Speak Up & Stay Safe(r):

A Guide to Protecting Yourself From Online Harassment

Feeling overwhelmed? Don’t have time to read the whole thing? Start with these three steps:

  1. Set up two step verification
  2. Create unique, complex passwords
  3. Remove potential doxxing information

NOTE: This guide contains things we’ve learned about how to keep yourself safe from individuals, loosely organized groups & cybermobs online. If you’re concerned with attacks from governments, major corporations, or other massively organized and/or resourced institutions, we recommend this great guide.

This guide is for anyone who fears they might be targeted, or who is already under attack, for speaking their mind online, but is especially designed for women, people of color, trans and genderqueer people, and everyone else whose existing oppressions are made worse by digital violence. It details best security practices for social media, email, online gaming, website platforms, and ensuring privacy of personal information online, as well as the documentation and reporting of harassment, and caring for yourself emotionally during an online attack. You don’t need any specialized knowledge to use this guide – just basic computer and internet skills.

The authors of the guide have all been targets of cyber attacks ourselves, so we’ve written the guide we wish had already existed when the attacks on us began. We’re all based in the US, but we’ve done our best to make it useful no matter where you live.

We wish we didn’t have to write this. Going through even some of these steps to protect your online safety will cost you real time and sometimes money. It’s a tax on women, people of color, queer and trans people and other oppressed groups for daring to express our opinions in public.

None of this is fair. It should not be our meticulous labor and precious funds that keep us safe, it should be our basic humanity. But that has proven heartbreakingly, maddeningly insufficient more times than we can count. So below are some of the things that we’ve learned that can help, even though we shouldn’t have to do any of them. While we fight for a just world, this is the one we’re living in, and we want to share what we know.

We also want to acknowledge that people with more financial and leisure-based privilege will have better access to implementing comprehensive strategies — a structural unfairness that highlights how unjust online harassment is. It’s also true that none of these are foolproof — you could employ all of these strategies and still be targeted.

And just to be crystal clear: if someone attacks, harasses or threatens you online, it’s not your fault, even if you haven’t previously taken any safety precautions.

It’s never your fault. Never. Ever.

Recommended Prevention Measures

Below is a suggested list of steps you can take to protect yourself from those who may want to silence your voice online through intimidation, harassment, threats and abuse. It is not a complete or comphrehensive list and we urge you to also consult online safety resources from The Crash Override Network Resource CenterA DIY Guide to Feminist Cybersecurity, and TrollBusters, as well as Violet Blue’s The Smart Girl’s Guide to Privacy.

Preventing Doxxing

Your information is everywhere online. Your name, home and/or work address, phone number, email address, and other sensitive information is almost surely posted for public viewing on various websites. This is often how harassers find the info they use to “dox,” or publish the personal information of their targets. Often doxxing comes with spoken or unspoken encouragement to use your personal contact information to escalate the harassment against you or their target.

There are several “people finder” websites you can check to see what information of yours is already online. These websites are publicly available databases where someone can look up a person’s email address, phone number, and physical address, using their name and any other identifying information. Most of these sites have the option to remove information, by either formally requesting removal or by creating an account, logging in, and claiming your listing. It is good practice to check these sites every six months, because your info can be re-listed even after you’ve had it removed.

For more people finder/databroker sites take a look at this list compiled by TrollBusters.

TIP: Unfortunately, harassers have a tendency to also go after loved ones. Suggest close family, friends and colleagues take steps to remove personal information from “people finder” websites as well.

Reputation.com: To protect against doxxing, Reputation.com has a service which removes your personal information from paid sites, and then monitors them to make sure your information stays erased. See their website for more information and fees associated with their service.

TIP: Reverse look up your personal information by google searching your address, email address or phone number and see where/if it is listed online. Also try sites like http://www.whitepages.com/reverse_phone, Spokeo or TNID.US.

