Right To Be

Doing digital safety will help you to stay safe, protect your data, and ensure that the harassment doesn’t escalate to taking over your accounts or personal information to increase intimidation and abuse. We know that it can be difficult to find the mental space to cope with your cybersecurity when you are under attack but remember that action doesn’t have to be taken alone; you can always reach out to people you trust and ask them to help you to complete this process. This guide will walk you through the immediate steps you need to take to feel safe and make informed decisions to strengthen your privacy online.

Step One: Secure your Accounts

Set up Two-Step Verification
The two-step verification is an additional layer of security that you can use to prevent others from accessing your accounts on social media or other online services. When you activate this extra authentication, you will receive a code via SMS, which you will have to enter when you or someone else tries to log in to your account from an unfamiliar browser or computer.

  • This page lists current sites with two-step verification options, and includes links that will help to set this feature up.

Make your Passwords Stronger
To increase your privacy online, you can also start by practicing password hygiene. Keep in mind these basic recommendations:

  • Use a different password for each platform or service. The more passwords you have, the better!
  • A strong password will be around 10 characters or more and where possible, you should always include upper case letters, lower case letters, numbers, and symbols
  • Here’s a great model from xkcd about password strength:

  • Try to change your passwords on a regular basis (Tip: reset your passwords, then set a reminder on your phone three months from that day to change them, repeat).
  • If you have a lot of passwords, it can be difficult to remember them all. Don’t put your passwords in your cloud (such as Google Drive, Dropbox, or iCloud) in case you get hacked. Instead, make use of online password managers such as 1Password, LastPass and KeePass that create and keep track of highly random high-security passwords for every account you access online. On your mobile phone, Take Back the Tech! recommends KeePassDroid.
  • If your passwords were published, change them on all your websites. Add privacy settings like two-factor authentication.

Check out our Social Media Safety guides here.

Step Two: Search for yourself

Doxing occurs when someone publishes private or identifying information on the internet, such as home addresses, phone numbers, or social security numbers. It is a tactic used to make individuals feel unsafe, extort them or make them vulnerable to other attacks such as stalking. Doxxing is easier than ever due to the fact that so much of our information is online. (Learn more about other forms of abuse here) It can be a good practice to search if your personal information is available online

Self-dox yourself.
Check if your information is publicly available online, for example, on “people finder” websites which are open databases that anyone can use to look up an individual’s information.

Here are a few examples of sites that you can check:

You can request to have your information removed from many of these sites. It is generally a good idea to check them every few months to see if your information has been relisted. If this is not a responsibility that you would like to take on yourself and you have the means to do so, you can use a paid service such as Reputation.com, which removes your personal information from paid sites, and then monitors them to make sure your information stays erased. You can also ask a friend to do all of this for you, as it can be unsettling to see what information on you is out there.

On April 27th, 2022, Google announced it will allow people to request removals of their personal information through their search feature. You can read the official blog post here. In order to get Google to remove something from their search, you must submit a request (you can begin the process here). Keep in mind that this process is not the same as having the material completely removed from the internet – this process will only affect what appears on Google.

Set up alerts using Google Alerts.
Set up alerts for your full name, as well as any social media handles that you use. Another option is requesting Google to remove information by using this form. (See how to report abuse on social media here). Need help reporting harassment? Join Right To Be’s Storytelling platform and get support from our community of bystanders.

  • Keep in mind, some harassers will search for your family or friends if they are clearly linked to you, so it is important to alert them so they can take precautions. We recommend sending them a link to this guide.
  • Evaluate threats and if you feel that you are in immediate danger, call your local emergency number. ie. if your address has been exposed, consider going to a friend’s house.
Step Three: Improve your Social Media Privacy

Avoid sharing identifying information.
One way of reducing your risk of doxing and other forms of intimidation is to limit the personal information you share online. Never share your phone number or address online and avoid sharing details on social media, such as where you live or where you like to hang out.

Also, be careful about posting information that can be used to figure out your security question answers, such as the name of a childhood pet or your maiden name.

Step Four: Be Cautious

Do not open links or attachments from an unknown or suspicious account.
Avoid clicking unverified links or downloading an attachment from an unknown source as this might expose you to malware. One of the most common ways to deceive you is through a tactic known as phishing, which is a type of scam where cybercriminals or harassers impersonate legitimate organizations or services to steal personal information like your passwords or credit card information. For example, you could receive an email where they impersonate Instagram saying that your account will be banned or removed if you don’t enter your username and password. If you follow those steps, your information will be sent to the criminals. To avoid being scammed, always verify the sender and go to the official website

Update your devices and use antivirus protection.
It is key to keep your devices updated because when manufacturers launch regular updates, they usually fix vulnerabilities or bugs that can be used to access your devices or personal information. Also, using antivirus software will alert you if there is an attempt of installing malicious software.

Cover your camera
Your device’s camera can be hacked in different ways. You can receive or click illegitimate links that hide malware or malicious code to access your camera. Sometimes devices might have vulnerabilities or bugs that can be exploited by cybercriminals. That is why it is really important to be cautious with what you open on your device and cover your camera as an extra precaution. Covering your camera is not going to prevent people from accessing it but it is an extra measure you can take to protect yourself. Learn more about why you should cover your camera here.

Now that you have tightened your digital privacy, check out our Basic protocol on How to Respond to Online Harassment.

More Resources

Need more help? Want more information? Here are some more online safety resources from: