A Short List of Internet Security Tips
A helpful list a friend put together for the less digitally savvy to prevent identity theft and personal information linked online as well as a triage for the times you have already been doxxed. I’ve edited it a little bit for ease of reading and reference.
Before You Are Doxed
Preventing doxing is easier than coping with being doxed. It’s not a guarantee no one will come for you, but it makes you a tougher target.
- Two-factor authentication. Anything that has it, turn it on.
- Toughen passwords. Something like 1Password works for generating & storing hard-to-crack passwords, but there are a lot of other options out there.
- Be cautious in giving your personal information, particularly to online petitions and the like.
- Use different email addresses for different things. You should have a secret, financial-institution-only email account. You can also create separate usernames this with your regular account if you use gmail: e.g., firstname.lastname@example.org will create a unique email address for your Amazon login but send all communications to your gmail account.
- Facebook is where most doxers start. Most people have a lot of information there, and by combing through it, doxers sometimes guess answers to security questions for other online accounts. Do not leave your profile open to the public. Better yet, delete your account (but if you can’t, enable two-factor authentication).
- Be wary of free services. Anything that you get for free — like Gmail — is free because your personal information is being collected and sold. Remove as much unnecessary information as you can, and be wary of signing up for new services.
- Audit your personal information. Pipl and Spokeo, two creepy-as-shit services, will tell you what’s findable. You can opt-out of both but, of course, it’s a pain in the ass. Go here for Piple and here for Spokeo.
- Always carefully review your privacy settings. Share as little as possible.
- If you own a domain, purchase WhoIs protection.
- Be careful where you post your resume online. Places like Angel List make it readily available to the public – along with all the contact info you put on it.
After You are Doxed
This list was heavily inspired by Adria Richards.
- First call your local police department — NOT the emergency number. Explain to them that your personal information has been posted online and ask if there is some paperwork you can file to make sure the police call you before sending units to your house. This is crucial; a lot of hackers like to “Swat” their enemies — making a call to 911 that sends a Swat team to their house.
- Alert your financial institutions — banks, credit card companies, loan repayment, all of it. If your social security number was included in the doxing, that may be used to track you and compromise your financial information. Use cash. Sign up for fraud tracking.
- Contact your medical providers and ask for a “safe word” to be added to your file, to keep your information secure. (I’m don’t think this is common practice, but it’s worth an ask.)
- Get ahold of your cell phone provider and put a safe word on the account.
- Let friends and family know there may be people impersonating you on social networks for information.
- You may wish to stop using your laptop until you can be sure it’s not compromised.
- Talk to your landlord. Previous troll attacks have involved sending prostitutes and others to people’s apartments. See if there are any safety precautions you should take.
- Call your boss. Yes, they will come after your employer.
- Get support. Family, friends, a therapist, whatever you need. Take care of yourself. You don’t have to be quiet about what’s happening to you. Tell the people around you what you need.
Please recognize this is not a definitive, complete list but I think it’s a good place to start.