Restrict What You Share

One free and low-tech way of reducing your risk of doxxing is to restrict what you share online. Especially consider not mentioning details about where you live, your current location if you’re traveling, the names of anyone you live with (those names can be used to find your address), and any information that can be used in accessing your accounts (so, your maiden name, or anything that you might use to answer a “security question,” like the name of your childhood pet, or the street you grew up on.) The less information available about you online, the less there is available for doxxing. Of course, restricting some of this information can feel onerous for a variety of reasons, so the balance is up to you.

Passwords & Login Security

Passwords are necessary for almost everything we use these days, and they are crucial in protecting our information online. A few important things to remember when creating passwords are:

Have a Lot of Different Passwords

Ideally, you should have a unique password for each account you own. There may be more accounts than you think! Here are some types of accounts you may have: email, bank, credit card, social media, services, apps, petition sites, health insurance and hospital record websites, municipal and other government sites, accounts for utilities like water, power and internet, website, hosting and domain related sites, budgeting sites.

TIP: For additional security, consider using a unique username for each account as well.

Change Your Passwords Regularly

Try to change your passwords regularly, every 90 days for instance. While it might be a pain to do, it will keep your information safe in the long run.

Use Online Password Managers

Apps like 1Password and LastPass create and keep track of highly random high-security passwords for every account you access online. Anything you use a password to access online should have a high-security password unique to that site.

Make Your Passwords Difficult

Passwords should be long and hard to hack. Good passwords tend to be a mix of 7-15 upper and lower case letters, numbers, and symbols. Do not use phone numbers, birthdays, family member names, or dictionary words in your passwords. Never share your passwords with anyone – not even your best friend or your partner — unless it is absolutely necessary. The fewer people who know a password, the less vulnerable it is. If you do have to share your passwords, make sure you establish rules so that it’s clear that everyone who has the passwords is maintaining those passwords in a safe way.

To create new passwords we suggest using an automated password generator like those that come with a password manager app or sites like Password Generator. You can also reference the strategy used in this XKCD comic about password strength.

TIP: Never share your passwords over insecure connections like text messages, instant message or DM. Some services like LastPass offer secure password sharing.

Do Not Save Your Passwords in the Cloud

In case you get hacked, you don’t want someone getting access to your passwords in a spreadsheet or other document that is saved on a “cloud” account. “The cloud” generally refers to any data storage system that’s not on your physical devices. Google Drive saves everything in the cloud. Dropbox uses cloud storage. iCloud is the cloud, of course. Steam and xBox have cloud features. You get the idea. The safest thing to do is to save your passwords in a password-protected document that lives exclusively on your physical device. For more info on how the cloud works and what its security flaws are, this is a good explainer.

TIP: Never save your passwords in an insecure spreadsheet or document on your computer, phone or cloud.

Turn on 2-Step Verification/2-Factor Authentication

Email, social media, and other sites allow you to turn on 2-step verification which asks for a code from an app or texts you a number to enter when someone tries to log in to your account from an unregistered browser or computer. This page lists current sites with two-factor auth options: https://twofactorauth.org/

Use Security Questions

Many sites ask you to create a security question or two which you would answer in the event that you forget your password. Remember, make the answers difficult – something only you know and information that cannot be found online or through your social media platforms. One option would be to create complex password-style answers for security questions. You can save your security question answers in a secure password manager to ensure that you don’t forget them and can access them easily when needed.

Email Addresses

You should have several email addresses and use them for different purposes. You may want to keep your public email address separate from your personal communication, and even your business and financial dealings. You may also want to register as many of the email domains with your name as possible to ensure that you own them and no one else can use them to pretend to be you; example yourname@gmail.com, yourname@yahoo.com, yourname@aol.com, yourname@mac.com. If you own your own domain, you can also set a unique email address for each account that you can track with a password manager.

TIP: Along with using different passwords, it’s good practice to use different email addresses for different online accounts. If access is gained on one account it will make it harder to figure out how to get into the others.

Website Security


If you own one or more web domains, your contact information is likely publicly available via the domain registrar, and WhoIs Search (who.is). Many domain name registration services offer the option to keep this information private either for free or with a small fee. Availability of private registration services depends on the top level domain – for example, .ca has free private registration, but .us domains cannot be registered privately. Contact the helpdesk of the company you registered your domain names at for assistance.

