Protect yourself from digital stalking by enabling full-disk encryption, using a separate device and phone number for communications, disabling location sharing on all devices, removing metadata from photos, using Signal and Tor for sensitive communications, and implementing strong unique passwords with two-factor authentication on all accounts. Monitor for account compromises regularly and physically inspect devices for tracking apps or hidden hardware. This guide provides a systematic approach to securing your digital life including threat model assessment, device hardening, account security, communications protection, and monitoring strategies.

Table of Contents

• Threat Model Assessment
• Prerequisites
• Physical Security Considerations
• Troubleshooting

Threat Model Assessment

Before implementing protections, identify what you’re defending against. Stalking threats typically fall into several categories:

• Location tracking through GPS, cell tower triangulation, or WiFi positioning
• Account compromise via credential stuffing or social engineering
• Device infiltration through spyware or firmware modifications
• Social engineering exploiting personal information
• Physical surveillance aided by smart home devices

Understanding the attack surface helps prioritize defensive measures. Document any known compromised accounts or suspicious device activity before hardening your environment.

Prerequisites

Before you begin, make sure you have the following ready:

• A computer running macOS, Linux, or Windows
• Terminal or command-line access
• Administrator or sudo privileges (for system-level changes)
• A stable internet connection for downloading tools

Step 1 - Device Hardening Fundamentals

Mobile Device Security

Your smartphone is the most significant vulnerability. Stalkers frequently exploit find-my-device features, location sharing settings, and insecure backups.

First, perform a factory reset on any device you suspect may have spyware. This eliminates trojaned applications and compromised operating system components. After reset, avoid restoring from backups created before you suspected compromise, those backups may contain malicious software.

Configure your device with these critical settings:

Android - Disable location for all non-essential apps
adb shell pm revoke <package> android.permission.ACCESS_FINE_LOCATION
adb shell pm revoke <package> android.permission.ACCESS_COARSE_LOCATION

iOS: Review and revoke location access
Settings > Privacy & Security > Location Services
Set every app to "Never" unless explicitly required

Enable encryption on all mobile devices. Modern Android and iOS devices encrypt storage by default when a passcode is set, but verify this in your security settings. Use a strong alphanumeric passcode rather than biometrics alone, biometrics can be coerced or circumvented.

Account Security Architecture

Create entirely new accounts for sensitive communications. Do not reuse usernames or email addresses from compromised accounts. Generate unique, complex passwords using a dedicated password manager.

Generate secure password with Bitwarden CLI
bw generate --length 24 --includeSymbols --includeNumbers --includeUppercase --includeLowercase

Enable 2FA using TOTP rather than SMS
Store TOTP secrets in your password manager's secure notes

For accounts requiring maximum security, consider hardware security keys. YubiKeys or SoloKeys provide phishing-resistant authentication that cannot be intercepted through man-in-the-middle attacks.

Step 2 - Communication Channel Hardening

Email Configuration

Stalkers frequently target email accounts to reset passwords on other services, read communications, and monitor activity. Secure your email with these measures:

1. Enable PGP encryption for sensitive communications
2. Configure email filters to forward urgent messages to a secure alias
3. Review and delete any email forwarding rules a stalker may have added
4. Check active sessions and revoke unauthorized access

Generate PGP key pair using gpg
gpg --full-generate-key
Select RSA 4096, no expiration, and a strong passphrase

Export public key for sharing
gpg --armor --export your-email@example.com > public.asc

Messaging Application Selection

Choose messaging platforms with end-to-end encryption and minimal metadata retention. Signal provides strong encryption with features specifically useful for stalking victims:

• Disappearing messages with configurable timers
• Screen lock to prevent unauthorized access
• Registration lock to prevent SIM swapping
• Relay contacts option to hide your number

Enable Signal registration lock (requires setup from mobile)
Settings > Account > Registration Lock
This requires your Signal PIN to register on new devices

Avoid messaging platforms that store message content on servers, lack end-to-end encryption, or retain extensive metadata about your communications.

Step 3 - Network-Level Protection

VPN Implementation

A reputable VPN encrypts network traffic and masks your IP address, preventing network observers from monitoring your browsing activity or determining your physical location through IP geolocation.

