Privacy and Security Guide

Resources and advice to help MAPs and allies keep themselves safe

Using This Guide

Our Approach

Digital safety is critical for anyone involved in the MAP community, but everyone has unique privacy and security needs. Most guides to online safety overlook this, either leaving users who require extra protection vulnerable or overwhelming those who need only minimal precautions. To prevent this, we have developed several tiers of privacy and security tips and resources, each optimized for a specific groups of MAPs and allies, as well as an additional section for individuals who have been doxxed.

Tiers

  • Basic - recommended for MAPs and allies who only plan to engage with the community in closed spaces, such as support groups

  • Intermediate - recommended for MAPs and allies who plan to engage in public activism, such as social media advocacy and outreach

  • Advanced - recommended for MAPs and allies who engage in high-visibility activities, such as working with a MAP-friendly organization

  • Recovery - additional tips for MAPs and allies whose private information is actively being shared without their permission

Selecting a Tier

Our recommendations on who should use each tier are meant to guide your decision, however, you should also consider other factors, such as the impact being outed as a MAP or MAP ally would have on your life and the amount of sensitive data about others to which your accounts have access.

We recommend following all of the suggestions in your selected tier and all of the tiers below it. For example, if you decide to use the intermediate tier, you should follow all of the recommendations in the intermediate and basic tiers.

When it comes to privacy and security, more protection is always better, and you should aim to follow as many of the recommendations on this page as possible for maximum safety.

Safety in the MAP Community

Definitions

Privacy

The extent to which an individual is able to control access to their personal information.

Security

The extent to which personal information is protected from unauthorized access.

Doxxing

The act of posting an individual's private information online without their consent.

Encrypted

Involving data written in a code so that only devices with a password can understand it.

Decentralized

Involving data spread across a network so that no single server has all the information.

Current Threats

Anti-MAPs

Anti-MAPs are the single greatest threat faced by MAPs and their allies. Anti-MAP communities serve as safe havens for people who dox and harass MAPs and MAP allies. Antis are tolerant of predators who target minor MAPs and allies, and many suicide-bait MAPs and allies and out them to friends and family members. Some antis also openly call for genocide against MAPs and attack CSA survivors who disagree with them.

Pro-Recovery Movement

While its exact origins are unknown, the pro-recovery movement has consistently been associated with anti-MAPs. Though it appears to be a community of paraphiles and allies dedicated to helping others find support, groups within the movement are often run by antis, placing members' privacy at risk. Many supporters of the movement also support dangerous forms of "treatment," such as conversion therapy.

Assimilationists

Many MAPs experience self-hatred during the early stages of seeking support. Unfortunately, this leaves them vulnerable to manipulation by anti-MAPs, who may lure them in with false promises of support, or even a cure. After gathering identifying information on assimilationists, antis have been known to blackmail them into using their trusted status to manipulate other MAPs and allies into revealing sensitive information.

Vigilantes

Though they claim to be upholding the law, self-described "pedophile hunters" often engage in illegal and immoral activity, such as physical violence and false accusations. They have been known to impersonate MAPs and allies in order to infiltrate the MAP community and obtain sensitive information about their targets. They have also demonstrated a willingness to target both innocent and underage MAPs and allies.

Internet Monitors

Due to the stigma surrounding minor attractions and support for those who experience them, MAPs and allies are at risk of being outed or otherwise harmed by anyone who has the ability to view their internet traffic. This can include parents, school administrators, or employers. The danger posed by internet monitors varies, as some may be more supportive than others, but they can place MAPs and allies in serious danger

Law Enforcement

Law enforcement officers often pose some level of risk to marginalized groups, and the MAP community is no exception. Though its not illegal to be a MAP or an ally, police have been known to monitor MAP-related accounts, even in the absence of illegal activity. An investigation alone can result in a MAP or ally being outed to friends and family members, losing housing and employment opportunities, and being targeted by vigilantes.

This list was last reviewed in September 2022

Select an option from the list below

Basic

Minimum safety recommendations

Privacy

Basic Tier

Create a Fake Identity

All accounts that you plan to use for MAP-related purposes should be created and maintained under a fake identity.

Elements of a fake identity:

  • Fake name

  • Separate email address

  • Original, unique username(s)

  • Fake date of birth (within a few years of your real one)

  • Any other details you want to falsify

Tips:

  • Do not use any real information to create your fake identity

  • Do not reuse an identity that you previously used for non-MAP purposes

  • Only use your MAP identity for MAP-related purposes

  • Never share your MAP identity with anyone who knows your real identity

Any accounts you create under this identity should be set up such that, even if somebody were to hack into all of them, they would still have as little information about your real identity as possible.