Comments On Your Site

If you have your own site, it’s a good idea to turn off or moderate comments before they appear on your site. Not only does this cut down on the amount of spam that appears, but it also ensures that nasty comments and defamatory statements do not appear on your site. You may also want to have people register with a commenting account like Disqus (disqus.com) to keep them from simply spamming your website with hateful comments.

ASK A FRIEND: If your comments are being flooded with slurs and hate, ask a friend to monitor your site, document any threats, and delete offending comments.

DDoS Attacks

If you run a website, you may want to prepare in advance to guard against DDoS (Distributed Denial of Service) attacks, a tactic sometimes used to take down a site. Start by being sure you have the answers to these questions, adapted from DigitalDefenders.org, long before any attack might arise. You may need these answers handy if your site goes down for any reason, and you want to use the GitHub guide (linked to below) to troubleshoot it:

  • Who built your website? Are they available to help in the event your site goes down?
  • Who is your web hosting provider? This is the company that provides the server where your website lives. If you do not know, you can use a tool like thisto help.
  • What is the most efficient way to request help/support from your particular host? If you have a webmaster, do they know how to do this?
  • What are your account log in details for this hosting provider?
  • Where did you purchase your domain name? In some cases this is also your website host, but it could also be another company.
  • What are the log in details for the domain name service?
  • Who else knows or may have access to these account details? It’s best to keep this list as short as possible, and only among well-trusted individuals

You may also want to sign up for a service like CloudFlare or Deflect.ca. These technologies detect and block new attacks that arise against any website on their network. And these services are set-it-and-forget-it. Install it once, and you don’t really have to think about it again. It’s always on, working to keep your site safe. Deflect.ca is a free service for independent media, human rights organizations and activists. CloudFlare is a for-profit system which has both free and paid levels of service. CloudFlare also provides free services for civil society websites through Project GalileoGoogle’s Project Shield is also available to protect organizations with sites serving media, elections and human rights related content, if you apply and meet certain (unclear) criteria.

If you suspect you may be under a DDOS attack, this guide from GitHub will walk you through what to do next.

TIP: Always balance the benefits of any paying service against the additional risk required in registering your personal and payment information in one more place online. There’s no right answer — you get to decide what’s worth the risk.


Be cautious with plugins and widgets because these are an easy way to gain access to and exploit your website. Only install plugins that are from safe and trustworthy sources.

For example, if you use WordPress, plugin packs like Jetpack by Automattic (the creators of WordPress.com) are recommended for services like social media widgets, comments, contact forms etc.

Consider using a website defense and basic security plugin such as “Protect” in Jetpack, Wordfence, or Better WP Security and set up an automatic backup such as VaultPress or Back up Buddy.

Social Media

Many of us use social media to connect with friends and family, and as a professional tool as well. Unfortunately, social media is also one of the most common channels for harassment, abuse and doxxing. There are several steps you can take to minimize the impact of haters on social media.

Turn Off Geolocation

Each time you take a photo or post a status, geolocation data is imprinted into your photos or added to your status update. To keep harassers from locating your frequent hangouts, and figuring out your home address through the geolocation of your photos at home, you can turn off the geolocation settings on your phone and in each app that you use. You also may want to turn off location tagging in social media apps like Facebook, Instagram, and FourSquare. Twitter allows you to delete all of your historical location data in one click, on the settings page.

TIP: Having fun with friends and everyone wants to share pictures and updates on social media? Just ask them to make sure their geolocation data is turned off.

Decide What You Want To Share

What information and photos are available publicly? How would you feel if a harasser downloaded, photoshopped and turned a photo of yours into a harassing meme? Do you have a name, which combined with the city you live in or your birthday, could make it easier for someone to find you or compromise your accounts? Then consider not revealing your city or birthday. Minimizing the amount of information that is freely available about you, especially on your basic and public social media profiles, is going to make you more secure, though it’s also a sacrifice in that it limits what you can share with your community. There’s no right or wrong answer about how much to share, but do make the risk/reward assessment deliberately.

