"How Can I Stay Safe as a Marginalized Writer?"

I’d trade it all for dial-up.

Dear Milo,

I’m worried about staying safe as a trans writer. I mean online, but because bigots take it into the real world. I noticed that you’re not on social media much. Is that a way to stay safe? Do you have other tips?

Sincerely,

Safe and Sound


Dear Safe and Sound,

Time for another biggie! I swore I wouldn’t do this two months in a row, but this is an important topic.

This is a great question and a legitimate concern, my friend. If I may be nostalgic a moment: The internet just isn’t the fun, amazing little place it was in its early years. The Hamster Dance, The Badger Song, and nerdy discussion boards have long morphed into invasive ads, predatory algorithms, and people just plain yelling at each other. For those of you too young to remember, you’d never believe how enjoyable and stress-free the original internet was. There was no social media, no likes, no influencers. Amazon, Google, and YouTube were barely concepts. Sure, it had its issues, but ultimately the internet was just a shiny new place for people to share art and ideas ranging from the ridiculous to the profound, simply for the sake of sharing them. That’s it. That was the internet.

The corruption of the internet is why we can’t have nice things. And among all the rot, marginalized novelists are one of the many groups increasingly and particularly targeted in ways that have long since started to spill into the physical world. The only thing making this worse is how, at least in the United States, the law is sorely behind in not only protecting marginalized groups in general, but protecting people at large from the internet itself. It’s so bad now that even if you don’t use the internet, you’re still vulnerable in the real world because of the internet.

There’s a seemingly endless amount of matter we could discuss these days when it comes to internet safety—and plenty of what I’m going to share here can apply to almost anyone looking for better internet safety—but I’m going to keep the focus on (marginalized) writers.

Over the past year in particular, marginalized writers have started to talk more publicly about internet safety. Sim Kern is a great example, and they have videos on General Principles of Online Safety and Specific Steps for Online Safety.

My list of safety tips below isn’t exhaustive. (It’s exhausting, but not exhaustive.) Also, some of these things may only apply to the privacy and security laws of the United States (which are, as of this writing, awful). Some of these require money, but thankfully many are also free. Doing all of these things would indeed make you the safest you can be, but each of these options is an individual choice. As writers, we have to weigh the pros and cons of each choice, which can include financial cost, social cost (amount of time required to create or sustain a given security measure), a potential dip in book sales, and other matters that can vary greatly per author and situation. Personally, I aim for a balance that makes me feel safer without simultaneously feeling silenced.

We all have choices to make, but I want to make it clear that if you don’t do one of these things and end up targeted or attacked through it, that is not your fault. It’s always the fault of the person or people who chose to attack you. 

Also, in the end, none of this is a guarantee. Even if we stopped using the internet, none of us can be 100% safe unless we essentially stopped existing. And we’re not doing that.

Finally, it’s never too early to start implementing these things. The earlier, the better. Don’t wait until you’re worried you’re being actively targeted. If you’re reading this now, start your plan now.

So here are several considerations for online safety:

Get Yourself Off Data Broker Sites

This is a big one, folks. There are hundreds of data broker sites that can legally collect your personal info—name(s), email(s), phone number(s), physical address(es), government records, names of family members, etc.—and either place it online for free or sell it to people. If you’re worried about doxxing, these sites are one of the two main culprits. (The other being the Dark Web, which posts info usually obtained through hacking, scams, and related practices.) Everybody’s info is on these data broker sites—even your 99-year-old grandma who’s never touched a computer—and the only way to not be is if you actively remove yourself from Every. Single. Site.

The best and easiest way to take care of this is using DeleteMe. No, this is not a paid endorsement nor intended as some sort of advertisement. They have no idea I’m writing this right now. I just genuinely appreciate their services and encourage marginalized folks to utilize them to the best of their ability. They cost money and require you give them your personal info, but they’re legit and worth it. (They ask for that info so they can, in fact, search for your info. It sounds backwards, but they need to know who and what they’re searching for.) Not only will they hunt down every data broker site that has your info, but they’ll remove it and make sure it stays removed. (Because guess what, those sites can indeed pop your info right back in through endless scraping of the internet.)

And again, I swear this isn’t some sort of manipulation tactic, but if you’d like 20% off your first year, you can follow this referral link. If you’re uncomfortable using the link I’ve provided, there are plenty of other 20% off links you can find online, including in Sim Kern’s videos above. There’s no need for you to pay full price, is my point.

If DeleteMe is outside of your budget, they also have a great DIY Opt-Out Guide so you can do the work yourself for free. I did the DIY route for many years and can vouch for the effectiveness. However, be prepared to lose several days’ worth of your life. The hardest is at the beginning, the first time you’re taking yourself off all those sites. If the DIY route is particularly daunting for you, consider getting your loved ones involved. Even if you’re each taking care of your own identity, you can turn it into a party.

It gets easier after the initial removals, but still takes time. After the initial removals (and double checking to make sure the removals took), I then religiously checked all the sites every three months and after any major information triggers, such as moving. (I eventually turned to paying the DeleteMe folks to take care of things because 1) I could finally afford it, 2) I was tired of losing a weekend every three months for the rest of my life, and 3) they actually managed to find a handful of sites I’d missed all those years.) 

Final pro tip if you go the DIY route: Create a burner email address, phone number, and physical address whenever possible. Many of the data broker sites request your personal info in order to…opt out of them putting up your personal info. Many times, it wasn’t even the info they already had on you. That’s sketchy and unnecessary. They may also sometimes ask for a copy of your photo ID, such as your driver’s license. But you can black out every single piece of that ID—including your photo—with the exception of your full name, and it's acceptable for these sites.

Upgrade Your Passwords and Get a Password Manager

The first part of this is free: Upgrade your passwords. Make sure every single one of your passwords is not only unique, but is made of long strings of random letters, numbers, and symbols. No coherent words, nothing that can be linked to you (such as your birth year), nothing. These are important steps because it not only makes each password difficult to guess, but will stay limited to only one account if that account is compromised. If you use the same password for multiple accounts, guess what kind of headache you’re in for.

But then comes the second part, which costs money: Get a password manager. This will make remembering all those passwords much easier. Many password managers these days also include some additional security, such as Dark Web monitoring, VPNs, and notifying you if any sites in your password manager were recently involved in a data breach. (Related: You can periodically check Have I Been Pwned.)

However, if you come across a free password manager—as in, a password manager that doesn’t have any paid tiers in addition to any free tier they may offer—don’t use them. It means their business makes their money some other way, usually by, well, collecting and selling your data.

When it comes to password managers, I’m a big fan of Dashlane. Again, this isn’t an advertisement or paid endorsement. I just genuinely like what they do. And if you want to take them for a spin, you can currently get six months of their Premium version for free.

Get a VPN

Where am I? Am I over here? Am I over there? Who knows? VPNs have a reputation for nefarious use, but their use truly comes down to the user themselves. There are indeed many people who use VPNs to do bad things online, but VPNs are otherwise a great tool to keep your location, interests, browsing history, and other personal user info scrambled. This is great not only for knocking hackers and ID thieves off your scent, but also messes with corporations trying to slurp up your data to sell to third parties for advertising purposes.

There are free versions, but just like password managers, a paid version is the only safe way to go. If they’re offering their service for free (and only for free), it’s likely because they are collecting where you are, where you’re going online, etc. and selling it to third parties.

Oh, and avoid public wifi hotspots at all costs, especially if you’re not using a VPN. Areas with public wifi are feeding frenzies for businesses, advertisers, and hackers.

Purchase Your Name (and Names of Your Published Books) as Domains

Our final money-specific suggestion for today. If you can afford this, pay to own the domain names of yourself and any of your published books. This is so nobody can grab them before you and consequently hold those sites hostage for you to pay a significant amount to buy, pose as you and post inappropriate things, etc. As a bonus, it works as some potential extra site traffic. Even if you don’t actually use those domain names, you can have them redirect to your main site (or to a link to buy a given book, etc.).

Tip: Don’t try to grab the names of books you haven’t published yet. It’s normal for a book’s title to change during production, so you’ll risk wasting your money if you put the cart before the horse.

If someone with a similar name or book title already grabbed a given domain name, don’t worry about it. Let that one go.

Have Different Emails for Different Things

This one may take some getting used to at first, but having a different email address for each part of your life can help keep things more organized, as well as lessening the impact of an email breach. At least you’ll still be able to conduct business and get support from loved ones over email while the flow of hate collects in just one of your accounts. It’ll also be less of a headache to switch the compromised account to a new one.

The best plan is to have 1) a general business/professional communication email account (this one would most likely be your name), 2) a burner business/professional email account (for signing up for accounts such as Canva), 3) a burner personal account (for signing up for accounts such as Netflix), 4) a burner account for removing your data online (if going the DIY data broker route), and 5) an unusually-named account for personal use, meaning only for your loved ones and closest acquaintances (think 90s middle school, something people wouldn’t guess a grown adult would have, such as “i<3cookiesandbeyonceeee”).

You can have even more accounts than this, if you want, but I’m sure you can imagine how unwieldly these can get. At the very least, I recommend three different emails: business, burner, and personal.

Lock and/or Leave Social Media

This varies per platform, but consider turning off comments or, at least, public comments (meaning from people not on your friend/follow list or newsletter membership). The inability to freely or easily engage can deter many ill-intended people. You could also lock given platforms, meaning only people on your friend/follow list can even see any of your posts.

Likewise, consider dropping social media (or specific platforms therein) altogether. This has become increasingly popular over the past couple of years, but has been a tried and true method for a while now. In the memoir SHRILL, Lindy West talks about the onslaught of harassment she received on Twitter. But once she left the platform, it just…stopped. She was shocked that was all it took. Results may vary, but it remains that ease of harassment ups the chances and/or quantity of harassment.

Use 2FA/MFA Wherever Available

Make sure you have 2-factor authorization (2FA)/multi-factor authentication (MFA) enabled for any account you have, most especially your email, website, and social media logins. Unique codes texted to your phone or sent to your email is an option, but the best is using an authentication app. 

Don’t Mention Your Favorite Places or Your Workspace

I know you want to give a shoutout to your favorite restaurant or boost sales for your local bookstore, but mentioning places you like—especially places that are in your known town of residence—suggests that you frequent them, which in turn means people know where they might find you. Even if they’re just an innocent, overly excited fan who wants your autograph, that’s creepy and uninvited. And if it’s someone who wants to punch you in the face? Even less welcome.

Likewise, try to avoid mentioning where you work. Or, at the very least, try not to make it known that author you and worker you are the same you. Writers don’t make much money as writers, so it’s common to hold at least a 9-5 to make ends meet. In more intense dogpiles, bad-faith folks show up at or repeatedly contact a person’s primary place of work to out them or otherwise attempt to get them fired. Sometimes it’s effective, especially if you work around minors or in other so-called influential ways, as well as work or live in states that don’t have laws protecting marginalized folks against workplace discrimination.

Don’t Post Photos of Your Children or Loved Ones

Adults really should already know to not post pictures of their children online (don’t get me started), but also consider not posting pictures of your adult-aged loved ones. Not only does this add risk to them also being targeted by association with you, but it also means that if someone knows where they are, they’ll also likely know where you are. (Similarly, if they’re still on all those data broker sites, that could spell trouble for both of you.)

Be Mindful of Taking Nature/Outdoor Photos

Even if no people or identifying factors are in the photo, it can still pose a safety threat. New AI technology can pinpoint the geolocation of a photograph. Just saying.

Remove Address Labels on Unboxing Videos

If you’re an author who likes to do unboxing videos, always make sure to black out, cover, or remove the address label, as well as any other identifying markers on the box.

Update Your Website Regularly

And make sure you’re paying your site-related bill(s) on time. We writers are notorious for having outdated websites, but the amount of times I’ve seen an author’s website not even be in their possession anymore (and they didn’t know it) because they hadn’t paid their bill(s) is alarming. Usually, these sites then reroute to porn, scam sites, or other unfavorable things.

