These days, our personal information is everywhere online: in publicly-accessible databases, on our employer’s websites and, of course, all over social media. Digital life seems to demand total transparency from us, prompting us to bare our lives in public. Perhaps some people thrive in this environment, but for those of us in marginalized positions—people of color, queer and trans folks, women, people with disabilities, the undocumented—all of this online information can be a curse.
Those who are threatened by justice will use this information to engage in online harassment, trolling different communities and brandishing threats of violence. This problem is compounded for activists fighting for social and economic justice. The good news? There are steps we can take to stay safer online—even if we can never be totally safe.
These four practices can help protect you and your information. (This guide is not complete by any means, but is meant to be a good start and a supplement to other guides for feminists and allies from Feminist Frequency, Violet Blue and Noah Kelly.)
#1: PGP Encryption for Email
You can increase the privacy of email by using PGP encryption. It works by encrypting messages so that they are unreadable by anyone except the recipient. The central mechanism is “key pairs,” which are related sets of numbers. One is called a “private key” and the other is a “public key.” If I want to send you an PGP encrypted email, I first get your public key and use it to encrypt a message. It will then look like a garbled set of characters. I send you this seemingly unreadable message, and you use your private key to unlock it. Since no one else has your private key, the message is safe from anyone in the middle who tries to read it.
There is a tremendous advantage to PGP: For those of us who store our emails “in the cloud” (that is, on servers, such as Google’s Gmail server), even the owners of the servers cannot read what we write. Unfortunately, PGP only works if the sender and recipient both use it, which has hampered its adoption. Fortunately, more user-friendly systems, such as Mailvelope, are helping make PGP a bit easier. The more people who use it for email, the more secure and private our email can become. PGP can even be used to encrypt messages sent by other means, such as private messages through social media.
#2: Tor for Web Browsing
It’s amazing how much information is gathered about us as we browse the Web: websites regularly log which operating system we use, our screen resolution, the version of the browser we’re using, how long we’re on the site, and our IP addresses. This isn’t just meaningless information: when examined, these pieces of data can be used to track or even de-anonymize us.
Luckily, there are a variety of online tools that help you find out exactly what kind of data you’re making public. The Electronic Freedom Foundation’s Panopticlick site lets you know how effectively your browser blocks trackers, for instance, while the Privacy.net Privacy Analyzer checks to see if it’s susceptible to a variety of common security vulnerabilities. By spending a few minutes analyzing your online footprint, you can greatly reduce the volume of information a potential attacker has access to.
It’s troubling enough that this information is sold to marketers who want to use our browsing habits to shape online ads and services. But it is especially troubling for activists doing research on hate sites, since the owners of these sites might attempt to find out the researcher’s identity.
The Tor Browser is meant to counter such information-gathering. When you use the Tor Browser, it hides your IP address, and its designed to provide only generic information about your computer, so Web sites you visit will have very little information about you. Especially if you are doing research on white nationalists or other dangerous groups, we highly recommend using Tor. But even if you’re not, Tor will help prevent marketers, advertisers, and publishers from tracking you across the Web. Be advised: Even if you’re using the Tor Browser, any information you provide to sites you visit will not be protected. As the Tor Project notes, “don’t provide your name or other revealing information in web forms” while using the browser if you’re trying to keep that information away from the public.
#3: Dark Web for Anonymous Web Hosting
While browsing the Web with Tor can provide some protection, what about if you want to publish something, like a blog or informational site, anonymously? The Dark Web can be a solution here. To be certain, the Dark Web is often used by criminals to sell illegal items, such as stolen personal information. But this does not mean it cannot be used for social and economic justice.
Part of the Tor Network includes “hidden services” or “onions,” which are Web sites that hide publisher identifying information. These sites are only accessible with the Tor Browser. Similarly, the Invisible Internet Project (I2P) has built-in Web hosting on hidden servers. Tor or I2P can be used by activists who want to publish content without compromising their identities. Although setting up Tor or I2P on a server involves some technical knowledge, after they are set up, Web publishing with them is the same as publishing to the standard Web.
#4: Withholding Personal Information
Privacy is, unfortunately, increasingly becoming a luxury. Guides to online privacy note that we can remove personal information from publicly-available databases by checking them, contacting them with requests to remove information, and then monitoring them to make sure they don’t simply repost the information. Or, we can pay services such as Reputation.com to do this work.
One way to mitigate having our personal information end up in so many databases is to avoid being so open, especially as we sign up for new services. As the DIY Feminist Guide puts it,
Quite frequently a website or service will want more than just an email address and a password: they may want your name, your location, and other juicy marketable data. Well, fuck ‘em! Who says you have to tell them the truth? A good rule of thumb is to only give personal information that is absolutely necessary. Don’t be afraid to make things up!
In some cases, you might not even want the site you’re registering for to have your email; in those cases, you can use temporary email accounts such as 10 Minute Mail, or simply use a fake email address. (We suggest feminists [at] against.harassment!)
As should be clear, staying safe(r) online is not easy, as marginalized people who have experienced harassment will tell you. Moreover, as Feminist Frequency notes, “forcing individual victims or potential targets to shoulder the costs of digital security amounts to a disproportionate tax of in time, money, and emotional labor.” We seem to be a long ways from the goal set out by the Association for Progressive Communications:
We support the right to privacy and to full control over personal data and information online at all levels. We reject practices by states and private companies to use data for profit and to manipulate behavior online. Surveillance is the historical tool of patriarchy, used to control and restrict women’s bodies, speech and activism. We pay equal attention to surveillance practices by individuals, the private sector, the state and non-state actors.
While this guide and others can help, the real solution lies in community: We need to stick together—to offer each other support, to trade tips, to share ideas—and we need this all to lead towards an Internet free of harassment and violence. Fortunately, as online hate and harassment have grown, so too have networks of feminists and allies who band together to defend themselves.
Individual self-protection is not a solution; it’s a step on the path to a greater end. And that matters.
The Fembot Collective is a collaborative of faculty, graduate students and librarians promoting research on gender, new media and technology. The Fembot community spans North America and Asia and encourages interdisciplinary and international participation.