The Multiple Persona Theory of Digital Secrecy

by Justice Conder

In light of the endless and ongoing privacy violations from software service providers, many privacy advocates are advising people to stop using social media and online file storage services.

While I can understand this advice, I think it's bad advice for serious technologists.  For one, you are giving up all the modem conveniences of these services.  But two, and more importantly, you are drawing attention to yourself by not using them.  Even normal, non-law enforcement people are suspicious of someone who doesn't use some form of social media.  The principle I'm trying to establish is demonstrated by the downfall of Osama bin Laden.  Consider the following accounts:

"Intelligence officials were tipped to bin Laden's suburban mansion hideout 'after noting the compound had few electronic links to the outside world.'  And in a world submerged in technology, some of which is only affordable to people who live in suburban mansions, that had to be a big, bright red flag."

      --- Time, May 02 , 2011.

"In the end, it just looked too odd for a big home, even in rural Pakistan, to have no telephone or Internet service.  'It's ... noteworthy that the property is valued at approximately $1 million but has no telephone or Internet service connected to it,' a senior administration official told reporters."

      --- nextgov.com, May 2, 2011.

The multiple persona theory of digital secrecy posits that the best approach to engaging in digital spookery is to do it under multiple personas.  That means that you use all the social media and cloud hosting services that you want for mundane and professional affairs, but you also use multiple dark personas to engage in the things you need to keep secret.  This is where you pull out the ProxyHam, Tor, PGP, Signal, SpiderOak, Cryptornator, and Tails hackery.  By adopting this approach, you exemplify the principles of the Gray Man Theory in cyberspace.

But the tradecraft doesn't stop there.  You don't just have one dark persona but multiple so that you can have a stated reason for using those services other than the one you desperately need kept totally under wraps.  In the context of file storage, this could be using something like VeraCrypt to create multiple nested encrypted drives to achieve plausible deniability.  You would have one drive contain something relatively embarrassing to throw the scent away from the other drive containing the things you need ultimately kept private.

In the context of identities, this could mean being your own contact person and playing the "I know a guy" card.  In this scenario, you would say you don't want to have anything to do with something, but you know someone who could help and you give the contact information to one of your other personas.  This could be as simple as passing on a phone number linked to another burner phone running Signal.

I don't actually think that anyone reading this post is a spy or crime boss, and I don't want to encourage lawlessness.  I simply want to make the point that people who say that you should drop social media because it's not secure are being simplistic.  Real operators are invisible in plain site.