Search
  • thewhitehatter

Digital Inoculation; Taking Back Control - Steps to Protect Yourself From Tech Facilitated Abuse

Having been a police officer for over thirty years, I saw my fair share of domestic abuse incidents where a partner decided, for their safety, that they needed to leave the relationship or have the other partner arrested and removed from the home. However, in today’s digital world, technology can be used as a fierce weapon to continue to control, harass, and abuse its intended target from afar (1, 2, 3).


This article is all about empowering someone who is leaving an abusive relationship and providing them with information on how to take digital control back from the abuser, who now could be using technology as a weapon of retribution and control. This article is going to overview aspects to consider and also provide some recourses to secure, control, and assert your digital autonomy, thus increasing your safety and security both online and offline. We are going to look at several digital challenges that one could face when leaving a relationship, including issues surrounding cellphones, emails, vehicles, the internet, social media, smarthome devices, and personal banking.


Cellphones:


Probably the easiest way for an abusive partner to spy on your online activities, or identify your location, is through your cellphone. If an abusive partner has had any access to your phone, there are several spyware apps that they could have covertly downloaded onto your phone.


Recommendation #1:

Purchase a secondary “burner” phone with a new phone number that your partner doesn’t know about and keep it well hidden. We know that phones can be expensive, and finances can be limited when leaving a relationship, which is why we recommend looking at purchasing a cheaper phone like the Android Figo Orbit 2. When you finally leave the relationship, ditch your old phone and ensure that your burner phone now becomes your primary phone. If using your burner phone while still living with your abuser, make sure that you do not use the Wi-Fi or Bluetooth on the phone. There are several ways that an abuser can utilize a home router to see if another device is attempting to connect to the home Wi-Fi network and this can identify the presence of your burner phone. If your phone is actively searching to connect to Bluetooth accessories, this can also be a way to identify the presence of the device.


Recommendation #2:

If you cannot purchase a burner phone, ensure that when you separate from your partner you conduct a full factory reset on your personal phone. Often this will delete any spyware that has been downloaded onto your phone. Remember, a factory reset will often delete all other information on your phone such as pictures and contact information, so make sure that you back-up any information that you do not want deleted.


iPhone Reset:

https://support.apple.com/en-ca/HT201252

Android Phone Reset:

https://www.quora.com/How-do-I-reinstall-Android-OS-and-all-default-drivers-in-a-mobile

Windows Reset

https://support.microsoft.com/en-ca/help/4026528/windows-10-reset-or-reinstall

Mac Reset:

https://support.apple.com/en-ca/guide/mac-help/mchlp1599/mac


Recommendation #3:

If you are separating from your abusive partner and taking your primary phone and laptop with you that has not yet been factory reset by yourself, make sure that you turn off data, Wi-Fi, and Bluetooth until you either you get a burner phone or conduct a factory reset on your primary phone. We also suggest that you block your caller ID from being seen.


Turn off Wi-Fi iPhone

https://www.esafety.gov.au/media/1877

Turn off Wi-Fi Android

https://www.esafety.gov.au/media/1857

Turn off Bluetooth Android

https://www.esafety.gov.au/media/1856

Block caller ID iPhone

https://www.esafety.gov.au/media/1900

Block caller ID Android

https://www.esafety.gov.au/media/1852


Recommendation #4:

No matter what phone you possess, once you have separated from your partner, make sure that you turn off the metadata function (camera) and location services (like Find My Friends) on your phone. Metadata can be used to help pinpoint your location in the world:


iPhone Metadata:

https://www.digitaltrends.com/mobile/how-to-remove-location-data-from-iphone-photos-in-ios-13/

Android Metadata:

https://www.androidpit.com/how-to-turn-off-location-tracking-android


Recommendation #5:

If your original phone is needed as evidence, power it off, take out the SIM Card as soon as possible, and hand it over to the police. This will help to prevent your ex-partner from attempting to remotely wipe/delete any evidentiary information on your phone remotely.


E-mail:


Given that you are likely going to have to set up a variety of new financial and social media accounts, you need to make sure that you create a new email account that cannot be accessed by your abusive partner. You want to make sure that you DO NOT use your name in this new email account such as john.smith@gmail.com. Rather than using an unencrypted open email like Google, consider using a free secure encrypted email account such as https://protonmail.com. Just as a reminder, continue to use your regular email account until such time that you have separated from the abusive partner so as to not raise suspicions. Once the separation has taken place, abandon your old email and move to your new proton email account. Only share this new email with people you trust and ensure that they know not to share it with anyone else, especially your ex-partner.


