Anti-harassment resource guide: preparations and responses

It is an unfortunate fact that due to stigma and widespread misunderstanding about child sexual abuse and its prevention, those who advocate for evidence-based approaches in this field are often targets for harassment and abuse.

This is a simple resource page to prevent and respond to such harassment. It is divided into three categories: Privacy and security basics, preparations if you expect to be harassed, and responses to active harassment. The first two sections are aimed at prevention. You may have heard the old adage that an ounce of prevention is worth a pound of cure, and with harassment, this is especially true. You want to protect yourself in the first place as much as possible. 

For the first part, privacy and security basics, you do not need to be too tech literate in order to understand the basics. You simply need to be aware of some easy principles.

For the second part, preparations, there are a number of different concepts to apply. They basically boil down to minimizing the footprint you have on the internet, such as on social media and how much of your personal information is available. 

For the final part, the assumption is that people are already harassing you in some medium, whether that is on social media or some other format.

Privacy and Security Basics

The basics of privacy and security are relatively easy to understand. 

The first principle to understand with privacy is email. Email is a fantastic tool that almost everyone uses. However, email as a tool itself is flawed in terms of both privacy and security. Most mainstream email providers are not private or secure, especially if they are free. This means discussing two categories: Email clients, the software you use for accessing email, and email providers, the actual infrastructure used to send and receive emails. You want to transition to using more secure clients and providers for your most sensitive communications. The same idea applies to text messaging: Use Signal. It is easy to setup, free, and encrypts your messages for you. 

The next principle is to be careful with web browsing. This simply means visiting websites using applications like Chrome, Firefox, Internet Explorer, Safari, etc. This resource is a pretty basic introduction to that idea. For an exhaustive resource of privacy tools you can use, visit this page. Essentially, if you do not know where a web link goes or you do not recognize the site, avoid it. Be careful what you click, because you could be installing malicious software on your computer. We will return to web browsing, email, and text messages in the security section.

Beyond that, we get into more advanced topics that for the average user may be a little complicated. We have encrypted DNS, which helps protect your web browsing from being surveilled by a malicious third party. There are many good guides and tools to finding and setting up encrypted DNS solutions. Searching ‘encrypted DNS providers’ can help. 

There is also a VPN, or a virtual private network. Some consider VPN’s to be the gold standard in protecting your online privacy. However, VPN’s have limitations. For a basic introduction to those limitations, see the note on this resource. Using a VPN is still a good idea under some circumstances, like using a wifi network that is not protected by a password, such as in a coffee shop, restaurant, or airport. 

Now, a quick note about social media. This includes Tiktok, Facebook, YouTube, Twitter, Instagram, and many other social networking sites. Check your settings carefully. Only share information you are willing to have associated with whatever identity you are using for that social media provider, and if you use that identity anywhere else, ensure that you do not share things that can be connected directly to you. Do not share your geographic location, your address, your phone number, etc. Set accounts to private or ensure each time that you log in, you are using a tool that involves putting information in public. That information is within your control, nobody else’s. You can provide real information or fake information. But know that it can and may be used against you. 

There are also a variety of search sites that compile public information for incredibly easy access to someone’s phone number, email, or address. There are two approaches to these sites, called data broker sites. One approach, if you have lots of time on your hands, is to periodically check these sites to make sure that your information isn’t on there. This is a great tool that walks you through that. However, once you ensure its removal, it can be added again at a later date through their automatic processes. Another approach, which is more reliable, is to use a service to do that for you. DeleteMe is one such service, and is reasonably priced, but there are others out there. This is also a good guide on the subject of doxxing.

Security

Thus far, this guide has focused on privacy. Security, a related but vital concept, is about making it as difficult as possible for a malicious attacker to get access to data, accounts, or account information they can use against you. 

The first and possibly the most important rule of both is to have strong passwords that are unique to each account. You can achieve this via an app called a password manager. There are several different password managers you can use, including KeePass, Spectre, LessPass, and Bitwarden. You want to do this because the very first thing a malicious attacker will do if they are able to access one of your accounts is try that same password on other popular sites. If they get your email password, for example, and you use that email password on your banking information, now that person has access to your bank account. Not good.

