Everyday it seems to get harder and harder to make sock puppet (i.e. ‘fake’) accounts for OSINT research. Services want more information. They require real (non-VOIP) phone numbers. They assume using a VPN = sketchy.
Personally, I blame Russian troll farms.
Regardless of the reasons and restraints, there’s good news for us OSINT investigators. As long as they want to stay in business and grow, the services have to let new users sign up. So all we have to do is convince them that that’s what we are — legit, new users.
As of March, 2021, these are the exact steps I’ve found to be most successful when trying to create a new sock puppet account from scratch. Keep in mind, things change quickly. Websites go down. Apps change. Services adapt. Just like during an investigation, we have to be able to pivot as well.
Follow this sock puppet creation guide step-by-step, in chronological order, and you’ll not only build your accounts today, but learn the process for the future. I’ll try to keep this updated but if you come across any errors, or outdated instructions, feel free to email me at email@example.com.
Plan the Persona
Don’t be tempted to come up with stuff on the fly. At least have these basics figured out beforehand:
- FakeNameGenerator can help with this
- This Person Does Not Exist can help with this
- Zoom closely into the photo to look for flaws
- If you need to edit, but don’t have Photoshop, use Photopea directly in the browser
- Image search for a generic banner your persona would likely use
- e.g. If ‘you’ are a 25-year old recruiter in the U.S., image search ‘motivational quote banner’ and download one
Use a Password Manager
As you create new accounts you’ll have to enter a lot of details about ‘you’. Your name, passwords, phone numbers, date of birth, security questions, etc. Free and open-source password managers like Bitwarden (cloud-hosted) or…