Technology can be a valuable resource for finding information and a resource for building and maintaining relationships with friends, family, and others who can provide help and support. If you suspect that someone is trying to monitor your activities, though, it's important to understand how to use technology without compromising your privacy. If someone you don't trust has access to your personal information, they might be able to use that access to track you or discover activities you want to keep private. This document identifies potential risks and provides tips on keeping yourself safe while using the computer, phone, Internet, instant messaging services, and electronic mail. If you are in need of immediate assistance, please dial 911. If this is not an emergency, but you would like to speak with someone about issues related to domestic violence, sexual assault, stalking, or teen dating violence please contact the following resources:
The National Domestic Violence Hotline is a 24 hour hotline staffed by domestic violence advocates who offer crisis intervention, safety planning, and referral services. In addition, they can help answer your specific questions related to safety while using technology. Their number is toll free 1-800-799-SAFE (7233) or TTY 1-800-787-3224.
Rape, Abuse & Incest National Network (RAINN) offers free confidential services to victims of sexual violence. Their national sexual assault hotline is staffed 24/7 and can help you locate local crisis centers. Their toll free number is 1-800-656-HOPE (4673).
National Teen Dating Abuse Helpline is a resource for teens seeking advice relating to relationships. They can be reached at 1-866-331-9474 or 1-866-331-8453 (TTY). In addition, trained peer advocates are available to offer confidential instant messaging style live chat services.
Stalking Resource Center, a project of the National Center for Victims of Crime, provides multiple services including: training, technical assistance, and an information clearinghouse. Additionally, victims in need of assistance can call the National Center for Victims of Crime Helpline for information on options, and referrals to local services anywhere in the country Monday - Friday, 8:30 am - 8:30 pm ET 1-800-FYI-CALL (1-800-394-2255) or TTY: 1-800-211-7996.
The National Network To End Domestic Violence created the Safety Net Project, a tool to help victims, advocates, and the general public on understanding the use of technology as an advantage for finding safety. They offer useful information to help create safety plans as well as offer information on how technology impacts victims of various forms of abuse.
Cell phones, cordless phones, and traditional, plugged-into-the-wall phones each present different privacy risks. TTY/TDD and fax machines can also expose personal information. Here are some of the risks involved.
Any voice conversation can of course be overheard by someone within earshot, but electronic listening devices such as baby monitors can allow anyone to listen in on your conversation from further away. In addition, some cell phones can be set to auto-answer without ringing. Such a phone could be planted near you, allowing your conversation to be heard from anywhere.
These devices are usually big enough to be noticed if they're not well-hidden. In the car, for example, such a device could be hidden under the seat, in the glove compartment, in the sun visor, or in small compartments in the car ceiling.
Cordless phones and cell phones could also allow your conversations to be overheard from a distance. Both transmit your conversation through the air over radio frequencies. Anyone within range with the right scanner can listen in on your conversation. For this reason, it may be more private to use a corded phone when you are making calls to seek help and support, plan for your safety or in any way disclose information that could increase your risk. In an emergency, though, use whatever phone is handy to call 911.
Some TTY/TDD devices may automatically log your conversations. There is generally a way to clear the log, which will vary from device to device. Consult the user's manual of your TTY/TDD for instructions. Be careful when clearing a log that contains more than one conversation, though. If the log (or a part of it that a person you're fearful of knows should be there) disappears, it might arouse suspicion.
Cell phones (and some traditional phones) keep a log of every call you make or receive. Some phones enable you to delete a single entry from the call log, but others may only be able to clear the entire log at once, which might also arouse suspicion. If your phone lets you delete a single entry, make sure to do so every time you make a call that might increase your risk.
In addition to being overheard, disclosing the phone number you're calling from may be dangerous in some situations. You can block Caller ID from showing your phone number (usually by dialing *67), but not all phone systems respect this block. There are some services that can reveal the caller ID on anonymous or blocked calls. Blocking caller ID can be useful but it won't prevent a determined person from getting your phone number.
