3. What To Change/Secure

When you are being harassed, or if you’ve been doxxed, there is a long list of things you can do to secure your digital life and reduce the impact that harassers can have.

Read all of Zoe’s post, “What To Expect When You’re Expecting (the internet to ruin your life)” [ZQ1]

Passwords

Change Passwords. Change Passwords. One more time: Change Passwords.

Think about how passwords are handled.

Use a password manager like 1Password or Lastpass, set passwords to more-than-8 characters, randomized with upper and lower-case and numbers/punctuation.

Account Security Questions

Zoe Quinn: “Change your security questions to something that isn’t related to your personal life.” [ZQ1]

Email

If you aren’t using Gmail consider starting. Google provides access over SSL (ie, HTTPS, use it) and it means your email is not sitting on your harddrive waiting to be hacked or stolen with your laptop.

Enable 2factor Everywhere

Two-factor authentication means needing more than simply a password to login to any account where it is enabled.

John Seggerson: “The idea is having not only a fixed password to log in (one factor), but a code which is either given to you or using a secret algorithm to generate a one-time code (second factor).” [SM1]

Two Factor Auth (2FA) - List of websites and whether or not they support 2FA.

Lifehacker also has a good article on enabling and using 2-factor authentication.

Spokeo

Remove yourself from Spokeo: Spokeo crawls publicly available information (including website profiles) about individuals and makes it completely searchable online by the individual’s name. This information includes current and previous addresses, phone numbers and other contact information. Trolls can and do use this data to fuel harasssment campaigns.

John Sileo: “Go to the [Spokeo] and look yourself up, then click on your name... once you have done that copy the URL in your web browser. Now, go to the bottom right of the page in small faded blue text, click privacy (third from the left). Once done, paste in the link you copied from the page you found yourself on and enter your email and the security code listed. This is a case where I would use a second email account (your designated junk-email account), not your main email to avoid the build up of possible spam emails that follow. It will then send you an email confirmation where you must click the URL to confirm removal. Voila! You have been removed.”

Spokeo – Scary Bad & How to Opt Out [SIL1]

Social Media Sites

Zoe Quinn: “Make your FB private. They will likely be trying to dig up whatever they can on you, real or imagined, and there’s no reason to leave stuff out there when you’re being creepily obsessed over. Make sure old posts get limited too - go to settings > privacy > limit past posts to do this.” [ZQ1]

Storage accounts (iTunes, Dropbox, Skydrive)

EXIF/Photos

Turn off or remove EXIF data from your photos, if you are still posting.

Uncommon Privacy: “Exif data contains a number of metadata tags about the photo such as the date and time it was taken, make and model of the camera, various camera settings and other information including GPS information. Exif data is a risk because by sharing photos over the internet, you may be revealing personal information such as where you live, where you work or where your children go to school.” [UP1]

Domains

Zoe Quinn: “Spend the $10 to hide your whois info off of your websites ahead of time if you can. This is a very common tactic.” [ZQ1]

Any blog or site where a victim publishes is a likely target for DDoS ing or defacement. It is especially important to enable whois privacy for all owned domains, as a harasser can use a service like Bing’s IP lookup to find all domains hosted on a given IP address.

  1. Ping yourblogdomain.com to get an IP address 1.2.3.4
  2. Search ip:1.2.3.4 on Bing to get results for sites/domains with the same IP address yourbusinessdomain.com
  3. Target yourbusinessdomain.com as well for attack.

Sources

A majority of this material was written with input from victims of harassment or compiled from personal reports.

[ZQ1](1, 2, 3, 4) Zoe Quinn, What To Expect When You’re Expecting (the internet to ruin your life)
[SM1]John “Seg” Seggerson, The Quick Indie Guide To Protecting Your Accounts
[SIL1]John Sileo, Spokeo – Scary Bad & How to Opt Out
[UP1]Uncommon Privacy, How to Remove Exif Data From Photos