Final Checklist Before Anonymous Activity

Before starting anonymous activity, or right before publishing, stop once and check.

Anonymity failures do not happen only because of one major mistake. They happen when small clues accumulate and later connect.

This checklist is for checking communication, browsers, accounts, files, post content, time, and past information together.

1. Purpose and threat model

First, check what you want to protect.

If you use tools while the purpose remains vague, you will miss things.

In anonymous activity, it is natural to want to choose tools first. Will you use a VPN, use Tor, or prepare a separate device? However, if you choose tools while the purpose remains vague, what you want to protect and the measures you take will drift apart.

Do you not want your workplace to know? Do you not want the destination to see your home IP? Do you want to protect a source? Do you want to avoid connection with past accounts? Decide first what you are protecting, and from whom.

2. Communication environment

Check the connection path.

• Is the purpose of using a VPN or Tor clear?
• Is the IP visible to the destination what you expect?
• Have you checked for DNS leaks?
• Is the VPN kill switch enabled?
• Have you checked that traffic outside Tor Browser is not going out through the normal connection?
• Do you understand the risks of using public Wi-Fi or a workplace network?

The communication environment matters, but anonymity is not decided by this alone.

The communication environment is one part of anonymity. Even if you use a VPN or Tor, login state, cookies, post content, files, and time correlation remain. Conversely, if you become satisfied after looking only at the communication environment, you will fail somewhere else.

When checking the communication environment, organize "who can see what." The information visible to the ISP, VPN provider, Tor exit, destination service, Wi-Fi operator, and workplace network differs in each case.

3. Browser and login state

Always check the browser.

• Are you using a browser for anonymous use?
• Are you not logged in to a real-name account?
• Are cookies and LocalStorage cleared?
• Is browser sync not enabled?
• Have you avoided unnecessary extensions?
• If you use Tor Browser, have you avoided changing the default settings?

Login state greatly weakens anonymity.

The browser is central to anonymous practice. It is where cookies, LocalStorage, history, saved passwords, extensions, notifications, and sync gather. If you log in to a real-name account in a browser for anonymous use, a connection to you is created even if you have changed the communication path.

When a login screen appears, stop once. Check whether it is acceptable to enter that account, whether the recovery destination is on the real-name side, and whether it is acceptable for login history to remain.

4. Account

Check the registration information for accounts used anonymously.

• Are you not using a real-name email address?
• Are you not using a real-name phone number?
• Is the recovery email not connected to the real-name side?
• Is the username not similar to past accounts?
• Are the icon and profile separate from the real-name side?
• Are follower relationships not overlapping too much with the real-name side?

An account is not just a name. It is a set of identifiers.

Information entered when creating an account becomes harder to see later. Email addresses, phone numbers, recovery destinations, login devices, and registration times that are not shown in the profile remain inside the service. For accounts used anonymously, separate not only the display name, but also registration information and operating environment.

5. Files and images

Check files you will publish or share.

• Does the filename contain no personal information?
• Have you checked metadata?
• Have you checked again after removal?
• Is there no information in image backgrounds or reflections?
• Do screenshots not show notifications or account names?
• Do PDF or Office documents not contain authors, comments, or edit history?
• Were they not edited with a real-name cloud service or real-name app?

For files, check both appearance and internal information.

Files are the easiest part to overlook in a pre-publication check. Image backgrounds, PDF authors, Office document comments, screenshot notifications, video audio, and internal names in compressed files remain. Even if you remove metadata, information visible from the content or background remains.

If you use online conversion sites, external AI, cloud editing, or web-based metadata checking services, the file body or metadata may be sent externally. For high-risk files, check locally as much as possible and stop to think before handing them to external services.

6. Post content

Check text and statements.

• Have you removed your real name, place names, workplace, school, or affiliation?
• Have you removed experiences known only to people involved?
• Are specialist terms or internal terms not too strong?
• Is the writing style not similar to a real-name account?
• Are you not writing the same story as a past post?
• When multiple small pieces of information are combined, do they not narrow candidates or become strong clues?

Think about what happens when the reader is not a stranger, but someone who knows you.

Post content shows personal habits. Region, industry, school, workplace, family, specialist terms, ways of expressing anger, writing style, personal experiences. Even if you do not write your real name, people who know you may be able to narrow the candidates.

Before posting, think, "How would this text look if placed next to my past posts?" Anonymity is weakened not by a single post alone, but by overlap with past information.

7. Time and behavior

Check time correlation.

• Are you not active in the same time period as a real-name account?
• Are you not posting immediately after an event?
• Does the posting time not reveal your daily rhythm?
• Are file creation and edit times not left behind?
• Is there a rule for not giving too much additional information in replies or DMs?

Replies after posting are also part of anonymous practice.

Time connects logs to each other. When posting time, file creation time, login time, event ending time, and real-name-side activity time overlap, the flow of behavior becomes visible. The timing of replies and deletions after posting can also be seen.

If you rush to reply immediately after publication, you are more likely to give additional information. Decide how you will respond after posting before publication.

8. Final stop judgment

If there is any item you are unsure about, stop publication.

In anonymity, proceeding with "probably fine" is dangerous. Especially in high-risk situations, it is important not to post while leaving unclear points unresolved.

Information published once may remain in screenshots, archives, reposts, and search results.

The judgment to stop is an important technique in anonymous practice. Instead of moving forward while you do not understand, choose one of these: check, delay, reduce information, consult, or do not publish. In high-risk activity, it may also be necessary not to decide by yourself.

How to use the checklist

A checklist is meaningless if you only read it. Use it immediately before an action, such as before posting, before file sharing, before account creation, or before contacting a source.

You do not need to check everything at the same depth every time. However, the higher the risk of the action, the more important it is not to skip checks.

Summary

Before anonymous activity, check communication, browsers, accounts, files, post content, time, and past information together.

VPNs and Tor alone are not enough. You also need to check cookies, login state, file metadata, image backgrounds, writing style, posting time, replies, and DMs.

The purpose of the final check is not to guarantee perfection. It is to reduce clues before publication and to make the judgment to stop when there are items you are unsure about.

Related articles