Using a password manager is great, but in today’s environment, you really do need to go one step further and use multifactor authentication for your accounts whenever it is possible to do so. Many banking websites and tech giants like Apple, Google, and Microsoft have multifactor authentication as an account option. You can usually access this option by going to your account settings and finding the security settings. It is generally a good idea to select a good two-factor authentication app. Aegis, Raivo OTP, andOTP, Google Authenticator, and Tofu are good options. Another item to add here if you have a cell service provider like Verizon, T-Mobile, etc is to find out how to prevent porting

It should not need to be said, but if you ever hear anyone telling you to write down a password and keep it somewhere safe, know that this person is stupid and not worth listening to. Writing down passwords is an incredible risk. Don’t do it, and if you do, start using a password manager and start eliminating the written passwords. 

One final note on the topic of passwords is your home internet connection. You probably use a modem to convert the signal from the telephone or cable line into internet in the form of an ethernet cable, and a router to convert that signal to a wireless network. Your modem may be a modem and a router. In any case, your router or modem/router has a password on it. If you have never gone into your router’s settings via a web browser or changed the default setup, this is a big risk. Malicious attackers know these default setups and can use them. You need to change these defaults, and doing so will be specific to the devices you have. Search ‘how to change [provider] router settings’. You can usually find the model of the device on the same sticker where these defaults are located. 

Protecting your security in the digital age also involves using encryption. Encryption is an exhaustive topic if you are unfamiliar with it, and a great tool to understanding the basics of privacy and security as a whole is this resource

Another topic in security is about preventing malicious attacks. In today’s age, it is common to be exposed to a variety of different attacks. That email that looks like it’s from Amazon, saying your payment didn’t process, click this link to provide your financial information, or your bank saying your password needs to be reset, click here to provide your old password and create a new one. Only it isn’t your bank or Amazon, it’s a website someone setup to fool you into divulging that information. 

Question it. If you are in doubt, question it, question it, question it. Ask someone if you think it is malicious and do not click any links, attachments, or forward anything to anybody except maybe to the company’s abuse department. Doing so can cause a variety of harms. When in doubt, don’t do it. Call your bank from the number on your card. Go to https://www.amazon.com and check your order status.

Preparations 

On the subject of preparations, you want to know yourself as well as possible. Know what information you share and where. Know what online accounts you have, and know what is out there that can be attacked and exploited, and think ahead to how and why that information can be used. This is largely psychological: You want a plan in place, even multiple plans, to protect your safety and that of your friends and family if particular attacks take place. 

There is a limit to how much you can do in this area, especially if you have limited financial resources, limited time, or both. Depending on what kind of a malicious attacker you expect to be facing, you may not ever be able to completely subvert their attack. For example, even a well-prepared organization will not fare well against a malicious state attacker like a group of hackers sponsored by a foreign nation attempting to gain access to their systems. If you are targeted or expect to be targeted by the government of any country, there will be limits to what you can do.

Fortunately, most of us do not have to worry about that and the groups that wish to attack advocates and activists are generally other advocates and activists with relatively rudimentary skills by comparison. For these, you need to figure out the appropriate information security and operational security plan to address these attacks. 

These preparations are personal and based entirely on your specific situation. It is beyond the scope of this resource guide to attempt to address each specific situation. Searching “how to form and information security plan” and “how to form an operational security plan” are good starting points.

One extremely important preparation to take, however, is to talk with the important people in your life about the views you hold, why you hold them, and that your views may possibly make you a target. Tell your friends and family that you are passionate about this issue. That is the single biggest weapon a malicious attacker might use against you: Information that they figure other people don’t know to surprise them, surprise you, and use human nature against you. Don’t let them. Talk about things with the people you care about. You don’t even have to be direct about the exact topic.

Responding To Harassment: Don’t.

The title says it all. If you are being actively harassed, do not respond. This is difficult. It is unfair, it is mean, and you will feel angry at the people responsible. Channel that anger – you need it. Use that anger to consult with the authorities in your area. Write down how and where people are harassing you. Let them know you are being harassed, and take your notes with you. If you have social media accounts, set them to private or deactivate/delete them entirely. 

Do not respond or react to the people responsible. Ever. This is what they want. This is what feeds them into harassing you more. If you feel you might respond or react, reach out to a friend or family member and talk to them about the situation, and start by telling them that you need to make sure you do not respond and need to talk to them to get support. You don’t have to face this alone. 

Additional resources

Here are a variety of guides to responding to doxxing and harassment: