Skip to main content


I have a friend who is being harassed and threatened semi-anonymously via Facebook. She knows *who* it is, but Facebook and Police are characteristically being uselss.

I am kinda useless at this side of deanonymization, but does anyone have advice or resources for deanonymizing enough to get cops to move?

#infosec #batsignal

Jonathan Lamothe reshared this.

in reply to silverwizard

My suggestion: Shut down FB. #Zuckerberg could care less about what happens there & will not help in any way, shape or form.
in reply to silverwizard

I shut down my FB account years ago. Curious as to why she can’t …….
in reply to silverwizard

that sounds like a horrible situation. I'm a little confused how she could be being harassed on FB if she's made her account Friends Only and then unfriended anyone who is nasty, though. You don't have to be wide open to the public, there (unless you are trying to run a business).

Locking her account down only addresses stopping that avenue for the harasser, though. It doesn't address getting the cops to handle threats. But is her harasser using multiple FB accounts?

in reply to chiasm

@chiasm the harasser is using one account under a fake name. But it's someone she knows and credibly can harm her. They're just keeping the threats under a fake name.
in reply to silverwizard

that's a toughie, for those of us not used to hacking the system like that. Can she screen shot the threats, with date and time and user name, then block that user and see if the same threats show up under another name? That should at least be a start for FB, to show there's a pattern. Proving who it is, though, that I'm not sure about. Can she explain why she thinks she knows who it is? That and the screen shots might be enough to have a conversation with a lawyer.
in reply to chiasm

@chiasm yeah, that's the steps she took on her own, but they all want *proof* not just "this is the person who threatened me in real life. and now a random facebook account with no other activity has escalated.
in reply to silverwizard

oh wait--what do they say constitutes "proof"? Push back on that.
in reply to chiasm

@chiasm yeah, they claim they need an IP, which someone below gave me an idea to collect
in reply to silverwizard

@silverwizard Facebook requires users to use their legal name, so you can report any account with pseudonym and they have a chance to be locked until the user submits a government ID and their display name will be changed to what’s written on it.

It won’t directly address the harassment but it might help with the identification part of the police process.

in reply to Hypolite Petovan

@Hypolite Petovan Yeah - I just worry they'll abandon the account and make another. It's already a burner. But thanks.
in reply to silverwizard

The hell about this is someone goes, "I have a credible threat from this person" and the police response is "Well, did you already do the investigation?"

And now I'm out here trying to be calm, rational, and legal because I don't want to ruin things.

in reply to silverwizard

I'm not sure if this is effective, but she might gather that evidence she has and file for a restraining order. Then she goes to the police with that if the harasser continues.
in reply to Rivetgeek (He/Him)

@Rivetgeek (He/Him) Restraining orders suuuuuuck in Ontario - but it's possible. You kinda need to prove immediate harm - but that's hard and the system is saying that it can't prove who it is >.<

A rare time when US restraining orders are the good things.

in reply to silverwizard

if you can host a file on a site where you can look at the access logs and then post a link to that file, you might be able to bait them into downloading the file which could give you their IP address in the access logs. A whois search for the IP address.could get you their ISP and geolocation information on the IP could get you the general area.

That's a lot of "ifs" and "coulds", though.

in reply to Jim Jones

here is a Forbes article (that also points to more sources) on how to do it. Beware that it isn't a quick fix, but it can work if they are persistent (and it require some legal action, which isn't always affordable). forbes.com/sites/kashmirhill/2…
in reply to Jim Jones

the method in the Forbes article uses a blog and site statistics apps to gather the IP information. Same principal.
in reply to Jim Jones

from there, of the police still won't do something, it turns to filing court orders to get information from the IP holders about who had the IP at the time of access and harassment.

Good luck.

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.