Monitor Your Information Online

Sometimes bloggers and journalists write posts about us without our knowledge. It can be important to keep an eye on the information that is on the internet about you. If you aren’t able to pay for an information monitoring service, there are plenty of free options, like Google Alerts and Talkwalker Alerts, which will send you email alerts when your name appears online. Also consider setting up Google Alerts on any common nicknames you have, common misspellings of your name, as well as your phone number and your street address, to monitor if anyone is sharing these publicly. Because these programs are free, they aren’t perfect, but they are still pretty accurate and useful.

ASK A FRIEND: You can set up alerts to be sent to a trusted friend who can monitor them for you.

Another way to monitor your name is to put it into a search column in Tweetdeck or other Twitter program. These programs will notify you if someone tweets your name without tagging you.

Images and Photos

Every once in a while, you may want to do an Internet search of yourself to see what images appear on various search engines. If there is a particular photo you are concerned about you can do a reverse images search with sites like Google Images or Tineye where you upload an image and they run a search for it across indexed sites on the web. This can be helpful in monitoring your unwanted online presence.

TIP: Be mindful of EXIF data that is embedded in images. Photos taken on mobile devices often contain lat/long coordinates. You can use a site like Jeffrey’s EXIF viewer to reveal that information.

Own Your Namespace

If you can, try to secure accounts in your name on every major platform, even ones you don’t intend to use, to make it harder for anyone to pretend to be you. Should you need to take a break from a social media account you already own, do not delete your account. Make it private or deactivate it if those options are available – the risk in deleting your account is that others can claim your handle and use it against you. To take your much needed break, simply delete the app from your device and turn off the email notifications.

Social Media Platforms

Every social media platform has its own set of security options and concerns. To make matters more complicated, those options can change with little notice. For a guide to what your options are and how to think about them on some of the major platforms, we recommend this guide produced by Take Back The Tech.  In addition, this NNEDV guide specifically designed to help survivors of intimate partner violence navigate Facebook is also really great. Also consider taking a look at this list of questions from Gender and Tech Resources to help determine which social media platforms you want to use.

The right balance of security settings is up to you. The important thing is to make informed decisions about what works for you. We also recommend you re-check your settings and these guides every 6 months or so, in order to keep up with changes the companies may make.


Facebook Pages

If you have a public persona, you may also want to create a public Facebook page which allows people who want to follow your work to do so on your terms. Similar to an organizational page, this public page allows you to post article and updates, and you can direct people there if you don’t want them to be your personal “friends” on Facebook. There are several approaches to managing the friend/fan line on Facebook, as outlined in this great post from Deanna Zandt.

Twitter Blocking & Muting

Blocking and muting on Twitter can be done on a case by case basis. We understand (all too well) that when you are being attacked by a mob it is nearly impossible to block everyone sending you nasty and/or threatening messages but these are some rudimentary tools available to you. Blocking will remove tweets from a harassing account from your timeline and stop that person from seeing your Twitter account when they are logged in. Muting will just stop you from seeing an account’s tweets in your timeline but that account will never be notified.

ASK A FRIEND: Consider delegating access to a trusted friend through an app such as TweetDeck and having them block or mute abusive accounts on your behalf.

Twitter offers shareable block lists that can help preemptively block potentially harassing accounts so you don’t see those messages in your mentions. You can share and use friend’s block lists directly on Twitter.

Third party apps like Block Together allow you to install the app and, by sharing block lists, automatically block other Twitter users whom people you trust have decided should be blocked. It also gives you the option to block new users from tweeting at you, which can be helpful for avoiding attacks by “sock puppet” accounts of users you’ve blocked but who’ve created new accounts in order to get around those blocks.

Online Gaming Security

There are a number of security steps that can be taken to protect your privacy and security when gaming online, some of which overlap with suggestions throughout the rest of this document. You can, of course, implement some or all of the following recommendations to best suit your specific needs.