If you need help creating a fake identity, check out this generator.

Use a VPN

A virtual private network (VPN) makes it harder for your internet usage to be tracked and for the websites you visit to gather identifying information about you.

Many VPN services charge a subscription fee, however, ProtonVPN has a free version.

Setting up ProtonVPN:

  1. Create a free Proton account

  2. Download ProtonVPN on all eligible devices

  3. Turn on the Kill Switch feature on each device

Remember to turn on your VPN before accessing MAP-related websites or accounts. Some websites may exhibit unexpected behavior while using a VPN.

Use Private Mode

Most web browsers have some form of private mode (it may be called Incognito, Private, or InPrivate, depending on your browser). Once you close all of the tabs in this mode, information about the browsing session will be deleted from your device (excluding files you downloaded). Some browsers may also turn on additional privacy features in private mode.

Always use private mode to access MAP-related websites and close all private tabs before leaving or turning off your computer.

Use HTTPS

HTTPS prevents malicious actors from being able to see the data you send to and receive from the websites you visit. Some browsers have a setting that allows you to block non-HTTPS connections, usually under security settings.

You can also install the HTTPS Everywhere browser extension, however, most browsers disable extensions in private mode

Use Secure Messaging

While many MAP spaces provide members with the ability to DM, sensitive conversations, such as those involving potentially identifying information, should always take place on a separate messaging platform.

Always review the default privacy settings when downloading a new app for MAP-related purposes.

Telegram

Download | Help

This secure messaging platform is popular among MAPs and allies for its anonymity and privacy features. Users can find each other via username, so no identifying information is necessary to connect with people you know from other platforms.

By default, Telegram automatically shares your phone number with your contacts, although this can be disabled in Settings > Privacy and Security > Phone Number. Additionally, new contacts will automatically have access to your phone number when you add them, unless you uncheck the box next to "Share my phone number" during the process of adding a contact. The safest option is to refrain from adding contacts at all in order to avoid accidental sharing.

Discord

Download | Help

Though it is generally considered less secure and MAP-friendly than other platforms, Discord is still a good place for MAPs and allies to connect and interact. Though it includes voice and video chat services, these have been insecure in the past and should be avoided.

Jitsi

Download | Help

With numerous privacy-preserving features, Jitsi is a favorite among MAPs and allies who prefer to interact through voice chats. It offers numerous security options and can be used without creating an account.

Remember that you sacrifice some anonymity when you associate your voice with your MAP identity.

Enable Auto-Delete

Some messaging services have a feature that automatically deletes messages after a set amount of time. To determine whether autodeletion is available for a specific service, type the name of that service followed by "auto-delete" into a search engine.

Enable this feature for as many MAP-related conversations as possible (a deletion time of approximately 1 week is usually best). Remember to save any important messages before they are automatically deleted.

Limit Sharing

Disclose as little information about yourself as possible. No space is truly private, and anything you post can be screenshotted and shared elsewhere. Never share information that could reveal anything about your real identity..

Tips:

  • Remove timestamps from screenshots before sharing

  • Post screenshots of photos, not original images, to remove location metadata

  • Be vague (or lie) about your age, location, career, etc.

If you do share personal information privately, remember that people can lie about their status in the community and even create multiple accounts to portray themselves as trusted by others. Once you reveal sensitive information, you cannot control how it is used or shared or whether the account you shared it with remains secure.

Avoid Untrusted Links

When your browser loads a website, it shares sensitive information about you and your device with that website. Some people can take advantage of this and obtain that information just by convincing you to click on a link. Never open links that seem suspicious or were sent to you by a stranger.

Follow Rules

Many MAP-focused spaces have extensive restrictions on what topics can be discussed and what personal information can be shared. In most cases, these rules are designed to ensure the privacy of members. Following these rules helps keep you and others in the space safe.

Security

Basic Tier

Use a Safe Email

After creating an email address for your MAP identity, you should ensure the email service you use does not leak your IP address.

Check your email:

  1. Close all MAP-related apps and websites

  2. Turn off your VPN if you have one running

  3. Open this website

  4. Click Start

  5. Send an email to the address provided

  6. Wait for the website to display your results

If you plan to send MAP-related emails from multiple different platforms and devices, we recommend checking each combination of these.

