Last reviewed: July 2, 2026
Version: 2.1
Most people have more personal information online than they realize. Names, addresses, phone numbers, relatives, usernames, photographs, public records, advertising identifiers, app permissions, and data-broker profiles can often be connected into a detailed picture of a person’s life.
This guide is for people who want to understand what information about them is available, reduce unnecessary exposure, protect important accounts and devices, and prepare for online harassment or doxxing.
You do not need to complete everything at once. Begin with the Quick Start, then use the table of contents to go directly to the sections that fit your situation.
Important: Complete privacy is rarely possible. The goal is to reduce unnecessary exposure, make accounts and devices harder to compromise, limit the damage if something happens, and create a plan before you are under pressure.
Safety note: Removing information can sometimes alert an abusive person, disrupt an existing safety plan, or destroy evidence. People facing stalking, domestic violence, or an immediate threat should consider consulting a qualified victim advocate, attorney, or safety professional before making major account or address changes.
How This Guide Is Organized
This is a pillar guide made of modules that can also stand alone. The major parts can later be published separately as shorter website or Substack articles:
- Finding and removing exposed information
- Protecting identity and financial records
- Securing accounts and phone numbers
- Device and browser privacy
- Social media and messaging safety
- Harassment and doxxing response
- Evidence preservation
- Physical safety and wellbeing
A condensed checklist appears near the end and is also available as a separate page and downloadable PDF.
Table of Contents
- Quick Start
- Part One: Understand Your Risk
- Part Two: Find What Is Already Online
- Part Three: Reduce Your Online Footprint
- Part Four: Protect Your Identity and Financial Records
- Part Five: Secure Your Accounts and Phone Number
- Part Six: Protect Your Devices and Browsing
- 24. Keep Devices Updated and Locked
- 25. Audit Mobile App Permissions
- 26. Check for Stalkerware or Unwanted Monitoring
- 27. Review Location Collection and Sharing
- 28. Reduce Advertising Tracking
- 29. Limit Browser Tracking
- 30. Understand Browser Fingerprinting
- 31. Remove Location Metadata Before Posting Photos
- Part Seven: Social Media and Messaging
- Part Eight: Prepare for Harassment or Doxxing
- Part Nine: What to Do During an Online Attack
- Part Ten: Document Abuse and Threats
- Part Eleven: Protect Physical Safety and Wellbeing
- Part Twelve: Ongoing Maintenance
- Personal Privacy Checklist
- Sources and Further Reading
Quick Start: The First Hour
Begin with these actions:
- Search your full name, phone number, email addresses, usernames, and home address.
- Secure your primary email account.
- Turn on strong multi-factor authentication for your email, password manager, financial accounts, and social media.
- Review app permissions for location, camera, microphone, contacts, photos, and nearby devices.
- Remove your home address, primary phone number, full birth date, daily schedule, and family details from public profiles where possible.
- Consider freezing your credit if you do not need frequent access to new credit.
- Save recovery codes somewhere separate from your everyday phone.
- Create a simple response plan for harassment, account compromise, identity theft, or doxxing.
For a higher-risk situation, prioritize:
- Home address and current location
- Primary email and phone account
- Account-recovery settings
- Family and household exposure
- Evidence preservation
- A trusted person who can help
Part One: Understand Your Risk
1. Decide What You Are Protecting
Privacy needs vary. Someone with a public-facing role may have different concerns than someone avoiding an abusive former partner, participating in political organizing, running a small business, or simply trying to reduce commercial tracking.
Identify what matters most:
- Home address
- Primary phone number
- Personal email addresses
- Family members and household relationships
- Workplace or school
- Daily routines and frequently visited locations
- Financial and identity information
- Private photographs
- Political, religious, medical, or personal associations
- Accounts that could be used to impersonate you
- Information that could answer account-recovery questions
- Information that could expose someone else through you
The goal is not to hide everything. It is to identify the information that would cause the most harm if misused.
2. Identify Likely Threats
A basic threat assessment asks:
- Who might want this information?
- What information would be most harmful if exposed?
- How could someone obtain it?
- What could they do with it?
- Which practical steps would reduce the risk most?
Common concerns include:
- Identity theft
- Account takeover
- SIM swapping
- Stalking
- Doxxing
- Harassment
- Impersonation
- Employment-related retaliation
- Political targeting
- Exposure of relatives
- Unwanted contact
- Commercial profiling
- Location tracking
- False emergency reports or swatting
Your answers determine your priorities. A person concerned about stalking should focus heavily on addresses, photographs, family connections, voter and property records, and location clues. A person concerned about account theft should begin with email, passwords, passkeys, multi-factor authentication, recovery methods, and mobile-carrier security.
Part Two: Find What Is Already Online
3. Search for Your Personal Information
Look at yourself as a stranger would.
Search for:
- Full legal name
- Name in quotation marks
- Former names
- Nicknames
- Common misspellings
- Name plus city or state
- Name plus employer or school
- Home and former addresses
- Phone numbers
- Email addresses
- Usernames and handles
- Family members
- Business names
- Organization affiliations
Use more than one search engine. Different services may index different pages.
A private or incognito window can reduce personalization from your own search history, but it does not make the search anonymous to the search provider, websites, internet provider, employer, or network administrator.
4. Use Focused Search Techniques
Exact phrase
"Sarah Smith"
Require or exclude terms
"Sarah Smith" AND Oregon
"Sarah Smith" -basketball
Search alternatives
"Sarah Smith" OR "Sarah Jones"
Search a particular website
"Sarah Smith" site:example.com
Search for PDFs
"Sarah Smith" filetype:pdf
PDF searches may reveal meeting packets, directories, court documents, reports, resumes, newsletters, or archived publications.
Search a username, email, or phone number
"username123"
"person@example.com"
"541-555-0123"
Try alternate phone-number formatting. Reused usernames, email addresses, and photographs can connect accounts that otherwise appear separate.
5. Search Images and Check Photo Metadata
Use reverse-image search to find:
- Reused profile photographs
- Forgotten accounts
- Impersonation accounts
- Images copied without permission
- Photographs that reveal your home, workplace, vehicle, badge, school, or routine
Also inspect the photograph itself. It may reveal:
- Street signs
- House numbers
- Mail or documents
- Reflections
- Vehicle plates
- Employee badges
- Tickets or QR codes
- School logos
- Recognizable landmarks
Photographs may contain metadata, sometimes called EXIF data. Depending on the device and app, this can include the date, time, camera model, and geographic coordinates.
Do not assume that every social platform removes all metadata in every sharing method. Check the copy you plan to post.
See Section 31 for practical steps.
6. Check Archives and Cached Copies
Deleting a page does not always remove every copy.
Look for:
- Internet archive services
- Cached or indexed snippets
- Reposted screenshots
- Quote-posts and shares
- Old forum profiles
- Archived staff directories
- Newsletters
- Public meeting documents
- Public-record portals
A page may remain discoverable after the original publisher removes it. When requesting deletion, ask whether archived or duplicate copies can also be removed.
7. Check Data Brokers and People-Search Sites
People-search and data-broker sites may display:
- Current and former addresses
- Phone numbers
- Email addresses
- Age
- Relatives
- Possible associates
- Property information
- Court or public-record information
Keep a removal log:
| Field | What to record |
|---|---|
| Website | Name of the service |
| Page | Address of the listing |
| Exposed data | What it displays |
| Opt-out page | Where the request was submitted |
| Submission date | When you requested removal |
| Verification | What the site required |
| Removal date | When the listing disappeared |
| Recheck date | When to look again |
Caution: Some opt-out processes request additional information. Confirm that you are on the company’s legitimate website and provide no more information than reasonably necessary.
Paid removal services can save time, but they do not make a person invisible and may not cover every broker or public record.
8. Review Public-Record Exposure
Personal information can appear in:
- Property records
- Business registrations
- Court records
- Professional licenses
- Campaign-finance records
- Candidate filings
- Voter-registration records or voter lists
- Public meeting materials
- Government staff directories
Availability and confidentiality rules differ by jurisdiction. Do not assume a record is private merely because it is not easy to find through a normal web search.
Oregon: Address Confidentiality Program
Oregon’s Address Confidentiality Program is a free mail-forwarding program that provides a substitute address for qualifying participants. It is intended for eligible survivors and certain health care providers; it is not a general privacy service and does not function like witness protection.
People who may qualify should review the current Oregon Department of Justice requirements or speak with a certified application assistant before publishing a new address or making changes that could affect an existing safety plan.1
Oregon: Voter-registration privacy
Oregon provides address options and confidentiality resources for some voters who need to keep a residential address private. The correct process depends on the person’s circumstances, including whether they participate in the Address Confidentiality Program.2
Contact the county elections office or Oregon Elections Division for current instructions. Do not submit false information.
Outside Oregon
Many U.S. states operate an Address Confidentiality Program, often called Safe at Home or a similar name. Eligibility, covered records, application procedures, and substitute-address rules vary substantially. Non-Oregon readers should check the current website of their secretary of state, attorney general, or state victim-services office, or ask a local victim advocate for the correct program.3
9. Set Up Ongoing Alerts
Search alerts can notify you when new pages mention:
- Your full name
- A distinctive username
- Your organization
- A business or public project
- A frequently targeted family member
Alerts are incomplete. They may miss social posts, closed groups, images, broker listings, and pages that block indexing.
Use a dedicated folder or secondary address so alerts do not overwhelm your primary inbox.
Part Three: Reduce Your Online Footprint
Safety before cleanup: If the exposure may involve a current or former partner, stalker, or anyone with physical access to your devices, pause before removing listings, changing passwords, or altering account settings. Those changes can alert the person, escalate risk, or destroy useful evidence. Use a safer device if possible and make a safety plan with a qualified advocate or trusted professional before proceeding.
10. Prioritize What to Remove
Not every source can be removed or hidden. Public records, archived copies, reposts, legal notices, and information held by other people may remain available. The goal is to reduce avoidable exposure, correct what can be corrected, and document what cannot be changed.
For each exposed item, decide whether to:
- Delete it
- Edit it
- Make it private
- Ask the publisher to remove or redact it
- Submit a broker opt-out
- Request search-result removal where available
- Replace it with less-sensitive contact information
- Leave it in place because removal is impossible, risky, or likely to draw attention
Prioritize:
- Home address
- Primary phone number
- Personal email address
- Full date of birth and identity information
- Family and household details
- Current location and routine
- Financial information
- Photographs exposing private places
- Old accounts you no longer control
Removing one listing does not remove the underlying source. A broker may republish information later, so schedule rechecks.
11. Contact the Original Publisher
A removal request should be short and specific:
I am requesting removal or redaction of personal information on the following page: [page address]. The page displays my [home address/phone number/personal email/other information]. Please remove or redact that information and confirm when the change is complete.
Save:
- The original page
- Your request
- The date sent
- Any confirmation number
- The response
- A screenshot after removal
A search engine may remove a result without deleting the original page. Whenever practical, contact the original publisher first.
12. Use Separate Contact Information and Email Aliases
Separate public-facing contact information from private contact information where appropriate.
Options include:
- A secondary email address
- An email alias
- Plus-addressing
- A separate work number
- A secondary phone-number service
- A post office box
- A commercial mailbox
- A business contact form
- A lawful alternate address for public filings
Email aliases
A unique alias for each service can:
- Keep your primary address private
- Make it easier to disable one compromised address
- Help identify which service disclosed, sold, or lost an address
- Improve filtering
Some providers offer random forwarding aliases. Others support plus-addressing, such as:
name+shopping@example.com
Plus-addressing is easy to use but does not hide the underlying mailbox name, and some websites reject or remove the added tag. Provider support varies.4
A secondary phone number also does not guarantee anonymity. The provider may retain account, billing, device, or usage information.
13. Talk With Family, Friends, and Colleagues
Other people may unintentionally expose you.
Ask close contacts not to publicly share:
- Your address
- Your primary number
- Travel plans
- Live location
- Home photographs
- Mail, badges, tickets, or documents
- Family relationships
- Work schedule
- Children’s school or routine
- Answers to account-recovery questions
Privacy is often a group practice. One public family account can reveal information that is hidden on your own profile.
Part Four: Protect Your Identity and Financial Records
14. Consider a Credit Freeze
A credit freeze restricts access to your credit file, making it harder for someone to open new credit in your name.
In the United States:
- A freeze is free to place and lift.
- It does not affect your credit score.
- You must contact Equifax, Experian, and TransUnion separately.
- You can temporarily lift a freeze when applying for credit.5
A freeze does not prevent every form of fraud. It does not stop misuse of an existing account, tax fraud, medical identity theft, or every bank-account scam.
Protect the PINs, passwords, or account credentials used to manage each freeze.
15. Understand Fraud Alerts
A fraud alert tells businesses to verify your identity before opening new credit.
In the United States:
- An initial fraud alert is free.
- Contacting one nationwide credit bureau is generally sufficient because that bureau must notify the other two.
- An extended alert may be available to identity-theft victims.
- Active-duty alerts are available for eligible service members.6
A fraud alert is not the same as a freeze. A freeze usually provides stronger prevention against new-account fraud, while an alert adds a verification warning.
16. Respond to Suspected Identity Theft
Warning signs include:
- Accounts you did not open
- Credit inquiries you do not recognize
- Bills for unfamiliar services
- Missing mail
- Tax notices involving an unknown filing
- Medical statements for care you did not receive
- Login or password-reset messages you did not request
- Sudden loss of phone service
Immediate steps may include:
- Contact the affected institution using a trusted number.
- Change compromised credentials.
- Freeze credit.
- Review credit reports.
- Preserve statements, notices, emails, and screenshots.
- Report identity theft through the FTC’s IdentityTheft.gov recovery process.
- Follow any additional steps required for tax, medical, employment, or benefits fraud.7
Do not use a phone number or link from a suspicious message to contact the institution.
Part Five: Secure Your Accounts and Phone Number
17. Protect Your Email First
Your primary email is often the recovery key for other accounts.
Secure it before anything else:
- Use a unique password or passkey
- Turn on strong multi-factor authentication
- Review recovery addresses and phone numbers
- Remove old devices and sessions
- Check forwarding rules
- Check filters and automatic replies
- Review connected applications
- Save backup codes
- Confirm security alerts go to an account you control
An intruder may create a forwarding rule or filter so they continue receiving messages even after you change the password.
18. Use a Password Manager
A password manager helps create and store unique credentials.
Good practices:
- Use a long, unique master password
- Turn on strong authentication for the manager
- Store recovery information securely
- Review emergency-access options
- Never reuse the master password
- Keep the app, browser extension, and operating system updated
Password managers reduce the damage caused when one website is breached and help prevent password reuse.
19. Prefer Phishing-Resistant Authentication
Multi-factor authentication is valuable, but methods are not equally resistant to attack.
Where available, prefer phishing-resistant FIDO/WebAuthn methods, including:
- Passkeys
- Hardware security keys
Authenticator-app codes are generally preferable to SMS codes. SMS is still better than having no second factor, but it can be vulnerable to phishing, interception, and SIM swapping.8
Use the strongest option supported by the service and practical for your situation.
Never share:
- One-time authentication codes
- Push-approval prompts
- Recovery codes
- Security-key access
A legitimate support worker should not ask you to read back a one-time code that grants account access.
20. Save Backup Codes
Store recovery or backup codes somewhere separate from your normal phone.
Options include:
- A printed copy in a secure place
- An encrypted vault
- A password-manager secure note
- A trusted offline backup
Do not keep the only copy on the device you may lose.
Treat backup codes like passwords. Anyone with a valid code may be able to bypass your normal second factor.
21. Review Account Recovery
Attackers may target recovery systems instead of passwords.
Review:
- Recovery email
- Recovery phone
- Trusted devices
- Security questions
- Authorized applications
- Backup codes
- Emergency contacts
- Account delegates
- Old numbers
- Old addresses
Security-question answers are often discoverable through social media or public records. When a service permits it, use a random answer stored in your password manager rather than a factual answer.
22. Protect Against SIM Swapping
A SIM swap occurs when an attacker persuades or tricks a mobile carrier into moving your phone number to a SIM or device they control. The attacker may then receive calls and SMS codes intended for you.9
Ask your carrier about:
- An account PIN
- A port-out lock
- Number-transfer protection
- In-person identification requirements
- Notifications for account or SIM changes
- Additional protections for high-risk customers
Also:
- Use a unique carrier-account password
- Protect the email account tied to the carrier
- Avoid SMS authentication for critical accounts when stronger methods exist
- Treat sudden loss of cellular service as a possible warning sign
If your service disappears unexpectedly, contact the carrier from another phone and review email, banking, and social accounts immediately.
23. Review Active Sessions and Connected Apps
Look for settings labeled:
- Devices
- Sessions
- Login activity
- Where you are signed in
- Authorized apps
- Connected services
Sign out devices you do not recognize or no longer use.
After suspected compromise:
- Use a trusted device.
- Change the password.
- Remove unauthorized recovery methods.
- Revoke unknown sessions and app access.
- Check email forwarding and filters.
- Review recent security activity.
- Regenerate backup codes if necessary.
Part Six: Protect Your Devices and Browsing
24. Keep Devices Updated and Locked
Basic device protections matter because an unlocked or unpatched device can bypass many account protections.
Use:
- Automatic security updates
- A strong screen lock
- Device encryption when supported
- Automatic locking after a short period
- Find, lock, and erase features for lost devices
- Backups that you can restore
- Separate user accounts on shared computers
Avoid relying on a simple four-digit PIN when a longer PIN or strong passcode is practical.
Before selling, donating, or recycling a device, follow the manufacturer’s procedure to sign out, remove activation locks, erase personal data, and remove SIM or storage cards where applicable.
25. Audit Mobile App Permissions
Review which apps can access:
- Location
- Camera
- Microphone
- Contacts
- Photos and videos
- Calendar
- Call logs
- SMS
- Nearby devices or Bluetooth
- Files
- Notifications
- Accessibility services
Ask:
- Does the app need this permission for its core function?
- Does it need access all the time?
- Could “only while using the app” work?
- Could it use selected photos rather than the entire library?
- Do I still use this app?
Android’s Privacy Dashboard can show recent permission use, and Android allows users to change permissions by app or permission type.10 Apple devices provide similar controls under Privacy & Security.
Be especially cautious with accessibility permissions, device-administrator access, notification access, VPN profiles, and keyboard apps because they can provide broad visibility or control.
26. Check for Stalkerware or Unwanted Monitoring
Stalkerware is software or an account configuration used to secretly monitor another person’s device activity, communications, or location. Monitoring can also happen through shared cloud accounts, family-location services, email forwarding, connected devices, or someone who repeatedly gains physical access to the phone.
Possible warning signs include:
- A current or former partner consistently knows private details they should not know
- Unexpected changes to device settings or security controls
- Unfamiliar apps, device-administrator access, accessibility access, VPN profiles, or management profiles
- Unexplained location sharing or unfamiliar devices signed into an account
- Sudden increases in battery drain, heat, or data use
- Microphone, camera, or location indicators appearing unexpectedly
These signs are not proof of stalkerware. Battery problems, software updates, damaged hardware, and ordinary apps can produce similar symptoms.
Do not immediately delete a suspicious app, factory-reset the device, or change important passwords on a device that may be monitored. The person monitoring it may see those actions, learn the new passwords, escalate their behavior, or realize that you are seeking help. Removing software can also destroy evidence.
Safer first steps may include:
- Use a different device the other person has never accessed to research options or contact help.
- Consider speaking with a domestic-violence or stalking advocate who understands technology safety.
- Document suspicious apps, settings, alerts, account sessions, and unusual behavior when it is safe.
- Check whether information is coming from account sharing, location sharing, cloud backups, email forwarding, or a Bluetooth tracker rather than an installed app.
- Develop a safety plan before changing passwords, disabling access, scanning the device, replacing it, or performing a factory reset.
- In immediate danger, use a safe device to contact emergency services or a trusted person.
A reputable security scan may help, but a clean result does not prove that monitoring is absent. Device inspection and removal choices should be guided by safety, not only by technical cleanup.11
27. Review Location Collection and Sharing
Location exposure can come from more than the map app.
Review:
- App location permissions
- Live-location sharing
- Family-location services
- “Find my device” sharing
- Photo location data
- Significant or frequently visited locations
- Fitness and health routes
- Vehicle apps
- Bluetooth trackers
- Shared calendars
- Social check-ins
- Ride-share history
Do not disable a safety feature without considering what you would lose. For example, turning off device-finding features can make a stolen phone harder to locate or erase.
Use the least access that still supports the function you need:
- Approximate instead of precise location
- Only while using the app
- One-time access
- No background access
28. Reduce Advertising Tracking
Mobile platforms may provide controls for advertising identifiers, ad topics, app-suggested ads, or ad measurement.
On Android, current controls may allow users to reset or delete the advertising ID and manage ad-privacy settings. Menu names vary by device and Android version.12
These controls reduce one form of tracking; they do not stop all tracking. Apps and websites may still use:
- Account identifiers
- Email addresses
- Device characteristics
- IP addresses
- First-party activity
- Purchased data
- Other software identifiers
Also review personalization controls inside major apps and accounts.
29. Limit Browser Tracking
Practical browser steps include:
- Use a browser with built-in tracking protection
- Block third-party cookies where practical
- Use a reputable tracker blocker
- Review site permissions
- Clear unneeded site data
- Remove unused extensions
- Keep the browser updated
- Use separate browser profiles for work, personal, and public activity when useful
Blocking third-party cookies can reduce some cross-site tracking, but it may break features on some websites. Use site-specific exceptions instead of disabling protection everywhere.
