What Is Doxxing?
Doxxing means violent internet-based practice of researching and broadcasting a person’s private information with the intention of exposing and intimidating them. This can result in physical, emotional, and economic harm to the target. It is intended to dissuade the target from action and to shame them for their ideas and values. It is important to take security seriously before you are doxxed—before you even have reason to fear that you could be doxxed.
Whether you are a well-known public activist or hardly involved at all, you should protect your social networks and other spheres of your life. Maintaining good security practices protects your friends, family, and community.
The information does not have to be correct or justified for someone to target you. All a harasser needs is one piece of information to begin to seek more details online.
An Ounce of Prevention Is Worth a Pound of Cure
There’s no better time to start than now. After you have been doxxed, you may not be able to eliminate the information that is out there even if you try to get it taken down.
There are many different ways to approach this. Obviously, the best way to ensure that no one can find any information about you is to have nothing available—but some people can’t eliminate their online presence. There are ways to firewall distinct spheres of your life, curate a public profile if you need one, and adopt practices that can help you and your friends to feel empowered to continue taking action in your community. This process can be tedious. It will take time and energy.
Maintaining Separate Spheres
If you cannot completely delete yourself from the internet, you can still preserve relative privacy by maintaining distinct spheres of online activity and cleaning up forgotten or infrequently used accounts.
You likely have more than one online presence. This could include social networks, message boards, job sites, email accounts—anything you need to log into.
Here are a few examples of how your online presence can overlap across different sites:
Relatives
- How open is the relationship between you and your blood/legal relatives? If a stranger had information on just one person in this network, what could they discover about the others?
Politics
- Do you discuss or post about your political beliefs online? If so, on which platforms? Do you frequently like or repost from radical accounts?
Friends and Community
- If you have social media, who are your friends? Your followers? In what ways do your online communities reflect your IRL communities? Do your friends post pictures of you on their accounts? Do you connect with your co-workers, family members, and activist friends using the same account?
Hobbies
- What hobbies do you have? Do you have friends and community through them? Are you a part of any internet communities dedicated to those hobbies?
Legal
- Who are you on paper? What names, phone numbers, and addresses are you tied to? Do any of your accounts include this information? Do any other sites (probably without your permission)? Do you use parts of your real name or birthday for usernames or emails?
Career
- Does your job involve an online presence, website, or social media account? Would there be a problem if your politics overlapped with your career? Or is your career in some way tied to your political identity? Do you have images or personal information on job boards?
Shopping:
- Do you buy things on Etsy or eBay?
Take time to consider where you overlap, what your online goals are, and where you can separate these spheres.
May be worth outlining the part of the reason to seperate these spheres is to create airgaps between sets of information so if one aspects gets identified by doxxers, it doesnt immediately lead them to other information
It may be worth including as part of this section a recognition of the functions that online platforms perform for people. E.g. events, contact list, getting news etc. If people only use facebook for events, but that use bleeds into other areas, they can stop using additional functionality while maintaining the bit thats actually important to them
Check-list for protecting your identity:
1. CREATE A SELF-CARE PLAN: Recruit friends and family to support you. Let them know whats going on. This is to to give space to your feelings of anxiety and dread, but do not succumb to them.
2. CREATE AN INCIDENT LOG: Keep notes throughout your attack and share
3. CHANGE ALL OF YOUR EXISTING PASSWORD: (to find out if your email has been hacked https://haveibeenpwned.com/) make a list of all of your crucial accounts and change the passwords immediately. Then incorporate a password manager to generate and store all of your new passwords.
4. TURN ON 2-FACTOR AUTHENTICATION: 2FA is available for G-mail, Facebook, Twitter, Instagram, Amazon and more. When possible, avoid using Text/SMS as your method of verification. This is because texts can be intercepted, making it not secure. We recommend using the Google Authenticator app or an application like Authy. These can generate codes on your phone and can be revoked remotely in the chance that your phone is confiscated, stolen, or lost.
5. FIND OUT WHAT INFORMATION TROLLS CAN FIND OUT ABOUT YOU: Search for yourself on DuckDuckGo and try doing this search in incognito mode. This will give you a sense of how much data exists about you online to people who are not in your network.
6. INSTALL A VIRTUAL PRIVATE NETWORK (VPN) on your phone to protect your network access. This helps to privatize your network traffic and bypass filtering happening at your internet service provider. It also makes sure that trolls can’t find you by using your IP address.
