Personal Safety Online
Personal Safety Online
Personal Safety Online is part of a larger resource for members of the writing community on personal and event safety concerns, both in-person and online. To see all the resources available, visit our Safety homepage. Personal Safety Online includes general safety considerations for maintaining an online presence, plus information on doxing, harassment campaigns, and effective record-keeping for documenting harassment.
General Safety Considerations
Authors can find themselves in a challenging situation when it comes to expressing their various “selves” online.
An author will typically have had a personal life online that existed before they started publishing, followed by a “public” self related to their work, and even a “marketing” self that attempts to broaden awareness of their work.
With the rise of “parasocial” relationships online, where many people can feel they have a relationship with a single person, there are pressures on all sides to give up more information or access than the author may ultimately be comfortable with. If an audience feels they are “owed” something, and the author feels pressure to maintain their livelihood, it can be difficult to enforce boundaries that weren’t established from the beginning.
These levels of comfort can also change over time. In a social media age where users are pushed to share more content to increase engagement for the platform, it’s important for authors to be aware of how the platform might be leveraging their information (i.e., trying to grow a network beyond what the author wanted, which brings attention they aren’t prepared for). This can especially happen in situations where something an author does goes viral that doesn’t involve their work.
Authors have a very difficult task in building communities around their work by being available, sharing of themselves, and moderating their audiences. Getting help with these tasks from someone you trust can help you maintain your boundaries and the space needed to keep doing the things you love, like writing. As your audience grows, it’s almost inevitable that you will get a negative response online or at public events, and a group of trusted friends can help deal with the negativity.
Using a pen name is often a marketing decision, and authors often use pen names to work with multiple publishers or develop separate audiences. Authors who wish to separate their writing career from other work often use pen names to maintain boundaries.
For safety reasons, a pen name can be used to protect your identity. Most modern sales platforms, like Amazon, separate pen names from the account owner, and multiple pen names can be used for books uploaded to a single account. Some considerations:
- Initials vs full name. Depending on genre expectations, a change as simple as using initials rather than a full name can work to separate audiences. Some readers appreciate the slight difference to help them differentiate between a single author’s different series.
- Author photos for pen names. Authors who don’t want to use their actual photo may use book covers, character art, or other graphics. Reader expectations will vary based on genre. A book cover seems to work for most audiences and works to provide book info on social media.
- Social Media for pen names. Depending on genre, some authors have the interest and time to maintain social media for their pen names and see benefits from additional marketing channels. Others maintain a single channel and are open about their pen names. This will vary depending on your audience expectations and how much privacy you want to maintain. Some authors have assistants handle these separate channels.
Be aware that most social networks will attempt to connect your networks. If complete anonymity is your goal, explore using a Virtual Private Network (VPN) when connecting as your pen name or having an assistant manage those profiles.
An email address is an identifier. If you’ve used an address for your personal activity online, be aware that it can often be searched for, as well as unique usernames or forum handles.
- Consider creating a new email address for your professional author activity. These can be forwarded to your personal account. You don’t have to use a name. A short professional phrase or place name works well.
- Don’t use the same email address or username that you use for online banking or other personal accounts.
Securing Your Author Website
It’s usually easier to secure a website than social media, since your website isn’t trying to link you to other people or share data you didn’t purposefully add, but there are still some things to consider.
- Enable 2-factor authentication on your website and set up approval for comments (as long as that’s possible).
- Keep any software (such as WordPress) updated.
- Your bio does not have to list family and places that could be used to link other identity markers (like mother’s maiden name, birthplace, birthday, etc.) Be careful publicly discussing employers or organizations where someone might find your full identity.
- Secure your Whois information with your webhost.
- Most newsletter services require a mailing address. This requirement can be fulfilled more safely by using a mail forwarding service or P.O. Box. Check that your newsletter service hasn’t auto-filled this info from your account.
- Photos can share information about your location, family, work, etc. Pay attention to the background of any photos you place on your site or social media.