Even with a safe provider, email is still an insecure form of communication and should not be used for conversations involving sensitive information.

Use a Password Manager

A password manager allows you to use complex and unique passwords for every account, making it harder for a malicious actor to gain access even in the event of a data breach or if one of your accounts is compromised.

Some web browsers and operating systems have built-in password managers, however, these often do not work in private mode or on devices on other operating systems. Bitwarden is a trusted password manager with a feature-rich free version and apps for a variety of platforms.

Setting up Bitwarden:

  1. Create a free Bitwarden account

  2. Download Bitwarden on any necessary devices

  3. Generate new passwords for your MAP accounts

  4. Add the new passwords to your Vault

If you do not want to use a dedicated password manager but still want to strengthen your passwords, Passwrd is a customizable password generator that can even be installed as a web app and used offline on some devices.

We recommend using randomly-generated passwords of at least 20 characters (letters and numbers) for all MAP-related accounts.

Use 2-Factor Authentication

2-factor authentication (2FA) verifies your identity before allowing you to log in, making it difficult for a malicious actor to gain access, even if they have your password. It does this by requiring you to input a code obtained using a mobile app on your phone during the login process.

Preparing to use 2FA

Before you can use 2FA, you must download an app to allow you to obtain verification codes. There are dozens of these apps available, however, many of them can only be used on one device, causing you to be locked out of your accounts if you are unable to access that device. Authy allows you to back up your account so that you can access your codes even if your device is lost or broken.

Setting up Authy:

  1. Download Authy

  2. Enable 2FA on at least 1 account

  3. Enable Authy Backups

  4. Add additional devices if necessary

You should write down your Backup Password and store it somewhere secure (but not in your password manager). If you lose it, you will not be able to receive verification codes on new devices.

Enabling 2FA

On most websites, you can find 2FA settings in your account security settings. This website also contains a list of some popular services that allow users to enable 2FA.

When setting up 2FA, you should always select the Authenticator App option (depending on the website, it may be titled slightly differently). Never enable an option that allows verification codes to be emailed or texted to you, as this is insecure and easy for hackers to exploit.

Most websites will give you one or more recovery codes when you first enable 2FA. Always save these, as they will be the only way for you to access your account if you are unable to obtain a verification code.

You should enable 2FA on as many MAP accounts as possible.

Stay Updated

Outdated apps and devices can leave you and your accounts vulnerable to viruses and security exploits. You should check for app updates weekly and system updates once per month on all your devices.

Avoid Suspicious Programs

Programs, apps, and browser extensions from untrusted sources can contain viruses. Check the reviews before installing and stick to reputable sources, such as your device's built-in app store or the website of a well-known developer.

Enable Antivirus

Some operating systems come with built-in antivirus software. Enabling this can protect you from malicious programs designed to steal or even delete your data. You can usually find the relevant controls under security settings.

Dedicated antivirus software can provide additional protection, however, it is unnecessary for most users and can harm the performance of your device.

Use DNS Over HTTPS

The Domain Name System (DNS) is what computers use to find the right server when you visit a website. Attackers can impersonate this system to direct you to malicious websites. DNS over HTTPS encrypts your DNS connection, reducing the risk of these attacks.

Many browsers have a setting to enable DNS over HTTPS. To learn how to do this in your browser, type "DNS over HTTPS" followed by the name of your browser into a search engine.

Intermediate

Optimized for doxxing prevention

Privacy

Intermediate Tier

Hide Your Identity

Any MAP or ally with a public presence should take extensive steps to ensure their real identity remains concealed.

Use your MAP identity

Integrating components of a fake identity into information you share publicly can help obscure your real identity. While using the same MAP identity as in private spaces, such as support groups, is an option, creating a separate identity for public spaces is recommended.

Remember to keep any false information believable. Oversharing or repeatedly changing the fabricated aspects of your fake identity may allow malicious actors to recognize and overcome your strategy. Refrain from sharing specific information, whether real or false.

Rotate public identities

Over time, identifying details can pile up across accounts. Replacing your public MAP identity on a regular basis months makes it harder for a significant amount of this information to be collected. Some people create a separate identity for every account, while others use the same identity across several platforms.

Limit the number of people who can connect any of your public MAP identities to each other or the consistent MAP identity you use in private spaces, and never use the same account under more than one identity.