Extensions can see significant browsing data. Install as few as practical and review their permissions.
30. Understand Browser Fingerprinting
Websites can combine browser and device characteristics into a fingerprint, such as:
- Screen size
- Operating system
- Browser version
- Installed fonts
- Graphics capabilities
- Language and time zone
- Hardware details
- Extension behavior
A fingerprint may help distinguish one browser from others even when cookies are limited.
Fingerprinting protection is imperfect. Highly customized browser setups can sometimes become more distinctive. Prefer established privacy protections rather than installing many obscure extensions.
EFF’s Cover Your Tracks project demonstrates how trackers may view a browser and whether tracking protection is working.13
31. Remove Location Metadata Before Posting Photos
Before sharing a sensitive photograph:
- Inspect the photo’s information or details screen.
- Look for a map, address, or latitude and longitude.
- Remove or adjust the location on the copy you plan to share.
- Check the sharing screen for a location-data option.
- Reopen the shared copy and confirm the data is gone when practical.
iPhone and iPad
Apple currently allows users to open a photo, choose Adjust Location, and select No Location. Apple’s sharing controls may also allow location to be omitted when sharing.14
Android and Google Photos
Google Photos allows users to review and manage location information and control location sharing in albums and conversations. Some camera-added location data may need to be removed using the device gallery, a metadata tool, or a newly exported copy rather than through Google Photos itself.15
Prevent future geotagging
Review the camera’s location permission or the camera app’s “save location” or “geotag” setting.
Location metadata is only one risk. The visible background may still identify the place.
Part Seven: Social Media and Messaging
32. Separate Public and Personal Uses
Combining advocacy, professional work, family life, and private relationships on one account can increase exposure.
Consider separate accounts or identities for:
- Public or professional activity
- Personal friends and family
- Organizing
- A pseudonymous interest
- Family groups
- Close-friends sharing
Separation is not guaranteed anonymity. Platforms may still connect accounts through devices, contact information, cookies, network data, or behavior.
33. Review What Your Profile Reveals
Use the exposure inventory from Sections 3 through 5, then review:
- Full birth date
- Address
- Phone and email
- Employer and schedule
- School
- Family names
- Relationship status
- Travel plans
- Vehicle details
- Live location
- Background details in photographs
Use the platform’s “view as,” public-preview, or logged-out view when available. A setting may look private while search snippets, tags, old posts, or public group activity remain visible.
34. Limit Who Can Find and Contact You
Review who can:
- View posts and stories
- See friends or followers
- Find you by phone number
- Find you by email
- Send messages
- Add you to groups
- Tag or mention you
- Comment
- Share or download your content
- See activity status
- See location
Turn off contact syncing when it is not needed. Uploading an address book can reveal relationships between people and accounts.
Review settings again after major platform updates.
35. Use Usernames Instead of Phone Numbers Where Possible
Where a messaging service supports it:
- Use a username for public contact
- Hide the phone number from other users
- Limit discovery by phone number
- Avoid posting a primary number in group descriptions
- Use invitation links carefully
- Revoke old group links
A username can reduce exposure to other users, but it does not necessarily hide the account from the platform.
36. Use Group Chats Carefully
Groups can expose:
- Phone numbers
- Profile photographs
- Display names
- Membership lists
- Political or organizational affiliations
- Message history
- Shared files
- Location and scheduling information
Before joining or creating a group, ask:
- Can members see each other’s numbers?
- Who can add members?
- Can new members see old messages?
- Who controls the invitation link?
- Can the link be revoked?
- Are messages end-to-end encrypted?
- Are cloud backups encrypted?
- Can disappearing messages be captured?
- What happens if an administrator is compromised?
Assume another participant can copy or photograph anything visible to them.
37. Review Old Accounts
Old accounts may contain:
- Former addresses
- Old phone numbers
- Birth dates
- Reused passwords
- Private messages
- Public photographs
- Family connections
- Payment information
Before deletion:
- Download anything you need
- Remove stored payment methods
- Change a reused password elsewhere
- Save evidence if the account is involved in harassment
- Check whether deletion is reversible
Part Eight: Prepare for Harassment or Doxxing
38. Create a Response Plan
Write down:
- Who you will contact
- Which accounts can be made private quickly
- Who can monitor messages
- Where evidence will be stored
- How family members will be alerted
- Which information must not be posted
- How to contact platforms and service providers
- When to seek legal, safety, school, employer, or law-enforcement help
- Where you could go if your address is exposed and a threat is credible
- How to communicate if your phone or email is compromised
Keep a copy outside your primary account.
