Stay Safe Online

From Trans World Express
Revision as of 13:35, 5 March 2025 by K3lk1gjr2 (talk | contribs) (add summary for top blurb)
This is a stub and not reviewed yet. Please do not link to this guide yet. Please do not use it as of now,, further review is needed.

Stay Safe Online is a guide to help you protect your digital privacy and security, with a focus on the needs of transgender people in the U.S. It covers basic precautions and best practices to minimize online risks. This guide is meant as a starting point to provide an outline, reminders and links to other, more in-depth guides, it is not meant as a comprehensive one-stop guide.

We are not in the position to give our own advice, but we feel it is necessary to raise awareness. We suggest strongly that you at least check the "What everyone should do" section and use in-depth resources, i.e. the Electronic Frontier Foundation’s Surveillance Self-Defense (SSD) guides.

In this page you will learn about some basic online safety/privacy hygiene topics that everyone can (and should be implementing), such as setting up two-factor authentication, using strong passwords and/or a password manager, minimizing your traces when browsing online, and encrypting your devices.

Why Is It Important to Be Safe Online as a Trans Person in the US?

Trans individuals often face heightened risks online. Big tech companies and data brokers routinely collect personal data from your browsing, apps, and devices. Modern web tracking can gather detailed information about you – for example, each targeted ad can expose data like your location, device details, and interests to thousands of advertisers, and this information can easily be linked back to you​.

Aggregated data can even be used to expose sensitive information like sexual orientation or gender identity. This is especially dangerous for trans people, who are often actively targeted by harassment or discrimination. While digital threats exist for everyone, the consequences of privacy failures can be much more serious for vulnerable groups like LGBTQ+ people​.

Expect that within the datasets you produce you can not just be found but also outed, unless you take countermeasures. Read hereabout some of these cases and how the system works.

Take some time and read through the resources, setup everything now, because when you actually need it it might be too late. Plan ahead, stay safe.

Reading all the recommended resources will take you approximately XX minutes, but plan more additional time to set it up and test it for your own use cases. You also don't have to do everything at the same time, you can take it step-by-step. Either way, this is time wisely spent.

What Everyone Should Do

There are foundational security steps that everyone – and especially trans folks facing higher scrutiny – should implement to strengthen their online safety:

Enable Two-Factor Authentication (2FA) on All Accounts

Adding a second step (like a code from your phone) to logins dramatically improves account security. Even if someone guesses or steals your password, 2FA can block them. Set up 2FA on your email, social media, financial accounts – especially on your primary email and any account used for password recovery (since breaking into your email can let attackers reset your other passwords).

Whenever possible, use an authenticator app or hardware key for 2FA rather than SMS, which can be vulnerable to SIM-swaps. The EFF’s how-to guide on enabling two-factor authentication offers step-by-step instructions for various services.

An optional, related step: Changing email providers

For most providers, your email address is the primary way of resetting passwords, getting one-time codes for logging in etc. As outlined above, you should be particularly careful with access to those account for this reason.

If you currently use a US-based email provider and are concerned about privacy, you might even consider switching your main email to a trustworthy provider in a country with strong privacy laws – this can make it slightly harder for unauthorized third parties (or overly broad U.S. data requests) to access your communications.

Use Strong, Unique Passwords (and a Password Manager)

Reusing passwords is extremely risky – if one account is breached, attackers will try that password elsewhere. There are websites where you can check if your Data has been exposed at a breach recently like https://haveibeenpwned.com/

A strong password is not necessarily complicated, the length is often much more important than the excessive use of special characters. See this XKCD Comic for an explanation. If you need to create passwords you can remember, try the EFF suggested method or the XKCD method from the comic strip.

Use a password manager

Since you already have better passwords, make it even better and use a password manager! That is a program that stores all of your passwords and has one central locking password to access it. This basically is your master password. We suggest you take a look at how that works here and then go on to choosing a password manager.

Use End-to-End Encrypted Messaging for Private Conversations

For TWE, we use Signal messenger for this and recommend it. Read the EFF guide for more.

