Basic Web Identity Protection for Streamers

This document discusses topics related to identity protection online, including anonymous email, false
identities, and avoiding scams. This document should be read in its entirety before doing any sort of
implementation or go live. A suggested implementation order will be provided at the end.

1. Anonymizing Online
a. Free email accounts should not be used for business/professional purposes, as they
don’t have particularly great security, and have limited add-on functionality. Getting a
stream-identity specific Gmail account is a worthwhile start. You won’t use this account
often, but it has some nice add-ons available at no extra cost such as limited cloud
storage and voice services.
b. Set up your free email account using your streamer name, and fake personal
information.
i. Make note of this fake personal information.
ii. It’s a good idea to save it as a text document in your free cloud storage included
with your free online account.
c. Get a Google Voice number or burner phone. Anything related to your stream, register
with that number.
i. If you chose to go with a Gmail account, Google Voice numbers are free, and
you just need to use it one each month or so by sending or receiving a text
message from/to it.
ii. A Google Voice or burner phone keeps your actual phone number away from
your streamer identity, helping protect you from phone harassment.
2. Physical Protection
a. If you can afford it and are allowed to set it up, get a camera doorbell.
i. Getting an alert that somebody is at your door can be the difference between
life and death in a swatting incident.
ii. If you can see police at the door, you can call emergency services to alert them
that there’s no emergency, and get yourself in to a position to not get shot if a
swat team comes in.
b. Use a greenscreen if you are face camming. While having a shelf of nerd stuff looks
great in the background, unless you are public about who you are, a forgotten item can
be used to identify you and find your location.
3. Account and Password Protection
a. Use a cloud password manager, like LastPass or 1Password.
i. Password managers allow you to maintain unique passwords for all your online
services. This ensures that if one account is breached, then your other accounts
are not at risk.
ii. You’ll only really need to remember you master password to access your
password manager. The manager will fill in your password automatically for
your other logins.
b. Do no use simple passwords. Use pass phrases instead. At least 24 characters long with
a mix of letters, numbers, and symbols.
i. An easy way to remember your pass phrases is to use song lyrics.
 ii. Example: “WeAreTheChamiponsMyFriend!2021” is an incredibly secure
password, and you’ve probably already memorized it.
c. Enable multifactor authentication on everything you can. 99% of account breaches can
be prevented with multi-factor authentication.
i. It’s a hassle to pull up your phone and load the code every time, but it’s better
than getting hacked and doxed.
ii. Further, 1Password has a PC-based authenticator app in its paid version.
4. Domains and Email – Products and Services
a. Buy your own domain. The name of your stream with a .com is generally affordable,
less than $20/year.
i. Having your own domain allows you to define a specific identity on the Internet.
The vShojo phishing attempt was based on the attacker using vshojo.org as their
email domain, which people assumed was owned by vShojo. Their actual
domain is vShojo.com. If somebody pretends to be you from another domain,
you can inform your users that you will only ever communicate from the domain
you own.
ii. Unless you are going to have a web site built, don’t just go for a .com domain.
You can generally get .me domains or other top level domain suffixes for
cheaper than .com, .net, or .org.
b. After buying your domain, work with your registrar to hide your information. There may
be a fee for this.
i. Setting your domain settings to Private will hide your personal information
when you register. Currently, registration will often only show the state and
country of the registrant, but some services will show a contact person and
phone number. Setting your information to Private means that if somebody
performs a WHOIS lookup on your domain, they won’t get any useful
information out of it.
ii. To check this for yourself, go to http://mxtoolbox.com/supertool, set the
dropdown to WHOIS, and search a web site. You can see information about
that site. It’s also worth doing an MX (Mail Exchange) lookup and that will tell
you what kind of email service is being used. I generally recommend GoDaddy
as things are simple and with only one domain, the private registration is only
about $10.
c. After obtaining your domain, look in to purchasing business class email. A Microsoft 365
Business Essentials License is around $6/month.
i. Business class email offers more features and security than a free email service
like Gmail, Outlook.com, Yahoo, or the others.
ii. The biggest advantage is you get the admin tools in the back end for things like
message tracing. These tools can be useful for stopping online harassment.
iii. As you grow your brand, you can add on services like advanced spam and
identity protection by stepping up your service agreement.
d. If you registered with GoDaddy, you have the option to authorize GoDaddy to set up all
the domain stuff for you automatically. In a few minutes your email will be configured.
 e. Your business class email should come with a significant amount of cloud storage.
Again, using M365 Business Essentials, you get a 1TB OneDrive.
f. With your cloud storage set up, sync any folders you use to store your stream assets to
your cloud storage.
i. Cloud storage is crucial to protecting your stream assets. A sync to your cloud
storage ensures that any time you make changes to your stream assets, they are
automatically backed up.
ii. If your computer dies, you get a crypto attack, or something goes wrong, you
just need to sign in to recover your stuff, import it, and get back to streaming.

Suggested Implementation Order:

1. Register a free email account, Gmail being suggested to also get a Google Voice number. Configure
multifactor authentication on the account.
2. Register your password manager with your free account. Store your master password in your free
account in the provided free cloud storage. Configure multifactor authentication on this account.
3. Register a paid domain with your streamer identity and tied to your free email account. Store your
credentials in your password manager. Make sure this is a unique password for the service.
Configure multifactor authentication on the account.
4. Set up your paid email subscription using your paid domain. Register your credentials in the
password manager. Make sure this is a unique password for the service. Configure multifactor
authentication on the account.
5. Set up your streaming account (Twitch, Youtube, etc) with your paid email. Register your
credentials in the password manager. Make sure this is a unique password for the service. Set up
multifactor authentication on the account.
6. Set up your streaming assets. Back up all your streaming assets to your paid cloud storage, and if
you have the room, your free cloud storage as well.