Also, even if you’re not updating your site’s content, make sure you sign into your account regularly to check for any maintenance updates your site may need. Sign into your site weekly at the very least, but daily is highly preferred. Due to the nightmares of coding vs the never-ending onslaught of bad-faith people, updates for any type of technology are nearly constant, whether they be major overhauls or security tweaks. Regardless, consider every update important. An ignored update means your site is vulnerable somewhere, and a vulnerability makes it easier for someone to wriggle into your site and take it over. 

Don’t Post Images or Recordings of Yourself

If people don’t know what you look or sound like, it’s considerably harder to identify you in the physical world. Also, people can’t do weird things with your likeness through AI.

Publish Under a Pseudonym

If you’re looking to be undetectable in the physical world, yet still be an author, a pseudonym is one of the safest options you can have. Only your agent/agency and editor/publisher would know. It’s true that something may slip down the line and your identity is revealed or found out, especially if your Pseudonym Self and Real Self cross over too often or you have photos of yourself online as both people, but it’s certainly still an option to consider. Alexis Hall is a great example of a successful queer author who publishes under a pseudonym and doesn’t post pictures. They’ve maintained privacy for years. 

But What About In-Person Events?

The key to online safety is to never give too much info about yourself, most especially where you live, where you’ll be on a given day, etc. However, a big issue for authors is they often have (or prefer to have) tour schedules and/or physical events, and you need to, you know, post these online if you want people to show up. While not doing in-person events (or otherwise not advertising them publicly) is the safest choice you can make for your physical wellbeing, it’s not often a career choice authors prefer.

If you choose to engage in physical events (and advertise them online), the big thing is to be in full communication with the people running the event. In most cases, this is a bookstore, library, literary conference, or other related venue. Not all of the options below may be necessary for you based on your comfort level and the current climate toward your online presence, but these are some request ideas:

  • If you’re taking the no pictures/recordings route, require that the venue doesn’t record the event or take pictures of you. If signing an event agreement is involved, make sure it doesn’t include the right for them to take pictures/recordings of you for marketing purposes, etc. Request such wording be removed if it’s there. Also, directly and publicly request at the start of your presentation/event that patrons and attendees also do not take photos or video of you. Say it’s a safety and privacy matter (because it is). Is it a hassle, frustration, and risk every time you do an event? Yeah. But with AI’s nefarious abilities these days with just one clear photograph of your face and/or 3 seconds of audio of your voice, you may prefer to deal with the hassle and weigh your options with each event opportunity.
  • Have events be registration only, even if they’re free. Likewise, have registration require a full name, address, email, and/or phone number. Can someone put in fake info and use a burner email? Sure. But it’s still one more hoop to make bad-faith people jump through.
  • Have a staff member check people in at the door. If they’re not on the registration list, they can’t attend. (This probably sounds mean to last-minute patrons, but honestly, we should really get folks to normalize registering for events ahead of time. It not only helps events people prep the space, but can help create additional events if the original appears quite popular. But regardless, last-minute attendees can indeed still come in…if they register online with the required info like everyone else, even if they’re standing right in front of the door 2 minutes before the event starts.) Staff could potentially require photo IDs, like the law requires for 21+ spaces, in order to help curb bad-faith registerers who put in fake names, but keep in mind this could potentially cause trouble for trans and nonbinary patrons.
  • Alert the staff of the names of particular people you already know to be trouble, have threatened you online, etc. Their registration can be rejected or they can be stopped at the door.
  • Have at least one loved one in the audience. Not only can they help keep an eye out, but having a familiar face in the audience can help you stay focused on your event, rather than your surroundings.
  • Have an emergency plan in place with staff. What’s the staff’s response protocol to a heckler in the audience? (There are, of course, different levels of heckling, which could require different approaches.) Is there a “safe room” (usually the staff’s back room that can additionally be locked) you can go to if you’re personally targeted by a given patron (and temporary removal from the situation is the best way to deescalate)? What is the staff’s protocol for physically removing a belligerent patron? In the event of a shooting or other such attack, which staff members are actively prepared with their cell phones to call 911 or other emergency services? What is their general emergency protocol?
  • (Sidenote: Sometimes household-name authors—who almost always are also mainstream identities—require or hire police officers to stand around the perimeters of a given space. However, this can be counterintuitive in most marginalized spaces and threatening for marginalized patrons. Ultimately, it comes down to your personal choice and the specifics of your situation.)
  • In the worst-case scenario of a verbal altercation or active threats, the best plan is to school yourself in passive response tactics to help keep things from escalating. There are also ways to physically guard yourself. These resources are some of the best I’ve seen on both verbal and physical altercations, particularly centering (BIPOC) AMAB trans people, who are not only more likely to be attacked, but more likely to find themselves in legal trouble for protecting themselves: The Silver Sprocket Self-Defense Guide, Queers Never Die Self-Defense Tutorials, and Self-Defense Strategies for Trans* People by Scout Tran.

