The way I tend to break this down for clients I coach…
One of your first steps is to figure out what your pseudonym is for. Ask yourself why this pseudonym is required and what it actually accomplishes for your privacy & security. Less hypotheticals and theories, but verifiable advantages offered. This generally requires at least a broad understanding of what your own threat model is, so I’d start there if you haven’t yet.
Once you understand what a particular pseudonym can provide, let’s say their name is Taylor, then you have to think about the environment to create for Taylor. I generally have the following breakdown from lowest to highest degrees of safety:
- Exclusive Account(s) for Taylor
- Exclusive Browser Profile for Taylor
- Exclusive Browser for Taylor
- Exclusive OS User Account for Taylor
- Exclusive OS on a VM for Taylor
- Exclusive OS via Dual Boot/LiveOS for Taylor
- Exclusive Device(s) for Taylor
On the easiest side of the spectrum, Taylor can just be a second Reddit account of yours that’s registered with a different SimpleLogin alias. On the most extreme side, Taylor is an entire identity with their own exclusive devices, phone numbers, VPN etc.
Aside from understanding your threat model and how much protection you actually need, a good indicator of how extensive your pseudonym needs to be is how many accounts they need to have. The more accounts and the larger their digital footprint is, generally the more extensive their environment needs to be - hence more time/energy/effort required to maintain.
I give this background because when you ask how to keep track of a pseudonym, it actually greatly depends on how extensive these pseudonyms are. If you’re just creating a secondary reddit account under Taylor because you want to privately receive support about a sensitive topic, then Taylor can just live in a folder in your password manager and some private windows in your browser and that’s it. In short, it generally helps to step back and reflect on your pseudonyms, because many of the questions you asked are naturally answered based on the environments that make the most sense for a use-case. Example: If you feel it’s best to have a separate user account on your computer just for your pseudo, then it naturally makes sense to have its own exclusive VPN, browsers, and maybe even password manager.
The rabbit hole is literally endless when it comes to pseudonyms, so the best advice I can give is to spend more time reflecting on what the pseudonym even provides, and then structuring your workflow around how sensitive it needs to be. When you’re asking if they should be Tor-routed or using exclusive VPNs, this is a hard question for the community to reasonably answer based on the information you provided, as there are no universal answers and we need more info.
I personally found for myself and a lot of my clients that pseudonyms are a super easy place to go overboard.
If you need more direct/specific assistance, it’d help a lot to get more details on your specific situation. One more thing, these are just some of my experiences with pseudos, other people here may have other suggestions which may align more with other people’s goals and use-cases