How can I protect myself online?
Whether you are concerned about the latest data breach, targetted attacks, or general digital safety, there are actions you can take to protect yourself.
Get started with the list below by selecting what’s easy for you, because each step improves your digital safety. Work through additional action steps based on what is most relevant to your situation.
For assistance with questions, implementing these protections, or assessing your personal threat model, visit our Privacy Office/Cybersecurity Clinic joint office hours for the UC Berkeley community: 1st and 3rd Thursdays, 3:00-4:00 pm. Office Hours Zoom link and urgent assistance phone/voicemail number (requires login)
- Work through the Personal Cybersecurity Checklist (linked in right column)
- Remove your personal data collected by websites and data brokers. Information and Free workbook
- Adjust your social media settings:
- Ensure that your profiles, usernames/handles are kept private
- Remove any addresses, places of work, and specific locations from your accounts
- Set your posts to “friends only"
- Avoid discussing personal information that could be used against you, as well as anything that can identify your address, workplace or contact information
- Use secure wi-fi networks such as eduroam, and/or a trusted Virtual Private Network (VPN) available free to students.
- If you must use public wi-fi, turn off the public network sharing functionality on your device
- Use strong and unique passwords, especially for your most important accounts, e.g. financial, email, government, etc.
- Vary usernames across platforms.
- Create a unique email address to use for your most important contacts and accounts (e.g., financial and medical transactions). Keep communications and transactions with untrusted entities (e.g., promotions, online petitions) in a separate account.
- Hide domain registration information from WHOIS (a database of all registered domain names on the web).
-
Monitor for leaked accounts on the dark web.
Additional Resources:
- UC Berkeley Information Security Office's Resources for Prevention and Response to Online Harassment
- Department of Homeland Security's Resources for Individuals on the Threat of Doxing
What is Doxxing?
Doxxing refers to the collection of a user’s private information, across multiple platforms (including social media) by an unauthorized individual, who then publishes the information in an attempt to shame or embarrass the user. Doxxing may be conducted by researching public databases, hacking, or through social engineering. The term "doxxing" is derived from the phrase "dropping dox (documents)".
Doxxing often involves hackers attempting to embarrass or shame individuals by publishing confidential information, images or videos obtained from their personal accounts. Initially, doxxing was used by hackers to "out" the identities of fellow bad actors/hackers. However, more recently, it has been used to attack users with opposing viewpoints.
Guidance for campus reporting of doxxing incidents:
- Contact the Privacy Office (privacyoffice@berkeley.edu) or UC Berkeley Cybersecurity Clinic (cybersecurityclinic@ischool.berkeley.edu) for assistance managing a doxxing incident or other release of student or employee information, consultations or workshop requests.
- Privacy Office/Cybersecurity Clinic joint office hours for the UC Berkeley community 1st and 3rd Thursdays 3:00-4:00 pm Office Hours Zoom link (requires login)
- For urgent matters (e.g., doxxing incident response) you may contact the Privacy Office via text or voicemail (link requires login).
-
If the incident involves unauthorized access to UC Berkeley electronic accounts or resources, report to security@berkeley.edu(link sends e-mail)
-
Information inappropriately shared on campus network resources should also be reported to security@berkeley.edu(link sends e-mail)
- General reporting for incidents and acts contrary to our Principles of Community: https://supportal.berkeley.edu/