Creating a Fake Person and Deleting Yourself: Tutorial

There have been some posts going around about creating fake online identities lately. Doing this is actually a lot easier than it would at first appear. While it depends on what details the site requires, all of these can be made up easily.

As far as usernames go, if you don't want to make one up off the top of your head, there are numerous “username generators” that can accomplish this for you. Soybomb nonsense word generator is a good one, as some of the nonsense words also work well as usernames. Username Generator also works well for this.

Depending on how much detail you need, there are other sites and programs that can fill out additional personal information when necessary. Fake Person Generator, for instance, will create a detailed fake identity, including name, address, phone number, social security number, photo, credit card number, and other information! (Hopefully none of these correspond to a real person.) Beyond that, there are sites like This Person Does Not Exist, which can create incredibly realistic profile photos for such a purpose.

Once you have completed the creation of your fake person, if you are further concerned about being identified by your IP address or other identifying details, it would probably be best to use a service like Tor or a proxy server to temporarily conceal your IP address. While these are not foolproof, it is theoretically better than accessing sensitive information in the standard manner. If you are trying to find some proxy servers with decent anonymity, do this search: “:8080”+”:3128”+”:80” filetype:txt – this is a Google dork that searches for text files that contain lists of proxy servers using ports 8080, 3128, and 80. It works on other search engines besides Google as well.

VPN providers have also become a trendy topic lately, especially due to some aggressive marketing on the part of certain companies, like NordVPN. While a VPN can also help disguise your identity, it is reasonable to be careful in your choice of provider, as some VPNs have been compromised in the past, which, by extension, means that the users are compromised. The difference, with Tor, is that trust is distributed, rather than being put into a single provider: the Tor network is comprised of many different nodes and relays, which are volunteers who donate bandwidth to the network.

A list of Tor relays and stats about them

One thing to consider with all of this is your threat model, of course. What types of adversaries are you trying to protect yourself against? If it is a type of organization that has powerful investigative tools, you may need something stronger than the online name generators, for instance. One way that some accounts are compromised is through weak passwords or reused passwords. Even in 2021, the most common passwords are things like:

12345 123456789 qwerty password

The variety of password managers that exist today can at least help with this problem. Practically all of the password managers have the ability to randomly generate passwords or passphrases. For example, Bitwarden can generate passwords that are up to 128 characters long, and use letters, numbers, and special characters.

A few other password managers include KeePass, LastPass, Keeper, Dashlane, and pass (the standard Unix password manager). As with things like Unix/Linux distros and web browsers, choosing a password manager is a matter of personal taste, and what works for one person may not work for another. Try out different ones to see which one is best suited to your needs.

An alternative to standard password generators is to use the Diceware method, in which you roll some dice in order to generate a passphrase. The dice rolls are done in sets of five numbers, which correspond to word lists, and then the words are combined to make your passphrase. For example:

55364 staff 26434 fully 52434 runic

When you finish doing the dice rolls, you combine the words together to make your passphrase, and you can separate the words with punctuation if you wish, like “staff.fully.runic,” or something like that. In general, the more words you use, the stronger your passphrase is. The link above explains further how Diceware works. While it can take additional time to create a password or passphrase, the simple fact that you are not creating a human-generated password makes it slightly more difficult for an attacker to access it. Plus, if you use physical dice, the generation is being done offline. The same method can be used to generate individual characters instead of words, though this takes a bit longer.

One of the other major issues that is cause for concern, as you may know, is having tons of accounts, which is becoming more and more common in the present day. The more accounts you have on different services, the greater the likelihood that some of them will be compromised, so at the very least, you can use the password and username generators to decrease the chances of this happening. The site Just Delete Me has a large list of popular online services and social media networks, sorted alphabetically and color-coded to designate how difficult it is to delete your account. Services colored in green are easy to delete, yellow indicates medium difficulty, red indicates hard, and black indicates impossible. Beneath the name of the service are instructions on how to delete your account, if possible at all.

A list of sites on Just Delete Me

In the cases where deleting an account is impossible, the site lists the minimum amount of options you have, such as deleting any identifying information that might be in your profile, despite the fact that the profile still exists. So, in your free time, if there are accounts that you are no longer using, this list may help you comb through them and delete ones that are inactive.

You may also have heard of a site called Have I Been Pwned. This site helps you easily check if your email addresses or passwords have been compromised in a data breach. Simply type your email address or phone number into the search bar on the site, and it will tell you if it has shown up in any data breaches. In the case that it does, it would be a good idea to change the password on those accounts, or delete them altogether if you are not using them.

sites listed on Have I Been Pwned

While nothing 100% guarantees your internet anonymity, besides being offline altogether, these methods can at least help your cause. More will be discussed on this topic in the near future.