![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
starladyOr, No pills necessary to see how far down the rabbit hole goes
I've had the following post sitting around in my folder since March. Today, inspired bysnarp's excellent post on computer security, I thought I'd throw it up here in the hopes that it's helpful for people. I'm happy to answer questions with the strong disclaimer that I am not an expert in these fields. Go do the steps at the bottom of snarp's post first, though note that since ABP has been sold I now recommend uBlock origin rather than AdBlockPlus.
Ever wondered how it's so easy for groups to doxx people? That's partly thanks to the "people search" industry, which agglomerates and makes public records available over the internet. It is, however, possible to remove your information from many of these sites, and I'm of the opinion that it's of a good idea to do so, particularly if you possess certain risk factors, such as a unique or nearly unique legal name and/or work that increases your likelihood of coming to the attention of would-be stalkers, harassers, and doxxers. Even if you don't fall into one of those groups, if your legal relations do, it's a good idea to remove your information, as both of you will thereby present less-soft targets.
I should note a few things here: first, I can really only say with certainty that this applies to residents of the United States. It wouldn't surprise me if little or any of this applies to people outside the States--though you may still want to run your social media usernames through some of these sites, as you may find old unsecured accounts with potentially compromising information in them. (I did. Note that I include photos of you or of friends/relations/associates in the category of "potentially compromising information," since Facebook's facial recognition algorithm can now achieve a 97% match with as few as 25 tagged photos of someone.)
On that note, here are some guides to online security that are universally relevant:
#![[tumblr.com profile]](https://www.tumblr.com/favicon.ico)
crashoverridenetwork, started by former online mob harassment victims
# Mitigating internet troll storms on the Geek Feminism wiki, written by an infosec expert
And here is an incomplete list of things you will need to go through this process:
# The Blur browser extension, formerly known as DoNotTrackMe. This extension blocks tracking scripts and allows you to generate masked email addresses, which is key since you don't want to give the people search companies additional genuine information about you while removing your information. You will probably want to create a password for the extension to manage all your masked emails, and for general security purposes.
# An anonymized copy of gov't issued ID, usually either a driver's license or a passport. Some sites will require this to prove your identity. To anonymize the copy, black out the ID #, photo, and dates of issue & expiry. If using a U.S. passport, also block out all the numbers at the bottom of the picture page, as these contain both your SSN and the passport number.
# Legal paperwork (court records, police report) proving identity theft, stalking, and/or harassment, or your status as an employee of law enforcement, if you have them. Some people search sites are claiming that they are "consumer reporting agencies" as defined under the Fair Credit Reporting Act, which means that only people in those categories are eligible to remove their information from these sites. My own impression (disclaimer: I am not a lawyer) is that this is not an accurate application of the law--and indeed, many other such sites don't require such documentation and don't claim themselves to be CRAs.
Highly recommended:
# The Ghostery browser extension, another anti-tracker extension. Note: some websites have architecture which means you cannot block certain trackers and still run the website. Omniture, from Adobe, is particularly notable in this regard. You may have to futz with Ghostery and Blur to allow certain trackers on certain sites in order to achieve the functionality you want, and this trial and error process can be somewhat tedious, but imo it's well worth the end result. Bonus: Ghostery automatically blocks Disqus, meaning you can't read the comments on most sites!
# A VPN. Some people search sites seem to be geo-locked, i.e. are only accessible from the States (or at least, not accessible via my ISP).
# A password manager. I cannot recommend installing a password manager highly enough; again, adopting one is somewhat tedious, and the password manager isn't 100% smart enough to handle every website perfectly every time. Again, however, the tradeoffs in trial and error are beyond worth the gains in security. I use LastPass and I'm highly satisfied.
# A Flash blocker extension. Again, a good idea to have one in general; with mine, I just click a play button if I want to enable the Flash element on a page. Again, not 100% perfect; sometimes I have to use my less-secure browser to view some pages. Again, worth it.
# uBlock origin, the ad blocker extension for Firefox and Chrome.
On the subject of Blur/DoNotTrackMe, it's possible to pay the security firm that provides it, Abine, a certain amount of money a year and have them do all of the following for you--this is their "DeleteMe" feature. If you are in a position where your time is worth more to you than that money, this probably isn't a bad thing to consider. They also have a paid password manager app which allows you to give websites masked credit card numbers, among other features. I'm pretty blasé about credit card numbers being stolen (debit cards are a very different matter, and I only use them to get cash at ATMs for that reason), partly because all of the liability is on the credit card company and partly because the people who are stealing credit card numbers aren't the people who are trying to doxx people on the internet. But, YMMV. I would also recommend, on the subject of credit cards, following Brian Krebs' guide to putting a security freeze on your credit if at all possible.
Abine's list of people-search companies
This is an industry of bottom-feeders, and it's clear that there's a lot of churn, as well as a lot of companies sharing databases. I found that the list above was somewhat out-of-date--some of the companies on it are no longer in business, and many of them now have a way to process your opt-out request online. I recommend googling the site name + "opt out" for each of the ones where Abine says you have to call/fax/do anything offline. Doing the same for broken links in the Abine guide also generally gets you to the right pages.
There are other, longer lists of companies out there, but I found that after going through the above list the companies on the other lists did not have my information or were claiming to be CRAs, which meant that I was stymied. All in all I would say I spent about twenty hours or more on this process over the course of about a week.
I would also recommend creating an online account with the Social Security Administration in order to prevent an unauthorized third party doing it for you. Make sure to have your most recent federal tax return handy in order to provide the SSA the information that matches what they have on file about you.
Finally, California residents who feel that this may be relevant to them should check out California's Safe at Home program, through which eligible people can scrub past, present, and future data about themselves from the public record in order to prevent doxxing.