Use Privacy-Focused Browsers and Add-Ons

Let us now have a look at your Browser. Your choice of browser can make a big difference in limiting online tracking. Consider using browsers that emphasize privacy, such as Firefox (with Tracking Protection enabled) or Brave, instead of defaulting to Google Chrome. You can also install browser extensions that block trackers and ads.

A good start is EFF’s own Privacy Badger (which learns to block hidden trackers) and an ad/tracker blocker like uBlock Origin. These add-ons help cut down on the data that companies and data brokers can collect about your browsing habits. It’s also wise to clear cookies regularly or use your browser’s private/incognito mode for sensitive searches, to avoid long-term tracking.

Tip: Try not to stay logged in to accounts (like Google or Facebook) on the same browser you use for general web searches – if you search the web while logged in, those searches can be tied to your profile. In fact, avoid using Google Search for anything sensitive if you’re logged in to a Google account (or even on a home network where you or a family member/friend remain logged in elsewhere), because Google can combine that data. Instead, search logged-out, or use alternative search engines that respect privacy (like DuckDuckGo), or separate browsers/profiles for different activities.

Keep Your Devices and Software Updated

This is one of the simplest but most effective security measures. When your phone or computer prompts you to install updates, do it! Updates often patch security vulnerabilities that hackers can otherwise exploit. Running an old, unpatched browser or OS is like leaving a window open for attackers.

The same goes for apps – update your messaging apps, browsers, and other critical software regularly. Most devices let you turn on automatic updates – consider enabling that so you don’t have to think about it.

Secure Your Devices with Passwords/PINs and Encryption

Read the Basics about Encryption from the EFF to understand what it does, they have guides for Mac/Computer and iPhone plus more reading materials.

Make sure your devices (smartphone, laptop, tablet) are locked with a strong PIN or passcode, so if you lose the device or someone grabs it, they can’t easily access your data.

For computers, enable full-disk encryption (on Windows, BitLocker; on macOS, FileVault; many modern systems have this on by default or at least offer it). That way, even if your device falls into the wrong hands, your sensitive files, photos, and accounts aren’t easily accessible.

This is particularly important for trans folks who might have private photos, documents (like name change paperwork), or contacts on their devices – you don’t want that data exposed if the device is stolen or confiscated.

Also, be mindful when storing documents in cloud services – use services that offer encryption, or encrypt files yourself (there are tools to create encrypted folders or archives) before uploading.

Consider Using the Tor Browser for Sensitive Activities

If you want to be anonymous while researching health information, connecting with LGBTQ+ resources, or to circumvent a regional block – the Tor Browser is good at that. Tor routes your web traffic through multiple encrypted relays around the world, masking your IP address and making it very difficult for anyone to trace your online activity back to you.

It’s slower than normal browsing, so you might not use it for everything, but it’s a good option when you need extra privacy or are worried about someone monitoring your connection.

The EFF’s SSD guide has detailed tutorials (for Windows, Mac, Linux, and mobile) on using Tor safely if you want to learn how it works and get it set up.

Remember that Tor hides your location and identity from websites and observers, but it doesn’t make you invincible – you still have to practice common-sense safety (Tor can’t prevent you from voluntarily handing over info or logging into an account with your real name).

Even if you currently do not intend to use the TOR Browser - set it up, have it ready, be familiar on how to get it going. In a stressful situation you do not have to rise to the occasion, but can instead fall back to what you know.

Understand Big Data – Minimize Your Digital Footprint

We have covered part of this in the overview already, to be vigilant you need to understand some principles and how they work. Take some time to read and understand this EFF article on online surveillance, and if you have more time you can also read this article on data brokers on lawfare. If you're in a rush: The gist of both of these articles is: big data analytics can track and identify you even if you think you’re being low-key.

