When pandemic stay-at-home orders took effect two years ago, Internet use skyrocketed worldwide. Millions of Americans suddenly relied on their phones and computers as lifelines to remote jobs, classes, now-distant family and friends, food and grocery deliveries, and a fire hose of news to understand the novel coronavirus.
While advocates have called for tech companies to do more to curb online abuse and protect vulnerable users, there are things people can do to safeguard themselves.
Here are expert tips for identifying your online risk, maintaining online boundaries, responding to threats and more.
1. Ensure you have good digital hygiene
It’s especially important that people take measures to protect themselves from potential online attacks, experts who study online abuse say. The most basic of these proactive measures is good digital hygiene — in other words, making it difficult for hackers to get into your online accounts.
“It’s important to know it can happen to anyone,” said Viktorya Vilk, program director of digital safety and free expression at Pen America, a nonprofit organization advocating for freedom of expression. “Future you will thank current you for whatever you can do proactively.”
The first step is simple: Use complex and unique passwords for every online account. It’s much easier to recover one compromised account than it is to have to address several simultaneously.
One of the easiest ways to keep track of your passwords is by using a password manager app. April Glaser, a fellow at Harvard University’s Shorenstein Center on Media, Politics and Public Policy, recommends 1Password and LastPass, both of which have free and premium versions. Each service generates unique passwords to secure accounts.
You should also check your privacy settings and enable two-factor authentication on every service that allows it. This requires users to have two ways of proving that they are indeed the owners of the accounts they’re attempting to access. For example, a user might need both a password and a one-time code sent via text message to log in with two-factor authentication.
These measures may seem simple, but preemptive damage control is critical, said Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, a digital rights nonprofit group.
“It’s best to do this in advance,” she said. “When you’re getting harassed, it’s a stressful time in which to batten down the hatches.”
2. Research yourself
It may seem strange, but it can be helpful to think about how you would troll yourself, experts say. That means discovering what information about you is publicly available. Google yourself, your phone number and your address to see what pops up. Is there personal information tied to you? Is it in places where you can request it be removed?
“Think like someone who’s trying to dox you,” Vilk said, referring to the practice of revealing a person’s real name, home address or other private information, published with the intention of inconveniencing, frightening or endangering them.
An easy way to track what new information may be surfacing about you online is to set up Google Alerts, Vilk said. The service notifies users via email every time Google’s web crawlers find new results mentioning specific words. In this case, you would want to set the keywords as your name.
But you may find your information is in places you wouldn’t expect. Data brokers scrape heaps of information from other sites to sell. Tracy Chou, founder and chief executive of the anti-harassment app Block Party, suggests services like DeleteMe, which costs $129 a year for one user and will regularly check data broker sites and delete the information they have on you. Kanary performs a similar service for $89.99 a year.
You can do it yourself for free, although it will take you a lot more time, Glaser said. She recommends manually searching each data broker site and making individual requests for removal. Vilk suggests you do it at least once a year, because brokers often repopulate their databases even after you’ve deleted your information.
3. Be cognizant about what you post
Experts agree that if you’re going to build an online presence, the best way to do it is by being authentic. But that doesn’t mean posting everything about yourself for the public to see.
“Be really thoughtful [about] what platform you’re using for what purpose,” Vilk said. “If you use Twitter almost exclusively professionally, you can have your Twitter setting be more public. But then … don’t publish private personal information.”
Double check what you’ve put on your social media profiles and personal websites, as well as which of those details are public. And if you’re posting pictures, be aware of what’s in the background. Is your address visible? Are you tagging your location? Is this a regular place where you can be found?
Glaser also said you may want to consider whether you identify who’s related to you on your social media accounts and posts. Facebook, for example, allows you to include family members and spouses in the “About Me” section of your profile. But linking people to you also gives trolls other people to target as a way of harassing you. The same is true if you choose to post or tag loved ones in public photos on social media.
“Your sister or your brother might get harassed, and that’s certainly not what you want,” Glaser said.
4. Protect your mental health
If you find yourself the target of harassment, it’s easy to panic. But experts advise victims to remember they have ways to fight back. And much of that includes steps to protect yourself from the mental harms of online abuse.
“Feeling like you have some agency can be really empowering,” Chou said. “You can assert power where you have it.”
Take advantage of all the tools social media services offer. Mute, block or filter users and threads attacking you. Use reporting tools to flag abusive comments or posts to companies.
Third-party apps and services can also help. Chou’s Block Party allows users to choose which groups of people they want to get notifications from; notifications from all other users go to a separate folder for later review. And Tall Poppy helps companies protect their employees from online harassment with safeguards, incident response and follow-up support.
If you’re getting attacked via email, use filters to reroute harassing messages to a separate folder, Glaser suggests. Specifically, you can set filters for emails containing misogynistic, homophobic or derogatory words.
“You know what words you get the most,” she said. “If anyone is sending me an email like that, it’s not going to be useful.”
But you may not want to ignore abusive messages entirely, experts say. Some may include threats of physical harm or imminent danger. So how do you protect your mental health without having to read everything? Galperin suggests asking someone you trust to read through harassing messages and/or posts.
“Some are quite terrifying and obsessive and may be a sign of escalating harassment,” she said. “You need someone to be reading all of those things for you.”
Galperin also says online support groups like HeartMob can be a good resource for women experiencing online harassment. The group helps provide resources and connects victims of online abuse to a community for mental health support. Therapy can also help ease victims’ stress and emotions that result from online abuse.
5. Take physical action
In some cases, the harassment may require physical action.
To ensure your safety, experts suggest documenting online harassment, which could be used by tech companies or even police to investigate threats. You may need to alert authorities, relatives or your employer, depending on the threat and your personal circumstances and comfort level. Experts also suggest having a plan for safe relocation should you need it.
But regardless of the situation, Vilk said victims under attack should take a moment to breathe, figure out what best suits them and reach out for support.
“Make sure you don’t go it alone,” she said. “Don’t be afraid to ask for help.”