This guide is an incomplete, evolving project collecting some of the many guides and instructions available on how to handle digital security threats and general practices. The tools available and risks offered are constantly in flux and we encourage anyone with additional guides or information that might be of use or any questions not covered by this guide to email firstname.lastname@example.org
If you’re here because you’ve been doxxed or are worried you’re going to be, head to our section for the newly doxxed.
To start with, here are some ideas and frameworks that underly our broad approach to monitoring and minimizing online presence.
- Threat modeling. This is the basic principal of identifying what data you have and how it’s at risk. It can be a useful way of contextualizing exactly what the whole digital security process is for. Think about these aspects of yr digital :
- What information do you have that you want to protect
- Where is it stored
- Who is likely to want that data
- How likely are they to attempt to access it
- What are the paths they are likely to take in attacking
- What are the consequences for you and for others if they succeed.
- From the EFF: “Security is a process not a purchase”. Keep in mind that whatever tools we use are just that – tools, not solutions. Tools may help improve security and be more or less trusted and vetted but no tool is perfect. There is always potential for failure and, even more, the way that we use these tools can be flawed or careless and expose us to even greater risks through complacency.
- Everything we do online and with our devices is a balance between privacy, security, and utility. There is no zero-risk way of using and engaging with these things, but there are ways to harm mitigate and inform our decisions based on how much security we need vs how much utility we need in any given situation. The only true security is throwing your phone in the ocean but there are obvious flaws with that so these are alternatives.
- Engage securely even for things that you don’t feel need security. The more normalized secure communication practices and tools are, the less suspicious using them becomes and the less using them can be used as legal justification down the line. Also, even mundane communication and data can have hidden info that we’d prefer not get out.
- The classic approach for social media postings is to imagine them being read back to you in a courtroom. This is a fantastic base framework but in this particular moment in time, we would also include the question of whether you would want given information to be fodder for doxxers, stalkers, and internet fascists at large. There are benefits that social media gives, but engaging cautiously and with an understanding of the risks is ideal.
- Avoid linking together accounts unnecessarily through recovery emails, contact between “professional” account and off-the-grid ones, etc. Segmenting your life is inconvenient but can make a huge difference in stopping an adversary’s first step of knowing which account to attack in the first place.
- Delete old things! Being a data dragon and hoarding old emails, photos, accounts and contacts offers little in terms of daily utility and presents a huge risk that is basically never worth it.
Working through all of this information and shifting practices can be overwhelming. Looking at 5 or 6 hours of working to get to a starting point can be frustrating enough that instead of doing any of it, we just shut down. We recommend a daily or weekly practice of checking in on security – whether that’s continuing to shut down orphan accounts, checking to see if you’ve showed up in data scrapers, deleting old emails, or adding encryption and migrating to more secure tools, don’t feel like everything needs to be done at once. It would be wonderful if we all were starting from this locked-down secure starting point but almost none of us are so finding ways to get closer is what these tools are about. We approach digital security as part of a lifelong maintenance routine like any other regular chore to continually adapt to new threats and vulnerabilities and build towards a safer baseline across our communities.