Sign in Subscribe

Digital Disguises, Vol. 2: Sock Puppets 101

Mrs. OSINT

3 min read
Digital Disguises, Vol. 2: Sock Puppets 101
AI-generated: Master of Disguise

Hey Digital Detectives,
It's finally time to discuss one of my favorite topics in OSINT.: Sock Puppets and how to become a "Master of Disguise." Anyone else love the movie? No? Just me?

The Master of Disguise


While conducting investigations or research, sometimes we need to make sure we're not leaving digital footprints behind. You might be mid-investigation when you realize you can't use your personal account to lurk in a Facebook group or follow a clue on Instagram.

That's where sock puppets come in.

They are carefully built digital aliases to help you move through your investigations safely, ethically, and under the radar.

⚠️ A Quick Note Before We Dive In
Sock puppet use in OSINT investigations aren't a one size-fits-all.
Some employers and clients allow it, others strongly discourage it, and some require approval beforehand. Always make sure you're following your organization's policies, case protocol, and legal boundaries in your region.

The moment you start interacting, it's no longer passive OSINT. Proceed with caution.

What is a Sock Puppet?
1. A fake online persona used strictly for investigations.
2. Not for harassment or impersonation. (Observation & Collection)
3. Passive intelligence gathering.

Personally, I like using digital aliases any time I'm doing any research or running an investigation. They're essential when looking into private or closed communities. The last thing I need is someone noticing that Mrs. OSINT was lurking in their profile.

Also, shoutout to my friends who create sock puppet accounts for their pets. No wonder I see so many cats with Instagram accounts.

Building Your First Sock Puppet
There's no one right way to build a sock puppet. This is how I do it, and what's worked for me. The time and effort you put into it depends on what you plan to use it for.

Step 1: The Backstory (My favorite part)

  • Keep it simple, but believable.
  • Don’t make them famous, don’t make them flashy. (This is not the time to be a fake influencer.)
  • Use a name common for the platform’s location/language. (Which may require some research)
  • Choose a realistic job, city, and a few hobbies.

If it's a quick, disposable alias, I don't go all out. But when I have time? I like to build a full backstory, just for fun!

Step 2: The Profile Pic (Optional, but helps)

  • NEVER use someone else's photo. Instead use a generated face (ex: ThisPersonDoesNotExist.com) or create one with AI.
  • Check the image metadata before uploading. (https://jimpl.com)
  • Optional: blur it slightly or apply filters to reduce traceability.

Step 3: The Email Address
This is usually where people get stuck. Everyone has their own method, but here's what's worked for me:

  • Use a clean email address not tied to your real identity.
  • Create the account from either a public Wi-Fi location or your home (Yes, calm down, it's okay for beginner level. I usually use my VM if using my home network)
  • I've had success with Gmail and ProtonMail.

TIP: After creating your email, go sign-up for a few newsletters on random topics to get your some inbox activity going. It helps your sock puppet look legit.

Step 4: The Browser Setup (Crucial)
The last thing you want is to accidentally visit someone's profile using your personal account. Been there.

Common Mistakes to Avoid

  • Reusing the same sock puppet too often
  • Letting the sock puppet go stale (build activity SLOWLY. Don't just make it & forget it)
  • Using real photos or using information tied to real identities. (not cool)
  • Forgetting your OPSEC and logging in without a VPN. Or switching IPs too frequently

Now I'm Curious
How you ever built a sock puppet before?

What tools and tips worked for you? Or didn't?

If your more experienced: What's one lesson you learned the hard way about maintaining or retiring a sock puppet?

Drop your thoughts, favorite tools, or lessons in the comments below.