I agree that deniability from a technical perspective (such as absence of a direct link from the account on one platform to the account on the other platform and vice versa) doesn’t necessarily make it much harder to identify that it’s the same person. On the other hand, even if the username, profile picture, etc. are exactly the same, one needs to be careful about associating the accounts too quickly, especially in the case of some common/simple username—it could just be a coincidence.
It seems that things like behavior and writing style are more important to keep similar or distinct—it would take a little while longer to pick them up for an outside observer, but they seem to be much more reliable signals for linking accounts; even if the user in question denies that both accounts belong to them, I think it’s more likely that the observer just wouldn’t believe them if they know the user’s writing style.
On the other hand, even if the username, profile picture, etc. are exactly the same, one needs to be careful about associating the accounts too quickly, especially in the case of some common/simple username—it could just be a coincidence.
I agree with you. Unfortunately, many of the actors in my threat model wouldn’t.
Style and behaviour[1] can leak a bunch of info, agreed. One approach that can mitigate this to an extent is to come up with a character that is a reasonable proxy for you on the subject, and have said pseudonym consistently attempt to emulate that character[2]. This is a good skill to have anyways[3].
This is one reason to be cautious of rich text editors on websites. Leaking keystrokes as you are composing a post leaks far more info than the final text[4]. Typing in an external application and pasting in once you are done is less terrible.
Depends.
If you mean ‘some other random user on the site figuring out who you are’, yes.
If you mean ‘someone who knows you digging up dirt to toss the Twitter hoard at you’, not so much.
I agree that deniability from a technical perspective (such as absence of a direct link from the account on one platform to the account on the other platform and vice versa) doesn’t necessarily make it much harder to identify that it’s the same person. On the other hand, even if the username, profile picture, etc. are exactly the same, one needs to be careful about associating the accounts too quickly, especially in the case of some common/simple username—it could just be a coincidence.
It seems that things like behavior and writing style are more important to keep similar or distinct—it would take a little while longer to pick them up for an outside observer, but they seem to be much more reliable signals for linking accounts; even if the user in question denies that both accounts belong to them, I think it’s more likely that the observer just wouldn’t believe them if they know the user’s writing style.
I agree with you. Unfortunately, many of the actors in my threat model wouldn’t.
Style and behaviour[1] can leak a bunch of info, agreed. One approach that can mitigate this to an extent is to come up with a character that is a reasonable proxy for you on the subject, and have said pseudonym consistently attempt to emulate that character[2]. This is a good skill to have anyways[3].
This is one reason to be cautious of rich text editors on websites. Leaking keystrokes as you are composing a post leaks far more info than the final text[4]. Typing in an external application and pasting in once you are done is less terrible.
(And, to be clear, don’t emulate said character otherwise!)
It is useful for writing dialogue, and it is useful for modelling others in general.
...though even just the final text leaks a lot of info.