7. USE THE TOR BROWSER: The TOR Browser offers real anonymity.
8. INSTALL SIGNAL.
9. WEAN YOURSELF OFF G-MAIL AND BEGIN USING ENCRYPTED E-MAIL: there is a threat that all of your data in your account can be searched and stored onto National Surveillance Agency servers with no consent on your part
10. CHANGE YOUR PRIVACY SETTINGS ON YOUR SOCIAL NETWORKS.
May be worth dropping some brief information on how to find instructions relevant to them. e.g. search in duckduckgo “how to make facebook more private”. and a link to example information https://www.wikihow.com/Make-Facebook-Private: noting that more recent information (last 6 months) will be more helpful
Keep in mind digital security is a system that you are creating and implementing as part of your core skills as an organizer. There is no silver bullet to digital security: it is an awareness and a practice that gets better with reiteration and with a community committed to stay safe. The best defense is a collective one and we are all in it together.
- Tactics
May be worth having any example fake story about how gathing personal info works so people can contextualise how the below tactics help. e.g Lief is an anarchist community organiser based in Lanceston, theyve been doing mutual aid with the Palestinian community over the last few months helping prepare food for events so organisers have more time to focus on other things. White suprememicists have recently taken notice and want to prevent Lief from organising. At first they only have a photo of Lief cooking at a public BBQ, They do a reverse image google search and find Lief’s old myspace page with their real name. Using the real name they locate Leif’s cousin on facebook. Lief’s cousin kind of just adds everyone cus they like to chat. In doing so our white supremecist gets access to family christmas photos from two years ago. Reading through the comment section, they find Liefs mum post on the photo saying “happy christmas everyone!! See you all for Lief’s 25th on Saturday.” The Doxxer now has an indication of Leifs date of birth and list of family members. Even though Lief has a fake name on facebook, the doxxer also has a portion of Lief’s extended families real names. Using a email scraper, they send spam emails to Liefs family pretending to be their boss saying Lief hasnt shown up at work and could they plase call. Lief’s Aunty get worried and calls the number. Aunty says the name of the cafe. The doxxer wants to double check he has the right phone number for Lief which Aunty gladly obliges. The doxxer cross references this information with promo materials from the local cafe and confirms. The doxxer then scours housemate apps and websites using images pulled from social media and finds an add Liefs housemate put up 6 months ago to find a new housemate. Through facebook and instagram the doxxer sees theyve been mates for years. The doxxer image searches the front of the house and uses google street view to find a for sale add from 5 years ago. In this way, our white supremecist now knows Liefs:
full name
date of birth
home adress
Mobile number
Work place
bosses number and email
A bunch of name and emails for extended family members
If this isnt helpful feel free to delete, modify or whatever, just my two cents.
1. Check what has been leaked about you
Most services we use online need us to provide personal details. In this online world, we have most likely provided a wide range of details about ourselves to many online services over the years. Every day companies are being hacked and our details are often leaked publicly. To find out how much of your information has been leaked you can check on https://haveibeenpwned.com and enter your email address. Hopefully you are told – Good news – nothing has been found. But for most of us who have had our email for a little while, we will get a list of sites that have been hacked and have leaked our information. Have I Been Pwned will also list the specific details that were leaked in that data breach – email address, physical addresses, passwords, gender, etc.
Haveibeenpwned is the best and even hough its american its hosted everymajor data breach (that they can get their hands on) and so still covers people in Australiain this regard
This data is leaked illegally and there is no way to remove it. The only option is to avoid providing people any details that might help them look up this information. That is primarily your email address, but could also be your mobile number if that is in the leak, or even your name, if your name is less common. You may even choose to change your email address you use, or have different email addresses for different spheres of your life. You may choose to use a different mobile number for more public activity.
2. Delete off Snoop Sites/Data Brokers
Search for yourself on DuckDuckGo and Google. Try doing this search in incognito mode. Try different versions of your name, with and with out your middle name and in quotation marks. You could set Google Alerts to send you emails when your name is published on the internet. This will give you a sense of how much data about you is available online to people who are not in your network.
After this initial search, have a look at all of the data broker sites that profit on trading in personal data. I also encourage you to remove your closest family members at the same time. This process can be arduous; these sites try to make it as difficult as possible to delete information about yourself. There are some things you can’t remove yourself from—for example, if you recently registered to vote and still live at that address. (This is another reason some people choose not to vote.)
