As a moderator, community manager, or service administrator, your account and you yourself are at a heightened chance of incoming attacks, whether that be personal harassment for your actions, your account being compromised, or your personal details being investigated or made public.
IFTAS contracts with Tall Poppy to provide personal safety services for at-risk moderators, if you’d like to enquire about this service, please contact us.
Security #
Your account has extra privileges and permissions, and is a juicy target for malicious hackers. Your account password should be:
- Long – at least 16 characters
- Complex – containing letters, symbols, numbers and special characters
- Unique – don’t use this password for anything else
Check your account on a schedule to monitor the apps and APIs your account is connected to, and remove anything you no longer need. Set a calendar reminder to do this once a month.
Turn on two factor authentication for your account and for your email.
Privacy #
Create a role-based account e.g. @moderation@yourdomain that has no personal data, and only the permissions needed to perform the moderation activities. If you have multiple moderators on your team, create additional accounts e.g mod1, mod2, mod3…
Use an app that allows you to switch easily between accounts so you can perform your moderation actions with your dedicated moderator account.
Create a new email address to forward email to you or your team, e.g. moderation@yourdomain, or use a free email service that can receive email from the public but only be read by you and your team.
Remove as much of your personal data from the Web as possible. See the Big Ass Data Broker Opt-Out List for help on removing your personal information from online directories and data brokers.
Doxxing #
If you feel in immediate danger, call the local police immediately.
If you have been doxxed, use these links to remove your data:
Being doxxed can be a harrowing, traumatic event. Either collect as much evidence as you can, or get a friend or loved one to do this for you. You may also need personal help in contacting institutions that may have been compromised, such as your bank. Screenshot anything related and store securely. Do this at the first sign of doxxing, as these events can spiral and you may not be up for the task later.
Share Best Practices #
If you’ve been successful managing the security and privacy of you and your moderators, please consider sharing with the community in the Share Space.