Avoid Being Targeted

Discussing certain life experiences, even in private, may make MAPs and allies more likely to be targeted by malicious actors.

Dangerous topics:

  • Experiences working with or around children

  • Past illegal activity

  • Involvement in LGBTQ spaces

  • Real-life interactions with other MAPs or allies

Protect Your Contact Info

When creating MAP accounts on social media websites, provide as little information as possible. If an email is required, use one associated with your MAP identity. If a website requires your phone number, Google Voice allows anyone with a Google Account to create a virtual phone number.

Make sure you disable contacts syncing (and remove the app's contacts permission on mobile) for any platforms that collect contact info.

Additional actions:

Audit Yourself

Regularly review the information about you that is publicly available under both your real identity and your MAP identities, then make changes to reduce that information. A good way to accomplish this is by pretending to be a malicious actor with varying amounts of information about yourself. See what else you can find about yourself using that information and a search engine.

Additional Resources:

Update Privacy Settings

Many apps use data they collect to target recommendations or create activity records that could reveal sensitive information. Disable data collection wherever possible on any accounts you plan to use for MAP-related purposes.

In the event that a MAP or ally is doxxed, the privacy settings on their real-life accounts can determine how much information the doxxer obtains. Review these settings regularly, keeping in mind that they will dictate what a potential doxxer is able to see if they find your real identity. Pay close attention to any websites that show up when you search for yourself on Google or another popular search engine.

You should also review data collection settings on any devices you plan to use for MAP-related purposes. Disable any unnecessary data collection in your settings app.

Remember to change these settings when setting up new devices and accounts in the future.

Delete Old Posts

After several months, any account's public history can be a treasure trove of outdated beliefs and sensitive information. Consistently removing old posts from both your MAP and real-life accounts can boost privacy and reduce your risk of being targeted if you regularly discuss controversial topics.

Some platforms have tools and settings (usually under privacy settings) to help you manage old posts, and you should use these wherever possible. Redact is a service that gives you additional controls on a variety of popular services.

Setting up Redact:

  1. Download Redact

  2. Register a Redact account

  3. Connect your services

  4. Delete posts as desired

There is always an element of risk in allowing a third-party application like Redact to access your accounts. Additionally, some services may place restrictions on your account if they detect automated activity. Do not connect real-life accounts and MAP accounts to the same Redact account.

Use Encrypted Messaging

Some MAPs and allies require an additional layer of privacy on their messages. Encryption provides this by making it nearly impossible for anyone except the sender and intended recipient(s) to read message contents.

Element

Download | Help

One of many interconnected servers on the Matrix network, Element provides encrypted messages and group chats. Its reliance on usernames and decentralized nature make it a particularly robust option for MAPs and allies.

Session

Download | Help

Session is the least invasive messaging app available, requiring no personal data or information to use. It is decentralized and provides strong anonymity, making it a common choice among MAPs and allies.

Session is still in the early stages of development and bugs are common.

Download Tor Browser

A shortcoming of most VPNs is that your browsing data is still visible to the company providing the VPN service. The Tor network is decentralized, so it does not have this issue.

Setting up Tor Browser

  1. Download Tor Browser

  2. Connect to the Tor network

  3. Set desired security settings

Tor Browser is not available on iOS and iPadOS, however, Onion Browser is a suitable replacement.

Some websites may block Tor or place temporary restrictions on the accounts of Tor users. In most cases, a VPN can provide adequate protection for MAPs and allies, however, Tor can be useful in particularly risky situations.

When to use Tor:

  • Opening suspicious links

  • Accessing untrusted websites

Security

Intermediate Tier

Use an Encrypted Email

Though most emails are encrypted in transit, many email services have the ability to decrypt your emails once they arrive. Encrypted email services add an additional layer of encryption so that only you can access your copy of the email.

Proton Mail is among the most well-known encrypted email services, with a fully-functional web app and mobile apps for both iOS and Android. If you already use ProtonVPN, your existing Proton account comes with access to ProtonMail.

Tutanota is another popular encrypted email service, with a web app as well as several desktop and mobile apps. Though it is less popular, its free version is less restrictive than ProtonMail's.

Using an encrypted email service only protects your copy of emails. If senders and recipients do not use an encrypted email service, their email provider will be able to read their copy.

Use a Dedicated Password Manager

While the password managers built into browsers and operating systems are simple and easy to use, they lack several security features. We recommend using a dedicated password manager, such as Bitwarden.

