publicly (this includes pictures of yourself). Remember that anyone can pretend to be who they're not, so always use caution before revealing this kind of information to anyone, even in direct messages.
Respect others' anonymity. If you know other users by other names (real or not) from other sites or communities on the internet, do not assume everyone else knows them too. Always refer to them by the name they use in this community, and ask others to do that same with you.
Never click links, particularly shortened URLs, sent to you by people you don't trust. Some of these shortened links may be an attempt to log your IP address or download malware to your system, and can be disguised as appearing to look like YouTube links, etc. The same principle applies to email links and email attachments.
How to Stay Secure
Know what hacking is, and how you can prevent it: https://motherboard.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide
Keep your passwords safe (and random): Use a password manager, and use a different password for each account you have. Many free programs to manage passwords exist. I recommend: https://keepass.info Keepass has free open-source software for most operating systems, and has integration for Android and Apple devices as well as the capability of running entirely from a flash drive.
Know what your privacy options are to avoid large companies from tracking you, your browsing habits, and your activities. This website has more information, or you can ask in tech: http://privacytools.io/
For the Paranoid
Similar to the previous section about security, it is your job to maintain good technology practices. Professionally, these practices are known as opsec, short for operational security, and infosec, short for informational security.
Opsec is about ensuring you are technologically able to continue doing whatever it is you do. In the context of myself, since I am an advocate, this means having backup platforms with which I can do advocacy work in case one of them fails, or blocking trolls on Twitter so they cannot mass report me. Opsec does have some overlap with infosec.
Infosec is about ensuring the security of your information so that your data does not fall into the wrong hands. This includes things from the above section: Using a password manager, know what hacking is and how to prevent it, but it also includes things like deleting information so that it cannot be obtained later and choosing the services you use wisely.
For those who are very serious (or paranoid) about their technology, I would recommend looking further into these two areas. There IS NOT a one-size-fits-all approach to either opsec or infosec. It is unique to you, what kind of attention you do or do not call to your online activities, and what your goals are. For example, my opsec and infosec practices are more complex than someone who is just here and on Virtuous Pedophiles and may only participate in the occasional research study. This is because my name – Timothy N. Fury – is very, very public. I am on Twitter, people have done blogs about my material, etc. Most here are not that public and do not require the same level of protection.
Security practices can keep you safe, but they can also signal to a potential attacker that there is something you are trying to keep safe. The key to a good security plan is to balance out what your practices look like on the frontend. It is your job to find this balance for yourself and use the available tools here and elsewhere to make a plan and set goals that work for your situation.