Cover your tracks online
Warning: if you are worried about someone knowing you have visited this website please read the following safety information.
General security – be aware
This guide contains technical advice about what is possible to protect your devices (including your children’s devices, if you have children), but different parts of this may need to happen at different times. This will depend on your individual circumstances. For example, if you change your password, someone may realise this has happened when they attempt to log in and this could lead to them escalating their behaviours. Your safety is the most important thing and some of this might be for you to consider at a later stage, for instance, when no longer in immediate danger or you have left the situation. It is completely normal to want to get rid of a device or remove their access, but before you do this, you can be strategic about how to plan for your safety. If it would be helpful to talk this through with someone, please use a safe device to contact one of our fully trained Support Workers through Live Chat.
If you do not use a password to log on to your computer, someone else may be able to access your email (if your email password is saved on the device or you don’t log out after checking your email) and track your internet usage. Make sure to log out after checking your email by pressing File then Log out, rather than pressing the X to close the email window.
The following information may not completely hide your tracks. Many browser types have features that display recently visited sites. There is also spyware that can be used more secretly to track your activity. The safest way to find information on the internet, would be at a local library, a friend’s house, or at work.
How can an abuser discover your internet activities?
Please take a few minutes to read the warning below and to take steps to increase your safety when visiting this website.
As a rule, internet browsers will save certain information as you surf the internet. This includes images from websites visited, information entered into search engines and a trail (‘history’) that reveals the sites you have visited. Please follow the instructions below to minimize the chances of someone finding out that you have visited this website.
If you know what browser you are using, then skip to the relevant instructions below. If you do not know the type of browser you are using, you can find the Help menu by clicking on the button with the ellipsis/three dots at the top right hand corner of the browser screen. A drop down menu will appear, and if you choose the option starting with “Help”, another dropdown will appear and there will be an entry saying About Google Chrome, About Microsoft Edge, About Safari or something similar. The entry refers to which browser type you are using – you should then refer to the relevant instructions below. Alternatively, go to “What’s My Browser”, a website that will let you know which browser type you are using.
More on your browser:
The green Exit Site button on the right of the Women’s Aid website will quickly hide the page but you will still need to delete your history.
All leading web browsers have a “private browsing” mode that, once enabled, stores nothing about your activity on your computer in that browsing window. This won’t stop online services from seeing what you get up to, but it won’t leave any traces of your activity on your computer (no history, web cache or anything else) and so it’s always a useful first step to take. Be mindful that if someone is tracking your history and they know you were online at a certain time, it is worth leaving a public browser history of non-sensitive content available to them.
Internet Explorer: Go to Tools (the gear icon at the top right) – Safety – “InPrivate Browsing” or click Ctrl + Shift + P
If you’re using Internet Explorer, we strongly recommend using an alternative browser if possible, as this is now legacy software.
Firefox: Click the Menu button with three horizontal lines – “New Private Window” or click Ctrl + Shift + P
Chrome: Click the Menu button with three dots in a vertical line and select “New Incognito Window”.
Microsoft Edge: Click the Menu button with three dots in a row and select “New InPrivate Window” or Ctrl + Shift + N.
Safari (Apple devices): Click the icon with one square behind another at the bottom right hand corner of your screen, this will take you to your tabs. Then click the number of tabs you have open with a + next to them which will take you to tab groups. Here you can select “Private” so nothing will be stored but you’ll need to remember to exit the tabs individually or they will stay open in your private tab group. Once you’ve finished browsing privately, you can go back to standard searching by clicking where it says “Private” at the bottom and going back to your usual number of tabs.
Similar options can be found in Opera and Firefox.
It is also best to double check that nothing has been stored by following the steps below.
Internet browsers keep a record of all the web pages you visit. This is known as a ‘history’. To delete the full history, follow the instructions from your browser:
- Clear browsing data from Google Chrome
- Clear website data in Safari on Mac
- Delete browser history in Microsoft Edge
- Clear site data in Firefox
To delete history for Internet Explorer, Chrome and Firefox hold down the Ctrl key on the keyboard, then press the H key (Ctrl, Alt and H for Opera). Find any entries that say www.womensaid.org.uk or survivorsforum.womensaid.org.uk, right click and choose Delete.
If there are other searches or sites you would be concerned about someone else seeing, you can delete these individually as well or use the following steps to delete your history for a particular period or for all time.