- Phone forwarding/screening services like Google Voice can be used to secure phone numbers if you want to share that info on your site or need to enter a phone number to make an account. Don’t allow apps such as Facebook or LinkedIn access to your phone’s contacts.
Social Media continues to evolve and your engagement online is a personal decision. Your engagement can change over time and you’re allowed to distance yourself from social media whenever you want. Establishing strong boundaries from the beginning can make it easier to withdraw when needed.
Platforms each have their own culture, and before you engage with a platform you don’t know, it’s a good idea to study it and its users to see if you want to be part of that community, what purpose that engagement will serve for you, and the best way to secure your account there.
- Levels of Personal Engagement
- Do you want to share personal information? Is your family comfortable being included in your social media? If you don’t want to share pictures of children or other family, other options include pets or personal hobbies and interests.
- How often do you share/post?
- What are your values, community or causes you support?
- Details. Be aware of backgrounds, places, times and people in photos you share. These can provide additional personal information that you did not intend to share.
- Network Effect. Sites and apps like Facebook use IP addresses (where you logged into their services), facial recognition and metadata from photos to link users in their system.
- Securing Professional Name. As new services come into being, it can be a good practice to secure your professional name on that service to prevent impersonation or identity theft.
- Securing friends lists, audience lists, and Patreon Supporter Lists, etc. Members of your audience and professional network as an author become ways to reach you. In a way this is inevitable as audiences grow, but consider the security of these lists if you want to maintain certain privacy, like your employer or personal address. Most sites have settings to make these lists private.
- Communication and Community. Finding community, sharing information with them, and raising any concerns about your online safety and security is one of the best ways to stay up to date and to get help when needed. Your friends want to help you, and you aren’t wasting their time asking for help.
- Two-Factor Authentication. Two-factor authentication means a user provides two methods of verification for their account, usually a password and then a text or app-based security code. If someone has your password, they still need access to your phone.
- P.O. Box. Using a P.O. Box for all business correspondence will help secure your home address.
- Family and Friends Understand Information Security. Let family and friends know your feelings about sharing your personal information. They may think they’re helping by posting about you, but could be sharing personal data that can linked to other parts of your profile.
- Data breaches are inevitable. Use strong passwords generated by a password manager like KeePass or those built into Firefox and Chrome, and change them regularly. Don’t use the same password or username for all your important sites and services.
Dealing with Online Harassment and Doxing
If you think you are in immediate physical danger, consider calling your local emergency number. Our Reporting Incidents to Authorities section may help.
Your first step should always be to document what has happened via screenshots or other recordkeeping. This is crucial reference material for escalating the matter to the websites where doxing or harassment is occurring, as well as creating records for possible legal action in the future.
This doesn’t mean you have to leave harmful messages or personal information posted, if you have the ability to have it taken down. Many websites have procedures in place to remove harmful information when they are contacted about it. Twitter, for example, has made doxing a violation of their terms of service, and accounts can be reported and the posts removed.
What is Doxing?
Doxing is the act of searching for and publishing someone’s private or personally identifying information, usually on the internet, typically with malicious intent. This may include posting someone’s real name, address, phone number, workplace, or other information that makes direct harassment easier. The result may be anything from threatening phone calls and mail deliveries to death threats or SWAT calls.
Unfortunately, the best way to deal with doxing is to prevent it in the first place.
- Use secure passwords and two-factor authentication on accounts wherever possible, especially for websites which retain financial or shipping information.
- Keep personal information private (for example, answers to common memes often match website security questions: childhood pet, hometown, maiden name, etc.).
- Avoid clicking unverified links or email attachments.
- Keep computer antivirus software updated (many operating systems come with native software, such as Microsoft Defender or Apple’s XProtect).
- Cover or unplug your device’s camera when not in use.
- Do not use social media location check-ins; do not share photos that show street views around your home or the exterior of your home.
- Disable location metadata on digital photos. This option is sometimes located in a phone’s general Settings, and sometimes in the Camera app’s settings; if it is not readily apparent, try a web search for your phone model + how to disable location metadata or geotagging.
