No email address is needed to open a Saidit account. This is poor advice. Tor is not impregnable. Using it naively is asking for trouble, and taking countermeasures before assessing threats is risking either security blind spots, or wasted effort/inconvenience: probably both.

There is a process called threat modelling which we have probably all done intuitively and which should be applied deliberately to our online presence. The idea is to prioritise privacy threats by likelihood or hazardousness. In a nutshell:

• What do I want to keep secret? Real identity? Location? Occupation? Account passwords?

• Who wants to know my secrets? TRA on Twitter? Stalker? Government agency?

• What resources do they have? My public tweets and lots of spare time? Public property records? The ability to hack a web server where I have an account? Court-ordered access to web server or ISP records?

• How much effort are they likely to go to? Comb through old tweets? Hang around where I live? Develop a custom exploit and try spearphishing me? Dedicate a team of full-time agents to apprehending me?

• What are the consequences for me and others if they succeed? Lose an important social media profile? Forced relocation? Career damage? Prosecution? Death?

• What can I do to stop them? Guard what I say online to prevent accidentally giving away biographical or location details? Make social media profiles as private as possible? Learn to use more technical measures like Tor? Buy a gun and learn to shoot?

• Have I done a good enough job? Have I been doxxed, correctly or incorrectly? Have I been hauled in by HR for wrongthink? Am I being stalked?

Everyone will have a different threat model, if only because differing information about us is already public, so it's important to sit down, do this for yourself, and review it regularly. It should be clear that there is no magic solution.

Let’s take your case of a would-be Saidit user worried about being doxxed. This is much more likely to happen because of

• what they post on Saidit

• what they post or have posted elsewhere if it can be linked to what they post on Saidit, e.g same username

I cannot emphasise this enough: doxxing is made much easier by lack of caution.

It’s rare that doxxing is achieved by discovering an IP address. That would be little use unless the victim’s ISP gives up the subscriber info for that IP address. Which means the adversary got either legal or covert access to the ISP’s records. They would also need similar access to Saidit’s servers to discover the IP address in the first place. This is much less likely than getting doxxed by someone who put together public information. Giving out naive security advice like ‘use Tor’ is just stupid. Please stop doing it. It does nothing on its own to prevent doxxing.