Configure your VPN to activate automatically on network connection. This prevents accidental exposure if you forget to enable it:

Linux - Auto-connect VPN with systemd
/etc/systemd/system/vpn-autoconnect.service
[Unit]
Description=Auto-connect VPN
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/wg-quick up wg0

[Install]
WantedBy=multi-user.target

Select VPN providers with verified no-logging policies and RAM-only server infrastructure. Avoid free VPNs, which often monetize user data.

DNS Configuration

Use encrypted DNS to prevent ISP-level tracking and DNS-based location inference:

Configure systemd-resolved for DNS-over-TLS
/etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1 1.0.0.1
DNSOverTLS=yes
FallbackDNS=9.9.9.9 8.8.8.8

Alternatively, deploy a local DNS resolver like Pi-hole on a Raspberry Pi to block tracking domains at the network level.

Step 4 - Location Privacy

Location Services Audit

Review every application with location access. Ask yourself whether each app genuinely needs your location. Remove location access from applications that don’t require it:

Android - Check location permissions via ADB
adb shell pm list permissions -d -g | grep -i location

iOS: Review in Settings > Privacy & Security > Location Services
Check "Share My Location" settings and disable Family Sharing if abusive

Disable “Find My Device” features on all accounts unless absolutely necessary. These same features that help you locate a lost phone allow stalkers to locate you if they gain account access.

WiFi and Bluetooth Hardening

Avoid connecting to unfamiliar networks. Stalkers may create fake WiFi access points to capture traffic or perform man-in-the-middle attacks. Disable auto-connect to WiFi networks:

Android - Disable auto-connect
Settings > Network & Internet > Internet > WiFi > WiFi preferences
Turn off "Connect to open networks"

iOS: Forget unknown networks regularly
Settings > WiFi > Tap "i" on unknown networks > "Forget This Network"

Disable Bluetooth when not in use. Bluetooth beacons can track device presence, and Bluetooth vulnerabilities have allowed remote code execution on millions of devices.

Step 5 - Data Minimization and Cleanup

Reducing Digital Footprint

Stalkers gather information from public sources. Minimize your online presence:

1. Request data deletion from people search sites
2. Delete unused social media accounts
3. Opt out of data broker aggregators
4. Remove personal information from websites

Use a privacy-focused email alias for online accounts
Services like Proton Mail or FastMail provide alias features
that forward to your primary inbox while hiding your real address

Metadata Stripping

Photos contain metadata revealing exact coordinates, device information, and timestamps. Strip metadata before sharing images:

Remove EXIF data using exiftool
exiftool -all= -overwrite_original image.jpg

Batch processing
for img in *.jpg; do exiftool -all= -overwrite_original "$img"; done

Step 6 - Monitor and Incident Response

Account Monitoring

Enable alerts for account login attempts and password changes. Most services offer notification options in security settings. Register for data breaches affecting your accounts:

Check if your email appears in breaches
Visit haveibeenpwned.com or use their API
curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/youremail@example.com" | jq

Creating an Incident Response Plan

Document steps to take if you discover unauthorized access:

1. Change passwords on a known-safe device
2. Enable two-factor authentication
3. Contact law enforcement with documentation
4. Notify financial institutions if applicable
5. Preserve evidence without altering compromised systems

Physical Security Considerations

Digital protection must complement physical security. Stalkers may gain access to your devices through physical proximity:

• Use screen locks on all devices
• Enable encrypted storage
• Avoid leaving devices unattended
• Consider using a privacy screen in public
• Use Faraday bags for devices when not in use

Troubleshooting

Configuration changes not taking effect

Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.

Permission denied errors

Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.

Connection or network-related failures

Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.

Frequently Asked Questions

How long does it take to stalking victim digital?

For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.

What are the most common mistakes to avoid?

The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.

Do I need prior experience to follow this guide?

Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.

Is this approach secure enough for production?

The patterns shown here follow standard practices, but production deployments need additional hardening. Add rate limiting, input validation, proper secret management, and monitoring before going live. Consider a security review if your application handles sensitive user data.

Where can I get help if I run into issues?

Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.

Related Articles

• Privacy Setup For Witness Protection Program Participant
• Privacy Setup For Immigration Activist Protecting Undocument
• Privacy Setup For Someone Leaving Abusive Relationship
• Privacy Setup For Safe House Protecting Location
• Encrypt Your Entire Digital Life: A Checklist
• AI Coding Assistant Session Data Lifecycle Built by theluckystrike. More at zovo.one