Incognito — October 2022: Online Harassment Continues to be a Problem

Welcome to the October 2022 issue of Incognito, a monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month:

• Harassment. No matter who you are, harassment is an issue that can affect anyone.
• Recommended reads, including “Pentagon Bought Mass Monitoring Tool.”
• Q&A: How often should I change my passwords?

Know someone who could benefit from proactive privacy protection? Refer them to DeleteMe—they get a 20% discount and you get a $50 Amazon gift card if they sign up. 

If you think your friends or family might enjoy learning more about data privacy, feel free to forward them this newsletter.

In last month’s issue of Incognito, we talked about how individuals in public-facing roles face higher risks of harassment. However, the scary truth is that you don’t have to work in the public eye to be harassed online. 

Online Harassment—A Problem That Just Won’t Go Away

According to a recent survey by the Pew Research Center, about 4 in 10 Americans have experienced some form of online harassment (i.e., offensive name-calling, purposeful embarrassment, threats, etc.). 

Remarkably, despite us living more and more of our lives online, this number has remained more or less steady since 2017. 

But what hasn’t stayed the same is the level of harassment people experience. A growing number of Americans report encountering more intense and severe forms of online abuse than ever before, i.e., sexual harassment, physical threats, and stalking. Harassment now also tends to last longer. 

You know things are bad when the White House rolls out an online harassment force to curb online abuse. 

Who Is Being Harassed? 

Anyone with political views. Political harassment is on an upward trend, with half of Americans harassed saying they were abused due to their politics. Interestingly, white male adults are more likely to report being harassed because of their political beliefs when compared to other genders or ethnicities. 

• Also notable is that the political party someone supports doesn’t seem to make a huge difference in whether they’re targeted for harassment or not. 
• Both Democrats and Republicans, as well as independents leaning towards a particular party, say politics was why they were harassed. 

Politics aside, people are also being harassed because of their gender, race, ethnicity, or disability. For example, on gaming sites, 49% of women, 42% of Black or African American people, and 38% of Asian Americans said they were harassed because of their identity. 

Many Americans also say they have experienced online abuse due to their religion or sexual orientation. 

Where Is Online Harassment Happening?

Most people experience harassment in the following online spaces (ranked from most to least common):

1. Social media sites
2. Forum/discussion sites
3. Texting/messaging apps
4. Online gaming platforms
5. Personal email accounts
6. Online dating sites/apps.

However, it is not unusual for harassment to happen across multiple platforms. For example, harassment may start on a forum and then transition to someone’s social media account, personal email, or messaging app. 

Because most people have a huge digital footprint, it’s really not that difficult to find someone across different platforms/apps on the internet. 

Real-Life Consequences of Online Harassment

Just because it happens on the internet doesn’t mean online harassment can’t seep into our physical lives. In extreme cases, online harassment can lead to physical violence or stalking. 

But even when abuse takes place only in the online world, it can still have a detrimental effect on our mental health. A review of 43 articles on online harassment found that 42 articles reported online abuse victims experiencing anxiety, depression, panic attacks, and suicidal ideation. Some victims have also reported a negative effect on their reputations.

How to Protect Yourself Against Online Harassment 

Steps to reduce the risk of online harassment: 

• Minimize your digital footprint. Remove yourself from data broker sites, make your social media accounts private, use unique usernames across different accounts, un-tag photos of yourself from social media sites, and set up Google Alerts for your name.
• Practice good digital hygiene. Use strong passwords, enable two-factor authentication, and don’t click on suspicious emails/text messages. 
• Don’t overshare. Don’t post anything too personal on social media/forums/dating apps, keep your political opinions to yourself, and, if you’re a woman who’s into gaming, consider concealing your identity on gaming sites (you wouldn’t be alone—the vast majority of women report hiding their identity on gaming platforms). 

What to do if you’re already being harassed: 

• Identify the abuse you’re experiencing. Pen America’s Online Harassment Field Manual is a good resource. 
• “Don’t feed the trolls.” Block/mute users harassing you and report them to the site this is happening on. Whatever you do, do not respond to harassing messages. If you’re getting hate emails, set email filters to redirect messages with abusive words to a separate folder. Have someone close to you read these messages for physical threats to ensure you’re not in immediate danger. 
• Document online harassment. Take screenshots of messages/photos/anything else disturbing you receive. 
• Get support. Join an online support group to get community support and find relevant resources. Also, alert your relatives, employers, and/or the authorities. 