In particular, calling some toll-free numbers (area code 800, 866, 877, or 888) might get you a call back. For example, some realtors use a service that lets you call for a recorded message, which then forwards your number to the realtor, who may call you back. If you call such a number looking for new housing, and someone you don't want answers when the realtor calls back, you could be exposed to greater risk. Using a pre-paid phone card can reduce the chance that the number you're calling from will be revealed.
Faxes also usually print the number from which you sent the fax on the receiver's copy. If revealing your number would expose you to risk, you can use a Fedex Office (Kinko's), OfficeMax, Staples, or a similar store to send the fax for you.
The cell phone network can be used to locate a person using a cell phone. This information is normally restricted to use by law enforcement or the 911 system, but may be released to the courts by subpoena. Some cell carriers also allow subscribers on a shared plan to locate people on the same account. For these reasons, again, it's generally better to use a land-line phone when seeking help and support. In an emergency, though, use whatever phone is handy to call 911.
If someone is using the phone to harass you, you can take steps to help protect yourself. Your phone company can change your phone number; they can also prevent your number from being listed in the phone book or online listings. Harassing voice messages left on an answering machine or voice mail system are also admissible as evidence in court. For help on how to save such messages, contact your local law enforcement or your state domestic violence coalition.
It's a good idea to carry a cell phone just for emergency and safety planning use. Several phone donation programs offer cell phones with free air time for victims of abuse to call for help and support. Verizon Wireless' HopeLine program is one such resource. In case of emergencies, you could use that phone to quickly dial 911. You can call and leave the line open even if it is not safe for you talk with the operator; emergency services in most areas can determine your location. If you do not want to risk calling 911 yourself, you might use the text messaging capability on the cell phone to alert a friend using a rehearsed secret code word. Your friend can then call 911 from their phone instead of yours to help you to safety.
Computers can be invaluable in searching for help with an abusive situation, as well as staying in contact with friends, advocates, and other supportive people. However, they can also provide many ways to monitor your activities. When using a computer to seek help, the most important thing to remember is that if someone else has physical access to your computer, even for a short time, that computer may not be safe. Software is readily available to track everything you do on a computer-what websites you visit, any passwords you type, people you e-mail or chat with, and other information you may need to keep private.
All current computers have the ability to use different login accounts so that each user's files and settings remain separate, however this doesn't prevent another user on the same computer from accessing your files, especially if that user has administrative privileges. It also doesn't prevent tracking software from working.
In addition, using a computer connected to the Internet can allow other users to monitor your activities. Any computer connected to the same local network, whether wired or wireless, may be able to see all the data that your computer sends and receives. What constitutes the "local network" varies with network configuration, but typically, any computer in the same building might be able to scan and record anything your computer sends over the network. This includes e-mails you send or receive, web pages you visit and in some cases, your passwords for online accounts.
Wireless networks can be even more vulnerable to scanning than wired networks. Like cordless and cellular phones, they use radio frequencies to communicate. Open wireless networks (those which don't require a password or key to use them) can be scanned by anyone within range of the wireless access point, which may be up to 250 meters (about 820 ft).
Wireless networks can be configured to better protect the data transferred through them. If the wireless access point is configured correctly, all data sent over the network will be encrypted. Newer equipment supports a standard called WPA or WPA2, which is a strong encryption scheme. Older equipment supports an older standard called WEP, which has a well-known vulnerability and thus is no longer secure. Check your access point's user manual or call your internet service provider for help configuring your network.
Even with an encrypted wireless network, keep in mind that anyone who can connect to that network can monitor your activities.
If you think someone you know has access to your home computer and fear your activity may be monitored, it is a good idea to use a computer at your local library, a coffee shop, or another safe place.
It's best to keep all software on your computer updated to prevent unwanted access to your private information. All current computer operating systems can be configured to check for updates automatically. In Windows, this is done through the Control Panel; on a Mac it can be done through System Preferences. It's also a good idea to keep your Web browser up-to-date, as well as third-party browser plugins such as Adobe Reader, Flash, and QuickTime.
A firewall can also help prevent unwanted access to your computer. Turning on your computer's built-in firewall (through Windows' Control Panel or the Mac's System Preferences) will provide you with some basic protection. If you have a cable or DSL modem or a wireless router, it may also be able to act as a firewall. Check the user's manual or call the maker of the device to find out how to configure it.
