*Yawn* Oh look, it's you again...
August 14, 2012 10:22 AM Subscribe
Stalker filter: How do I make sure I've covered my bases online?
Person I was in a romantic relationship with over twelve years ago has yet to get over it. We were together three toxic years, if it makes a difference. Following the break up they hacked my and my partner’s email (likely used a keylogger;) harassed us at home, work; contacted our co-workers, family, and friends.
Been down the road with lawyers and police, which was frustrating, expensive, and basically useless. (No violence = no problem.) What has been most effective has been moving far away and changing my name. Until now.
Recently received an email to my online business address from a fake name, friendly tone, with enough information to know it is from this person. I didn’t reply or click the hyperlink it contained. My web stats showed someone viewed my site from this person’s city - I’ve never had any hits from there before.
They have not contacted me since. However they have been on my site on a daily basis for the last 4 months. I don’t update it. My question is, what could they do with my email & website information? I just don’t want to get hacked again. My cell phone number and nearest city are listed, but no address. I’m not on social networking - cut ties to everyone when we left. I don’t email anyone. What else should I do to protect myself online?
P.S. Yes, I’ve read The Gift of Fear. Twice.
Person I was in a romantic relationship with over twelve years ago has yet to get over it. We were together three toxic years, if it makes a difference. Following the break up they hacked my and my partner’s email (likely used a keylogger;) harassed us at home, work; contacted our co-workers, family, and friends.
Been down the road with lawyers and police, which was frustrating, expensive, and basically useless. (No violence = no problem.) What has been most effective has been moving far away and changing my name. Until now.
Recently received an email to my online business address from a fake name, friendly tone, with enough information to know it is from this person. I didn’t reply or click the hyperlink it contained. My web stats showed someone viewed my site from this person’s city - I’ve never had any hits from there before.
They have not contacted me since. However they have been on my site on a daily basis for the last 4 months. I don’t update it. My question is, what could they do with my email & website information? I just don’t want to get hacked again. My cell phone number and nearest city are listed, but no address. I’m not on social networking - cut ties to everyone when we left. I don’t email anyone. What else should I do to protect myself online?
P.S. Yes, I’ve read The Gift of Fear. Twice.
I would make sure all passwords involving those email addresses (and any login info for the website) have been changed to something not in any way similar so passwords used before nor would be connected to you in any way that they could figure out, just to be on the safe side. If you're not in social media you're probably a lot safer than most of us that are (I still maintain Facebook is becoming the ultimate in stalker technology...damn them).
If your email provider lets you block specific addresses or filter via keywords (I know Comcast won't let you block on their server, but I forward my Comcast to my Mac & Mac's Mail program has preferences let you spam filter through many different options such as keyword, 'from/to' lines, headings, etc.) then make sure you're getting all of that set up.
I'm sure there are other MeFi peeps who could tell you more stuff I know nothing about...not a tech person so I'm not sure what all is possible to remove from the internet and what stays forever. (FWIW, I don't know how long ago you removed any of your social networking stuff but Facebook allegedly keeps your info in their system around 6 or 7 years...that may or may not be true but if you begin getting any weird stuff from them I'd write FB's support and explain the situation/problem. Doubt it would be any issue but you never know.)
You have my sympathies for having to deal with this...cannot believe people think stuff like this is ok to do to someone. =/
posted by PeppahCat at 10:47 AM on August 14, 2012
If your email provider lets you block specific addresses or filter via keywords (I know Comcast won't let you block on their server, but I forward my Comcast to my Mac & Mac's Mail program has preferences let you spam filter through many different options such as keyword, 'from/to' lines, headings, etc.) then make sure you're getting all of that set up.
I'm sure there are other MeFi peeps who could tell you more stuff I know nothing about...not a tech person so I'm not sure what all is possible to remove from the internet and what stays forever. (FWIW, I don't know how long ago you removed any of your social networking stuff but Facebook allegedly keeps your info in their system around 6 or 7 years...that may or may not be true but if you begin getting any weird stuff from them I'd write FB's support and explain the situation/problem. Doubt it would be any issue but you never know.)