Avoid these:

  • Google Password Manager

  • iCloud Keychain

  • Microsoft Authenticator

  • Browser-based password managers

Ideal security features:

  • Customizable password generator

  • 2FA login

  • Secure password sharing

  • Encrypted document storage

  • Import and export features

Disable 3rd-Party Cookies

A cookie is a small file that a website saves to a user's device in order to remember something about that user. While these play a vital role in allowing websites to function properly, cookies can also be exploited by hackers to reveal sensitive information. 3rd-party cookies are are particularly risky and often serve no functional purpose.

Many modern web browsers include an option to disable 3rd-party cookies. To learn how to find this setting in your web browser, type "disable 3rd-party cookies" followed by the name of the browser into a search engine.

Some sites may exhibit unexpected behavior with 3rd-party cookies disabled.

Avoid Phishing

Phishing occurs when an attacker tricks their victim into revealing sensitive information, often by posing as a trusted entity.

Attackers may pose as:

  • A friend or colleague

  • An organization's customer safety team

  • A financial institution

  • Tech support

The end goal of a phishing attack is often to obtain your login information for an account, usually by convincing you to enter it on a fake login page.

Signs of a phishing message:

  • Incorrect sender address

  • Grammar and spelling mistakes

  • Links to suspicious URLs

  • Email service flags it as spam

If you receive a suspicious email, mark it as spam and delete it without clicking any links or responding. If the email claimed to be from a specific website, check your account on that website for any similar notifications. If you click a link in a suspicious email and enter login information, change the password on that account immediately.

One way to reduce your risk of phishing attacks is to avoid sharing your MAP email except in the process of signing up for online accounts.

Prevent SIM-Swapping

In a SIM-swap attack, a malicious actor manipulates a mobile carrier into giving them control of the victim's account. This allows them to receive any SMS (text) messages or phone calls to the victim's phone, usually with the goal of obtaining gaining access to the victim's online accounts.

Many mobile carriers allow customers to enable additional security features that prevent SIM-swapping attacks. To learn about the options available to you, type "sim-swapping prevention" followed by the name of your mobile carrier into a search engine. Additionally, avoid linking your phone number with online accounts or use a Google Voice number instead.

Signs of a SIM-swap attack

  • Inability to send or receive texts or phone calls

  • Loss mobile data availability

If you suspect you have been targeted by a SIM-swap attack, contact your mobile carrier and change your settings on any accounts that are set up to send sensitive information or security alerts via text or phone call.

Update Contact Info

Many websites allow you to recover an account using your contact information. As a result, accounts with outdated contact info can be stolen by hackers and other malicious actors to obtain sensitive information. Keep your contact info up-to-date on any accounts that store it.

Check for Data Breaches

Even if your security practices are strong, the same may not be true of the services you use. While data breaches can feel unavoidable and uncontrollable, knowing when they occur and what data was exposed is an important part of any security strategy.

Have I Been Pwned is a free service that allows anyone to check if their personal information has been exposed in a data breach and sign up for notifications about future breaches.

Using Have I Been Pwned:

  1. Visit Have I Been Pwned

  2. Enter your email and click pwned?

  3. Sign up for notifications

  4. Follow the confirmation instructions

  5. Repeat for each email you use

You can reduce the potential impact of a data breach by using a unique password for every online account and enabling 2FA wherever possible.

Responding to a breach:

  • Change your password

  • Update your contact info

  • Add 2FA

Create Security Alerts

Sometimes, updates and changes can introduce security bugs into platforms and services you already use. While these may not directly expose your data, knowing about them when they happen can help you keep your accounts secure until the issue is resolved.

Setting up an alert:

  1. Visit Google Alerts

  2. Type the name of a service followed by "security bug"

  3. Click Create Alert

  4. Repeat for each service you use

Delete Your Data

Over time, the number of services holding your personal information tends to increase. Deleting your data from services you no longer use reduces the risk of your sensitive information being exposed in a data breach.

Going through the data deletion process for even one service can be tedious. Mine is a service that simplifies the experience to a single click for dozens of popular platforms.

To use Mine, simply sign up with whichever email provider you use to sign up for online services. Identify services in your footprint that you are not using, then click Reclaim. We recommend doing this for both MAP-related and real-life accounts.

Advanced

Optimized for hacking prevention

Privacy

Advanced Tier

Use Separate Identities

If possible, use a separate identity on every account, in both public and private spaces, and replace public identities regularly. Minimize the number of people who know that any of your identities are the same person.

