Fortifying the Castle: Reinforce your Data and Privacy on the Internet

HBO Game of Thrones Screenshot

There are a multitude of reasons why digital privacy is of great concern these days. The persistent threat of leaked database information, IoT devices being used for spying and targeted marketing purposes, and your phone tracking you wherever you go to spam you with invasive suggestions and ads. Moreover, the use of private data for stalking and revenge porn purposes is an increasingly critical issue for many women and men alike. Working with victims of privacy crimes like cyberstalking I have witnessed how extremely important it can be to perform basic intelligence gathering on yourself and set up a system of digital privacy to protect your information. Here I have listed steps that you can take to begin to secure your identity not only virtually but also for real-world physical protection.

Disclaimer: If you are in a dangerous situation I urge you to seek help either through Law Enforcement, a Domestic Violence Hotline, or a nonprofit like Operation Safe Escape.

Step 1: Recon

To get started it is good practice to do some recon on your digital footprint. Perform both a Google and Bing search of your name, address, phone number, email address, and usernames. Be sure to copy/paste the URLs that show up with your information into Notepad, you will need this later.

Most likely you will find that your information immediately pops up in various listing sites like Whitepages.com. Your address might pull up a Zillow listing showing the interior of your house, or maybe your Social Media profiles are the first thing you see. Now, make a list of all the places you have accounts, this includes shopping, social media, games, etc. Make sure to note all of your findings as we proceed to the next stage.

Step 2: Securing your Accounts

Now we will use the list of accounts you created in the last step to begin to secure your identity. If you choose not to delete your social media accounts (recommended) be sure to review your privacy settings for all of them. This includes setting them to private, turning off sharing, monitoring commenters. Please note it is much harder to protect yourself if you use social media.

It is important here that I mention using a Password Manager. A password manager like Last Pass will not only store all of your passwords safely but it will create a unique and random password for you to use. Be sure when you set up the password manager account that you provide information for reset. Because of the levels of security, the companies will not be able to reset your password and you will lose all of your stored passwords.

Now that you have a password manager set up, as you delete or tighten security on your accounts you can generate a new unique password. Another important tip is to make sure to set Two-Factor Authentication when possible. You can use an app such as Authy, which usually requires a pin to be sent via SMS to your phone, or a fingerprint scan, as well as a password. The rule is “something you are, something you know, and something you have.”

Step 3: Check Your Credit History

Checking your credit history is very important if you are already in a situation where you have been compromised, however, it is a good step for anyone trying to secure their identity. You can order your free yearly credit report and scan for any unusual activity. If you notice cards or accounts opened in your name, be sure to contact the credit agencies and ask them to freeze the accounts immediately.

Step 4: Removal Requests

Requesting that your information be removed from listing sites is an exhausting yet necessary task in order to protect your location and identity. To assist with this step I highly recommend using Michael Bazzell’s Extreme Privacy Workbook. This free workbook is a very thorough collection of websites to request removal from, along with the removal link and instructions on how to request removal. It even gives you a spot to document the date, response, and verification of data removal. Bazzell’s workbook also has a section on Credit freezing that would be helpful for the previous step.

Screenshot from Michael Bazzell’s Extreme Privacy Workbook

Step 5: Reset and Prevention

Finally, I recommend that you reset both your phone and router to factory settings. If you have trouble with this please contact the specific manufacturer for details.

Preventative Tips:

  • Turn off Location Services. Turning off location services will prevent your phone from being tracked. If you are trying to escape a perilous situation, consider purchasing a “burner” phone and leaving your reset phone behind. If your phone has not been reset it could potentially be tracked by “Find my Phone” apps.
  • Address Confidentiality Program. Many states offer an Address Confidentiality Program to protect victims of stalking or violence. This service allows you to use a state address which is then forwarded confidentially to you. Each state has its own laws surrounding ACP and you cant contact them via the link above or through most victim assistance programs to get assistance with filing.

These programs give victims a legal substitute address (usually a post office box) to use in place of their physical address; this address can be used whenever an address is required by public agencies. First class mail sent to the substitute address is forwarded to the victim’s actual address.

  • Set up a VPN. A Virtual Private Network or VPN is a service you sign up for online for a small monthly fee. VPNs secure your internet connection and provide anonymity by assigning a temporary IP address and masking your real IP address. There are many VPN providers available through a quick Google search and they are generally set up with a username and password (don’t forget to use your password manager to generate a unique password!). Free VPN services do exist however I do not recommend using a free VPN. Free VPNs are less reliable and known to track and sell your data to third parties.
  • Stop Spam and Tracking with MySudo. Use the Mysudo app to limit the amount of data you share online while shopping, browsing, or hanging out. There is a free and paid version (.99 mo) for this app and unfortunately, at the moment they only have an Apple app (Android app is in development). MySudo cuts the link between you and potential exposure and spam by providing a Sudo email and phone number.
Screenshot from MySudo.com
  • Use Signal for end-to-end encryption on texts and calls. Signal is a free app available on Apple, Android, and Desktop that encrypts your text and calls for both the sender and receiver. No one will be able to read your messages, not even Signal. Consider adding this app to your child’s phone to discourage the use of alternative social media messaging like Facebook Messenger.
Screenshot from Signal.org
  • Use + addresses to monitor email accounts. Gmail will ignore everything in an email address typed after a + sign. For instance, if my email was FakeEmail@gmail.com emails sent to FakeEmail+social@gmail.com and FakeEmail+shopping@gmail.com will both be delivered! This trick allows you to sign up for services using a specific email so that you can organize emails and monitor whether your info is being sold to a third-party. If I signed up for Facebook with FakeEmail+social@gmail.com and then began to receive spam to that address I would know my information has been sold.

While the steps above are a great starting point for protecting your data and securing your identity, they are just that, a starting point. If you would like more information on the topic I highly recommend checking out my personal favorites: Michael Bazzell’s book Hiding From the Internet and Privacy & Security. Bazzell also has a great security podcast and an upcoming book called Extreme Privacy. If you are a victim of abuse and need help erasing your digital footprint, please contact Victims Assistance or Operation Safe Escape.

Previous
Previous

A Beginner’s Guide to OSINT Investigation with Maltego

Next
Next

Security for Humanity: Using Open Source Intelligence for Good