Geek Feminism Wiki
Don't have an account?
Register
Register

Changes: Mitigating internet trollstorms

Back to page
Sign in to edit
(phone stuff)
Line 18: Line 18:
 
* Remove expired or compromised payment methods from accounts.
  
* Remove expired or compromised payment methods from accounts.
 
* Verify your account recovery information on important accounts, and (if possible) remove any where the answer has been leaked or otherwise findable.
  
* Verify your account recovery information on important accounts, and (if possible) remove any where the answer has been leaked or otherwise findable.
  +
* Ensure that you have a PIN set for your mobile phone provider. There is often one required for voicemail, and a separate one for when you call or visit to make changes to your account. See [http://www.att.com/esupport/article.jsp?sid=KB116259&cv=820#fbid=VMJS9UfY5xw this AT&T support page] for an example of the latter.
 
* Advise important parties (family, close friends, hosting providers, possibly your employer) what is happening and that they should verify any unusual inquiries with you.
  
* Advise important parties (family, close friends, hosting providers, possibly your employer) what is happening and that they should verify any unusual inquiries with you.
   

Revision as of 20:21, 29 August 2014

Being the target of mass online and offline harassment, whether because of sexism, racism, or other issues, can be overwhelming and devastating. This document intends to provide actionable guidance for people who are being attacked or who are concerned about being attacked in the future, and includes both information security, physical security, and self-care advice drawn from the experiences of the Geek Feminism community.

Security update checklist

Should you become the target of an internet trollstorm, here are some immediate steps you can take to mitigate the damage:

  • Change important passwords, using a unique one for each site. Write them down or use a password manager (see below for more on this)
    • Email eg Gmail
    • Facebook
    • Twitter
    • Tumblr
    • Your domain registrar & hosting provider
    • Amazon & eBay
    • Banking
  • If you use Gmail, review the "Last account activity" details; this page can be found below your email inbox.
  • Go into security settings and verify which 3rd party apps you've granted access to. Remove unnecessary 3rd party access.
  • Check what email address you have as a "reset" account or backup account.
  • For services which allow posting-via-email such as Tumblr and Pinboard, have them generate a new email.
  • Remove expired or compromised payment methods from accounts.
  • Verify your account recovery information on important accounts, and (if possible) remove any where the answer has been leaked or otherwise findable.
  • Ensure that you have a PIN set for your mobile phone provider. There is often one required for voicemail, and a separate one for when you call or visit to make changes to your account. See this AT&T support page for an example of the latter.
  • Advise important parties (family, close friends, hosting providers, possibly your employer) what is happening and that they should verify any unusual inquiries with you.

Information Security Practices

Passwords and authentication

  • Use a password manager such as 1Password, KeePass, LastPass or Password Safe.
  • Use different and complex password for each site.  Never re-use the same password on different sites. Your password manager can generate a good password for you.
  • When updating your passwords, check the email address on each account. Since attackers can send password resets to the address on file, you should be sure every site has your most up-to-date and secure email address. If you have both a personal domain address and a GMail or Yahoo or other corporate address, consider the corporate one more secure.
  • Set up two factor authentication on any service that supports it, especially Gmail if your password reset emails are sent to that address. twofactorauth.org is a comprehensive list of which services support two factor authentication.

General Security

  • Don’t open strange attachments or click on strange links.  If this is not feasible, do so within a virtual machine or using Google Docs Viewer until the storm has blown over.
  • Go over your browser privacy settings. Chris Palmer from the Chrome Security Team has an excellent guide on how to do this for Chrome . [someone add guides for Firefox, Safari, and IE please?]
  • Disable Java in your browser (you should do this anyway). If you don't know how to do this, just uninstall it.
  • Adobe Flash is a common vector for attacks and compromises. Use an extension like FlashBlock (Firefox , Chrome ) to allow it on a per-site basis
  • Consider making offline backups of your blog/passwords/photos in case of compromise (backing up your blog is generally easy)
  • If you own your own domain, use domain privacy if your registrar permits it. Keep in mind that domain records are archived by various sources and existing information will persist.
  • Use a PO Box or business address instead of your home address when signing up for services that require a mailing address (often required for services that send mass email because of the CAN-SPAM Act).
  • Request that your personal information be removed from "people search" sites. You can often find these by googling for variations on your name and keywords like "address" or "phone number."
  • Consider changing your wifi password.

Physical Security

Some options to tighten up your physical security include:

  • Security cameras at entrances at to your house, particularly if you live in a house rather than an apartment building.
  • Door chain, bar latch, or deadbolt that can't be picked or opened from outside.

Recordkeeping and troll-tracking

  • Set up a Google Doc or other shared file with your trusted readers/collaborators
  • Collect IP addresses and screen names of trolls/harassers
  • Collectively block those people from your social media accounts
  • Note dangerous or particularly egregious harassers and potentially identify and out them
  • Liz Henry has a great article on how to do this

Mental health and self-care

  • Ask someone you trust (but possibly not someone SUPER close to you, think friend-of-a-friend who isn’t in your industry) to take over mod duties on your Twitter/FB/blog for n days/weeks. They’ll send you whatever comments or @s require a response, everything else gets trashed ( or saved in a separate file) without you having to see it. Consider setting your Twitter notifications to "People you follow." Friends can monitor the @s you receive from strangers by searching for [to:your_screen_name].
  • Set up a "safe list" of important personal contacts whose communications you'll want to see.
  • Remind yourself that progress is a choir, not a solo ; you don’t have to pay attention to all jerkfaces and answer all questions all the time forever and ever. Let other people sing, get some sleep.
  • No really, get some sleep. Also don’t stop showering (even if you work from home, even if it seems really difficult). Same with food -- your brain needs food so it can feel better.
  • Seek out media that can comfort you in a tough time -- favorite shows, books, movies, music.
  • Ask your friends on the net and locally for emotional and practical support. Have someone come over, go to a friend’s house, do something outdoors non-internet related.
  • Talk to someone else who has experienced the same kind of harassment.
  • In extreme cases it might be a good idea to just go on vacation and not look.

Resources for friends and family of people facing online harassment

Further reading

Community content is available under CC-BY-SA unless otherwise noted.
More Fandoms