39. Choose Trusted Support People
Identify people who can help with:
- Monitoring messages
- Taking screenshots
- Reporting accounts
- Filtering email
- Contacting platforms
- Communicating with family
- Watching for impersonation
- Preserving evidence
- Transportation or a safe place
- Helping you step away from abusive content
Do not wait for a crisis to explain what help you may need.
40. Create an Escalation Ladder
Level 1: Isolated abuse
- Mute or block
- Adjust privacy settings
- Save a screenshot if needed
Level 2: Repeated harassment or impersonation
- Document the pattern
- Report accounts
- Ask a trusted person to monitor
- Review account security
- Search for newly exposed information
Level 3: Doxxing, compromise, stalking, or credible threats
- Preserve evidence
- Secure accounts and carrier access
- Alert trusted contacts
- Contact relevant platforms
- Consider legal or specialist safety advice
- Evaluate physical safety
Level 4: Immediate danger
- Leave the location if it is safe to do so
- Contact emergency services
- Alert household members
- Do not publicly post the new location
- Follow qualified local guidance
Part Nine: What to Do During an Online Attack
41. Reduce Immediate Exposure
Depending on the situation:
- Make accounts private
- Pause posting
- Turn off location sharing
- Remove public contact details
- Restrict replies and mentions
- Revoke group links
- Hide friend or follower lists
- Disable tagging
- Restrict messages from strangers
- Ask others not to tag or identify you
Going offline temporarily is a risk-management step, not an admission or surrender.
42. Secure Critical Accounts
Review:
- Primary email
- Password manager
- Mobile-carrier account
- Financial accounts
- Social media
- Cloud storage
- Messaging apps
- Website hosting
- Domain registrar
Use a trusted device. Remove unauthorized recovery methods, revoke unknown sessions, and check forwarding rules.
If phone service suddenly disappears, treat possible SIM swapping as urgent.
43. Alert Family and Trusted Contacts
Tell them:
- What is happening
- What information is exposed
- What not to share
- Whether they should make accounts private
- Whether they should ignore unusual messages
- How to verify that a message is really from you
Attackers may contact relatives, employers, schools, colleagues, or neighbors.
44. Delegate Monitoring
A trusted person can:
- Track new posts
- Save evidence
- Report accounts
- Filter messages
- Watch for escalation
- Summarize only what you need to know
You do not need to personally read every abusive message.
45. Block, Mute, Filter, and Report
- Block to stop direct contact
- Mute to reduce visibility without necessarily alerting the sender
- Filter to route abusive email away from the inbox
- Report threats, impersonation, exposed private information, or coordinated harassment
- Restrict comments, replies, tags, and mentions
- Archive messages when deletion could destroy evidence
Avoid arguing with every attacker. Engagement can increase visibility and provide more information.
46. Watch for Impersonation and Phishing
Be suspicious of:
- Password resets you did not request
- Login alerts
- Requests for authentication codes
- Messages claiming to be platform support
- Unknown attachments
- Shortened links
- Urgent demands
- Friends requesting money from new accounts
- “Verification” requests using personal information
Do not approve an unexpected login prompt or give anyone a one-time code.
Navigate to the service directly rather than using a link in a suspicious message.
Part Ten: Document Abuse and Threats
47. Create an Evidence Folder and Incident Log
Organize evidence by:
- Date
- Platform
- Sender
- Incident type
- Threat level
Suggested spreadsheet columns:
| Field | What to record |
|---|---|
| Date | Date of incident |
| Time | Time and time zone |
| Platform | App, website, email, or service |
| Account | Username, email, or number |
| Link | Direct page or post address |
| Description | What happened |
| Exposed information | Address, phone, family, etc. |
| Threat language | Relevant exact language |
| Evidence file | Screenshot or recording name |
| Report submitted | Date and method |
| Response | Platform action or case number |
| Follow-up | Next step |
| Witnesses | Other people who saw it |
Store a backup securely.
