How to Catch an Abusive Online Troll

by A. Friend

Online trolling has always been a feature of social media. What exactly trolling is isn’t always easy to define, and to some extent we all do it. Sometimes for fun and good humour and sometimes with cruel, nefarious, and criminal intent, trolling is nuisance behaviour on the internet. Since the start of the Brexit campaign trolling, particularly of a political activist nature, has really taken off. Thanks to the work of a few dedicated investigative reporters we now know of the involvement of Russian government-backed trolls, based out of a so-called “troll farm” in St. Petersburg.

During the 2014 Israeli invasion of Gaza the world was made aware of Hasbara, an online tactic deployed by the State of Israel to defuse international outrage on social media with deception, “alternative facts,” and counter propaganda. Governments, government agencies, military forces, and private corporations – around the globe – are in on it. Often through PR firms like Bell Pottinger, they create sock puppet and fake social media accounts which are used to nudge public opinion in a direction that suits their or their client’s purposes.

Bell Pottinger, a PR company linked to the highest levels of the British political and military establishment, has been caught using fake social media profiles in an attempt to influence the government of South Africa. We must assume, given the nature of politics in Scotland and the threat posed to the British state by Scottish independence, that the British government is playing similar dirty tricks online in Scotland; either by its own agents or through PR firms. This assumption does not rule out the continued interference of Russia or other states and indeed the common or garden private individual.

On Thursday evening unionist trolling began on a handful of Twitter threads related to the distressing news that “Brave” – @DefiAye on Twitter, an influential pro-independence activist, was seriously sick in an Ayrshire hospital. She had been the target of a concerted online harassment and bullying campaign by these and other trolls. When the Butterfly Rebellion engaged one particularly obnoxious troll – @militant_mole – another troll immediately appeared and doxed Jason Michael, the editor of the Butterfly Rebellion.

“Doxing” is the illegal practice of publishing someone’s personal and private information online as a method of intimidation. In this case a photograph of Jason’s family home (or what was thought to be his home) was published by a user going by the name “William Boyne” – read from that name what you will.

This action is a criminal offence in Scotland under section 38 of the Criminal Justice and Licensing (Scotland) Act 2010. An offence under section 38 “may be committed where the behaviour is capable of causing fear or alarm.” By publishing an image of Jason’s family home in Kilmarnock the person or persons behind the @WilliamBoyne3 account – an account that later migrated to @JohnKnox72 before being deleted altogether – were clearly intimating that their victim was now under thread. There is no mistaking the “we know where you live” threat.

Over the next twenty-four hours, as Jason went through the process of contacting Police Scotland’s Specialist Crime Division and An Garda Síochána in Dublin where he lives, more than seventy people contacted the Butterfly Rebellion saying they had experienced similar threats from similar loyalist troll accounts. It is clear that this is a far greater problem in the world of online pro-independence activism than we might first have thought.

Here we would like to do two things. Firstly we would like to propose – for anyone interested – the creation of a national Yes movement database on unionist trolling. We do not have the money or the resources in time or expertise to do this, but we would like to invite people who feel they have the time and the ability to get in touch with us either by Direct Message on Twitter – @Butterfly_Reb – or by emailing us at We believe this to be a matter of some urgency and so would love to hear from interested people.

Secondly, we would like to offer some advice to those who receive similar criminal abuse online. Over Thursday and yesterday both Jason and a few members of the Butterfly Rebellion team had some luck in tracking a few of the offenders. Their IP addresses were captured and sent to officers at Police Scotland, who are able to pinpoint individuals and their home addresses. In this we will assume no prior technical knowledge and explain as we go.

When an abusive message is sent to you or your private contact information or other identifying information is doxed you must first take screen shots of everything. Make sure these capture the content of the abuse, the user who sent it, and the date. Save these as image files to your desktop or to a folder for future reference. The police will need to see these images.

Many of these accounts are anonymous. It may not be easy for you to identify them. If this proves impossible then you can leave it all with the police and they should be able to contact the social media host and find the information necessary for the purposes of a criminal investigation and prosecution. But there is a way you can find their IP address – this will help the police find the abuser faster.

Here is what to do:

Set up another social media profile, ideally one that mimics the political or social expression of the abuser. We have a longstanding “lurker” account on Twitter dressed up to look like a Scottish unionist. It never tweets. It simply follows about 300 influential unionists. The same can be done on any social media platform.


Find an article online that will interest the abuser, something they are likely to open. Copy the full URL (web address) of that article and take it to and paste that link into the field marked “URL or Code.” Then press “Submit.” You will be given a short URL code (the one marked “GIVE THIS OUT” in the picture below). Do not open this link. Just copy it. Don’t send this to them either. They may be aware that Blasze is an IP tracker website.

Copy or save the full URL in the Blasze address bar after you have been given tracking information. You will use this to monitor the IP addresses that open your tracker link.


Take the tracker short code – the one you got from the above site marked “GIVE THIS OU” – to and paste it into the box on your screen. Click to confirm that you are not a robot, and press the “Shorten URL” link. You will be issued with a Google short code. Don’t open that either. This link is simply a disguised version of the tracker link.


Now you can take this Google short code to your alternative social media account and send it as a PM or DM to the abuser with a brief message. Make sure to type something in this message that will encourage your target to open the link. Everything depends on them opening this link.

Over the next two hours a few IP addresses will appear on the tracker (below the words “Access Logs” on the tracker page). These are not what you are looking for. These all belong to the various Google engines that will be filtering through the internet. Ignore the tracker for about five hours. Typically – if you send the link late at night (the best time to let the other traffic get finished) – the abuser will be the last to open the link and so will be the last IP on the list. If not, then you can pass all of these IPs to the police. They will know what to do.

When you have the IP you are looking for you are ready to start handing things over to the police. But you can also locate them yourself – to within a few miles. This will help you identify which is the most likely IP of the abuser. Copy the IP and go to and paste the IP – a string of numbers divided by periods – into the box and press “Get IP Details.” This will give you further details on the location of the abuser.


Record details of every step. Keep a copy of the Blasze short code and the Google short code. Keep a copy of the Blasze tracker for the IP you are tracking. Keep a copy of the message you send and the details from the IP-Lookup site. Screen shot everything. All of this will be important to the police. Well done! You have just become a hacker.

We hope this has been helpful to you, but if you have any questions or you need any help with these steps then please don’t hesitate to get in touch with us and we will do our very best to help you. Remember that we have a right to be online and active in the independence movement. Those who are trolling and doxing us are doing what they are doing to silence us and destroy the movement. By running away or leaving the online community we are letting them win. If we stick together we can beat them and hopefully put a few of these people where they belong. Thanks for reading.


The Butterfly Rebellion
Glasgow, Scotland

3 thoughts on “How to Catch an Abusive Online Troll

  1. Pingback: A lot of good writing. – Bluesprints mkII

Comments are closed.