To better understand your online privacy and what that means, let’s first define privacy & security for this article.

Privacy is the ability for an individual or group to limit the amount of information people can learn about you.

Security prevents unauthorized access to your accounts or events and protection of your information.

Threat Modeling

Threat modeling is a way to help predict what can happen by looking at what happened in the past.

For victims of online harassment, threat modeling is how we identify, communicate and understand threats in order to mitigate and protect a victim/survivor/person.

Understanding context with threat modeling is key to knowing what types of threats you’ll face.

The type of work you’re doing can impact your threat model significantly, especially if you’re involved with organizing & activism work, you are a journalist, or a public figure. Each situation will require slightly different threat modeling, preparation, and planning.

Another factor to consider when evaluating threats is your identity. Things to consider with your identity might include, race, economic security, gender or sexual orientation, age, immigration status.

Some people will identify as more than one group and be especially vulnerable to threats & harassment due to those factors.

Threat modeling allows us to mitigate some of the fear that comes from harassment and threats, because what we know can help us in addressing safety concerns.

Escalation

As you evaluate your threat model, the next step is to define the paths of escalation possible with online harassment and stalking.

Let’s first define escalation as, when a threat goes from one level to the next, meaning, the severity of the threat increases.

Common ways trolls and harassers escalate attacks online may include the following:

• Getting an entire group to start harassing you, often called targeted harassment.
• Attacking you across platforms.
• Finding your password on a security breach list and attempting to use it to hack your accounts.
• Locating your home address on a people finder site.
• Finding other information about you from social media & networks (including via your family, friends, connections).

What is Doxxing?

Doxxing is when someone publishes the personal information of their targets. Doxxing uses personal contact information or personally identifiable information (PII) to escalate harassment against their target, which could be you.

Generally, harassers use publicly available information, such as home addresses, phone number or social security numbers (all forms of PII).

Doxxing is easy because so much of our information is online via data brokers, such as people finder sites.

Search for Yourself

Next, check if your information is publicly available using Google or one of the people finder sites. This way you can see what an attacker can find to target you.

Start making a list of things you’d like to remove from the search results, and keep in mind that some information cannot be removed.

Consider places your private information might be located, beyond Google searches. If you own a home or have property records, those are public. In some states, licensing records are public, especially if you’re a lawyer, therapist, social worker, nurse or someone with professional licenses.

Additionally, website registration records are public. You can purchase domain privacy (please do) when you buy a domain. Look up your domain privacy here: ICANN Lookup

Other records to consider that might be public, include some non-profit and business filings. For example, if you are a registered agent for a business, that information is public in business filing paperwork with both the state, you can search records here https://www.llcuniversity.com/50-secretary-of-state-sos-business-entity-search/ and with the IRS.

In some states, voter registration records are publicly available. Availability of voter registration records varies by state, you can find your state information here: https://www.ncsl.org/research/elections-and-campaigns/access-to-and-use-of-voter-registration-lists.aspx

Secure Your Accounts

There are a few steps you can take if you’ve been doxxed or are experiencing online harassment or stalking. The goal is to make it harder for harassers to find you and not be the lowest hanging fruit.

Use a Password Manager

Password managers can generate and track randomized high-security passwords for all your online accounts and are encrypted in “vaults” inside the password manager.

If you have an iPhone then Apple Keychain is available as your built-in password manager.

Other options for a good password manager are 1Password, Bitwarden. These apps all have additional features such as cross-platform syncing, safe ways to share passwords, and alerts if your password is involved in a security breach.

1Password and Bitwarden have browser extensions available as well as iPhone and Android apps. This makes your passwords available across all your devices and platforms.

Make unique and difficult to guess passwords for every account, and don’t recycle your passwords.

Avoid sharing your passwords with others, not even people you trust, such as your best friend or partner, unless absolutely necessary. If you’re going to share a password, share it through the built-in sharing function of your password manager.

Passwords are a vulnerability and something you can control or change, as needed.

Use Two-Factor Authentication

Secure your social media accounts and online services with two-step authentication. This adds an additional layer of security that can prevent others from accessing your social media or online accounts.

You can find sites where two-step authentication is available here: https://2fa.directory/us/

Restrict Access to You

Restrict what you share across your socials. Limit details of your location, when you’re traveling, and the names of people you live with, because those details can be used to find your address.

The less information available about you online, the less there is available for doxxing you. You know your threat model and risk profile, and what makes sense for you.