The most trafficked host sites include: Been-verified, CheckPeople, Instant Checkmate, Intelius, PeekYou, PeopleFinders, PeopleSmart, Pipl, PrivateEye, PublicRecords360, Radaris, Spokeo, USA People Search, TruthFinder.com, Nuwber, and FamilyTreeNow. I recommend starting by searching yourself on OneRep using the free version of their service—it will show you what sites have your information. Then use that information on this website, which has a guide for opting out of virtually every data broker. If you have more money than time, you can pay OneRep or Just Delete Me to have your information removed, but I usually only recommend this service if you have already been doxxed. (these are all US based sites, need an AUS based one)
Its hard to know how effective these tools are and many will hide paywall down the line. Heres three that may be worth checking out. The only ones im more familiar with are pipl, peekyou and spokeo which youve alaedy got covered.
Data removal site kanary.com offers a 14-day free trial no credit card required that will pull results (that you can manually remove if you don’t want to pay).
Same with Optery.com, Optery will search for whatever info you feed it and you can manually remove some of the results it pulls.
3. Delete Old Accounts
When you search yourself in a online search engine, you may also find old accounts. It can be good to do a reverse search using all of the old user names and screen names you can remember. Accounts you have not used in a long time can make you vulnerable because if they are using an older password, they can try that account’s technical support to get more data about you that they can try to use for other accounts. Download any material of sentimental value to you and permanently close all the accounts you no longer use. These can be full of clues about your life.
First, go to this website (https://namechk.com/), which searches over hundreds of platforms for specific usernames, and search all the possible usernames and emails you have used. This will tell you what platforms have accounts using that handle.
Second, go here (https://backgroundchecks.org/justdeleteme/) and type in the website domain. This website archives a huge array of existing websites, categorizes how easy or difficult they make it to delete an account, and provides the link to the “delete profile” page for each respective site.
Haveibeenpwned.com will help you find out if there are any data breaches involving any accounts you hold. If there are, take immediate action to change passwords.
Noting that the ABN register is public access and many people have them. Usually present is just the trading name but smoetimes additional information can be linked. Folk can check at: https://abr.business.gov.au/. You cant delete any of this information, but it can be important to know whatss out there as youve mentioned above.
4. Change Usernames, Email Addresses, and Passwords
The easiest way for someone to find more information about you is to search your name, aliases, and usernames. To keep your spheres of internet activity separate, always use a new username when you create an account. If you have a professional website for work and must use you legal name, make sure the email you use for that account is used solely for that purpose. You may have to have a handful of email accounts and usernames. I have one for all of my medical and governmental accounts, one for my online shopping, one for my political life, and one for my social media, another for dating sites, and so on. I use aliases and false information for all the websites that represent me or display photos of me.
A password manager is a great help for this, as it will store logins for all of your accounts. It might be tempting to leave yourself permanently signed in, but always make sure to sign out when you are done using it. First, so you don’t forget the master password—and also to ensure that even if someone manages to gain access to your phone or computer, they can’t access all your personal data. Take this time to create new emails and change usernames for all of the accounts you aren’t going to delete. You can easily create new emails using Protonmail. Both 1Password and Keeper can help generate random string passwords, which are the most secure.
5. Curate What Is Available and Change Your Privacy Settings
Once you have eliminated all your loose ends, take a look at what you chose to retain and what can be found there. If you keep any social media accounts, go through your profile and note what people can find out about you. You can choose from a range of strategies regarding how to approach this, depending on how cautious you want to be and how certain are that it is possible to keep your different spheres of internet activity distinct.
Some of your options include:
- Deleting all photos of yourself, your pets, your car, your mailbox, tattoos, and anything else that includes unnecessary identifying information—especially your public profile picture.
- Eliminating or falsifying any personal details in your profile—give an inaccurate birthday or no birthday at all, choose random answers for your hometown, schools you have attended, and other information.
- Deleting questionable followers and friends. If you change all of your social media settings to private and you feel confident about your followers list, there may be less reason to hide your face. I still recommend keeping details about your location and intimate personal life offline. Remember, you are only as safe as the most open person in your life. If you choose to be more public, keep your friends and family separate, do not post pictures of them or their personal information without their informed consent, and remember that social connections are visible through social networking and data collection websites.
6. Become a silent elector
In Australia you can and should remove your public voting information. In so called Aus, you need to provide a reason that you want to remove your name from public voter records – as long as that is deemed a legitimate reason.
An example for a reason: I do advocacy work and I’m afraid of my data being compromised and used against me by hackers.
