Almost everyone is on social media these days. Our friends, families, confused grandpas, you’ll find all sorts on there. That’s great – there are huge communities and new worlds of connectivity sprouting thanks to this technology; but there is also a dangerous side to all of this - if your friends are on social media, then so are your enemies.
Too often these days you’ll see people attacked or harassed on social media for holding an opinion others disagree with. With so many of your details available online, there are plenty of avenues of attack. I recently saw a friend of mine harassed and doxed for publishing a feminist article – it can happen to anyone, so make sure to keep yourself safe. What is doxing? Doxing is one of the most dangerous personal attacks you’ll see online: via legal or illegal means your address is acquired, and then released to the public to do with as they will. When you’re already being harassed or attacked, having your harassers know your address can be a dangerous and frightening experience.
In this article I’ll walk you through some of my best tips for keeping safe and secure on social media; I’ll be focusing on Facebook and Twitter, but most of what I say will transfer to other networks.
Please note – if you are at serious risk of attack, doxing, or are the target of any other harassment/attack campaign, I highly suggest contacting the Crash Override Network. They have dedicated experts for exactly these situations, and will have better, more direct advice for you than I can give here. I suggest reading their resources anyway – they have written a lot on this exact subject.
Enable 2-Factor Authentication
If someone wants to attack your account, the first thing they might do is steal your password or otherwise gain access to your account and start using it against you. You can protect yourself against this using 2-factor authentication, often called mobile authorisation.
Both Facebook and Twitter have settings to enable this feature, and by doing so you make it incredibly hard to gain access to your account against your will. With this feature enabled, whenever you try to log in from an unrecognised device you’ll receive a text with a pass code – without that pass code the unrecognised device won’t be able to log in.
Protect Yourself from Being Doxed
Most people think their address is private, or only known to a few people, without realising it might be easily available on the internet. You can’t be 100% certain your address is hidden, but you can protect yourself against the most common attack vectors.
Social media is a common place where attackers will find your address. Have you ever “checked in” using GPS to a location near your home, or at your home? Have you ever uploaded a geotagged file? Your address might be available. Don’t think that just because it’s hard to find that people won’t find your details – in the wake of a controversy those who want to can find just about anything. I highly recommend you go through your social media and remove any instances where you checked in or tagged your home. Recognisable photos of the front of your house can also be used in a similar way to track down where you live, so keep an eye out for those too.
Where else might attackers find your address? Well, do you own any domains? When you registered your domain, you were required to give an address. This registration detail is freely available via WhoIs lookups, meaning that address is very visible, especially if your domain is well known. You can purchase domain privacy for a monthly fee, which hides your address – though not always perfectly. Another option is to register a PO box and list that instead – make sure you do this with all domains you own if you are concerned about being doxed. I’m aware both of these cost, and I’m afraid I don’t have any secure free options to offer you. In this day and age safety is always a value proposition – do you believe you’re at risk enough to warrant spending money on protecting your private details?
Sadly, having done the above methods your address won’t be perfectly hidden. There are sites dedicated to storing and selling private details, and should your billing or shipping address be involved in a leak then it may well end up on these addresses. Unfortunately, leaks are all too common these days.
On that note…
Know if Your Details Are Part of a Leak
A leak in this context is when a website that stores private details is compromised, and those details are released to the public, or for sale. Once your details are leaked they’ll be circulated indefinitely, so it is vital that you know what details of yours have become public knowledge.
I suggest going to Have I Been Pwned and putting in any email addresses you commonly use. That website will let you know what, if any, of your details have been compromised, and to what extent. You can also “subscribe” your email address, so you’ll get alerts if your details are found in a future breach.
If you’re involved in a breach, I strongly recommend you change all related passwords, even if passwords aren’t listed as part of a breach. What data was stolen isn’t always readily available, and you can’t be too safe. I also highly recommend you don’t use the same password on every site you visit – if you do, all it takes is one breach for your details to every account to be compromised!
Be Ready to Lock Down
Do you know how to set your Facebook profile to max security? How to lock or close your Twitter account? Do you know the process behind securing or closing every public facing account you own?
It seems extreme, but I suggest you acquaint yourself with the exit strategies for all your accounts. Hopefully, you’ll never need to use them; but in the event that you do, you’ll be able to lock down your accounts and maximise your security as quickly as possible, hopefully before anything is released.
Know (and Sanitise) Your Internet Legacy
How long have you been using the internet? How would it look, if a light were shone on something you wrote or posted 8 years ago without context? If you’re the subject of a harassment campaign, your history will be dug up and used against you, so make sure you know about it and protect against it first.
Search Google for your name, and any aliases you’ve had, and go back as far as you have the energy for. Look for anything that might look bad if someone saw it without the context. Anything that crops up as a problem should be deleted, made private, or otherwise guarded against.
It might seem unlikely, but this keeps happening. Just a few weeks ago harassers rifled through Nintendo PR employee Alison Rapp’s past until they found one of her old university papers which, without context, made her look bad. Combined with a concentrated harassment campaign these attackers managed to get Alison fired from her job. This isn’t the first example of this, and it definitely won’t be the last.
There we have it: a brief look at how to secure yourself online. It may seem like a lot – but if a group on the internet decides it doesn’t like you, the knowledge in this and other similar articles will be invaluable. Once again, I highly recommend looking into the Crash Override Network if this interests you, and good luck out there, friends. I’ll see you next time!