What are some things you wish you'd done before you went viral?
October 29, 2018 9:58 AM   Subscribe

I will soon be in an article that will attract the attention of online right-wing bigots. I haven't had this level of online attention before. What are some things I can do *now* to protect myself? For example, I've searched my name, found some online accounts I'd forgotten about, and increased their privacy levels. I own some domains - should I get whoisguard? I can change any old passwords and enable 2-factor authentication. What else?
posted by anonymous to Computers & Internet (14 answers total) 43 users marked this as a favorite
Check out HeartMob’s resource guides.
posted by evoque at 10:03 AM on October 29, 2018 [5 favorites]

This might seem obvious and less techy. But one thing I didn't realize when I went viral is that it's O.K. to be choosy about who you do interviews with, and cagey about what quotes you give. You hold the power.
posted by johngoren at 10:04 AM on October 29, 2018 [2 favorites]

Check HaveIbeenpwned to see if your personal details have already been leaked onto darknet. Assume people have access to whatever information was leaked in that context.

Ensure all of your accounts have unique passwords (help of Lastpass and the like can assist).

If you own property, see if your name is easily searchable through your city/county's tax and property look ups.
posted by Karaage at 10:05 AM on October 29, 2018 [6 favorites]

Yes, get whoisguard so that your actual physical address is hidden. Anecdotally, it's also reduced the amount of junk mail I receive.

Do you have someone, or multiple people, who you could deputize to screen your emails for a while, and to take over your Twitter account to flag abusive tweets?

Make sure your phone's voice mail message is the default computer-generated reply and if possible have a friend screen voice mails.

If you have easily identifiable family members who post on Instagram, etc. you could let them know about the upcoming article and suggest that they turn their settings to private for a while.
posted by rogerrogerwhatsyourrvectorvicto at 10:08 AM on October 29, 2018 [6 favorites]

This came up recently with the women coming out against a bunch of Google management - it's possibly helpful for you too.
posted by olinerd at 10:09 AM on October 29, 2018

I don't want to frighten you, but it's startlingly easy to find almost anyone's current home address with free sites that I won't name here. It's legal for this info to be public; it's aggregated from public records and displayed on these sites. (I used sites like this to find my birth family, with positive intent and positive results FWIW.)

I urge you to focus on your physical security at home as well as your infosec. I'm not a security expert by any means. But I can point you to these example sites via MeMail if you like.

I also encourage you, knowing the above info, to consider asking the interviewer whether they would change your name to a pseudonym or cite you as an anonymous source.
posted by ImproviseOrDie at 10:10 AM on October 29, 2018 [4 favorites]

Don't use SMS for 2FA. Use other, more secure methods, like a Yubikey.
Contact your local police and advise them that you are at risk of being SWATted.
posted by qxntpqbbbqxl at 10:32 AM on October 29, 2018 [2 favorites]

Crash Override has a resource page with helpful information.
posted by Mary Ellen Carter at 10:34 AM on October 29, 2018 [3 favorites]

Tech Solidarity has a good walkthrough on how to use a Yubikey. SMS is too easily hijacked.
posted by praemunire at 10:36 AM on October 29, 2018

My domain provider also allows for two-factor auth on my account. I'd enable that along with domain privacy.

ICANN forces a 60-day delay on the transfer of a domain, but a lot of DNS havoc can happen in the meantime. Lock it all down.

How about locking down your credit report as well?
posted by JoeZydeco at 11:11 AM on October 29, 2018

Is your family* aware that this article will be coming out? I'd loop them in to the extent you feel safe doing so, and ask them not to answer any questions about you or give out your contact information to anyone, even if it seems benign.

*I used "family" here but really it should be anyone who would be in the first line of contact via google searching your name - the white pages-esque sites usually list known/presumed family members alongside their ages, towns, and sometimes phone and address; if you have a business partner or a person or org that you're prominently cited as working with, maybe reach out to them too. You're only as secure as your most "helpful" acquaintance.
posted by melissasaurus at 11:28 AM on October 29, 2018 [3 favorites]

I don't want to frighten you, but it's startlingly easy to find almost anyone's current home address with free sites that I won't name here. It's legal for this info to be public; it's aggregated from public records and displayed on these sites. (I used sites like this to find my birth family, with positive intent and positive results FWIW.)

Following this up with the silver lining - these free sites WILL take your information down upon request. It may take a bit of jumping through hoops (in order for them to take your page down you may have to submit an official written request via fax and wait ten days or something dippy like that), but there usually is a way to opt out of these kinds of sites. Confirming that I've done that very thing (scrubbed the web of my personal data) a couple times after one or two scary unwanted-phone-call type of incidents. It won't be a one-and-done thing - I would check the web once a year or so to see whether another site may have snuck some info for you back up.

Start by doing a simple search of your own name, email, or phone number; or name plus home town, name plus email, name plus number, etc. Combinations like that. Then review the data on the "personal data" type of sites that pop up and check what (if anything) they have on you. The page about you should have instructions on it for how to take your info down.
posted by EmpressCallipygos at 12:38 PM on October 29, 2018 [5 favorites]

Unless you are very unusual, it will be possible without much trouble to find your DOB, current and previous addresses, names of relatives and similar info on them as well. As others have alluded to above, a lot of this is information that can be used to attempt hijacking of your identity or accounts. Getting this off of data brokers' lists or replacing you with shell companies takes a lot of time and legwork, so if this article is coming out soon, you need to think in terms of mitigating risk rather than reducing vulnerability. Assume the information will be in the hands of bad actors, but attempt to limit how useful it will be to them.

A credit freeze is a powerful, simple tool. It restricts unauthorized access to your credit report, if all goes to plan.

Talk to your bank. Tell them you'd like additional protection on major account activity. This is provided in cases where there has been identity theft and maybe you can get it preemptively.

If "they" get your phone number and address, you will get harassing calls/texts/mail. So maybe get a new number that has no history, just for friends and family, and perhaps media. Maybe have your mail go to a box or held at the PO.

Others have made similar suggestions. Talking to local law-enforcement may be a good idea for you. Getting a white-hat hacker to preemptively make a run at you might be appealing.

No matter what, if you think it could get really hot, try to have a plan B - someplace you can go and get away. Good luck!
posted by Glomar response at 12:47 PM on October 29, 2018 [4 favorites]

Tall Poppy's resources page is a collection of links (many mentioned above) that are useful. The woman who runs that company has extensive experience in this, and if you happen to be doing this through your company, perhaps you could apply for early access to their product. Good luck.
posted by ch1x0r at 3:54 PM on October 29, 2018

« Older Do your parents have friends? What kind?   |   Friendship Scheduling App/Site? Newer »
This thread is closed to new comments.