Passwords & Two-Factor Auth

See “Passwords & Login Security” section.

Gamertag/Handle/Online ID

Use different gamertags for each platform (XBOX, PSN, Steam, Battle.net etc). Your gamertags should be distinct and different on each account, (this also includes login names for various other online accounts as well like social media sites). If one account is compromised, it will be more difficult to find your other gaming accounts. Avoid using similar names on multiple accounts: AppleSauce54 on XBOX and AppleySaucey54 on Battle.net for example are easy to link together. Many people want uniformity with their gamertags so friends can find each other easily, so this is a suggestion for a high level of security.


Avoid using information or photos that reveal personal details about yourself. Do not answer security questions with real answers. Responses should be impossible to guess or impossible to look up online (avoid animal names, partner’s names, school names, street addresses etc). You could use passwords to answer security questions and store those in a password manager for easy access. Avoid using your real birthday.

Email Address

Use unique email addresses for each account (or using a couple of email addresses for different gaming accounts). This can help make it more difficult to access all your gaming profiles if one account is compromised.

Privacy Settings

Most online gaming systems offer a selection of privacy settings, some more than others. Look through preferences/settings regarding:

  • Automatic or sign in each time login
  • Who can see when you are online
  • Who can see what you are playing
  • Who can send you voice and text communications
  • Who can send you friend requests
  • Who can see your profile
  • Who can see your gaming history
  • Who can see your friend’s list
  • Who can see your game clips
  • Settings regarding uploading game clips to online servers
  • Sharing gaming content to social networks
  • Requests to join multiplayer games
  • Adding and blocking friends
  • Who can see your real name

Livestreaming Games

If you livestream games on Twitch they offer some limited security setting options allowing you to block embedding or sharing of your videos, block messages from strangers, and block invites from strangers. When streaming ask a few friends or trusted colleagues to moderate your twitch chat for you.

YouTube recently introduced a games focused livestreaming service. We will update this guide once we have more information on their safety options.


Only download games, game saves, cheats, mods or other content from reputable and secure sources. Suspicious or unknown files may contain viruses, malware, and spyware.

Physical Mail

While physical mail has decreased significantly we probably still get quite a bit of mail and packages sent to our homes. Consider an alternative options like a P.O. Box or Virtual Mailbox and/or consider using an alias or pseudonym when receiving mail to your home.

Post Office Box

If you can, get a PO Box and have all of your non-personal mail, including bills, catalogs, magazines, etc., to the PO Box. That way, if your address is bought or sold, or if someone manages to access one of your accounts, they won’t have your street address. We suggest having your P.O. Box a reasonable distance away from your home or work – ideally not in the same zip code, or even town if that’s possible – so it’s not easy to guess where you live based on your PO Box address.

Virtual Mailbox

Another option is a virtual mailbox. These are companies that assign customers an address and unique mailbox number. They are often located in a different city (or even state) and they will scan your mail and/or send it to you. Virtual Mailboxes tend to cost more than P.O. Boxes and charge for scans and mailings.

TIP: Consider purchasing a paper shredder for any documents or packing labels with your name, address, and other sensitive information listed.


Use a Google Voice number

In the United States, you can get a free secondary number via Google Voice and have it ring to whatever phone you want. This allows you to avoid giving out your actual number. You can also block callers via Google Voice, and have your voicemails transcribed into your inbox. A good policy if your number IS doxxed, or if you’re concerned about harassing calls: don’t pick up the phone for numbers you don’t know. They’ll be much less encouraged if they don’t get you, and then you can just block their number after the first call and never hear from them again. Poof!

Pen Names

A pen name is a pseudonym that a writer publishes under to protect their true identity. This can be a complete different name or a name based off of your given name. If you are worried about being doxxed or losing your privacy, especially if you have an uncommon first and last name combination, you may want to weigh your options when it comes to a pen name. (This is most likely to be a realistic option if you’re just beginning your professional career, or starting a new project unrelated to your current professional life.) You can make up a name, perhaps your first name and an old family last name, a pseudonym based on your work, or a made up name all together. For more information on using your real name versus a pseudonym, check out this guide from Gender and Tech Resources.

