Privacy and Security Guide
Resources and advice to help MAPs and allies keep themselves safe
Using This Guide
Digital safety is critical for anyone involved in the MAP community, but everyone has unique privacy and security needs. Most guides to online safety overlook this, either leaving high-risk users vulnerable or overwhelming low-risk users with unnecessary information.
To overcome this, we have developed several tiers of privacy and security tips and resources, each optimized for a specific group of MAPs and allies, as well as an additional section for individuals who have been doxxed.
Basic - recommended for MAPs and allies who only plan to engage with the community in closed spaces, such as support groups
Intermediate - recommended for MAPs and allies who plan to engage in public activism, such as social media advocacy and outreach
Advanced - recommended for MAPs and allies who engage in high-visibility activities, such as working with a MAP-friendly organization
Recovery - additional tips for MAPs and allies whose private information is actively being shared without their permission
Selecting a Tier
Our recommendations on who should use each tier are meant to guide your decision, however, you should also consider other factors, such as the impact being outed as a MAP or MAP ally would have on your life and the amount of access your accounts have to sensitive information.
We recommend following all of the suggestions in your selected tier and all of the tiers below it. For example, if you decide to use the intermediate tier, you should follow all of the recommendations in the intermediate and basic tiers.
When it comes to privacy and security, more protection is always better, and you should aim to follow as many of the recommendations on this page as possible for maximum safety.
Safety in the MAP Community
The extent to which an individual is able to control access to their personal information.
The extent to which personal information is protected from unauthorized access.
The act of posting an individual's private information online without their consent.
Involving data written in a code so that only devices with a password can understand it.
Involving data spread across a network so that no single server has all the information.
Anti-MAPs are the single greatest threat faced by MAPs and their allies. Anti-MAP communities serve as safe havens for people who dox and harass MAPs and MAP allies. Antis are tolerant of predators who target minor MAPs and allies, and many suicide-bait MAPs and allies and out them to friends and family members. Some antis also openly call for genocide against MAPs and attack CSA survivors who disagree with them.
While its exact origins are unknown, the pro-recovery movement has consistently been associated with anti-MAPs. Though it appears to be a community of paraphiles and allies dedicated to helping others find support, groups within the movement are often run by antis, endangering members' privacy. Many supporters of the movement also support dangerous forms of "treatment," such as conversion therapy.
Many MAPs experience self-hatred during the early stages of seeking support. Unfortunately, this leaves them vulnerable to manipulation by anti-MAPs, who may lure them in with false promises of acceptance, or even a cure. After gathering identifying information on assimilationists, antis have been known to blackmail them into using their trusted status to manipulate other MAPs and allies into revealing sensitive information.
Though they claim to be upholding the law, self-described "pedophile hunters" often engage in illegal and immoral activity, such as physical violence and false accusations. They have been known to impersonate MAPs and allies in order to infiltrate the MAP community and obtain sensitive information about their targets. They have also demonstrated a willingness to target both innocent and underage MAPs and allies.
Due to the stigma surrounding minor attractions and support for those who experience them, MAPs and allies are at risk of being outed or otherwise harmed by anyone who has the ability to view their internet traffic. This can include parents, school administrators, or employers. The risks posed by internet monitors varies, as some may be more supportive than others, but they can place MAPs and allies in serious danger
Law enforcement officers often pose some level of risk to marginalized groups, and the MAP community is no exception. It is not illegal to be a MAP or an ally, but police have been known to monitor MAP-related accounts, even in the absence of illegal activity. An investigation alone can result in a MAP or ally being outed to friends and family members, losing housing and employment opportunities, and being targeted by vigilantes.
Minimum safety recommendations
Create a Fake Identity
All accounts that you plan to use for MAP-related purposes should be created and maintained under a fake identity.
Elements of a fake identity:
Separate email address
Original, unique username(s)
Fake date of birth (within a few years of your real one)
Any other details you want to falsify
Do not use any real information to create your fake identity
Do not reuse an identity that you previously used for non-MAP purposes
Only use your MAP identity for MAP-related purposes
Never share your MAP identity with anyone who knows your real identity
Any accounts you create under this identity should be set up so that even if somebody were to hack into all of them, they would still have as little information about your real identity as possible.