Social Media Privacy & Settings

Examine your social networks carefully and do a privacy & security check up on all your social media accounts you use regularly. Limit who can contact you on your personal accounts. Don’t post photos of when you are traveling until after you return from the trip or have left the location.

If there are accounts you can take private, consider this as another safety measure to protect yourself. Think about what you post on your personal accounts and decide what you won’t post publicly.

You can also choose to hide your social media accounts from public search results. Most platforms can hide you from search results in your privacy & security settings.

Ensure your personal and professional social media accounts are separate.

Refrain from sharing your location when you share posts, and limit what’s visible in the background so it’s more difficult to identify your neighborhood, house or where you live.

Use Security Questions

A lot of sites suggest you have one or more security questions that they can use to verify your identity if you forget your password. Set-up these security questions and feel free to provide fake answers. You do not have to tell the truth on security questions, because who is going to verify that information? YOU. Make your answers something you’ll remember but not an obvious answer someone could find online about you.

Save your complex or random words for your security answers inside your password manager, so that you can access them easily and don’t forget them.

Separate Email Addresses

Set up several different email addresses for different purposes, one for personal communication, one for your socials, one for work/business. There’s no limit to how many email addresses you can have; It depends on your situation, what level, and how many are required.

The reason to separate your accounts is, so that if an attacker gets access to one email associated with you, they don’t have access to everything. If you silo your profiles across multiple email addresses, the harasser only has access to limited information.

Set up Information Monitoring

Monitor yourself, your business, your close family members, those associated with you by setting up Google Alerts. When you’re setting up your alerts, include your name, name variations/or spellings, common nicknames as well as your phone number and street address.

As you’re setting up Google Alerts, make sure the account connected is secured with two-factor authentication, and you’ve got a strong password.

Phone Number Protection

Consider obtaining a VOIP phone number you use publicly, instead of your mobile number. You can use a free Google Voice number or a paid VOIP service such as MySudo, Twilio, or Grasshopper.

Give Out Fake Information

Remember, earlier in this article we discussed giving fake information as your security answers? The same applies when registering or creating new accounts. You are not required to provide truthful information to marketers or consumer websites.

If you’ve ordered something under a fake name, that’s sent to your house, and you start getting advertisements in that name, you know who sold your data.

Your safety is more important than the deep pool of data they already have on you.

Virtual Private Networks

Consider using a virtual private network or VPN to help protect your internet privacy and limit what Internet Service Providers know about you.

VPN’s can also track your location or log your data, depending on which one you use. However, they do provide an additional level of digital privacy. As with any security measure, not all VPN’s are created equal or good to use. We use Proton VPN which is located in Switzerland and abides by their privacy laws. For more information on VPN’s, please take a look at our Resources page.

Privacy Browsers & Search Engines

As part of your digital security tools, use a safer browser, such as Firefox or Mullvad. You can also use incognito mode in these browsers so all cookies and third party apps are deleted when you close the browser.

For your internet searches, DuckDuckGo is a good option. 

To block trackers and ads in your browser, consider using Ublock. 

Data Brokers

If you’ve lived in the United States at any point, your information is everywhere online, and data brokers likely have it. Your name home/work addresses, phone number, email address, and other sensitive information are posted for public viewing on these data broker websites; This is frequently how harassers find information they use to dox their targets.

Remove yourself from data broker sites to help minimize your digital footprint. There are a couple of guides that can help with data removal:

Yael Grauer’s Big Ass Data Broker Opt Out List: GitHub – yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

Delete Me by Abine’s Opt Out List: Opt-Out Guides – DeleteMe (joindeleteme.com)

Michael Bazzell’s Extreme Privacy Opt Out Workbook: IntelTechniques Data Removal Workbook

Here are the top 10 data brokers who sell your data, which trickles down to the numerous data aggregation resellers. Request removal from these sites to make a dent in your information being taken offline.

Some data broker sites take a few months to remove information or require a written letter to opt out your data, but many allow online removal, and it only takes minute to fill out the request.

Service: Spokeo
Website: https://spokeo.com
Removal Link: https://www.spokeo.com/optout
Privacy Policy: https://www.spokeo.com/privacy
Contact: support@spokeo.com, customercare@spokeo.com
Requirements: Online submission, email verification
Notes: Online removal tool will complete the process.

Service: White Pages
Website: https://whitepages.com
Removal Link: http://www.whitepages.com/suppression_requests
Privacy Policy: https://www.whitepages.com/data-policy
Contact: support@whitepages.com
Requirements: Online submission
Notes: Online removal tool will complete the process.