We recommend against using more than one identity in a single private space, such as support groups, as this behavior is often exhibited by malicious actors and could result in you getting banned. However, occasionally switching to a new identity within private spaces is permissible.

Opt Out of Data Collection

Data brokers collect and compile sensitive information on individuals to sell for a profit. This is a major privacy risk to any MAP or ally engaged in high-visibility activities, as a malicious actor who obtains even a single piece of sensitive information could gain access to a substantial amount for a small fee.

Many data brokers allow people whose information they have collected to opt out and have their data removed. This website contains a sizable list of data brokers and information on the opt out policies for each. Please begin by reading the instructions at the top of the page, as they will help you prioritize 200+ data brokers listed.

We do not recommend completing any opt-out process that requires payment, as this only funds future data collection. Additionally, some data brokers will relist your data after a certain amount of time. You should check back at least annually to request the removal of any new data.

Depending on the laws in your region, there may be additional ways for you to protect your personal information. We recommend researching your local and regional privacy legislation.

Prioritize Tor

MAPs and allies engaged in high-visibility activities may face additional scrutiny and increased doxxing attempts. Using Tor whenever possible prevents your device from sharing sensitive information that could aid malicious actors. When Tor is not feasible, you should consistently use a VPN.

Use a Private Operating System

Most mainstream operating systems are not private by design and require separate software to keep users' data safe. Using an operating system centered around privacy and anonymity can overcome these inherent weaknesses and provide much stronger data protection.

Tails

Download | Help

Tails is an operating system that runs off a USB drive, giving you access to a secure system across devices. It clears all local data (excluding file storage) when you shut it down, leaving no trace of past activity on the device or USB drive. It also routes all internet connections through Tor and comes with several privacy-preserving tools and applications preinstalled.

Whonix

Download | Help

Whonix is an operating system that runs on a virtual machine inside your existing operating system. This allows you to use a secure system for MAP-related purposes while retaining access to your computer. It is centered around Tor and includes a variety of privacy-enhancing features to protect your personal information.

Encrypt Your Devices

Without encryption, anyone with physical access to your device and the right tools can view your data and files, even if you have a password or other locking mechanism set up.

iPhones and iPads automatically enable encryption if you have a password set up. If you have an Android device, you may need to manually enable encryption. To learn how to do this, type "encrypt" followed by the brand and model of your phone into a search engine. Older devices may not have this feature.

Some desktop platforms have built-in encryption features. You can determine if your computer is one of them by typing the name of your operating system followed by "encryption" into a search engine.

If your computer does not have built-in encryption, VeraCrypt is a program that allows you to create encrypted sections on your device's storage. You can download VeraCrypt here and find instructions on how to use it here.

Be aware that once a file is encrypted, it cannot be decrypted without the proper key.

Security

Advanced Tier

Use an Offline Password Manager

Even with a reputable password manager that encrypts user data, storing passwords online still carries an element of risk. Offline password managers mitigate this by storing your passwords in an encrypted file directly on your device.

We strongly recommend storing the encrypted list of passwords generated by your offline password manager in at least 2 locations and updating the backup regularly. You should also store the key to decrypt this file in a secure location.

KeePassXC

Download | Help

KeePassXC is a free, offline password manager for computers with all the features you would expect from a cloud-based password manager. It stores passwords in the .kdbx format, which is compatible with all KeePass-based password managers.

Use Encrypted Cloud Storage

Many cloud-based file storage systems give the storage provider the ability to access and read your files. Encrypted storage protects your data while providing many of the same benefits as the most popular storage providers.

Filen

Join | Help

Filen is an encrypted storage provider that offers 10 GB of storage under their free plan. In addition to a variety of apps so you can access your files across devices, their platform also contains features like file history, collaboration, and public sharing.

Back Up Your Data

One downside of encrypted data is the risk of data loss in the event of a software bug or glitch that prevents data from being properly decrypted. Regularly backing up your data can reduce the potential impact of this issue.

The most secure option is always backing up your data locally, such as on an external hard drive. If this is not feasible for you, we recommend backing up encrypted data to a privacy-centered cloud storage service. To learn how to create a backup of the data on your device, type "create backup" followed by the operating system and version your device is running into a search engine.

We do not recommend storing MAP-related information using built-in backup features (Google One Backup, iCloud Backup, OneDrive Backup, etc.), as companies may have the ability to decrypt and read the data in the backups created by these tools.