If you need help creating a fake identity, check out this generator.
Use a VPN
A virtual private network (VPN) makes it harder for your internet usage to be tracked and for the websites you visit to gather identifying information about you.
Many VPN services charge a subscription fee, however, ProtonVPN has a free version.
Setting up ProtonVPN:
Download ProtonVPN on all eligible devices
Turn on the Kill Switch feature on each device
Remember to turn on your VPN before accessing MAP-related websites or accounts. Some websites may exhibit unexpected behavior while using a VPN.
Use Private Mode
Most web browsers have some form of private mode (it may be called Incognito, Private, or InPrivate, depending on your browser). Once you close all of the tabs in this mode, information about the browsing session will be deleted from your device (excluding files you downloaded). Some browsers may also turn on additional privacy features in private mode.
Always use private mode to access MAP-related websites and close all private tabs before leaving or turning off your computer.
HTTPS prevents malicious actors from being able to see the data you send to and receive from the websites you visit. Some browsers have a setting that allows you to block non-HTTPS connections, usually under security settings.
You can also install the HTTPS Everywhere browser extension, however, most browsers disable extensions in private mode
Use Secure Messaging
While many MAP spaces provide members with the ability to DM, sensitive conversations, such as those involving potentially identifying information, should always take place on a separate messaging platform.
Always review the default privacy settings when downloading a new app for MAP-related purposes.
TelegramDownload | Help
This secure messaging platform is popular among MAPs and allies for its anonymity and privacy features. Users can find each other via username, so no identifying information is necessary to connect with people you know from other platforms.
By default, Telegram automatically shares your phone number with your contacts, although this can be disabled in Settings > Privacy and Security > Phone Number. Additionally, new contacts will automatically have access to your phone number when you add them, unless you uncheck the box next to "Share my phone number" during the process of adding a contact. The safest option is to refrain from adding contacts at all in order to avoid accidental sharing.
DiscordDownload | Help
Though it is generally considered less secure and MAP-friendly than other platforms, Discord is still a good place for MAPs and allies to connect and interact. Though it includes voice and video chat services, these have been insecure in the past and should be avoided.
JitsiDownload | Help
With numerous privacy-preserving features, Jitsi is a favorite among MAPs and allies who prefer to interact through voice chats. It offers numerous security options and can be used without creating an account.
Remember that you sacrifice some anonymity when you associate your voice with your MAP identity.
Some messaging services have a feature that automatically deletes messages after a set amount of time. To determine whether autodeletion is available for a specific service, type the name of that service followed by "auto-delete" into a search engine.
Enable this feature for as many MAP-related conversations as possible (a deletion time of approximately 1 week is usually best). Remember to save any important messages before they are automatically deleted.
Disclose as little information about yourself as possible. No space is truly private, and anything you post can be screenshotted and shared elsewhere. Never share information that could reveal anything about your real identity.
Remove timestamps from screenshots before sharing
Post screenshots of photos, not original images, to remove location metadata
Be vague (or lie) about your age, location, career, etc.
If you do share personal information privately, remember that people can lie about their status in the community and even create multiple accounts to portray themselves as trusted by others. Once you reveal sensitive information, you cannot control how it is used or shared or whether the account you shared it with remains secure.
Avoid Untrusted Links
When your browser loads a website, it shares information about you and your device with that website. Some people can take advantage of this and obtain that information just by convincing you to click on a link. Never open links that seem suspicious or were sent to you by a stranger.
Many MAP-focused spaces have extensive restrictions on what topics can be discussed and what personal information can be shared. In most cases, these rules are designed to ensure the privacy of members. Following these rules helps keep you and others in the space safe.
Use a Safe Email
After creating an email address for your MAP identity, you should ensure the email service you use does not leak your IP address.
Check your email:
Close all MAP-related apps and websites
Turn off your VPN if you have one running
Open this website
Send an email to the address provided
Wait for the website to display your results
If you plan to send MAP-related emails from multiple different platforms and devices, we recommend checking each combination of these.