Companies compile information from many sources: social media, apps, purchases, location check-ins, etc. By correlating these data points, they can build a profile of you, sometimes guessing things like your gender identity or sexual orientation without you ever explicitly stating them. (For instance, patterns in your location data or the websites you visit can tip off that you’re visiting LGBTQ+ spaces)

To protect yourself, limit the personal information you share online:

  • Use pseudonyms or separate accounts if needed – for example, you might have a public-facing account that uses a chosen name and a private account under your legal name, to compartmentalize your identity.
  • Turn off location sharing on apps that don’t truly need it.
  • Think twice before filling out every field in an online profile or survey.

The less data floating out there about you, the harder it is for data brokers or malicious actors to target you. In short, always assume that any data you give to a service could potentially be combined with other data to paint a detailed picture of you – so give away as little as possible.

Regularly review

Review your security setup regularly, go through everything and see if the measures still are in order. Make the reminder now in your calendar, we suggest doing the checkup scheduled every month for half a year to get used to it. After that, just decide for yourself.

if you still have time...

You made it till here, that is great! If you followed all of this you are now more careful online than 99% of all people online (Source: Wild guess). You also learned a lot and hopefully you got sidetracked with some other interesting topics on the EFF site.

We would like to add a few topics for further reading, but opposed to the above mentioned topics they might be applicable to fewer people. Just have a look.

Security starter Pack

The EFF offers a comprehensive guide that covers much of what we mentioned above already, now is a good time to go through it: EFF Security starter pack

Threat Scenario

There are different levels of threat you are facing, if you are in a safe place and outed, doxxing your address might be less of a worry for you - but this does not apply to everyone. The EFF has made Security Scenarios where you can check how different threats may apply to you. Examples for threats are things like harassers or doxxers, casual or targeted hacking/scamming/phishing or state sponsored ones like the NSA. Also remember, all digital security might be worthless if you are faced with a physical threat.

But you still didn't talk about VPN!

There is a reason for that, the main thing VPNs do is slowing you down. There might be good reasons for that, but to quote EFFs guide on choosing a VPN:

VPN providers often overpromise security benefits in advertisements that assert that a VPN is the only tool you need to stop cyber criminals, malware, government surveillance, and online tracking. But these advertisements vastly oversell the benefits of VPNs. The reality is that VPNs are best suited for one thing: routing your network connection through a different network.

Using the TOR browser over VPN is discouraged for example. In general: If you consider using VPN, it's likely that a TOR browser is the better option.

  • A VPN can be helpful if you are on a not trusted network, so others cannot see what websites you visit (but even without VPN that would be all the information they, get as basically all websites today are SSL-encrypted).
  • A VPN can also be helpful to circumvent local or country-based restrictions
  • It does hide your IP from a website, but it doesn't stop that page from fingerprinting you.

Also you need to trust your VPN provider, they have a node in a country? They need to have some kind of business there. This might make them vulnerable to State level attacks.

Social Engineering, Malware, Phishing

One of the most often used targeted attack vectors is social engineering, that means people who use social interaction to determine information.

A social engineering example

The combination of timezone information plus weather and if it is a mountain, land or sea area already narrow down where you live substantially. Timezone information is often available, but can also be guessed from your activity pattern. The area? A picture posted or a hint dropped (Went swimming in the sea today, was so nice. Just a quick drive). And who doesn't talk about the weather from time to time?

Beyond this, there's more targeted phishing or malware attacks: A modified link can be used to gain information. Or to infect your devicewith malware. The email might be enough for a sophisticated phishing attempt.

Being aware of this helps to minimize the attack surface. Having one mail for official business, one for social media, one for Friends and one for online activities is very helpful to see where a contact came from. If you suddenly get a very realistic mail from the city you live in to your online services mail address - you should assume it is a phishing attack.

Last words

This is in no way a universal all covering guide. It was made with the aim to raise awareness and help you along, please refer to the original Electronic Frontier Foundation’s Surveillance Self-Defense (SSD) guide and read it. Be cautious.

Stay safe.

Retrieved from "https://transworldexpress.org/w/index.php?title=Stay_Safe_Online&oldid=1759"