Vehicles:


Many are unaware that most modern vehicles allow an owner, or an abusive partner who has access to your vehicle, to install a mobile app that allows them to control several functions remotely from their smartphone including locking/unlocking doors, starting/stopping the engine, and location of the vehicle. Some examples:


https://www.ford.ca/owner/fordpass.html

https://www.driveuconnect.com/uconnect-app.html

https://www.bmw.ca/en/topics/experience/connected-drive/remote-services.html

https://apps.apple.com/ca/app/entune-3-0-app-suite-connect/id1043762447


This is why prior to leaving an abusive relationship, ensure that you connect with your vehicle’s service department to make sure that this function, if activated, is turned off. If this is financially limited, ensure you go through the manual to disable any remote app function.


Another important safety protocol is to ensure that you search the entire interior of the vehicle, including the trunk, looking for any phone or other electronic device that you do not own and discard it. These devices usually can be installed with an app that allows another person to track where the device is located in the world. A good example is the Apple “Find Me” application. In addition, cheap, battery powered GPS trackers are easy to purchase.


Ride Sharing Apps:


Ride sharing (such as Uber) has become a very popular means of transit. If you use a ride sharing app like Uber, make sure you do not use your present account (in fact, delete it), and create a new account utilizing a new covert email and new credit card to register. Many of these vendors create a ride history available through the app. Also, these ride sharing apps leave a digital trail on a credit card statement, given that a credit card is needed to register. So, if your partner has access to your credit card account, they can utilize this information to potentially find your location.


The Internet and Social Media:


Incognito/Private Searching Mode

If you are using your home internet to research and prepare your exit from an abusive relationship, we recommend that you use “incognito” or “private” mode. It is not uncommon for abusers to check the history of digital devices that you will use (a form of digital control) so it’s possible that you may tip your hand that you are thinking about or are going to leave a relationship. Yes, you can delete history after use, but often in the heat of the moment you may forget to do this. By searching using incognito or private mode, what you are doing will not be captured in the “history” function of your device.


Google Chrome Incognito PC:

https://support.google.com/chrome/answer/95464?co=GENIE.Platform%3DDesktop&hl=en

Android Incognito:

https://www.androidpit.com/how-to-browse-in-private-on-android

Safari Mac Private Mode:

https://support.apple.com/en-ca/guide/safari/ibrw1069/mac

Safari iPhone Private Mode:

https://support.apple.com/en-gb/HT203036

Firefox Private:

https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history


Although you are using a “private” function on the browser, keep in mind there might be other apps that could be used to spy on what you type.


Change all usernames and passwords on all accounts:

Change all your usernames and passwords on all your social media platforms, cloud storage devices, email accounts, bank and credit card accounts, work logins, shopping sites like Amazon, smart-home device accounts, and your computers just before you leave an abusive relationship, or immediately after your exit. We recommend that this be done on a trusted friend’s computer, or your burner phone, and not a device that is owned or can be accessed by the abusive partner. It is not uncommon that abusive partners will install a covert hardware or software program called a “keystroke logger.” A keystroke logger can record every keystroke that you press on your device, thus allowing them to see your new passwords. Although less-than-desirable, if you do not have access to a friend’s computer or a burner phone, your last option could be to use a computer that is located in a public library. Remember, when using a library computer, or any computer, that you always log off or sign out of all accounts rather than just closing the window when you are done.


Remember, when choosing a password, pick one that has at least six letters, and contains no personal information. Here’s one way that we suggest to create a great secure password that you will not forget:


#1: Pick a phrase that has at least six letters that you will not forget such as, “Marry had a little lamb”


#2: Capitalize the first letter in each one of the words in the phrase: “Mary Had A Little Lamb”


#3: Now squish the entire phrase into one big word: “MaryHadALittleLamb”


#4: Now replace any letters “a” with the “@” symbol and any letter “e” with the “3” so now it looks like this “M@rryH@d@littl3L@mb”


#5: Now add an exclamation mark at the end “M@rryH@d@littl3L@mb!”


Remember, never store your password in your Notes app on your device where someone else can locate it. Instead, we recommend you use an encrypted and secure password locker app and the one we recommend is “LastPass”


iPhone: https://apps.apple.com/ca/app/lastpass-password-manager/id324613447


Android: https://play.google.com/store/apps/details?id=com.lastpass.lpandroid&hl=en


Use Two-Factor Authentication Wherever Possible

Two-factor authentication allows you to further protect access to any of your online accounts. If the aggressor does find your account after you have separated, even if they have your password, they will not be able to access it without having the two-factor authentication code. Rather than using a phone number for two-factor authentication, we recommend using the Google Authenticator App. Most major social networks will allow you to use two-factor authentication.


iPhone:

https://apps.apple.com/us/app/google-authenticator/id388497605


Android:

https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en


Here is a great video to show you how to both install and use the app:

https://www.youtube.com/watch?v=B-Iu1QGkP-o


We definitely recommend that you utilize two-factor authentication on your social media, Apple account, Google account, and email to ensure that your ex-partner will not be able to access all the information that you have stored in these accounts.