You have my sympathies for having to deal with this...cannot believe people think stuff like this is ok to do to someone. =/
posted by PeppahCat at 10:47 AM on August 14, 2012
Make sure whatever email client you are using is set to not display any images in mail (I believe Gmail does this by default). One trick that attackers use is to send you an email that embeds a tiny invisible image that loads from the attacker's website. That way when you open the mail and it fetches the image to display, the attacker's web server gets your IP address, which depending on where you are viewing from can give them where you live, what ISP you use, or where you work.
posted by burnmp3s at 10:49 AM on August 14, 2012 [9 favorites]
posted by burnmp3s at 10:49 AM on August 14, 2012 [9 favorites]
I've endured (and thus far survived) a couple of crazies, and the best thing you can do is probably to ignore him/her. If you start caring about what they say or do, you're just wasting more of your life and energy on someone who doesn't deserve it.
Technically, as Peppah says, use good practices: don't overshare info on Facebook or Twitter or whatever (and/or use a second account that only real friends know about), use strong passwords on everything that matters, lock/protect your domain name(s), add a phone passphrase to any service that supports it (your ISP might), and generally use this as a motivator to nurture good security practices in general: they don't need to be all about this one particular crazy person: there are dozens of other threats out there that good security will also protect you from.
If you want more/personalized help or war stories, MeMail me.
posted by rokusan at 10:54 AM on August 14, 2012 [1 favorite]
Technically, as Peppah says, use good practices: don't overshare info on Facebook or Twitter or whatever (and/or use a second account that only real friends know about), use strong passwords on everything that matters, lock/protect your domain name(s), add a phone passphrase to any service that supports it (your ISP might), and generally use this as a motivator to nurture good security practices in general: they don't need to be all about this one particular crazy person: there are dozens of other threats out there that good security will also protect you from.
If you want more/personalized help or war stories, MeMail me.
posted by rokusan at 10:54 AM on August 14, 2012 [1 favorite]
The cell phone number is troubling. They could find some way to call the cell phone company and sweet talk the person to giving out your mailing address. ("Oh, I want to check that you have the right mailing address, which do you have on file?") This recent hacking of Mat Honan shows that social engineering can be used to invade people's privacy, because customer service reps can be a weak link in the chain of security.
If your website has a dns registration, there could be WhoIs information that links it to you or your address. Look it up on a whois server. If the whois server has a company name instead of your name, which manges the domain, remember that the company could be socially engineered in the same way as above, for a stalker to get your name or mailing address. E.g., someone could call them and say, "How can I contact the owner of domain xyz?"
If your company is an LLC, you should find out what legal documents are in the public record. It's possible that with your city name and business name, the person could find you using a public record search on your business.
The question I'd be asking is, how did the person find out the business was yours to begin with?
Depending how much business information is public, I'd consider moving again to a new city. In the future, you might want to consider doing all business under a fake name and address (not the one associated with your city). It should also probably be done with a throwaway cell phone linked with e.g. google voice.
There is lots of info about incorporating businesses e.g. overseas, and banking overseas, etc., if you research the hedge fund industry. You can set up master and feeder LLCs that hide ownership. Just an idea.
For day to day tasks, I won't recommend illegal activity, but (because your life may be in danger!) you should know that it's possible to get very good ID documents with alternate identities. The less you have to use your real mailing address and current name in your business and personal life, for anything that creates a record, the safer you will probably be.
posted by kellybird at 11:13 AM on August 14, 2012 [4 favorites]
If your website has a dns registration, there could be WhoIs information that links it to you or your address. Look it up on a whois server. If the whois server has a company name instead of your name, which manges the domain, remember that the company could be socially engineered in the same way as above, for a stalker to get your name or mailing address. E.g., someone could call them and say, "How can I contact the owner of domain xyz?"