The electoral role is a public list of names and addresses. If you vote you will have seen the large book of names and addresses, where they look up your details before handing you the voting forms. Anyone who is at risk of doxxing should become a silent elector. Also anyone who lives at the same address and could plausibly be connected with you should become a silent voter – your partner, your parent, your child etc. This will mean that your name will still appear in this list, but not your address.
You can go to the Australian Electoral Commission website and apply to be a silent elector. Just go here to begin the process* –
* This was current at time of publishing. If link does not work, simply go to the https://aec.gov.au and look up – “Silent Elector”
You will need to provide a stat dec stating the reason that you want to become a silent elector – outline the risks that you face clearly and the fear of doxing.
Once you become a silent voter, you may receive follow up letters asking if you want to remain a silent elector. Make sure you always respond to these otherwise you may be put back on the regular electoral role.
- If You Have Been Doxxed
We do not recommend approaching the police when you are doxxed (or ever). The police may use the information you give them about the harassers, but they will also use the information they get about you and other individuals and groups you may have been publicly associated with. Once that is on file, it’s permanently in their hands, and there’s no guarantee they won’t use it to target you or others with state repression.
If you chose to involve the police, please be transparent and do not ask any radical groups to support you. Be sure to inform any groups that you are connected with of your decision. Usually, the police will do nothing or make the situation much worse. The idea of thiis guide is to provide you with alternatives based in community support and empowerment.
Should I Go Public?
Short answer: Do not immediately react publicly. Take time to secure yourself and alert your networks privately before reacting publicly.
Your first impulse may be to alert as many people as you can immediately with a public announcement or to shut everything down. Going public in this way can provide you with immediate support if you have a sympathetic audience, but it carries the risk of increased aggression from harassers. There are good arguments for being cautious with information at the beginning. The most important thing to do first is to take steps to protect yourself and your networks against further harm.
Posting on a social media account confirming your doxx immediately confirms that the information about you is accurate; it also indicates that you have seen where it was posted and suggests that you are terrified. This furthers the goals of your harassers. They want to intimidate and isolate you. Do not confirm or deny any of the information they have dug up about you, regardless of whether it is false or embarrassing.
Sometimes, one of the most effective initial public responses is no response at all—don’t make any major changes to your posting habits or show any fear. This can send the message that your doxxer missed the mark, and that the attack was a failure.
After you have had time to process your feelings and secure your position, it may be strategic to go public and perhaps to band together with other people who are in a similar situation.
When making public statements, make a positive statement asserting your ethics and beliefs, describing how your identity or your ideals have made you a target but maintaining that while these campaigns of harassment are intended to make you cower, you will not do so, because you have no reason to hide your politics. Avoid talking about specific actions or groups, whether or not you are involved with them.
Immediately after Being Doxxed
- Don’t panic. Call a close friend to come over and help.
- Create an incident log and keep records for both online and offline provocations.
- Alert your friends, family, and sensitive political networks privately. Task a few friends that you trust to help report social media and blog posts that doxx you, identifying them as harassment. Do so repeatedly. Some platforms lack policies that will protect you. Sometimes doxxers will make imposter accounts. It is usually easier to report these as fakes; try to do so quickly in order to prevent them from obtaining more information from your networks by posing as you.
- Set up a safety plan. Recruit friends and family to support you. Let them know what is going on; doxxing can be traumatic and you need to prioritize your mental and physical health so that you can work through these attacks.
5. If your home address is included in the doxx, find somewhere new you can stay if you are able. If you can’t leave your home, invite friends or a local security group to stay with you. Make a “go bag” with everything you will need if you have to pack up and go with little notice.
Evaluating Threats
If you don’t feel you are at any great risk, you may feel fine dismissing it as a cheap intimidation tactic, blocking and reporting the harasser, and moving on. It may just be a matter of someone trying to get a rise out of you. However, if your doxx includes sensitive personal information, especially details that are not easy to obtain with simple detective work, or it appears in a public forum where people distribute information in hopes that others will act on it, you may want to take further precautions. This is especially true if you are already part of a targeted group or demographic.
When you learn that you have been doxxed, it’s important to establish which information could translate into credible threats. Often, doxxing is a precursor to more intrusive offline harassment, or is connected with threats to act on the information. This could be anything from threatening phone calls to family or workplaces to pointed death threats.
It is sometimes difficult to determine what makes a threat “credible.” The most common tactic of ordinary doxxers is to send creepy or intimidating messages wherever they think they can reach you—social media, email, and to family members, and the like. They will often imply that they have more information than they really do; it’s common for them to say that they have provided this information to local law enforcement. Their goal is to intimidate you out of acting; often, whatever information they post publically is all that they have.