Even with a safe provider, email is still an insecure form of communication and should not be used for conversations involving sensitive information.
Use a Password Manager
A password manager allows you to use complex and unique passwords for every account, making it harder for a malicious actor to gain access even in the event of a data breach or if one of your accounts is compromised.
Some web browsers and operating systems have built-in password managers, however, these often do not work in private mode or on devices on other operating systems. Bitwarden is a trusted password manager with a feature-rich free version and apps for a variety of platforms.
Setting up Bitwarden:
Download Bitwarden on any necessary devices
Generate new passwords for your MAP accounts
If you do not want to use a dedicated password manager but still want to strengthen your passwords, Passwrd is a customizable password generator that can even be installed as a web app and used offline on some devices.
We recommend using randomly-generated passwords of at least 20 characters (letters and numbers) for all MAP-related accounts.
Use 2-Factor Authentication
2-factor authentication (2FA) verifies your identity before allowing you to log in, making it difficult for a malicious actor to gain access, even if they have your password. It does this by requiring you to input a code obtained using a mobile app on your phone during the login process.
Preparing to use 2FA
Before you can use 2FA, you must download an app to allow you to obtain verification codes. There are dozens of these apps available, however, many of them can only be used on one device, causing you to be locked out of your accounts if you are unable to access that device. Authy allows you to back up your account so that you can access your codes even if your device is lost or broken.
Setting up Authy:
Enable 2FA on at least 1 account
Add additional devices if necessary
You should write down your Backup Password and store it somewhere secure (but not in your password manager). If you lose it, you will not be able to receive verification codes on new devices.
On most websites, you can find 2FA settings in your account security settings. This website also contains a list of some popular services that allow users to enable 2FA.
When setting up 2FA, you should always select the Authenticator App option (depending on the website, it may be titled slightly differently). Never enable an option that allows verification codes to be emailed or texted to you, as this is insecure and easy for hackers to exploit.
Most websites will give you one or more recovery codes when you first enable 2FA. Always save these, as they will be the only way for you to access your account if you are unable to obtain a verification code.
You should enable 2FA on as many MAP accounts as possible.
Outdated apps and devices can leave you and your accounts vulnerable to viruses and security exploits. You should check for app updates weekly and system updates once per month on all your devices.
Avoid Suspicious Programs
Programs, apps, and browser extensions from untrusted sources can contain viruses. Check the reviews before installing and stick to reputable sources, such as your device's built-in app store or the website of a well-known developer.
Some operating systems come with built-in antivirus software. Enabling this can protect you from malicious programs designed to steal or even delete your data. You can usually find the relevant controls under security settings.
Dedicated antivirus software can provide additional protection, however, it is unnecessary for most users and can harm the performance of your device.
Use DNS Over HTTPS
The Domain Name System (DNS) is what computers use to find the right server when you visit a website. Attackers can impersonate this system to direct you to malicious websites. DNS over HTTPS encrypts your DNS connection, reducing the risk of these attacks.
Many browsers have a setting to enable DNS over HTTPS. To learn how to do this in your browser, type "DNS over HTTPS" followed by the name of your browser into a search engine.
Optimized for doxxing prevention
Hide Your Identity
Any MAP or ally with a public presence should take extensive steps to ensure their real identity remains concealed.
Use your MAP identity
Integrating components of a fake identity into information you share publicly can help obscure your real identity. While using the same MAP identity as in private spaces, such as support groups, is an option, creating a separate identity for public spaces is recommended.
Remember to keep any false information believable. Oversharing or repeatedly changing the fabricated aspects of your fake identity may allow malicious actors to recognize and overcome your strategy. Refrain from sharing specific information, whether real or false.
Rotate public identities
Over time, identifying details can pile up across accounts. Replacing your public MAP identity on a regular basis makes it harder for a significant amount of this information to be collected. Some people create a separate identity for every account, while others use the same identity across several platforms.
Limit the number of people who can connect any of your public MAP identities to each other or the consistent MAP identity you use in private spaces, and never use the same account under more than one identity.
Avoid Being Targeted
Discussing certain life experiences, even in private, may make MAPs and allies more likely to be targeted by malicious actors.