Camera Security

Covering webcams when they are not in use is a good idea in case someone gains access to the camera on your computer or mobile device. You can easily cover the camera on your computer with a sticker or a post it note (choose one that is easily removable so you can still have access to your camera). There are more sophisticated covers such as C-Slide and SpiShutter.

Video and Text Chat

If you think you might be dealing with sophisticated hackers, you may want to consider which apps you use for video calls and for chat. Skype in particular has some known security flaws that can be used to spy on or locate you, and Hangout isn’t much better. More secure options include Facetime, Talky.io, and Appear.

For chat security, choose apps like CryptoCat or ChatSecure, which have much better security than more popular items like Facebook, Gchat (even “off the record”), SnapChat & What’s App. For more on chat security, check out EFF’s Secure Messaging Scorecard.

Physical Device Security

Depending on your situation, you may also want to make sure that your physical devices: your phone, laptop, tablet, etc., can’t be used against you if they fall into the wrong hands. Here’s a great guide on how to do that. Some of it, like passwords, we’ve covered here, but skim through and you’ll find some great new advice. You may also want to check out this guide to Encrypting Your Laptop Like You Mean It.

TIP: Always activate and use a password on your phones, tablets, laptops, and other devices.

Document & Report


Documenting and saving the harassment sent to you via Twitter, Facebook, email and other social media can prove useful especially if you decide to pursue legal action and/or report to law enforcement. Most computer operating systems have a default screen capture system such as Windows and Mac or you can use a downloadable app like Skitch or OneNote.

Reporting to Social Media

Most online social media sites have their own abuse reporting tool. Follow the guides they provide to report abuse on their platforms. Here are a links for more information provided by a few of the biggest sites:

Reporting to Law Enforcement

While local law enforcement are often unfamiliar with online social media, officials recommend that targets report directly threatening online harassment to law enforcement immediately so there is a timely documented record of the abuse.

People-focused Strategies

Plan For Support & Back-up

If you think you might be attacked or harassed online, you don’t have to wait until it happens to ask for help. Sometimes, the people in our lives mean well but don’t understand how to support us. Maybe they don’t “get” online harassment and minimize the effect it has on you or they want to help but have no idea how.

For example, people might hop onto your Twitter timeline and “take on” your harassers, thinking they’re doing you a favour when they might just be drawing more harassers to your feed. The intent was good, but the impact? Not so much.

Friends & Family

If you feel up to it, try to have an “Online Harassment 101” conversation with the people in your life if you are or suspect you might be, harassed. There are some great resources at the end of this document that might be helpful to send their way.

When talking with loved ones think about what you might want help with, and ask your friends and family in advance if they would perform certain tasks for you if/when the abuse starts. Throughout this document we have listed ASK A FRIEND for items that trusted people could help with.

TIP: Talk with your friends and family about not accidentally giving out information about you via comments, social media posts with geolocations, photos that you don’t want online etc.

You might ask one person to provide emotional support, check in on you, be someone to vent to, etc. Another person might monitor your Facebook and Twitter feeds, while another could monitor your email inbox, and a third could monitor the comments on gross websites that might be writing about you, so you don’t have to.

The advantage to setting this up in advance is twofold: first, you can respond faster if/when the attacks come, because your network has already agreed to step up. Second, you can decide in advance how you want people to handle things. Do you want your Twitter monitor to block and report anyone who harasses you, or do you just want them to monitor your feed to see if there are any threats you need to know about? Should the person reading your emails put them all in a folder in case you want to refer to them later when the crisis has passed, or should they just delete them? Also be sure to give your team whatever passwords and access they’ll need to do their assigned jobs in advance.


Depending on your employment situation, you may also want to alert bosses, colleagues or co-workers that they may be hearing some gross and shady things about you and why. Harassers sometimes try to target the employment status of their victims, so the more you can get your workplace on your side before they start hearing confusing messages about you, the lower the harasser’s credibility will be and the better situation you’ll be in. But obviously use your judgement: not every workplace will be equally understanding.