I've had the following post sitting around in my folder since March. Today, inspired by
snarp's excellent post on computer security, I thought I'd throw it up here in the hopes that it's helpful for people. I'm happy to answer questions with the strong disclaimer that I am not an expert in these fields. Go do the steps at the bottom of snarp's post first, though note that since ABP has been sold I now recommend uBlock origin rather than AdBlockPlus. Ever wondered how it's so easy for groups to doxx people? That's partly thanks to the "people search" industry, which agglomerates and makes public records available over the internet. It is, however, possible to remove your information from many of these sites, and I'm of the opinion that it's of a good idea to do so, particularly if you possess certain risk factors, such as a unique or nearly unique legal name and/or work that increases your likelihood of coming to the attention of would-be stalkers, harassers, and doxxers. Even if you don't fall into one of those groups, if your legal relations do, it's a good idea to remove your information, as both of you will thereby present less-soft targets.
I should note a few things here: first, I can really only say with certainty that this applies to residents of the United States. It wouldn't surprise me if little or any of this applies to people outside the States--though you may still want to run your social media usernames through some of these sites, as you may find old unsecured accounts with potentially compromising information in them. (I did. Note that I include photos of you or of friends/relations/associates in the category of "potentially compromising information," since Facebook's facial recognition algorithm can now achieve a 97% match with as few as 25 tagged photos of someone.)
On that note, here are some guides to online security that are universally relevant:
#
# Mitigating internet troll storms on the Geek Feminism wiki, written by an infosec expert
And here is an incomplete list of things you will need to go through this process:
# The Blur browser extension, formerly known as DoNotTrackMe. This extension blocks tracking scripts and allows you to generate masked email addresses, which is key since you don't want to give the people search companies additional genuine information about you while removing your information. You will probably want to create a password for the extension to manage all your masked emails, and for general security purposes.
# An anonymized copy of gov't issued ID, usually either a driver's license or a passport. Some sites will require this to prove your identity. To anonymize the copy, black out the ID #, photo, and dates of issue & expiry. If using a U.S. passport, also block out all the numbers at the bottom of the picture page, as these contain both your SSN and the passport number.
# Legal paperwork (court records, police report) proving identity theft, stalking, and/or harassment, or your status as an employee of law enforcement, if you have them. Some people search sites are claiming that they are "consumer reporting agencies" as defined under the Fair Credit Reporting Act, which means that only people in those categories are eligible to remove their information from these sites. My own impression (disclaimer: I am not a lawyer) is that this is not an accurate application of the law--and indeed, many other such sites don't require such documentation and don't claim themselves to be CRAs.
Highly recommended:
# The Ghostery browser extension, another anti-tracker extension. Note: some websites have architecture which means you cannot block certain trackers and still run the website. Omniture, from Adobe, is particularly notable in this regard. You may have to futz with Ghostery and Blur to allow certain trackers on certain sites in order to achieve the functionality you want, and this trial and error process can be somewhat tedious, but imo it's well worth the end result. Bonus: Ghostery automatically blocks Disqus, meaning you can't read the comments on most sites!
# A VPN. Some people search sites seem to be geo-locked, i.e. are only accessible from the States (or at least, not accessible via my ISP).
# A password manager. I cannot recommend installing a password manager highly enough; again, adopting one is somewhat tedious, and the password manager isn't 100% smart enough to handle every website perfectly every time. Again, however, the tradeoffs in trial and error are beyond worth the gains in security. I use LastPass and I'm highly satisfied.
# A Flash blocker extension. Again, a good idea to have one in general; with mine, I just click a play button if I want to enable the Flash element on a page. Again, not 100% perfect; sometimes I have to use my less-secure browser to view some pages. Again, worth it.
# uBlock origin, the ad blocker extension for Firefox and Chrome.
On the subject of Blur/DoNotTrackMe, it's possible to pay the security firm that provides it, Abine, a certain amount of money a year and have them do all of the following for you--this is their "DeleteMe" feature. If you are in a position where your time is worth more to you than that money, this probably isn't a bad thing to consider. They also have a paid password manager app which allows you to give websites masked credit card numbers, among other features. I'm pretty blasé about credit card numbers being stolen (debit cards are a very different matter, and I only use them to get cash at ATMs for that reason), partly because all of the liability is on the credit card company and partly because the people who are stealing credit card numbers aren't the people who are trying to doxx people on the internet. But, YMMV. I would also recommend, on the subject of credit cards, following Brian Krebs' guide to putting a security freeze on your credit if at all possible.
Abine's list of people-search companies
This is an industry of bottom-feeders, and it's clear that there's a lot of churn, as well as a lot of companies sharing databases. I found that the list above was somewhat out-of-date--some of the companies on it are no longer in business, and many of them now have a way to process your opt-out request online. I recommend googling the site name + "opt out" for each of the ones where Abine says you have to call/fax/do anything offline. Doing the same for broken links in the Abine guide also generally gets you to the right pages.
There are other, longer lists of companies out there, but I found that after going through the above list the companies on the other lists did not have my information or were claiming to be CRAs, which meant that I was stymied. All in all I would say I spent about twenty hours or more on this process over the course of about a week.
I would also recommend creating an online account with the Social Security Administration in order to prevent an unauthorized third party doing it for you. Make sure to have your most recent federal tax return handy in order to provide the SSA the information that matches what they have on file about you.
Finally, California residents who feel that this may be relevant to them should check out California's Safe at Home program, through which eligible people can scrub past, present, and future data about themselves from the public record in order to prevent doxxing.
(no subject)
Date: 2015-10-13 21:16 (UTC)Not sure whether it is funny or gross that my cat (who passed away in 2006) shows up as a "relative" at the people search sites.
(no subject)
Date: 2015-10-15 14:41 (UTC)