Your employer may receive calls demanding that they fire you. Thus far, it is rare that the targets of doxxing have been physically attacked, but it has happened, and it is possible that those who doxx you may make efforts to get your information into the hands of people who are not acting rationally or ethically. It is important to be cautious, but don’t panic or immerse yourself in anxiety.
Ask yourself:
- Is the information accurate? Do they have your home, work, or family address? Do they know places you hang out? Who you are friends with?
- Are you at risk of losing your job if they find out any of this information about you?
- Do you know where the harassers live? Are they close to your physical community or just online trolls on a decentralized forum? Do you have reason to believe law enforcement will be interested in this information? Is the information being shared from local right-wing news sources, putting your face in front of a multitude of hostile strangers who now have your information?
- Do they have embarrassing or private photos of you?
- Is there information tying you to criminal activity that could get you arrested?
Solutions
Here are some things you can do in response to the dangers that can arise from being doxxed:
- Create a self-defense plan, sign up for self-defense classes, contact a local community defense group.
- Inform the people and groups that are named in the doxx—workplace, comrades, roommates, family.
- Talk through your fears with people you trust.
- Contact people who have been through this before for advice.
- Arrange to have a lawyer available if you are worried that the information about you may be of interest to state actors.
- Connect with a local anti-fascist group—they may be able to help identify the doxxers, if the latter are posting from fake account.
Living Your Life, Moving Forward
Take a deep breath. Do not blame yourself. Emotionally this can be deeply disturbing and disruptive, adding a layer of acute stress to your life. Sometimes information from doxxes becomes a permanent part of the internet if you name is googled; this can affect your job prospects. Sometimes nothing comes from the attention—but there is always the possibility that someone will try to pick up where the last doxxer left off.
Here are some of the measures you might choose to employ:
- Do not let anyone photograph you unless you trust them to handle the images the way you need them to.
- Install trail cameras at your house.
- Keep logs of all harassment you experience.
- If you move, do not update your address. Try to hold on to your old driver’s license or ID and receive mail at a post office box. Consider when to use a real address and when to use a fake one or omit your address altogether when you sign up for things online or in person.
- Use pseudonyms online and in person if need be. Don’t use the same one over and over.
- When you go to actions, especially if you don’t mask up, be aware what groups, places, or individuals could be implicated by being seen or photographed in your vicinity.
- Invest time in self-defense classes.
- See a therapist to work through any trauma you have experienced.
- Help your friends and family understand the importance of online security.
- Have frank conversations with people outside your circles of political affinity. You may be surprised at how much empathy they express.
No matter how hard the people targeting you try make you feel isolated, you are not in this alone. As a community, we must protect each other and our online networks from harassment, imprisonment, political violence, and intimidation. Together, we can do this.
New content to be added into section above with the 1-10. This is lengthy and maybe for formatting sake, some of the key things could be included in document and more “extra” information could be added at the end of document as ‘further reading’ or whatever.
Password/passphase security
Use a password/passphrase generator to create a strong, secure high entropy, yet memorable passwords/passphrase
- Create passwords/passphrase by using a password/passphrase generator. E.g. KeePass or Bitwarden
- KeepPass app for phone is KeePassDX (can download app on fdroid or from insecure pre-installed app stores such as Apple App Store or Google Play Store) or go to https://keepassxc.org to download KeePassXCC the computer program
- Bitwarden password generator online – https://Bitwarden.com/password-generator/ Bitwarden app for phone is downloadable in Aurora Store (or the insecure pre-installed app stores)
- Longer password/passphrase the better. For passphrases, minimum of 6 or 7 words is best. For characters, at least 14-16 characters long.
- Use a wordlist, or dictornary and a dice to randomly select words
- For phone and tablets: a password that uses phone’s normal keyboard (QWERTY keyboard – which you would also be using when typing out messages)
- Use a password manager to store all your secure passwords/passphrases (see passwords manager section below). See KeePass and Bitwarden above
Tips for using a new passphrase. Memorise it. Write a physical note of a new passphrase, and keep it until passphrase has been memorised. Once memorised, destroy written note. (However, do not keep written note for an extended period of time!!).
- How to destroy a note? Burn it. Eat it. Rip into tiny pieces, put in water, then compost it. Do not just put in bin!
What makes a password secure?