Avoid discussing these topics on MAP accounts:
Experiences working with or around children
Past illegal activity
Involvement in LGBTQ spaces
Real-life interactions with other MAPs or allies
Protect Your Contact Info
When creating MAP accounts on social media websites, provide as little information as possible. If an email is required, use one associated with your MAP identity. If a website requires your phone number, Google Voice allows anyone with a Google Account to create a virtual phone number.
Make sure you disable contacts syncing (and remove the app's contacts permission on mobile) for any platforms that collect contact info. MAPs and allies have been outed because social media platforms recommended their account to friends and family members after syncing their contacts.
Twitter - Enable password reset protection
Regularly review the information about you that is publicly available under both your real identity and your MAP identities, then make changes to reduce that information. A good way to accomplish this is by pretending to be a malicious actor with varying amounts of information about yourself. See what else you can find about yourself using that information and a search engine.
Update Privacy Settings
Many apps use data they collect to target recommendations or create activity records that could reveal sensitive information. Disable data collection wherever possible on any accounts you plan to use for MAP-related purposes.
In the event that a MAP or ally is doxxed, the privacy settings on their real-life accounts can determine how much information the doxxer obtains. Review these settings regularly, keeping in mind that they will dictate what a potential doxxer is able to see if they find your real identity. Pay close attention to any websites that show up when you search for yourself using Google or another popular search engine.
Remember to change these settings when setting up new accounts in the future.
Delete Old Posts
After several months, any account's public history can be a treasure trove of outdated beliefs and sensitive information. Removing old posts from both your MAP and real-life accounts can boost privacy and reduce your risk of being targeted if you regularly discuss controversial topics.
Some platforms have tools and settings (usually under privacy settings) to help you manage old posts, and you should use these wherever possible. Redact is a service that gives you additional controls on a variety of popular services.
Setting up Redact:
There is always an element of risk in allowing a third-party application like Redact to access your accounts. Additionally, some services may place restrictions on your account if they detect automated activity. Do not connect real-life accounts and MAP accounts to the same Redact account.
Use Encrypted Messaging
Some MAPs and allies require an additional layer of privacy on their messages. Encryption provides this by making it nearly impossible for anyone except the sender and intended recipient(s) to read message contents.
ElementDownload | Help
One of many interconnected servers on the Matrix network, Element provides encrypted messages and group chats. Its reliance on usernames and decentralized nature make it a particularly robust option for MAPs and allies.
SessionDownload | Help
Session is the least invasive messaging app available, requiring no personal data or information to use. It is decentralized and provides strong anonymity, making it a common choice among MAPs and allies.
Session is still in the early stages of development and bugs are common.
Download Tor Browser
A shortcoming of most VPNs is that your browsing data is still visible to the company providing the VPN service. The Tor network is decentralized, so it does not have this issue.
Setting up Tor Browser
Tor Browser is not available on iOS and iPadOS, however, Onion Browser is a suitable replacement.
Some websites may block Tor or place restrictions on the accounts of Tor users. In most cases, a VPN can provide adequate protection for MAPs and allies, however, Tor can be useful in particularly risky situations.
When to use Tor:
Opening suspicious links
Accessing untrusted websites
Use an Encrypted Email
Though most emails are encrypted in transit, many email services have the ability to decrypt your emails once they arrive. Encrypted email services add an additional layer of encryption so that only you can access your copy of the email.
Proton Mail is among the most well-known encrypted email services, with a fully-functional web app and mobile apps for both iOS and Android. If you already use ProtonVPN, your existing Proton account comes with access to ProtonMail.
Tutanota is another popular encrypted email service, with a web app as well as several desktop and mobile apps. Though it is less popular, its free version is less restrictive than ProtonMail's.
Using an encrypted email service only protects your copy of emails. If senders and recipients do not use an encrypted email service, their email provider will be able to read their copy.
Use a Dedicated Password Manager
While the password managers built into browsers and operating systems are simple and easy to use, they lack several security features. We recommend using a dedicated password manager, such as Bitwarden.