TIP: Check out Crash Override’s one page guide for Employers


Being targeted online can make things feel completely out of control. But two things you can control – really important things anyone who has experienced it will tell you – are how you treat yourself and how you respond to the harasser.

You will hear a lot of advice about whether or not to engage with your harassers. There’s no right answer – it depends entirely on what’s most important to you. If your No. 1 priority is to stay as safe as possible, both physically and emotionally, it’s often best not to engage. But if you find that you’re willing to risk more harassment in order to directly address your harassers and call them out, that’s also a valid choice. You may also find that the most important thing to you is to expose the harassment you’re being subjected to and/or the people who are perpetrating it, in which case retweeting it, emailing it to reporters, bloggers or activists, or otherwise signal-boosting the attacks against you can be the way to go.

Regardless of what you choose to do about your harassers, also consider what comforts you most when you’re upset, angry or triggered, and do the best you can to plan for it. Will you want to be alone or see friends? Will you want your favorite bubble bath on hand, or your favorite flavor of ice cream? Will it feel good to exercise, or to build something with your hands, or to punch or kick things? Can you save a rainy-day fund so you can get some bodywork? Can a friend be on-call to come do childcare for an hour or two so you can just take a deep breath?

It’s so important to take care of yourself, even if that just means going to bed and pulling the covers over your head and crying. You’re going to have feelings. It’s ok to honor them rather than deny them. Whatever you can do to give yourself space to have them and take care of them will make you more resilient in the long run.

Mental Health

Online harassment, harassment and abuse of any kind, is a traumatic experience. Seeking mental health services like therapy or counseling can help offer extra emotional support and resources during and after traumatic experiences.


The following are a list of sites that offer support to people being targeted by online harassment and more online safety guides.

Understanding Online Harassment

There are a number of excellent resources to learn more about online harassment.




About Us

We created this document because we wanted to share what we have learned through years of being targeted by cyber mobs. We know how intimidating, scary, and overwhelming online harassment can be and we hope this document can help to empower readers to make informed safety and security decisions that are right for them.

We’d like to extend a big thank you to the security experts and colleagues who consulted on this document.

This document was created by:

Jaclyn Friedman is a writer, speaker and feminist troublemaker. She is the award-winning creator of two books, Yes Means Yes: Visions of Female Sexual Power and a World Without Rape, and What You Really Really Want: The Smart Girl’s Shame-Free Guide to Sex and Safety. She is also the founder and former executive director of Women, Action & the Media (WAM!), where she led the successful #FBrape campaign to apply Facebook’s hate-speech ban to content that promotes gender-based violence, and was the architect of WAM!’s Twitter Harassment Reporting Demonstration Project.

Anita Sarkeesian is a media critic and the creator of Feminist Frequency, a video webseries that explores the representations of women in pop culture narratives. Her work focuses on deconstructing the stereotypes, patterns and tropes associated with women in popular culture as well as highlighting issues surrounding the targeted harassment of women in online and gaming spaces.

Renee Bracey Sherman is a reproductive justice activist and the author of Saying Abortion Aloud: Research and Recommendations for Public Abortion Storytellers and Organizations. Since having an abortion at 19, her work has focused on increasing the visibility of people who have had abortions and ending the stigma and shame they face. Bracey Sherman is also a writer with Echoing Ida, a Black women’s writing collective and a board member at NARAL Pro-Choice America.


  • Mashable-Logo
  • logo-themarysue
  • logo_wired
  • cnet-logo
  • Lifehacker_Logo
  • dailydot_nameplate2
  • broadly-logo
  • boingboing-700-175
  • the-verge-1be852b7


Interviews with the Creators

  • “Activists make tool to fight online harassment” – Marketplace Tech [Radio]
    • “It was really important to us that this guide be intersectional and acknowledge the varying complex levels of sexist, racist, homophobic attacks we were facing and continue to face.”