- High entrophy (make it chaos) the less organised and logical your password is, the more secure it is. When coming up with passwords, it is important to remember that your brain is full of associations that are easily decoded if law enforcements agencies are trying to hack a password. A longer, more complicated and randomised passwords take more effort to crack. THat being said, you also need to be able to remember the password. Passphrases are easier to remember as a staring of random words together is easier to remember that a string of random characters.
Password managers – what are they and why use them?
- Password managers are encrypted online or offline databases that you can save all your log in and account details in one place. This database is accessible by entering one secure passphrase. It means you can you have a secure password/passphrase for every acount, but only need to remember one secure passphrase to access the database of your passwords
- KeePass (see above) – can save your password database file on a securely encrypted USB stick
- Bitwarden
- Create own database on an encrypted document and save on a securely encrypted USB
- This is much more secure than having ONE secure password/passphrase for ALL your accounts
Rationale for using secure passwords?
- Phones and tablets: unlocking your phone with anything other than a secure password poses security risks. Using fingerprint or Face ID means cops or other enemies can easily unlock your phone, access (secure) chats, photos, documents, save login data, contacts, etc. Though unlock patterns are an improvement, smudges on your unlock pattern are often visible on your phone screen. In some cases this also applies to PIN numbers to unlock phones. Not leaving any clear traces on your screen.
Apps
Encrypted messaging
Signal – end-to-end encrypted messaging
Signal setting modification for Apple (iOS) and Android
- Name: iOS and Android: change name to an alias (different to the name/alias/nickname you use verbally)
- Account settings
- iOS: Turn on registration lock and set a PIN
- Android: registration lock on AND PIN reminders on
- Chats
- iOS: Turn off “shafts contacts with iOS”
- IOS: Turn off “use system contact photos
- Android: all settings off
- Notification
- iOS: change notification content to “no name or content”
- Android: notification on but under “show” set “no name or message”
- Privacy
- iOS and Android: Set automatically disappearing messages to a time that seems appropriate for you
- App security
- iOS: Hide screen in app switcher
- iOS and Android: Turn on screen lock
- iOS and Android: Turn on screen lock timeout and set to time that seems appropriate for you
- iOS: Turn of “show calls in recent”
- Android: turn on screen security
- Android: turn on incognito keyboard
- Data use
- iOS and Android: Turn of auto-download files
VPN and TOR
- Use a VPN = anymouses your IP address
- Which VPN?
- Daily use – ProtonVPN free. Paid version gives option to go through TOR or multiple VPNs. Paid version does not go through the USA.
- Mallard – Sweden (possible to pay with cash through mail)
- Avoid 5-9-14 eyes countries.
- 5 eyes – USA, United Kingdom, Australia, New Zealand
- 9 eyes – Denmark, France, Netherlands, Norway
- 14 eyes – Belgium, Germany, Italy, Sweden, Spain
- TOR = uses 3 layers of encryption. Encrypt –> send to node (takes of one layer) –> send to another node (takes of another layer) –> decrypts for data being searched
- TOR randomly connects to nodes. 1st and 3rd node could be connected to law enforcements through state controlled nodes (see 5-9-14 Eyes)
- TOR does NOT hide your netwrk
- Add VPN to hide use of TOR
- Think about what VPN being used – VPN server can possibly save information that TOR is being used
- VPN will try to anoymanyse whose looking, where TOR will try to cover what you are looking at
Encrypted emails
- Protonmail is encrypted by default and a good one to use. It is based in Switzerland (which has better privacy log)
- Rise up
- Tutamail
Browser and search engines
- Settings: force https
- Http = not good (identity of device is accessible)
- Https = good (secure)
- For using the internet, use Brave or Firefox browsers
- Https://brave.com/
- For search engines: Duckduckgo
- Https://DuckDuckGo.com/
MORE RESOURCES
Might be good to include a link to wht should go in a go bag (documents, medication, clothes relevant to the weather, some cash etc)
Anti-Doxxing Guide for Activists Facing Attacks
Doxcare: Prevention and Aftercare for Those Targeted by Doxxing and Political Harassment
We Are Being Doxxed: A Zine
Big Ass Data Broker Opt-Out List
https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List & https://archive.is/jSx6c
Data Removal Workbook
Whatever You Do, Don’t Talk to the Police
Security Culture
Mobile phone security for activists and agigtators
OnlineSOS Doxxing Checklist
Preventing Doxxing
So you’ve been doxxed, a guide to best practices
Protecting against Pegasus:
on Apple and Android