Google Password Manager
Browser-based password managers
Ideal security features:
Customizable password generator
Secure password sharing
Encrypted document storage
Import and export features
Disable 3rd-Party Cookies
A cookie is a small file that a website saves to a user's device in order to remember something about that user. While these play a vital role in allowing websites to function properly, cookies can also be exploited by hackers to reveal sensitive information. 3rd-party cookies are are particularly risky and often serve no functional purpose.
Many modern web browsers include an option to disable 3rd-party cookies. To learn how to find this setting in your web browser, type "disable 3rd-party cookies" followed by the name of the browser into a search engine.
Some websites may exhibit unexpected behavior with 3rd-party cookies disabled.
Phishing occurs when an attacker tricks their victim into revealing sensitive information, often by posing as a trusted entity.
Attackers may pose as:
A friend or colleague
An organization's customer safety team
A financial institution
The end goal of a phishing attack is often to obtain your login information for an account, usually by convincing you to enter it on a fake login page.
Signs of a phishing message:
Incorrect sender address
Grammar and spelling mistakes
Links to suspicious URLs
Email service flags it as spam
If you receive a suspicious email, mark it as spam and delete it without clicking any links or responding. If the email claimed to be from a specific website, check your account on that website for any similar notifications. If you accidentally click a link in a suspicious email and enter login information, change the password on that account immediately.
One way to reduce your risk of phishing attacks is to avoid sharing your MAP email except in the process of signing up for online accounts.
In a SIM-swap attack, a malicious actor manipulates a mobile carrier into giving them control of the victim's account. This allows them to intercept SMS (text) messages and phone calls intended for the victim, usually with the goal of obtaining gaining access to the victim's online accounts.
Many mobile carriers allow customers to enable additional security features that prevent SIM-swapping attacks. To learn about the options available to you, type "sim-swap protection" followed by the name of your mobile carrier into a search engine. Additionally, avoid linking your phone number with online accounts or use a Google Voice number instead.
Signs of a SIM-swap attack
Inability to send or receive texts or phone calls
Loss mobile data availability
If you suspect you have been targeted by a SIM-swap attack, contact your mobile carrier and change your settings on any accounts that are set up to send sensitive information or security alerts via text or phone call.
Update Contact Info
Many websites allow you to recover an account using your contact information. As a result, accounts with outdated contact info can be stolen by hackers and other malicious actors to obtain sensitive information. Keep your contact info up-to-date on any accounts that store it.
Check for Data Breaches
Even if your security practices are strong, the same may not be true of the services you use. While data breaches can feel unavoidable and uncontrollable, knowing when they occur and what data was exposed is an important part of any security strategy.
Have I Been Pwned is a free service that allows anyone to check if their personal information has been exposed in a data breach and sign up for notifications about future breaches.
Using Have I Been Pwned:
Enter your email and click pwned?
Follow the confirmation instructions
Repeat for each email you use
You can reduce the potential impact of a data breach by using a unique password for every online account and enabling 2FA wherever possible.
If you are alerted that your data was exposed in a data breach, do the following:
Change your password
Update your contact info
Create Security Alerts
Sometimes, updates and changes can introduce security bugs into platforms and services you already use. While these may not directly expose your data, knowing about them when they happen can help you keep your accounts secure until the issue is resolved.
Setting up an alert:
Type the name of a service followed by "security bug"
Click Create Alert
Repeat for each service you use
Delete Your Data
Over time, the number of services holding your personal information tends to increase. Deleting your data from services you no longer use reduces the risk of your sensitive information being exposed in a data breach.
Going through the data deletion process for even one service can be tedious. Mine is a service that simplifies the experience to a single click for dozens of popular platforms.
To use Mine, simply sign up with whichever email provider you use to sign up for online services. Identify services in your footprint that you are not using, then click Reclaim. We recommend doing this for both MAP-related and real-life accounts.
Optimized for hacking prevention
Use Separate Identities
If possible, use a separate identity on every account, in both public and private spaces, and replace public identities regularly. Minimize the number of people who know that any of your identities are the same person.