If you suspect someone is trying to monitor your activity, it is important to use a computer which is safe and is not accessible to that person. If a shared computer is used, it is possible for them to monitor your computer activities in many ways, including keystroke logging (or keylogging). Keylogging is a way to record every key you press on the computer. This can be done either through hardware or software.
There are various types of hardware that can be attached between the computer keyboard and the computer. Such a device captures every keystroke and logs it to a built-in flash drive, which can then be accessed using a password. This does not interfere with any program running on the target machine and is therefore undetectable by any software. However, because this is a physical device which is connected to the machine, it may be detectable. You can inspect the computer you are using to make sure nothing seems out of the ordinary; if there are any devices connected that you don't recognize, particularly between the keyboard and the computer, it may be a keylogger.
Remote access software keylogging can occur without any hardware device attached to the keyboard and is more difficult to detect. Software keyloggers are programmed to transmit the captured data out of the target computer and make this data available at a remote location. This data can be accessed in various ways. It can be uploaded to a website for later retrieval, or emailed to a pre-defined email address.
Anti-spyware programs can detect many software keyloggers and remove them and any data they've recorded. It isn't easy to tell if any data has already been transmitted, though, so you should assume that anything recorded by a keylogger has already been viewed.
Think for a moment about the personal information you access on a computer using a password: banking information, payroll information, student data, health records, etc. Most of this information is now available over the web, which means that it's accessible from anywhere. This means that anyone who can guess your password can read your personal information. Strong, private passwords are important to deter monitoring of your computer activities, and there are ways of creating strong passwords that are relatively easy to remember.
A strong password is one that cannot be easily guessed, and guessing passwords is easier than it first seems. Programs are readily available to try all possible passwords at an almost unimaginably fast pace; many of these programs make use of dictionaries to speed up the guessing process.
Using personal information, such as birthdays, your pet's name, or other information that someone close to you would know, also creates a weak password. For one thing, human and pet names are often included in the dictionaries that password-guessing software uses. Even someone trying to guess your password by hand, if they know or can find out personal information about you, can break into your accounts quickly.
A strong password thus needs to be based on something other than a word (in any language) or a bit of personal information. One way of creating a strong password is to make up a random sentence, then use a specific letter of each word. For example, you might choose the sentence, "One dog in the moonlight attracts no flies". Taking the second letter of each word, your password would be "nonhotol."
You might also randomly capitalize one or more letters or add a number somewhere in the password. Continuing from the previous example, since the password has a natural break in pronunciation between "non" and "hotol", you could capitalize the 'h' and add a '5' before it. The password would then be "non5Hotol".
A password should never be shared with anyone. A legitimate business or organization will never ask you for your password over the phone or by e-mail.
You should also avoid writing passwords down, but this isn't always feasible. If you need to write a password down, keep it in a safe place-don't keep in in a desk drawer or under your keyboard. You might write it on a scrap of paper and keep it in your wallet, or put it in a locked box or safe.
One way to help remember several passwords is to make a part of each password the same. You can memorize that part, then write down only the unique part of each and keep that in your wallet or another safe place.
Some software provides built-in ways of storing passwords. For example, Microsoft Internet Explorer, Mozilla Firefox, and other Web browsers can store passwords for the Web sites you use. This can be useful, since it lets you use a different password for each site you visit without having to remember them all. But unless the program requires you to enter a "master password" to retrieve the stored passwords, anyone can see and use your stored passwords. If you store passwords on your computer, make sure they're protected by a strong master password. This can usually be done in the program's "options" or "preferences", as is the case in Mozilla software such as Firefox and Thunderbird. Some programs, such as Internet Explorer on Windows and Apple Safari on Mac OS X, store passwords using the password for your computer login as the master password. In this case it's doubly important to make sure your login password for the computer is a strong one (see above).
The privacy risks posed by browsing the Web are mostly the same as those of using a computer in general. Web browsers keep better track of your activities than most other software, though, without requiring any additional software to be installed. In addition, social networking sites and other participatory websites should be used cautiously to avoid disclosing private information. The important thing to keep in mind is that anything you do while browsing the Web can be monitored if someone else has access to your computer or local network.