Go Dark or Ghost Yourself:

If you are leaving an abusive relationship, we recommend that after your change all your usernames and passwords, and implement two factor authentication. You do not make any further entries until you know you are safe and cannot be easily located. This message is important for any kids that you have with you when it come to the use of their social networks as well. It is also important to let your family, friends, and employer know not to share any information with anyone.


Utilize a VPN Whenever Using Wi-Fi

Whenever you are using Wi-Fi, especially open or free Wi-Fi, make sure that you are using a VPN (Virtual Private Network) which will both hide your location and encrypt anything you may send over the internet. There are free VPN’s available to use, but many of them will slow down your internet speed, and many will collect personal information and sell it to third parties. We recommend a VPN called “Private Internet Access.” This is a premium app that does not cost a lot and does not collect or sell your personal information while still giving you excellent connection speed with security. In this situation, as we are more concerned about more immediate threats, using a free VPN is better than nothing, regardless of corporate interest.


Private Internet Access:

https://www.privateinternetaccess.com/pages/buy-vpn/twh%22%20%5Ct%20%22_blank


Consider Using A Decoy Social Media Account

Another technique to throw off your location to an abusive partner is to create a decoy account on a social network, like Facebook, and flood it with disinformation about your location and status. If you are considering this strategy, remember the following:

  • Create a specific email for this account. Do not use the primary covert email account that we spoke about earlier in this article that you created when you first left the relationship. Utilizing a new Gmail account would be ok. Also ensure that you do not follow, friend, or connect any of your real accounts to this decoy account.

  • Post local happenings in the area that you want the ex-partner to believe that you are now living in. Use Google to search the fake location for this information.

  • Follow local businesses, sport teams, and recreation centers in the fake location.

  • Post about local events and news happenings in the fake location.

  • Talk about restaurants that you have eaten at in the fake location.

  • Talk about the weather in your fake location.

  • Post stock pictures about the area.

  • Remember to post based upon any time zone differences between where you are actually located and the face location of your choosing.

  • The more real and current this decoy account, the better.


Smarthome Devices:


Today’s home is full of smart gadgets and technology that can be integrated and controlled remotely by computer or smartphone like door locks, lighting, heating, and cooling. An abusive ex-partner who still has access to these devices can cause all kinds of havoc in your day-to-day life. Here are some ideas to take control back of your home:


#1: Replace your home router:

Most of these smart devices require connection via the internet; it makes sense to secure the access point from an ex-partner. Although there are a variety of tutorials that can walk you through how to change settings in your router, we just recommend buying a new router that your ex-partner will not be able to access because you now control your network’s name and password. No Wi-Fi access, no ability for your ex-partner to connect with any of the home’s smart devices from afar. If your Wi-Fi router is supplied by your internet service provider (ISP) like Bell, then connect with them and explain that for safety reasons you are requesting a new router.


If you are limited in purchasing a new router. A direct factory reset is then best. Ensure you setup the router with a WPA-2 security and have a strong password to access.


#2: Reset all smart-devices:

Once Wi-Fi access has been blocked, you can now look throughout your home and reset each smart-device to allow you to connect them through your new Wi-Fi network. It’s not uncommon that each device manufacturer will have different ways to reset their specific device. Here’s a list of the most common smarthome devices on the market today, to help you with the reset process:


Cameras:

Nest:

https://support.google.com/googlenest/answer/9252162?hl=en

Logitech Circle:

https://support.logi.com/hc/en-ca

NetgearArlo:

https://kb.arlo.com/1057976/How-can-I-reset-my-Arlo-SmartHub-or-base-station-to-the-default-values

Ring Stick Up:

https://support.ring.com/hc/en-us/articles/115000125926-Stick-Up-Cam-Setup-Mode

Ring Spotlight:

https://support.ring.com/hc/en-us/articles/115003835483-Spotlight-Cam-Setup-Mode

Amazon Cloud:

https://www.amazon.com/gp/help/customer/display.html?linkCode=w61&imprToken=gaX.lG7AS6v6wGWZYX62bQ&slotNum=0&ascsubtag=e99519292933a52d5c1bdf4f4b176faebf364aaa&nodeId=202161680&tag=lifehackeramzn-20

Blink

https://support.blinkforhome.com/categories/how-to-videos-BkFoXlQIB


Thermostats:

Nest Thermostat

https://support.google.com/googlenest/answer/9247296?hl=en

Ecobee Thermostat

https://support.google.com/googlenest/answer/9247296?hl=en

Honeywell Thermostat

https://www.honeywellhome.com/en/questions/how-do-i-complete-a-factory-reset-on-the-lyric-round-thermostat


