We do not believe that leaving your information online means you deserve harassment, we simply wish to arm people who want to speak up with all the defensive tools available.
This guide is not an anti-government-surveillance document, as it only helps you make your information private and does not remove it.
This one should be easy, but it is the number one privacy failure we found when checking information of individuals who have previously been harassed.When you register a domain, you fill out contact information which by default is public. You can trivially check what information is public in any Linux/OSX terminal
whois example.com
If you don't have a machine which supports the whois command you can use one of the many online tools to check your the whois records.
If your personal information is available, we advise you to take one of the following actions:
- Purchase WhoisGuard for your domain from your registrar
- Purchase a domain by proxy plan and have them handle your domains
- Migrate to a registrar which provides free domain name privacy (namecheap gives it for free your first year)
Whois data isn't generally publicly cached, so once you fix this you should be good to go! It sometimes technically can be stored by certain services behind a paywall.
If your information is on your whois but out of date, put some of it through [reverse whois tools](http://www.expertusability.com/reverse-whois-search/). A matching phone number or email address can be used to find other domains registered with that information, and those records might be current. While most activists are very good about this, no guide would be complete without it!- Disabling web location and removing your old location data on Twitter
- Disabling mobile location on mobile devices
- Disable location services on iOS
- Unfortunately, due to the way android phones are made, the camera app is normally different for each manufacturer, and so you will have to look up directions specific to your phone's make.
- Twitter, Facebook and Tumblr remove sensitive photo EXIF data by default, but not all services do.
- If you'd like to see what EXIF information a site shows, take the URL of an image uploaded there and put it in this website.
- Flickr permits you to upload information with EXIF data. Consider disabling it when you post from sensitive locations.
- If you have an anonymous persona, strip all EXIF data from all photos you upload. A device ID can link your public and private personas.
- Imgur automatically strips all sensitive information, so when in doubt, they are safe and awesome!
You're encouraged to enable 2-factor authentication on everything, but prioritize accounts where password resets are sent.
Here is an amazing website with directions on how to do 2-factor auth on everything ever.
Check through your old accounts. Do you still own the old @hotmail.com where you registered your twitter handle 7 years ago? If you don't, somebody can register that name and take your password reset! Make sure your account recovery options go to a safe location. You can as many postmortem security reports you need to to get the picture: **this is the most common way somebody gets control of your online persona.** First they take the account where your main account (probably your gmail) goes to, they reset that password, then they login to your main account (probably your gmail) and the go to town. **Even if you don't put a 2-factor setup anywhere else, put it on the primary email where all your password resets go.** If your password resets go all over the place, pick one account, send all the password resets there, and turn on 2-factor there. Remember how you thought your terrible habits would never come back to bite you? If you're reading this, you are obviously reconsidering that stance.Convincing you to be an adult overnight is probably a lost cause, so install a password manager like KeePass or LastPass.
Whenever possible, set up and use ssh keys instead of passwords.
So you now have the internet's full attention. What precautions can you take to minimize damage? These measures are not for daily use as they are rather inconvenient, but more of a disaster response plan if, for example, your haters get out of hand enough to merit national television reports. You can place a freeze on your credit, thereby preventing people from taking out new debts or credit cards in your name. You will need to freeze your credit with each of the 3 major credit burearus: [Experian](http://www.experian.com/consumer/security_freeze.html), [Transunion](http://www.transunion.com/securityfreeze) and [Equifax](https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp) Please note: this is a pretty dramatic step. You should read about what it means to freeze your credit and consider the ramifications before doing it. You will also inconvenience yourself significantly if you'd like to take out any new loans or credit cards because you can't do that when you freeze your credit. Your phone, tablets, and computers generally have settings to remove all of your data using only an internet connection. You normally enable these things because you believe your posessions are more likely to be stolen than the internet is to come hunting for you. When that calculation changes, it is time to disable any settings which permit remote wipes. [Apple products are notoriously sensitive to this issue.](http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard) * If you own property, your address is a matter of public record. Sometimes you have to go to the office or call them to get it, but it can be legally obtained * If you are registered to vote, your contact information can be accessed by any Super-PAC in most states. Becoming one costs about $300 and the records cost $15 to obtain * Utility bills in your name, while they are not suppose to be something you can trace, often can be traced * Use a fake last name * Petition your government to make citizen privacy a priorityThis privacy guide is made by Katy Levinson and a privacy-concerned friend. It was debugged with love by Katy's coworkers at Crooked Tree Studios, Cliff Jolly and Chris Meyer.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, though we'd prefer that you just submit patches to this gist. If you want to give us money for this public service, give it to the EFF instead.