Service: Radaris
Website: https://radaris.com
Removal Link: https://radaris.com/control/privacy
Privacy Policy: https://radaris.com/page/privacy
Contact: support@radaris.com, info@radaris.com
Requirements: Online submission, email verification
Notes: Select your profile and submit to removal URL.

Service: MyLife
Website: https://www.mylife.com
Removal Link: https://www.mylife.com/ccpa/index.pubview
Privacy Policy: https://www.mylife.com/privacy-policy/
Contact: privacy@mylife.com
Requirements: Email or online submission
Notes: Send email with removal request. CA residents can use the opt-out link.

Service: Intelius
Website: https://intelius.com
Removal Link: https://www.intelius.com/opt-out
Privacy Policy: https://www.intelius.com/privacy.php
Contact: privacy@intelius.com
Requirements: Online submission
Notes: Online removal tool will complete the process.

Service: Been Verified
Website: https://www.beenverified.com
Removal Link: https://www.beenverified.com/faq/opt-out/
Privacy Policy: https://www.beenverified.com/privacy
Contact: privacy@beenverified.com
Requirements: Online submission
Notes: Online removal tool will complete the process.

Service: Acxiom
Website: https://www.acxiom.com
Removal Link: https://isapps.acxiom.com/optout/optout.aspx
Privacy Policy: https://www.acxiom.com/about-acxiom/privacy/us-products-privacy-policy/
Contact: consumeradvo@acxiom.com
Requirements: Online submission
Notes: Online removal tool will complete the process.

Service: Infotracer
Website: https://infotracer.com
Removal Link: https://infotracer.com/optout
Privacy Policy: https://infotracer.com/privacy/
Contact: https://infotracer.com/help/
Requirements: Online submission
Notes: Online removal tool will complete the process.
Alternative site: https://members.infotracer.com/removeMyData

Service: LexisNexis/Accurint
Website: https://lexisnexis.com
Removal Link: https://optout.lexisnexis.com
Privacy Policy: https://www.lexisnexis.com/en-us/terms/privacy-policy.page
Contact: privacy.information.mgr@lexisnexis.com
Requirements: Online submission
Notes: Online removal tool will complete the process. You can upload digital documents.

Service: LexisNexis Direct Marketing
Website: https://www.lexisnexis.com
Removal Link: https://www.lexisnexis.com/privacy/directmarketingopt-out.aspx
Privacy Policy: https://www.lexisnexis.com/privacy/
Contact: privacy.information.mgr@lexisnexis.com
Requirements: Online submission
Notes: Online removal tool will complete the process.

Service: True People Search
Website: https://www.truepeoplesearch.com
Removal Link: https://www.truepeoplesearch.com/removal
Privacy Policy: https://www.truepeoplesearch.com/privacy
Contact: https://www.truepeoplesearch.com/contact
Requirements: Online submission
Notes: Online removal tool will complete the process.

It’s a good idea to check every few months to see if your information has been relisted on data broker sites. If this is not something you want to do yourself, and you have the means, there are paid services available to help remove your personal information from paid sites, and then monitors them for you.

Two of those services are DeleteMe by Abine and Kanary, costs range from $100-$250/yr depending on if you’re getting coverage for you or you and your family.

Key Takeaways

Finally, if you’re experiencing harassment or stalking and are threatened, please document and report it to law enforcement. Threats of any kind should be taken seriously.

Consider your threat model and identity, the factors which impact your threat level and possible escalation of that threat.

Search yourself with Google and other search engines so you know what kind of information is out there about you, and can decide what next steps are right for you.

Use strong passwords and two-factor authentication on your accounts. Double check your social media privacy settings, and restrict access to you via your social media accounts.

Set up Google Alerts to help you with identity monitoring.

Remove yourself from data broker sites where appropriate and utilize a paid service if that’s right for you.

Final Thoughts

Keep in mind if you follow any or all these steps, take it one thing at a time. We’re layering in your security to ensure better online privacy, one step at a time.

Talk to your support network, a close friend or family member who can help you work through these simple steps, or listen when you’re scared or frustrated.

Your mental health and safety are the most important pieces of this entire process, take care of yourself.

Need more help? Check out our class, Secure Your Social Media, for more simple solutions to keep you safe or find more help on our Resources page.

The guidance included in this article do not constitute legal advice and is for educational purposes only.