48. Take Useful Screenshots
Capture:
- Full message
- Username or account name
- Date and time
- Platform
- Page address when possible
- Surrounding conversation
- Profile page
- Post identifiers
- Shares or engagement
- Report confirmation
Do not crop so tightly that the source becomes unclear.
Also save:
- Direct links
- Email headers when relevant
- Downloaded copies
- Screen recordings for disappearing content
- Voicemails
- Call logs
- Platform case numbers
49. Preserve Original Files
Keep the original:
- Screenshot
- Photograph
- Voicemail
- Video
- Downloaded file
Create separate copies for highlighting, redacting, or sharing.
Avoid editing the only copy. Note when and how you collected the evidence.
50. Prioritize What Matters Most
During a large attack, complete documentation may be impossible.
Prioritize:
- Credible threats
- Home address or sensitive identity information
- Account compromise
- Impersonation
- Stalking behavior
- Contact with family, employer, or school
- Evidence likely to disappear
- Coordinated behavior
- Platform responses and case numbers
Your safety matters more than a perfect archive.
Part Eleven: Protect Physical Safety and Wellbeing
51. Treat Online and Offline Safety as Connected
Online abuse can lead to:
- Unwanted visits
- Harassing calls
- Deliveries
- False reports
- Workplace contact
- Family harassment
- Stalking
- Swatting
Review what online information reveals about your current location, household, vehicle, workplace, and routine.
52. Reduce Location Clues
Avoid real-time posting of:
- Travel
- Events
- Regular routes
- Daily schedules
- Home exteriors
- Views from windows
- Vehicle locations
- School pickups
- Workplace entrances
Post later when practical.
Check images for:
- Street signs
- House numbers
- Reflections
- Landmarks
- Vehicle plates
- Badges
- Tickets
- QR codes
- Location metadata
53. Prepare for False Emergency Reports
People facing a credible risk of swatting or false emergency reports should consider advice from a qualified attorney, victim advocate, safety professional, or appropriate local law-enforcement liaison.
An informal conversation is not a guarantee of protection.
Household members should know:
- To avoid sudden movements during an emergency response
- To follow lawful instructions
- To avoid escalating the encounter
- How to explain medical, disability, or accessibility needs
- Who should be contacted afterward
Do not publish your alternate safe location.
54. Protect Your Wellbeing
Online abuse can affect:
- Sleep
- Concentration
- Appetite
- Anxiety
- Heart rate
- Sense of safety
- Ability to work
- Relationships
Practical steps:
- Check messages at scheduled times
- Let someone else monitor
- Turn off nonessential alerts
- Use filters
- Take breaks
- Avoid reading every comment
- Maintain private check-ins with trusted people
- Seek professional support when needed
The effects are real even when the abuse happens through a screen.
Part Twelve: Ongoing Maintenance
55. Monthly, Quarterly, and Annual Reviews
Monthly
- Search your name
- Search phone numbers and email addresses
- Check major people-search sites
- Review security alerts
- Look for impersonation
- Review public tags and posts
Quarterly
- Review privacy settings
- Check active sessions
- Review connected applications
- Remove old devices
- Update software
- Review recovery methods
- Confirm backup codes
- Recheck broker opt-outs
- Audit app permissions
Annually
- Close unused accounts
- Review public-record exposure
- Update the response plan
- Review family privacy practices
- Reassess threats
- Review domain and business registrations
- Test recovery for critical accounts
- Review credit-freeze access credentials
- Update the “last reviewed” date on any public guide or organizational policy
Also repeat a review after:
- Moving
- Changing phone numbers
- Starting a public role
- Joining a campaign or organization
- Leaving a relationship
- Receiving a threat
- A major data breach
- Losing a device
Personal Privacy Checklist
See the full interactive version on the Personal Online Privacy Checklist page, also available as a downloadable PDF.
Closing
Online privacy is not a single setting, product, or one-time cleanup. It is a continuing practice:
- Know what is visible
- Reduce what does not need to be public
- Protect the accounts and devices that control your digital life
- Prepare for harassment before it happens
- Document serious incidents
- Ask for help
- Protect physical and emotional wellbeing
- Review protections as technology and circumstances change
The goal is not perfection. Each unnecessary detail removed, each account secured, and each response step prepared makes misuse more difficult and recovery more manageable.
Sources and Further Reading
The specific menu paths and product features in this guide were reviewed on July 2, 2026. Platforms frequently change settings and labels. Follow the current instructions provided by the relevant device, service, government agency, or platform.