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape.  

Pentagon Bought Mass Monitoring Tool

Several agencies within the US military collectively paid at least $3.5 million for an internet monitoring tool called Augury. The tool, which covers more than 90% of global internet traffic, can apparently provide access to people’s web browsing activities, email data, and other information, like internet cookies. Sen. Ron Wyden is urging government watchdogs to investigate the warrantless purchase of the Augury by federal agencies. 

Teen Hacker Suspected of Uber, Rockstar Hacks Arrested

UK police have arrested a 17-year-old thought to be behind the recent Uber and Rockstar Games hacks. The hacker is believed to be a member of the Lapsus$ hacker group responsible for breaching high-profile companies like Microsoft, Samsung, Nvidia, and Okta. According to Bloomberg, the hacker might be the mastermind behind the group. The publication identified the hacker after he was doxxed, supposedly by rival hackers. 

California’s Children’s Online Safety Bill Becomes Law

Gov. Gavin Newsom signed into law the California Age-Appropriate Design Code Act (ADCA). The state statute will require online services used by minors to include a number of safeguards, like the highest privacy settings by default, for users under 18 years old. However, civil liberties experts worry that the statute could have negative consequences for adult privacy due to potentially invasive age-verification systems. 

Meta Accused of Bypassing Apple Privacy Settings to Track Users

Two Facebook users have recently sued Meta (the parent company of Facebook) for using a loophole in Apple’s privacy settings to monitor user activity without their permission. The proposed class action lawsuit claims that Meta is violating Apple’s policies as well as state and federal laws. If the lawsuit obtains class action status, many users could be compensated. 

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: How often should I change my passwords?

A: Traditionally, the recommendation has been to change your passwords every few months or so. Makes sense, right? The more often you change your passwords, the harder it is for someone to break into your accounts. 

As it turns out, if you do that, you’re following outdated advice. In fact, the idea that you should change your passwords regularly was rebuked all the way back in 2017 by the National Institute of Standards and Technology (NIST), says PCMag.

The main reason changing your passwords too often isn’t a good idea is that you are likely to just create a variation of your previous passwords, i.e., something easy and memorable—and yes, easy to crack. Already, most people have ridiculously simple passwords like 123456 or their pet’s name. It’s a miracle more people are not getting hacked daily. 

So, what is the new advice regarding password changes? Nordpass advises that you change your password if:

• You’ve shared it with someone else.
• A service you’re using was breached.
• You’ve received a message saying your account was accessed, but it wasn’t you.
• You’ve received a multi-factor authentication request you didn’t make.
• You have a virus or malware on your device.

Obviously, this assumes that your passwords are strong and unique to begin with and that you don’t reuse them across services. 

Q: What does it mean when I accept cookies? What happens?

A: When you click “accept” cookies, you consent to the site you’re visiting to collect information about you. 

This means that the site will remember you and your preferences. For example, your location/currency when you return to an e-commerce site. Which is pretty convenient. 

However, sites also use cookies to display targeted content and/or ads. And many sites store third-party cookies, which means that entities not directly associated with the site you’re visiting can access your data. 

As a result, some people prefer to disable cookies. But this might not be so simple. Kaspersky recently did an experiment on site cookies. Their findings are worth a read in full, but here’s a quick summary: 

• Not all sites tell users about cookies. Of the 32 sites Kaspersky visited, 14 did not notify them about cookies but stored cookies on their device anyway. Kaspersky identified two options users can take to stop these sites from tracking them: 1) contact the marketing companies the site works with, 2) contact the site admin and ask them to stop tracking them. 
• Most sites require users to keep “necessary” cookies. 18 of the 32 sites Kaspersky visited allowed users to customize cookies, but only some of them. Moreover, Kaspersky had to keep “necessary” cookies. 
• You should try to disable as many cookies as possible in settings. When you accept all cookies (i.e., click “accept all”), around 20 to 30 cookies are saved on your device. In contrast, when you customize cookies (i.e., try to disable as many cookies as possible in settings), only 1 to 3 cookies are stored on your device. A few cookies are way less invasive than multiple cookies. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Share Incognito with friends. If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito! Stay safe and we’ll see you in your inbox next month.