Locking Down Your Digital Identity

Locking down your digital identity is not only for those who are being harassed – it’s good practice in general. However, if you find yourself being cyberstalked, harassed, or threatened with violence this information can be particularly important and timely. This list of tips is compiled from resources developed by Jon Jones and Jaym Gates and includes an estimate of the time involved so that you can budget accordingly.

1) Set up two-factor authentication on everything

What it is: If you log into a website, two-factor authentication works to ensure that you are who you say you are by requiring two sources of verification. This usually means it sends your phone a text message with a random, one-time-use code to type into the box as a secondary password. People almost always have their phones with them, so this is a simple, reasonable security precaution.

What it does: Makes it extremely difficult for anyone but you to log into your accounts.
How long it will take: 15 – 30 minutes, depending on how many accounts you have.
Will I ever have to do it again? No, but set it up when registering on new websites.

Go to this list and check for websites where you have accounts.


2) Use a password manager and use unique passwords

What it is: a piece of software that both creates and manages your strong passwords.

What it does: Creates impossible-to-break passwords for all your websites, and you only need to remember one.
How long it will take: 30 – 60 minutes, depending on how many accounts you have.
Will I ever have to do it again? No, but use your password manager to generate new passwords for you when registering on new websites.

Two good options: LastPass or for Mac\iOS users 1Password.

Also, disable your web browser from remembering passwords. It’s not safe. You can view all saved passwords in Chrome instantly in plain text if you have the password to the computer.

3) Lock down old Facebook posts and adjust your privacy settings

What it does: Locks down all your privacy settings in Facebook, and hides your old posts so people can’t dig through them.
How long it will take: 15 minutes.
Will I ever have to do it again? No, but it’s good to check every six months.

Lifehacker has an excellent, comprehensive guide on this topic.


4) Check the internet for your personal information and then clean up

What it does: Finds out what personal information on you is available online so you can take it down.
How long it will take: 15 to 30 minutes, possibly longer if you go through the manual removal request process.
Will I ever have to do it again? Yes, about every three months or so to be safe.

Search Pipl to get a you a sense of what information is associated with your name on the web.

Search Zaba to see what location/contact information is available for free about you.

Spokeo is a particularly powerful information aggregator. You have to go through and click on each instance to request a take-down, but they will process requests. However, if you submit a large number of take-down requests they may block further attempts. To manage this, start with most recent listings first, and move IPs if possible if they block the one you’re working from.


5) Delete old accounts

What it does: Delete your old, unused accounts.
How long it will take: 15 to 30 minutes, depending on how many accounts you have.
Will I ever have to do it again? No.

If you have any old accounts or profiles online that you’re no longer using, go in and delete them. Remove all your information first and overwrite it with fake information just in case, then delete it.

JustDelete.Me gives you site specific instructions for closing old accounts as well as information on the relative ease of removal.


6) Consider using pseduonyms

If you need to use social media and register for websites but don’t want to use your real name, try the Fake identity generator.

Tips that Cost Money

  1. If you have your own domain name(s) consider purchasing whois privacy guardWhat it does: Hides your home address and phone number from your website’s public records.
    How long it will take: 10 minutes.
    Will I ever have to do it again? No, but it’s a small yearly recurring fee to keep it.When you register a domain name, you generally use your real address. This is a problem, especially because swatting is becoming more popular. It’s incredibly easy to look up, and it’s also incredibly easy to secure it. Plug your url (and remove the parens) into the following address to how to see what information is available now: https://who.godaddy.com/whoisstd.aspx?domain=(yourdomain.com)
  2. Use a VPNWhat it does: Encrypts all of your communications online to keep you private and secure, and very easily.
    How long it will take: 15 minutes to read about it and sign up.
    Will I ever have to do it again? No, just use the VPN application whenever you’re online.A Virtual Private Network, or VPN, is a way to securely connect to websites online using encryption in a way that’s virtually impossible to eavesdrop on or track. There are a wide variety of companies that offer VPN service. It’s inexpensive ($3 to 5 a month), most of them are good, and it’s extremely easy to do.Here’s a guide to the best VPNs to choose: https://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/This is a simple, forget-it’s-there way of staying private and secure online all the time. You will only be safer for using it, and the only downside to using a VPN is that sometimes (not always) they are slightly slower than an unencrypted connection, since it’s routing your traffic anonymously through another server.
  3. You can use a service to have the internet regularly searched and your information removed. For $129\year you can use DeleteMe.

You may also want to look at Take Back the Tech’s Safety Toolkit, which offers device specific tips and the Safety-in-a-Box information is available in 16 languages.