Additional Security Tips
- Regularly check “people finder” websites. These are databases which combine social media information and public records and make them available to anyone to search. You can request that your information be removed from these websites, but future updates may reupload freshly collected data, so it is worth checking every few months.
- Examples include: spokeo.com, anywho.com, intelius.com, whitepages.com, truthfinder.com, peoplefinders.com, beenverified.com. There are dozens, and more being launched on a regular basis.
- If you have the means to do so, you can hire a paid service to remove your information from these sites and then monitor them to ensure it remains erased. One example is DeleteMe, which also has free DIY guides to manually removing one’s information from many data broker sites (note: this is an example and not an endorsement).
- Consider paying for private web domain registration. ICANN (the Internet Corporation for Assigned Names and Numbers) requires the mailing address, phone number, and e-mail address of all website domain name owners and administrators to be posted publicly in the “WHOIS” directory. Many domain name registrars provide privacy protection services, which will keep your information out of public searches. (Example: see more about enabling privacy protection on WordPress.com here.)
- Safely complying with newsletter footer requirements. The FTC’s CAN-SPAM Act requires a physical address be attached to email campaigns such as newsletters, marketing and promotions. One acceptable alternative is to pay for a small P.O. Box and use that address in the footer of your newsletters or other mass mailings. If you have a literary agent, you can also ask whether it is all right to use the agency’s address.
Consider sharing this guide with any family members you are publicly connected with (whether public knowledge, linked via social media, etc), as harassers may search family members in order to find you.
Some Types of Leaked Information
- Phone number. In the case of prolonged harassment, the only recourse may be to change phone numbers. However, law enforcement may have an easier time investigating harassment by phone than by the internet, so be sure to document everything that has happened.
- Home address. One’s home address being made public may result in threats by mail, invasion of property, pranks such as fake food orders, or false law enforcement calls.
- Compromised credit card numbers, banking information. Notify your relevant financial institutions and change account information as appropriate. If your doxed information includes common answers to security questions, such as mother’s maiden name, update these as well.
- Hijacked accounts. May be used to impersonate you, to yield additional personal information such as shipping addresses, or to gain access to additional linked accounts. If you suspect one or more of your accounts has been compromised, quickly attempt to change your passwords, log out of all other sessions, and notify anyone else who may have been contacted from it. Enable two-factor authentication wherever possible and do not repeat passwords across platforms. Consider using a password manager such as KeePass or those built into Firefox and Chrome.
- Workplace Info. If your workplace has been made public, you may experience attempts to harass you at work, embarrass you, or get you fired. Consider talking to your supervisor(s) or coworkers as appropriate to get ahead of the situation.
- Email address. Your email address may be used to send hate mail, sign you up for spam mail, or register you for embarrassing forums and services. Services such as Unroll.Me and Mailstrom can help you quickly unsubscribe from junk mail. Look carefully through your inbox and spam folders, in case the flood of junk mail is meant to push down notifications of account sign-ins and security breaches on other websites.
Ways to Respond
The primary ways to respond to doxing or other forms of online harassment are:
- to ignore them;
- to block or mute instigators on specific social media platforms;
- to expose your harassers or publicly confront them;
- or to delegate tasks to allies, such as asking a friend to moderate your accounts until the situation is resolved.
Each of these options is easier said than done. SFWA does not recommend exposing or publicly confronting your harassers as this may only increase harassment. You can find more comprehensive advice in iHeartMob’s “Basic Protocol on How to Respond to Online Harassment” including further links.
If you are the subject of a prolonged harassment or stalking campaign, and you are a resident of the United States, you may be eligible for a confidential address program (most effective immediately following a move). These vary by state. A list of these programs and their eligibility requirements can be found here.
- Guide to Talking to Family & Police (from Crash Override Network)
- Digital Safety How-To Guide (from iHeartMob)
- Security-in-a-Box (digital security tools and tactics)
- Online Privacy and Safety Tips (from techsafety.org)
- Digital Hygiene Course (from Trollbusters)