What Is An Avatar?
While dealing with Webint & Osint research (web & open-source intelligence) and investigation, one of the first things that come to mind is the need for privacy, and the ability to research anonymously. But, lots of our data sources or platforms (especially the more interesting ones) require a profile and an online identity. At that point, you might have encountered the term ‘Avatar’ – an online entity and identity, that you can be used instead of your real personal details.
For some cases, the most basic Avatars will be enough (only Name and Email, or even a picture). Still, for more in-depth investigations, especially in social networks, or in cases we need to be approved by other members much more powerful and reliable Avatar is required.
So how can we create the perfect Avatar, that will be approved by all major social networks, and will let us conduct our investigation safely and anonymously?
Fast and Simple Avatars for easy sign-ups
In order to easily signup to any platform or online service we usually have to fill in some personal details and a valid email address. For those tasks, we can use the following tools:
Reggy – Create random identities and sign up to any site in a matter of seconds!
- Reggy is a chrome extension that automatically fil in details and a temporary mail for sign-up forms.
- It automatically generated fill identity include Full Name, Email, Password, Company, Address, Phone, and more. You can also try different identities until you find the perfect match.
If you’re good with details and need only a valid Email address for mail authentication, you can use Vebex’s Temporary Mail service.
- Vebex lets you quickly choose a name, and then generates a valid Email that you can use for sign-ups.
- After submitting the mail to any website sign-up, just check the mail on Vebex, and you’ll see any Email sent to this address.
O.K., now we’ve finished with the games, and we can start with the main issue on the line:
how to create the perfect Avatar for more in-depth investigation and profiles
While our privacy and security are a top priority, we’ll usually use a VPN for safe browsing. Additionally, some platforms won’t work if we’re browsing from other countries (especially sites for U.S audiences alone), so it’s something to consider while choosing a country. Some of the most known VPNs are – OpenVPN, Private Internet Access, CyberGhost, and NordVPN. Few Dollars a month and you can browse anonymously and privately.
Working with VPN is great, but it may raise some suspicions against us. To overcome this issue, will need to do the following;
- Cheak where your IP is coming from – it’s important to understand exactly how we’re seen to the platform and from which city and neighborhood we’re browsing (we’ll need it for later) – you can use any IP2Location service, it’s free.
- The second thing we’ll need to do is to adjust our computer date & time to the relevant country we’re browsing from. This is one of the first and more distinct ‘Red Flags’ for malicious browsing or bots.
- Additionally, it’s important to use the most up-to-date version of the browser, otherwise, you might be flagged as suspicious.
In some cases, there is a webrtc leak that can reveal your location so it always recommended to double-check your location in whoer.net and see if the VPN is working as you want.
Social Networks and other sites use Cookies to identify us while browsing. To be seen as a real person, it’s important, especially for the first time, to browse different sites (News, Sports, Recipes, etc.) and accumulate some cookies before trying to open a new profile over the social network. Cookies-less profile raises ‘Red Flag’ to most platforms.
It’s recommended not to open the social network directly from the URL bar, but to get to it from another site or search engine.
Finally, connecting 2 social networks (sign in with Facebook to Instagram for example) is very good for both platform, and increase the profile reliability significantly.
Creating our Profile
- Emails – most platform requires a valid Email address. In order to be seen legit, it’s important to use one of the common mail providers such as – Gmail (you can try to use Gmailnator for a temporary Gmail account) or Yahoo (which usually requires a mobile phone authentication). For Eastern Europe, you can also use Yandex as your mail provider or Mail.com.
- Phone number – authentication by phone is Is considered particularly reliable. if you have a clean phone number (you can buy a prepaid phone or Sim for few bucks, or to look for online services for temporary phone numbers) it will make your profile much stronger and might help to authorized you in future inspections. It’s recommended to pick a number from your browsing country.
- Address and Zip– choose an address that fits the IP you’re using.
- Name – choose a common name in the browsing country.
- Schools and Workplace – choose big Institutions or professions you might work as a freelance (so it will be logical that you don’t appear on any site or employees list)
- Profile Picture – to avoid impersonation (using other people’s pictures) we can generate pictures of people that don’t exist using Machin Learning models. Techier people can try to create their own pictures, and play with parameters, but for fast and easy image generation you can use – GENERATED PHOTOS (you can filter and customize your character), https://thispersondoesnotexist.com/ (or other equivalents you can find in google). It’s better to refresh several times and then choose the picture for you.
- Cloaking the Picture – we can also use software such as Fawkes to cloak (manipulation on search engines) our picture, so it won’t be recognized on image search engines.
Operating The Profile
The most important thing to remember is to be normal! Social networks use very sophisticated algorithms to find avatars, and they can identify suspicious and unnatural behavior of users (especially new ones). Some key rules for normal behavior;
- Do not do too many actions at once – Excessive enthusiasm seems suspicious, do not add a lot of friends in one day, do not add a lot of details about yourself at once, or do many likes. From our experience, It’s appropriate to do between 5-10 different actions a day (not include the actions that the platform suggests you do.
- Do not repeat ourselves – When we are looking for a person or company, do not repeat the same profile several times in a suspicious way (this is what is called suspicious activity, look for other profiles, and try to be effective)
- Games and Fun Activity – Playing games (from Facebook for example) raises our level of reliability (bots do not play candy-crash), playing games or other fun activities offered by the platform gives us credibility points.
- Add people from your ecosystem – add people from your city, school, and profession.
- Upload posts – another important thing to do, especially if we would like other people will approve us, is to upload relevant posts. It’s important to be aware of the main news in your browsing country and to post (or share posts) or comment on those subjects. Posts with shares, Comments, and Liked can really improve our credibility to other people (especially if our opinions match theirs 😉)
- Upload photos – profile without pictures tend to be more suspicious. You can search for photos of places or views to upload or try to design images with your face (only if you know how to do it – bad work is worst than no pictures at all. Check remove.bg, it might help with changing backgrounds and customizing photos). You can use fIlters to disguise faces while uploading more ‘normal’ pictures.
