In our tumultuous political era, those who stake out controversial positions or participate in protests can find themselves subject to digital attacks that go beyond the verbal, such as doxxing and hacking. People in the middle of passionate political debates can benefit from taking certain steps to protect their privacy and safety online. Even if you aren’t a high-profile target yourself, reducing your own exposure can help if a friend or family member is facing increased threats, because we all have information about our friends and family on our digital devices and accounts. In fact, everybody can benefit from such steps. With digital attacks on the rise, we here republish and update advice that we’ve given in the past.

Of course, privacy and security are in many ways socially determined — there’s only so much an individual can do against tech giants, other companies, harassers, law enforcement, or political antagonists when our laws and our tools fail to protect us. The ACLU will continue to lead the fight for digital security and privacy through our litigation, advocacy, and technical efforts.

But there are simple steps that everyone can take to improve their digital privacy and security. While there are many advanced techniques that expert technologists can deploy for much greater security, below are some relatively basic and straightforward steps that will significantly increase your protection against privacy invasions, hacks, and digital harassment.

Please note that although we mention a few services below, we don’t endorse any particular services or products as they can change rapidly. This guidance was written in November 2023.

“Doxxing” is the gathering and publication of personal information such as addresses and phone numbers by hostile parties to try to intimidate and direct violence at someone. Some information, such as home purchases, has been deemed by our society as inherently public, so there’s not much that can be done to keep that private. But the harm of doxxing can be reduced if you limit the amount of information that’s available about you online.

• It’s worth spending some time to opt out of the services of “data brokers” who will happily hand over your personal data in bulk to anyone willing to pay a few dollars. Check out me and the Privacy Rights Clearinghouse for lists of brokers and instructions for opting out of each. There are also commercial services like Abine’s DeleteMe that will do some of the work for you, and Tall Poppy, which can help you and other people in your organization take steps to reduce the risk they face from data exposed online.
• In addition to trying to remove identifiable data from the data brokers, search Google, Bing, and other search engines for your phone number plus your first name, and your phone number plus your last name. Do the same thing for your street address and your first or last names. These might show up in all kinds of places — a flyer for a theatre project you worked on, a Scout troop newsletter, a friend’s old tweet. Sometimes you’ll be able to get them removed if someone you know was the one who posted it or if the site has an opt-out process. Sometimes you won’t — but at least you’ll know how difficult it will be for an antagonist to track down that information.
• If your information is or has been public, and especially if it is being maliciously published as part of a harassment campaign, one particularly severe threat to know about is “swatting.” While rare, this type of attack has in at least one case resulted in a death. An attacker calls 911 with a fake report of a hostage situation, bomb, or other critical incident at the target’s address, resulting in an overly militarized team being sent to confront the target or their family. If you are concerned about this kind of attack and you trust your local police to be reasonable, consider calling your local police’s nonemergency number to alert them to the likelihood of false reports about your address. Here is a verbal script to explain swatting and request that extra precautions be taken by first responders if a report is received about your address.

• Don’t sign into your web browser. Signing into your browser, especially if it is operated by a surveillance economy company, as Chrome is operated by Google, allows the browser vendor to easily track what you do and where you go online. Sign in only when you specifically need to do so, and sign out afterwards. Consider also using a web browser that is not maintained by a surveillance-economy company. Firefox, Brave, and Tor Browser are all web browsers that are more respectful of your data and your privacy than other major browsers. It’s perfectly fine to have multiple web browsers; try using different ones.
• Make use of your browser’s “private browsing” or “incognito” mode. Using this setting where possible won’t protect you from all tracking by services you use within the session (or from tracking by your network provider), but it will avoid leaving traces on your local machine. Using private browsing mode also means that if you do identify yourself to a service during that session (e.g., by logging in to a web site), that identification is less likely to be linked to your activities in other sessions. Look in the help menu of your browser to find out how to browse privately.
• Use search engines that don’t track you. Not all search engines are created equal when it comes to privacy. Many major search engines (including Google, Yahoo and Bing) record both identifying information (like cookies, your IP address, or other fingerprinting data) and all the search terms you’ve used — an extremely revealing and usually sensitive set of data. As an alternative, consider using a search engine that doesn’t track your activities, such as DuckDuckGo, StartPage, or Brave Search.
• Use other services that don’t track you. For example, if you need to collaborate in real time on a document, you don’t always need to use a surveillance economy service like Google Docs or Microsoft Office365. You can use a simple shared editor like Framapad or Cryptpad. Neither of these services will build profiles of you for targeting purposes, or associate your identity with the contents of your documents.
• Delete cookies and browsing history. Cookies are small files saved on your device by your browser so that the websites you visit can remember things about you. They are useful for many things but are also used by advertising networks to track you. By deleting all of your cookies as well as your browsing history, you can reset the memory of the systems that track you. Use the help menu of your browser to find out how to delete your cookies and browsing history, and do this regularly. Other aspects of web browsing still leak user data and linkable activity, but some web browsers (see above) are better about minimizing the amount of leakage than others.

Remember: You will never achieve absolute security from privacy invasions, but you can make gains in fighting surveillance and harassment by political antagonists, government, companies, or hackers with steps like the ones we have described here.

This is an updated version of ACLU posts that were previously published here and here.