Strengthen Security Settings

MAPs and allies engaged in high-visibility activities may experience hacking attempts on their MAP and real-life accounts. We recommend reviewing the security settings on all of your online accounts and strengthening them wherever possible.

Recommendations:

  • Use stronger passwords

  • Enable 2FA

  • Disable 3rd-party app access

  • Log out old sessions

Some companies may offer advanced protection options for high-risk users. We recommend enabling these so long as they do not infringe on your privacy.

Additional actions:

Avoid Mobile Devices

Though they are convenient, phones and tablets have inherent security limitations that could be problematic for the most high-risk users. If you need the maximum level of security possible, keep all MAP-related activity on your computer.

Recovery

Additional tips for doxxing victims

Content Removal

Social Media

Most social media websites prohibit posts that share anyone's personal information without their consent. Review the community guidelines on any websites where your personal information is being shared and report any content that is in violation.

Some social media websites are more likely to take action on posts that receive more reports. If you can do so safely, compile a list of the posts containing your personal information and ask trusted friends to help report them.

Archiving Services

Some services allow users to store a copy of a webpage as it appeared at a specific time. This can be abused by malicious actors to save posts containing your personal information, even if the original posts are deleted.

Some archiving services may remove these copies upon request, but you will have to provide them with a list of any relevant URLs that have been archived using their platform.

Popular archiving services:

Search Engines

In limited situations, some search engines may prevent pages containing sensitive information from showing up in search results. You can find the links to report sensitive information to popular search engines below:

Seeking Support

Prioritize Yourself

Doxxing attacks can be scary and overwhelming, and having a robust support system is vital. If you are struggling to cope with the impact of being doxxed or need additional support for your mental health, check out our list of mental health resources.

You may also want to consider more general resources, such as the Crisis Text Line, as they are better equip to provide immediate support. However, we strongly recommend that you do not disclose your identity as a MAP or ally to anyone at this or similar organizations.

Collect Evidence

Document instances of your personal information being distributed and harassment being directed towards you. This will enable you to provide evidence of the doxxing even if the content is removed.

Be sure to keep any evidence you collect organized so that you can quickly refer to it. You may want to consider adding descriptions to the titles of screenshots so you can use your computer's search function to find specific images.

Legal Action

While doxxing is generally not against the law, the harassment and threats that often accompany it may be illegal in some regions. Research relevant legislation in your area and, if possible, speak to a lawyer about your legal options.

If you have reason to fear for your or others' immediate safety, consider involving law enforcement. Remember, it is not illegal to be a MAP or engage in MAP activism, and police will generally investigate credible threats of violence regardless of who is being targeted.

Additional Tips

Don't Engage

In many cases, harassment following a dox subsides much faster if the victim does not publicly engage with or react to the abuse. Though you should continue taking action to protect yourself in private, avoid drawing public attention to the situation.

In addition to blocking any accounts that post your personal information or harass you, consider taking your accounts private. Some platforms also have a feature where you can temporarily disable your account, if necessary.

Change Personal Information

If the harassment becomes overwhelming, you may want to consider changing your main contact information. Creating a new email address is generally very easy, and most mobile carriers will allow you to change your phone number for at most a small fee.

Other information commonly exposed in doxxing attacks can be changed. For example, your internet service provider may be able to change your home network's IP address and most social media websites will allow you to update your username in your account settings.

Blur Your House

Some navigation services provide images of a variety of locations, including houses. If doxxers find your address, they may use these images to harass you or encourage others to physically harm you and others who live with you.

Many of the platforms that collect and publish these images allow users to request that their house be blurred. You can find instructions on how to submit a request to popular services here.

Relocate

If you have reason to fear for your physical safety at your home, you may want to consider temporarily relocating until the harassment dies down. This could mean getting a hotel room or staying with a friend or family member.

Warn Friends and Family

If you have friends or family members whom you can safely come out to as a MAP or ally, explain the situation to them. Let them know if they are at risk of facing harassment and what they can do to support you. We recommend sharing our page for friends and family members of MAPs with them to answer common questions.

Additional Resources

Consumer Reports Security Planner logo, a black outline in the shape of a lock, with the bottom right corner colored green.

This tool from consumer reports creates a list of personalized suggestions to meet your unique digital security and privacy needs.

Privacy Tools logo, a white wrench shape set against a blue shield outline.

An extensive list of privacy-centered platforms and services, organized by category and vetted by a knowledgeable community.