🧦
Put Your Socks On
A guide to creating and maintaining non-attributable research personas (Sock Puppets) for safe OSINT investigations.
🎭
What is a Sock Puppet?
In OSINT, a Sock Puppet is a fake online identity used to conduct research without revealing your true identity or affiliation.
Whether you're investigating extremist groups, corporate fraud, or just protecting your privacy, a well-built sock puppet ensures that your "digital footprint" doesn't lead back to your real life, family, or employer.
💻
1. Infrastructure
- Use a dedicated Virtual Machine (VM) or a separate physical device.
- Never use your home IP. Use high-quality mobile proxies or public Wi-Fi.
- Consider using a travel router for hardware-level isolation.
👤
2. Identity
- Generate a realistic but fake face using ThisPersonDoesNotExist.
- Create a consistent backstory using FakeNameGenerator.
- Stay consistent: keep notes on your persona's birthday, hometown, and interests.
📱
3. Verification
- Use burner SIM cards for 2FA when possible.
- Utilize specialized SMS services (non-VoIP) for account verification.
- Never link your personal phone number or recovery email.
✉️
4. Accounts
- Use clean browsers or Firefox Containers to isolate sessions.
- Use fresh email addresses from providers like Proton or Tuta.
- Avoid disposable emails (GuerrillaMail) as they are often flagged and blocked.
⚠️ The Golden Rule of OPSEC
Never cross-contaminate.
Never log into a personal account on a sock puppet device, and never log into a sock puppet account on a personal device. One mistake can permanently link your real identity to your research persona.