Light Switches

Lutron Caseta dimmers:

https://www.wink.com/help/products/lutron-caseta-in-wall-dimmer-and-pico/

Echobee Switch

https://support.ecobee.com/hc/en-us/articles/360026508712

TP-Link Switch

https://www.tp-link.com/us/support/faq/265/

Insteon Switch

https://www.insteon.com/support-knowledgebase/2016/2/24/factory-resetting-insteon-hub


Lights:

Philips Hue

https://labs.meethue.com/support

LIFX

https://support.lifx.com/hc/en-us/articles/200468240-Hardware-Resetting-your-LIFX

Cree Connect

https://support.smartthings.com/hc/en-us/articles/204258280-Cree-Connected-LED-Bulb


Doorbells:

Ring

https://support.ring.com/hc/en-us/articles/115000125086-Ring-Video-Doorbell-Setup-Mode

Skybell

https://skybelltechnologies.zendesk.com/hc/en-us/articles/203317075-SkyBell-HD-Device-Reset


Home Hubs:

Samsung SmartThings:

https://support.smartthings.com/hc/en-us/articles/204936890-How-do-I-factory-reset-the-Hub-delete-a-Location-

Iris Smarthub

https://www.irisbylowes.com/support?guideTitle=I-have-a-new-hub-that-I-can’t-add-to-my-Iris-account.&guideId=137aff1c-a4a5-404a-8c58-1320cb59f312

Apple Home

https://support.apple.com/en-ca/HT204893


Smartlocks

August Smart Lock

https://support.august.com/how-do-i-factory-reset-my-lock-BkH1D8y0uG

Schlage Sense

https://www.schlage.com/content/dam/sch-us/documents/pdf/installation-manuals/Schlage-Sense-User-Guide-P516-991.pdf

Schlage Encode Smart Wifi Deadbolt

https://www.schlage.com/en/home/support/faqs/schlage-encode.html

Nest X Yal

https://support.google.com/googlenest/answer/9218474?co=GENIE.Platform%3DAndroid&hl=en

Lockly Secure Plus

http://www.support.lockly.com/article/how-to-do-a-factory-reset/

SimplySafe Smart Lock

https://support.simplisafe.com/hc/en-us/articles/360033366692-Smart-Lock-Setup-Updating-your-system-before-installing


Home Speakers:

For home speakers like Amazon Echo, Google Home Speaker or Apple HomePod we recommend to just disconnect these devices



Banking and Credit Cards:


If you are leaving a relationship where you share a joint bank account and credit card, then it will be important that as soon as possible you create your own private account just before you leave a relationship, or immediately upon leaving. We suggest that you visit a bank of your choice in-person to make this happen. Have any new credit cards delivered to this bank for your personal pickup when the time comes to do so. If needed, store your banking information and credit cards with a trusted friend or relative so that they cannot be located by your abusive partner.


  • Set up account alerts that will notify you if there is unusual activity on your account, including credit cards.

  • Avoid online or phone banking form unsecured devices. This will help to prevent your ex-partner from fraudulently accessing your account. Visit your bank in person, and request that they disable phone and internet banking for you if able. Do all your banking in person until such time as things stabilize.

  • If your ex-partner had access to your personal credit cards, make sure you cancel them and get new ones in the event they have recorded the card’s number, expiry date, and three-digit CSV number on the back of your card: all information that a person needs to use your credit card over the internet. This is also an opportunity to ensure you also update all online accounts like Amazon, Apple, Google, monthly subscription services (Netflix) where your credit card information may be stored.


Conclusion:

We here at The White Hatter team hope that this quick guide will help you to secure, control, and assert your digital autonomy, thus increasing your safety and security both online and offline. This guide is not exhaustive in its information specific to this topic, but we have attempted to cover those digital challenges that we thought most important. Always remember that you are not alone, there are organizations like transition houses and women’s shelters, as well as online resources out there to help when you are in need, especially after separating from an abusive relationship (4).


Respectfully,

Darren Laur & The White Hatter Team


Attachments:

  1. https://citizenlab.ca/docs/stalkerware-legal.pdf

  2. https://accan.org.au/Domestic%20Violence%20and%20Communication%20Technology%20final%20report%2020190801.pdf

  3. http://nixdell.com/papers/a046-freed.pdf

  4. https://goaskrose.com

Call

250-478-9119

Toll-Free

1-855-478-9119

  • YouTube - Grey Circle
  • White Twitter Icon
  • White Instagram Icon
  • White Facebook Icon

Located

2611 Rainville Rd, Victoria, BC,

V9B 3N2

© 2017 Personal Protection Systems Inc