We recommend against using more than one identity in a single private space, such as support groups, as this could be seen as manipulative behavior and result in you getting banned. However, occasionally switching to a new identity within private spaces is permissible.
Opt Out of Data Collection
Data brokers collect and sell people's private information. This is a major privacy risk to any MAP or ally engaged in high-visibility activities, as a malicious actor who obtains even a single piece of sensitive information could gain access to a substantial amount for a small fee.
Many data brokers allow people whose information they have collected to opt out and have their data removed. This website contains a sizable list of data brokers and information on the opt out policies for each. Please begin by reading the instructions at the top of the page, as they will help you prioritize 200+ data brokers listed.
We do not recommend completing any opt-out process that requires payment, as this only funds future data collection. Additionally, some data brokers will relist your data after a certain amount of time. You should check back at least once per year to request the removal of any new data.
Depending on the laws in your region, there may be additional ways for you to protect your personal information. We recommend researching your local and regional privacy legislation.
MAPs and allies engaged in high-visibility activities may face additional threats and increased doxxing attempts. Using Tor whenever possible prevents your device from sharing sensitive information that could aid malicious actors. When Tor is not feasible, you should consistently use a VPN.
Use a Private Operating System
Most mainstream operating systems are not private by design and require separate software to keep users' data safe. Using an operating system centered around privacy and anonymity can overcome these weaknesses and provide much stronger data protection.
TailsDownload | Help
Tails is an operating system that runs off a USB drive, giving you access to a secure system across devices. It clears all local data (excluding file storage) when you shut it down, leaving no trace of past activity on the device or USB drive. It also routes all internet connections through Tor and comes with several privacy-preserving tools and applications preinstalled.
WhonixDownload | Help
Whonix is an operating system that runs on a virtual machine inside your existing operating system. This allows you to use a secure system for MAP-related purposes while retaining access to your computer for everything else. It is centered around Tor and includes a variety of privacy-enhancing features to protect your personal information.
Encrypt Your Devices
Without encryption, anyone with physical access to your device and the right tools can view your data and files, even if you have a password or other locking mechanism set up.
iPhones and iPads automatically enable encryption if you have a password set up. If you have an Android device, you may need to manually enable encryption. To learn how to do this, type "encrypt" followed by the brand and model of your phone into a search engine. Older devices may not have this feature.
Some desktop platforms have built-in encryption features. You can determine if your computer is one of them by typing the name of your operating system followed by "encryption" into a search engine.
If your computer does not have built-in encryption, VeraCrypt is a program that allows you to create encrypted sections on your device's storage. You can download VeraCrypt here and find instructions on how to use it here.
Be aware that once a file is encrypted, it cannot be decrypted without the proper key.
Use an Offline Password Manager
Even with a reputable password manager that encrypts user data, storing passwords online still carries an element of risk. Offline password managers mitigate this by storing your passwords in an encrypted file directly on your device.
We strongly recommend storing the encrypted list of passwords generated by your offline password manager in at least 2 locations and updating the backup regularly. You should also store the key to decrypt this file in a secure location.
KeePassXCDownload | Help
KeePassXC is a free, offline password manager for computers with all the features you would expect from a cloud-based password manager. It stores passwords in the .kdbx format, which is compatible with all KeePass-based password managers.
Use Encrypted Cloud Storage
Many cloud-based file storage systems give the storage provider the ability to access and read your files. Encrypted storage protects your data while providing many of the same benefits as the most popular storage providers.
FilenJoin | Help
Filen is an encrypted storage provider that offers 10 GB of storage under their free plan. In addition to a variety of apps so you can access your files across devices, their platform also contains features like file history and public sharing.
Back Up Your Data
One downside of encrypting your devices' data is the risk of data loss in the event of a software bug or glitch that prevents data from being properly decrypted. Regularly backing up your data can reduce the potential impact of this issue.
The most secure option is always backing up your data locally, such as on an external hard drive. If this is not feasible for you, we recommend backing up encrypted data to a privacy-centered cloud storage service. To learn how to create a backup of the data on your device, type "create backup" followed by the operating system and version your device is running into a search engine.