The Web is at its heart participatory. Blogs, forums, and social networking sites can help you build and maintain relationships with people who can support you or help you research a safety plan. But because the Web is also so open and searchable, you must be especially careful to make sure you don't accidentally disclose any sensitive information.
Most highly participatory sites have account privacy settings that allow you to control what information appears publicly. Popular social networking sites such as Facebook, MySpace, and Ning give you detailed control over what types of activity can be seen by others. Other sites such as Twitter, Blogger, and WordPress.com allow you to make what you post visible only to the people you explicitly allow. These settings are usually found on the "account settings" or "profile settings" page of the site; some sites, such as Facebook, even have a link to the privacy settings that is easily accessible from any page on the site.
If you have questions about the privacy settings for a particular site, or if you are having trouble with another user of a participatory site, look for a link to the site's help or support pages. Most highly participatory sites have a Terms of Service (TOS) agreement, to which all users must agree when creating an account, that prohibits harassing or abusive activity. The National Network to End Domestic Violence has put together a list of links for help on the most popular sites.
Ensuring the privacy of material you post online can prevent casual snooping, but if you suspect someone who has access to your computer is monitoring your activities, you can take extra care to prevent that person from discovering activities you don't want them to know about.
Web browsers record information about your activities in various ways, in order to make browsing the Web easier and faster. However, if you are concerned about your privacy, you might not want certain activities recorded; anyone who has access to your computer, even remotely over the Internet, can snoop on your activities. When browsing the Web, there is no foolproof way to ensure your privacy, but there are steps you can take to reduce the amount of information that gets recorded. Since there are so many different ways in which browsing activities are logged, this section describes them in detail; the next section covers ways to increase your privacy when browsing.
Every web page you visit is logged in the browsing history, and that history is kept for at least several days. This is useful if you want to revisit a site, but don't remember how to reach it. Browsers that include a search box log what search terms you've typed in, so that you can repeat searches you've done recently.
Web pages you visit are also cached: that is, a full copy of the page is stored on your computer so that when you revisit a page, or another page on the same site, your computer doesn't have to re-download all the graphics and other elements that make up the page.
Web browsers can also store "cookies"-pieces of information stored on your computer's hard drive at the request of certain sites. A website may use a cookie to keep track of your shopping cart, to identify you after you've logged into an account, or to allow you to personalize the site according to your preferences. Because they are stored by your Web browser, anyone with access to your computer can find out which websites you've visited even if you've cleared your browsing history and cache. Many different kinds of websites use cookies, including some sites that provide help in dealing with an abusive situation.
Similar to cookies, newer browsers support a feature that allows websites to create small databases on your computer. These can store more information than a cookie, and can allow sites to deal with sensitive data without sending it over the Internet or storing it on a server. However, if you use a site that uses this feature, someone who gains access to your computer would be able to discover that you'd visited that site.
Another feature current web browsers offer is the ability to store information you type into forms on web pages, and then automatically enter it into that form when you revisit it, or into similar forms on other pages. This is designed to make it faster and easier to enter information, but it can provide yet another record of what sites you've visited.
This same feature generally allows you to store passwords for frequently visited websites. If not configured correctly, this could allow anyone with access to your computer to find out your password. Browsers that store passwords safely will protect them with a master password-for more information, see [Keeping passwords secret' in "Protecting your privacy on a computer"].
Web browsers provide two main ways to prevent records of your browsing activities from being kept. All browsers provide ways to clear the history, recent search terms, cache, cookies, databases, stored passwords and form values. On the newest versions of browsers running on Microsoft Windows, this can usually be done through the browser's "Tools" menu. On other operating systems and older browser versions, it can be done through the browser's "options" or "preferences."
Clearing sensitive data can help protect your privacy, but keep in mind that manually clearing all data could raise suspicion if someone is trying to monitor your activities. Because of this, web browsers have introduced a second way to prevent discovery of sensitive browsing activity. The newest versions of all major web browsers have a "private browsing" mode, which from the time you activate it until you exit the browser prevents the browser from recording most of the information described above. This allows you to search for help or research a safety plan without leaving a trail behind on your computer. On computers running Microsoft Windows, the private browsing mode can usually be enabled through the browser's "Tools" menu. If you can't find the way to enable the private browsing mode on your browser, consult the browser's online help.