But What About Hybrid or Online Events?

Regardless of whether you feel comfortable with in-person events, you may still want to engage with online events. While in-person safety requests are more dependent on your comfort level and current treatment online, online (and the online portion of hybrid) events should always follow the below protocol. Just like with an in-person event, be in full communication with the staff and make sure you have the following (or do this yourself if you’re running an event on your own):

  • Require registration with at least a full name and an email address.
  • Do not send out the link to the event any earlier than 15 minutes before the event begins. Only send it to the given registered email addresses. Never share the link publicly or freely online.
  • Make sure any communal-sharing features (e.g. screen sharing, whiteboard usage) are turned off for everybody but yourself/staff.
  • Become well-versed in all the security features of the platform (e.g. shutting down the chat, disallowing people to unmute themselves, share their screens, or turn on their cameras). In the event of a virtual attack, be prepared to immediately shut down the entire audience’s permissions until you weed out and remove the culprit(s). (Or just continue with your presentation with all audience interaction shut down. It’s not ideal to not allow the audience to interact, but the instigators will likely leave when they realize they can’t do anything.)
  • Consider using a platform designed for large events rather than casual video conferencing (e.g. Zoom webinars vs Zoom meetings), which automatically neutralize many of the above risks. However, these often cost more money.
  • Have a trusted individual log into the event as co-host so they can keep an eye on the chat, etc. Have them well-versed in the security features of the platform so they can spring into action the moment there’s an incident. Knowing someone else is keeping an eye on things will help you focus on your presentation rather than get distracted with potential safety issues.
  • Consider not recording sessions or only have recordings available for a limited time, usually 2 weeks or less. Links to recordings should only ever go to the individuals who registered for the event.
  • If you’re a particularly private individual, feel free to keep your camera off during your event. It’s your right, no matter what anybody tells you. (Ditto to requirements to share a picture of yourself as part of the event’s marketing. You only do what you’re comfortable with.)

Whether in person or online, you have the right to request specific accommodations for your event, especially if they’re related to your safety. Again, make sure the above are part of the venue’s practices. If they’re not, request them. If they still don’t provide the above accommodations, decline the event. Your safety should always be top priority, even in the face of book sales. And if a given venue can’t honor that, you don’t want to do business with them.

I know that was a lot, my friend. And it’s okay if it feels overwhelming. There’s a lot happening these days and it requires a lot of effort to keep ourselves safe. Again, you don’t need to do all of these things. (Though if there’s only one you can do, I highly encourage getting yourself off data broker sites.) Every writer’s safety plan differs based on their wants, needs, and comfort. You also don’t need to go at it alone. Recruit your loved ones to help, whether it’s to help comb through data broker sites, be the co-host for an online event, or just provide support.

Take things one step at a time. And if you get stressed as you tick off the boxes of your internet safety, take a break and dance like It’s Peanut Butter Jelly Time.

Warmly,

Milo


Milo Todd's logo of a simple, geometric fox head. It has a black nose, white cheeks, and a reddish-orange face and ears.
Until next time, foxies! Be queer, write books!