We do not recommend storing MAP-related information using built-in backup features (Google One Backup, iCloud Backup, OneDrive Backup, etc.), as companies may have the ability to decrypt and read the data in the backups created by these tools.
Strengthen Security Settings
MAPs and allies engaged in high-visibility activities may experience hacking attempts on their MAP and real-life accounts. We recommend reviewing the security settings on all of your online accounts and strengthening them wherever possible.
Use stronger passwords
Disable 3rd-party app access
Log out old sessions
Some companies may offer advanced protection options for high-risk users. We recommend enabling these so long as they do not infringe on your privacy.
Avoid Mobile Devices
Though they are convenient, phones and tablets have inherent security limitations that could be problematic for the most high-risk users. If you need the maximum level of security possible, keep all MAP-related activity on your computer.
Additional tips for doxxing victims
Most social media websites prohibit posts that share anyone's personal information without their consent. Review the community guidelines on any websites where your personal information is being shared and report any content that is in violation.
Some social media websites are more likely to take action on posts that receive more reports. If you can do so safely, compile a list of the posts containing your personal information and ask trusted friends to help report them.
Some services allow users to store a copy of a webpage as it appeared at a specific time. This can be abused by malicious actors to save posts containing your personal information, even if the original posts are deleted.
Some archiving services may remove these copies upon request, but you will have to provide them with a list of any relevant URLs that have been archived using their platform.
Popular archiving services:
Doxxing attacks can be scary and overwhelming, and having a robust support system is vital. If you are struggling to cope with the impact of being doxxed or need additional support for your mental health, check out our list of mental health resources.
You may also want to consider more general resources, such as the Crisis Text Line, as they are better equip to provide immediate support. However, we strongly recommend that you do not disclose your identity as a MAP or ally to anyone at this or similar organizations.
Document instances of your personal information being distributed and harassment being directed towards you. This will enable you to provide evidence of the attack even if the content is removed.
Be sure to keep any evidence you collect organized so that you can quickly refer to it. You may want to consider adding descriptions to the titles of screenshots so you can use your computer's search function to find specific images.
While doxxing is generally not against the law, the harassment and threats that often accompany it may be illegal in some regions. Research relevant legislation in your area and, if possible, speak to a lawyer about your options. Keep in mind that a lawsuit may result in your dox receiving additional attention.
If you have reason to fear for your or others' immediate safety, consider involving law enforcement. Remember, it is not illegal to be a MAP or engage in MAP activism, and police will generally investigate credible threats of violence regardless of who is being targeted.
In many cases, harassment following a dox subsides much faster if the victim does not publicly engage with or react to the abuse. Though you should continue taking action to protect yourself in private, avoid drawing public attention to the situation.
In addition to blocking any accounts that post your personal information or harass you, consider taking your accounts private. Some platforms also have a feature where you can temporarily disable your account, if necessary.
Change Personal Information
If the harassment becomes overwhelming, you may want to consider changing your main contact information. Creating a new email address is generally very easy, and most mobile carriers will allow you to change your phone number for a small fee.
Other information commonly exposed in doxxing attacks can be changed. For example, your internet service provider may be able to change your home network's IP address and most social media websites will allow you to update your username in your account settings.
Blur Your House
Some navigation services provide images of a variety of locations, including houses. If doxxers find your address, they may use these images to harass you or encourage others to physically harm you and anyone who lives with you.
Many of the platforms that publish these images allow users to request that their house be blurred. You can find instructions on how to submit a request to popular services here.
If you have reason to fear for your physical safety at your home, you may want to consider temporarily relocating until the harassment dies down. This could mean getting a hotel room or staying with a friend or family member.
Warn Friends and Family
If you have friends or family members whom you can safely come out to as a MAP or ally, explain the situation to them. Let them know if they are at risk of facing harassment and what they can do to support you. We recommend sharing our page for friends and family members of MAPs with them to answer common questions.
This tool from consumer reports creates a list of personalized suggestions to meet your unique digital security and privacy needs.
An extensive list of privacy-centered platforms and services, organized by category and vetted by a knowledgeable community.
Check files and websites for viruses before downloading or opening. All scanned files will become publicly available to others.