E-mails may be stored in many locations both on your computer and on the Internet. Taking steps to ensure e-mails are kept secure can help keep you safe.
E-mails can be stored on the server as well as on your local machine. E-mail programs that run on your computer directly, such as Microsoft Outlook and Mozilla Thunderbird, can store e-mails on your computer and allow you to access them even when your computer is not connected to the Internet. You can also use such programs with multiple e-mail accounts at once; for example, if you have e-mail accounts with Yahoo and Google, you can access them within a single Outlook profile. If an unwanted person has access to your computer and passwords, your e-mail accounts and personal identity can be compromised, exposing your activity.
Like Web browsers, e-mail programs may give you the option of storing passwords for your accounts. If you have the program store your password, create a strong master password to prevent anyone else from gaining access to your e-mail accounts.
Using webmail services, such as Yahoo, Gmail, or Hotmail, eliminates some of the risks of e-mail programs. Another advantage is that you can access your e-mail from anywhere and from any computer, since it only requires you to use a Web browser. However, as with any online account, creating strong passwords for webmail services will minimize the risk of someone easily gaining access to your accounts.
One growing risk in maintaining privacy is called phishing. Phishing is when a person with fraudulent intentions sends you an e-mail that appears to come from a legitimate source such as your bank. Usually the e-mail indicates an urgent action needed on your part to secure these accounts by confirming sensitive information such as account numbers, passwords, and other personal information to "fix" the error. Doing so would result in your identity being stolen. Before typing anything into a website linked from an unexpected e-mail, check to make sure that the domain name (the part between the "http://" and the next "/"-e.g. "www.bankofamerica.com") is one you recognize. Also remember that no legitimate business or organization will ever ask for your password via e-mail.
In addition, it is important to never open any attachments or click on any link embedded in an e-mail you are not expecting or from sources you are unfamiliar with. These could cause malicious software to be installed onto your system, which could then disclose private information.
Once you send an e-mail, you no longer have control over how the information in it is used or shared. Someone who receives an e-mail could forward it without your knowledge, or their computer or accounts might be compromised. If you use e-mail to research a safety plan or to stay in contact with friends and family, consider what information is safe to disclose.
In some cases, when you send an e-mail, the computer's Internet Protocol (IP) address is included in the headers of the e-mail. The IP address is a series of numbers (e.g. 192.168.100.42) that computers on the Internet use to identify each other. If someone gets the IP address of a computer you're using, they might be able to find out where that computer is. This may pose a risk even with an e-mail that is sent to someone you trust; remember that e-mail can be intercepted in all the ways outlined above.
Instant messaging (IM) and online chat are applications which allow two or more persons to communicate in real time over the Internet. These applications can be platforms to engage in meaningful discussions with those who share similar interests or even to meet new people. However, it is important not to share any private information about yourself over the Internet because it could compromise your personal safety.
If someone trying to harm you knows your IM screen name, they could create a new screen name and try to contact you to get information you might not otherwise give them. Whenever possible, use Internet chat room identities and instant messaging names that will not lead people to know your identity and that are unknown to people you don't want to contact you.
Remember that nothing is private while using instant messaging or chat services. When a message is sent over IM or chat, it is usually sent unencrypted and must be passed through another server before you or the person you are talking to receives it. Therefore it is relatively easy for your information to be viewed and intercepted by a third party.
Conversations in IM or chat rooms might be automatically logged on your machine. This opens the possibility that anyone with access to your computer can see your conversations. Web-based chats don't do this, but AOL Instant Messenger and Apple iChat can, for example. There is usually a setting to turn off logging, and it may not be on by default, depending on the program. There may also be an option to delete chats or IMs that have been logged.
Someone who may be trying to monitor your activities could pretend to be you on these applications. If they have access to your IM password and screen name, they can impersonate you and try to get information about you from your online contacts. Using a screen name which that person doesn't know about and keeping your password secret, reduces the risk of someone impersonating you.