Back to News & Commentary

Staying Safe When You Say #MeToo

Woman looking at computer screen
Woman looking at computer screen
Leigh Honeywell,
Technology Fellow,
老澳门开奖结果 Speech, Privacy, and Technology Project
Share This Page
February 12, 2018

If the #MeToo movement had caught on in 1997, the many people coming forward would still have had to worry about getting sued, in addition to the myriad other consequences of challenging their harassers. But because it caught on in 2017, they also have to worry about getting hacked and being subject to , trolling, and other forms of harassment that can unfortunately be of speaking out.

I鈥檓 a technologist with the 老澳门开奖结果鈥檚 Speech, Privacy, and Technology team, but outside of my day job, I鈥檝e been working for the better part of a decade with people 鈥 mostly, but not all, women 鈥 who have been targeted online. I鈥檝e also been a sexual-misconduct whistleblower , so I know the personal cost of speaking out. People often feel powerless in the face of unknown threats from the internet, but there鈥檚 a lot that whistleblowers can do to stay safe while coming forward.

The digital defense tips below are for individuals. They address threats against specific people, not the systemic problem of harassment. There鈥檚 an important happening about how institutions 鈥 from universities to software platforms to law enforcement 鈥 handle online threats. In the meantime, though, these are some concrete things that individuals can do to feel a little safer about speaking out and confronting power.

Secure your accounts and devices

Start by using unique passwords everywhere. This is the most important advice I can give anyone. Let鈥檚 be real, most people reuse the same password everywhere. This is dangerous, because if any one of the places you鈥檝e used that password gets hacked, that password could potentially be reused to break into your other accounts. We鈥檝e seen that happen on a widespread level in what are called 鈥溾 attacks, but it鈥檚 also a common way to target individuals who speak out.

Unique passwords are a pain to keep track of in your head, so use a password manager like (which has free-of-cost or premium options), (which is a bit more expensive), or one of the many . Lock the password manager with a strong password that鈥檚 long and generated with some kind of randomness, like picking words out of a book. ( for picking a strong, random password.)

Be alert for phishing. If your name has been in the news and someone decides to target you, 鈥減hishing鈥 鈥 sending an email made to look like it鈥檚 from Facebook, Google, or one of your friends 鈥 is a common way to try in order to break into your accounts. Using a password manager offers some protection from phishing because your password won鈥檛 autofill if you click on a link that sneakily points you to "trustmeiamdefinitelygoogle.com." But that email request from your aunt to remind her of your birthday, first pet鈥檚 name, and other detailed private information? Maybe give her a call back to be sure it was really her.

Take it up a notch with two-factor authentication. Two-factor authentication protects you even if your password gets stolen. By requiring you to type in a code from an app or text message, or tap a notification or a hardware token, adding a second 鈥渇actor鈥 to log in makes sure it鈥檚 really you entering your password. It鈥檚 especially important to set this up for your email address, whether it鈥檚 , , or , because control over your email account allows an attacker to reset many other passwords. Other key accounts to lock down include your , , and accounts. The best two-factor setup is a hardware key (e.g. ), then a time-based one-time password app like Google Authenticator. Getting your code via text message is the least secure way to do this, as dedicated attackers to steal phone numbers out from under people in targeted attacks.

Stay patched. Install those pesky security updates for your operating system and apps 鈥 especially your browser. If you're buying a new phone, iPhones and Google-branded Android phones are the most secure because they get consistent software updates; other Android phones get less frequent or no security updates.

Scrub your public information

鈥淒oxing鈥 is the non-consensual spreading of personal information such as addresses and phone numbers in order to intimidate and direct violence at someone. It鈥檚 a in the arsenal of those who don鈥檛 like it when people speak out about abuse.

In some cases, like if you own a home, there isn鈥檛 much you can do to get your information completely out of the public eye. But it鈥檚 still worth spending some time to opt out of the services of 鈥渄ata brokers鈥 who will happily hand over your personal data in bulk to the denizens of the internet for a few dollars. Check out and the for lists of brokers and instructions for opting out of each. You might want to start a spreadsheet to track which one鈥檚 you鈥檝e checked out, which ones you鈥檝e opted out of, and which ones have successfully purged your data. It can be a bit of a project, and there are commercial services like Abine鈥檚 that will do some of the work for you.

In addition to the data brokers, search Google and Bing for your phone number plus your first name, and your phone number plus your last name. Do the same thing for your street address and your first or last names. These might show up in all kinds of places 鈥 a flyer for a theatre project you worked on, a Scout troop newsletter, a friend鈥檚 old tweet. Sometimes you鈥檒l be able to get them removed if someone you know was the one who posted it or the site has an opt-out process. Sometimes you won鈥檛 鈥 but at least you鈥檒l know how difficult or not it will be to track down that information.

If your information is or has been public, one specific threat to know about is 鈥.鈥 While rare and usually related to video games rather than sexual harassment, this type of attack has in at resulted in a death. An attacker calls 911 with a fake report of a hostage situation, bomb, or other critical incident at the target鈥檚 address, resulting in an overly militarized team being sent to confront the target or their family. If you are concerned about this kind of attack, call your local police鈥檚 nonemergency number and alert them to the likelihood of false reports about your address. is a verbal script to explain swatting and request that extra precautions be taken by first responders if a report is received about your address.

These are just some of the basics. If you鈥檙e interested in diving into more detail, I鈥檝e written a longer that includes mental health resources and detailed notes on interacting with the media. For example, what does 鈥渙ff the record鈥 mean as opposed to 鈥渙n background鈥? How do you decide which journalists to talk to? Other useful resources include and Feminist Frequency鈥檚 .

And remember: You don鈥檛 need to handle this all on your own. Enlist a team to help you monitor social media and triage email. And make sure you remember to eat. Remember that progress is a choir, . You don鈥檛 have to answer every media request. You don鈥檛 have to engage with every troll, even when they are . You鈥檝e done a brave and powerful thing by speaking up 鈥 you get to pick your battles from here on out.

READ MORE IN OUR SERIES, "DISMANTLING SEXUAL HARASSMENT"

Learn More 老澳门开奖结果 the Issues on This Page