How to Make Sock Puppet Accounts for OSINT in 2021

Source: some random .ru site

Plan the Persona

Don’t be tempted to come up with stuff on the fly. At least have these basics figured out beforehand:

  • Photo
    - This Person Does Not Exist can help with this
    - Zoom closely into the photo to look for flaws
    - If you need to edit, but don’t have Photoshop, use Photopea directly in the browser
  • Banner
    - Image search for a generic banner your persona would likely use
    - e.g. If ‘you’ are a 25-year old recruiter in the U.S., image search ‘motivational quote banner’ and download one

Use a Password Manager

As you create new accounts you’ll have to enter a lot of details about ‘you’. Your name, passwords, phone numbers, date of birth, security questions, etc. Free and open-source password managers like Bitwarden (cloud-hosted) or KeePassXC (locally hosted) can be a great way to keep track of it all.

Get a ‘Burner’ Phone

Yes, you actually need a physical phone.

Get a SIM card

A new SIM card gives you a new phone number. It does not make you anonymous. The physical device has a hardware ID that cannot be changed, so tracking different SIMs back to a single device isn’t hard. Hence, the reason you paid cash for a new device in the last step.

Go to Public Wi-Fi

You don’t want to do any of this at home or work where you’re sharing your real IP address. You also can’t use a VPN as that will almost always prevent you from creating accounts. Use a local library, mall, or coffee shop. Try to choose a location that’s not right next to your house, but is close enough to travel to. You’ll be coming back here in the future.

Download Apps

Download and install the following apps in this order:

  • Mint Mobile: Use this to activate your new, real phone number.
  • Authy (by Twilio): You will use this to setup two-factor authentication (2FA) for all of your upcoming accounts. That way, you likely won’t need the Mint Mobile phone number after the trial expires. Feel free to substitute Authy for the software-token generating 2FA app of your choice.

Set Up 2FA

Ideally, you’ll use a hardware token like YubiKey when possible. It’s not only the most secure method of using 2FA, it’s the most convenient in my opinion. Unfortunately, not every service uses it, so setup Authy (or your chosen alternative) as well.

Make Your Pillar Email Account

This is your central email account. You may setup forwarding services or other email accounts later, but you’ll want to have one primary, centralized email account everything else forwards to.

Create a VOIP Number

See, I told you you’d be setting up Google Voice. Yes, there are better options like MySudo. You could even go through the hassle of manually purchasing numbers direct from Twilio. If you have the time and patience to, feel free. But Google Voice is quick, easy, free, and you don’t care if your personas info is tracked anyway. Just pick your poison and create a VOIP number you so you’re not reliant on Mint Mobile.

Set Up Your Sock Puppet Accounts

You should have everything you need to build your accounts, be it on Facebook, Twitter, LinkedIn, Instagram, etc. Take your time, create each account from start to finish, and store all the information in your password manager during creation, in this order:

  1. Once the account is created, immediately navigate to the privacy and security settings
  2. Change the phone number from your Mint to your VOIP number
  3. Setup 2FA using Authy
  4. Completely log out of the account
  5. Log back in with your username/password from your password manager and Authy 2FA code

Build Your Account Profile

Spend some time building up your profile. Imagine you were actually that person you’re pretending to be… what would they do? Do those things. At the very least, be sure to:

  • Add the profile picture created earlier
  • Add the generic banner you downloaded earlier
  • Like or Follow a few topics relevant to your persona
  • Find a few other users interested in similar topics, like a few of their posts, and follow them (5–10 people is suffice)

Age Your Accounts

Congrats, you did it! You have working sock puppet accounts! Now, do you want to have to go through all that again in a day or two?

Privacy | Security | OSINT

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store