If your company is an LLC, you should find out what legal documents are in the public record. It's possible that with your city name and business name, the person could find you using a public record search on your business.
The question I'd be asking is, how did the person find out the business was yours to begin with?
Depending how much business information is public, I'd consider moving again to a new city. In the future, you might want to consider doing all business under a fake name and address (not the one associated with your city). It should also probably be done with a throwaway cell phone linked with e.g. google voice.
There is lots of info about incorporating businesses e.g. overseas, and banking overseas, etc., if you research the hedge fund industry. You can set up master and feeder LLCs that hide ownership. Just an idea.
For day to day tasks, I won't recommend illegal activity, but (because your life may be in danger!) you should know that it's possible to get very good ID documents with alternate identities. The less you have to use your real mailing address and current name in your business and personal life, for anything that creates a record, the safer you will probably be.
posted by kellybird at 11:13 AM on August 14, 2012 [4 favorites]
That's interesting about the WHOIS. If you wanted to get really cautious, you'd use a web host that obscures the identity of the host company even further...because even if you hide your name and address, the WHOIS will still reveal the Name Servers that will link it to GoDaddy, Dreamhost, etc. for an IT-knowledgeable stalker.
posted by steinsaltz at 11:45 AM on August 14, 2012
posted by steinsaltz at 11:45 AM on August 14, 2012
That's interesting about the WHOIS. If you wanted to get really cautious, you'd use a web host that obscures the identity of the host company even further...because even if you hide your name and address, the WHOIS will still reveal the Name Servers that will link it to GoDaddy, Dreamhost, etc. for an IT-knowledgeable stalker.
steinsaltz, unfortunately that's not information that can be hidden. The authoritative name servers are stored in the NS records for the domain -- that's not part of WHOIS, that's a fundamental part of the DNS mechanism. If the IPs of the authoritative nameservers aren't known, there's no way to resolve names for the domain.
However, note that the DNS for a domain does not need to be handled by the registrar for the domain. It's perfectly possible to, say, register the domain with GoDaddy and host the DNS on dyn.com. All you have to do is register the IPs of dyn.com's DNS servers with GoDaddy as the authoritative servers for the domain, and those are the NS records that GoDaddy will publish. It's fewer eggs in one basket, at least.
posted by McCoy Pauley at 12:50 PM on August 14, 2012 [2 favorites]
steinsaltz, unfortunately that's not information that can be hidden. The authoritative name servers are stored in the NS records for the domain -- that's not part of WHOIS, that's a fundamental part of the DNS mechanism. If the IPs of the authoritative nameservers aren't known, there's no way to resolve names for the domain.
However, note that the DNS for a domain does not need to be handled by the registrar for the domain. It's perfectly possible to, say, register the domain with GoDaddy and host the DNS on dyn.com. All you have to do is register the IPs of dyn.com's DNS servers with GoDaddy as the authoritative servers for the domain, and those are the NS records that GoDaddy will publish. It's fewer eggs in one basket, at least.
posted by McCoy Pauley at 12:50 PM on August 14, 2012 [2 favorites]
Have you tried to get a restraining order? If you have documentation of all the things he's done you could probably get it under "harassment," which doesn't require any physical threat. The usual legal definition of harassment is:
posted by cerebus19 at 7:10 AM on August 15, 2012
Repeated incidents of intrusive or unwanted acts, words or gestures that have a substantial adverse effect or are intended to have a substantial adverse effect on the safety, security or privacy of another, regardless of the relationship between you and the alleged harasser.Sounds like your situation to me.
posted by cerebus19 at 7:10 AM on August 15, 2012
« Older How to organize and share articles? | A fellow tenant in my 40+ unit Seattle apartment... Newer »
This thread is closed to new comments.
Check out Google's two step authentication.
posted by steinsaltz at 10:45 AM on August 14, 2012 [2 favorites]