Toolbars such as Google and Yahoo keep a record of the search words you have typed into the toolbar search box. In order to erase all the search words you have typed in, you will need to check the individual instructions for each type of toolbar. For example, for the Google toolbar all you need to do is click on the Google icon, and choose “Clear Search History”.
If your abuser has an administration account on the home computer, they have more control over the device and can monitor what is happening. This is the user with the highest level of account permissions. If someone else purchases, sets up or maintains the device, they could potentially have an admin account. If you’re concerned about someone else having an admin account, it’s important that you don’t do safety planning or use accounts you do not want them to have access to on this computer.
If you want to check this on Windows, go to Settings > Accounts and on the Your Info tab, check if it says “Administrator” under your account name. If not, then there is another account on the system that is the admin account.
If you want to check this on a Mac, go to the Apple menu > System Preferences > Users & Groups and on the left side of the window, locate your account name on the list. If the word Admin is not directly below your account name, then there is another account on the system that is the admin account.
Take particular care with your email password as your email can provide access to all other account passwords and private information like banking details and calendars. Your email password should be different to any other password and use a strong password. It could be helpful to use a password manager and two-step verification.
You can check if your emails are being automatically forwarded, here’s how to do this on:
If an abuser sends you threatening or harassing email messages, they may be printed/saved as evidence of this abuse. You could also screenshot emails if it is safe to do so. Read more about digital evidence here. Any email you have previously sent will be stored in Sent Items. If you started an email but didn’t finish it, it might be in your Drafts folder. If you reply to any email, the original message will probably be in the body of the message – print and delete the email if you don’t want anyone to see your original message, and store this safely.
When you delete an item in any email program (Outlook Express, Outlook, etc.) it does not really delete the item – it moves the item to a folder called Deleted Items. You have to delete the items in deleted items separately. Right click on items within the Deleted Items folder to delete individual items.
- You can change who can see your BeReals.
- You can turn off location sharing.
- You can delete reactions/comments left on your BeReal.
- There isn’t a blocking option at the moment, but you can remove someone you’re your Friends.
- You can report a user or content they have posted.
- You can block users or Direct Messages.
- You can set up two-factor authentication to verify that it’s you whenever you log in.
- You can report issues to the Discord Trust & Safety Team.
- You can follow Discord’s advice on setting up your account for privacy and safety: including explicit media content settings, direct message and friend request settings, and safe account practices.
- When you block someone on Facebook, they will no longer be able to search for your profile.
- You can review which devices are logged in to your Facebook account and log out everywhere but the device you’re using to remove other people’s access.
- You can turn off location tracking.
- You can use Facebook’s Security Checkup to get alerts when someone tries to log in to your account, learn how to protect your password and enable two-factor authentication.
- You can use Privacy Checkup to check who can see your information and posts and see your settings for apps you’ve logged in to using Facebook.
- You can control who can comment on your public posts on Facebook.
- You can turn on timeline review to see posts that you’re tagged in and manually approve them before they appear on your profile.
- You can set up two-factor authentication to protect your account. This means you’ll receive a notification and be asked to enter a special login code when someone tries to login to your account.
- You can choose to manually approve Instagram posts you’re tagged in so they only appear on your profile after being approved. You can also choose who can tag or mention you in posts and hide posts you’ve previously been tagged in.
- In order to make it harder for someone you’ve already blocked from contacting you again through a new Instagram account, when you block someone you now have the option to both block their account and pre-emptively block new accounts that person may create.
- If you don’t want to block someone or them to be notified about this, you can mute them or restrict their access.
- You can also report posts, accounts, comments or messages.
- You can hide comments or message requests you don’t want to see. All UK Instagram accounts now have the ability to filter private message requests containing offensive words, phrases and emojis. These can also be added to your comment filter, meaning no comment containing these terms will appear under your posts.
- Instagram’s new Sensitive Content Control tool allows you to decide how much sensitive content shows up in the ‘Explore’ tab.
- Instagram allows users to “unsend” messages so if you are keeping track of evidence, it could be useful to screenshot messages in case they are later unsent.
- You can block or report someone in Messenger.
- You can lock the Messenger app on your device.
- Messenger allows you to ignore a conversation and automatically move it out of your inbox without having to block the sender.
- Messenger allows users to “unsend” messages so if you are keeping track of evidence, it could be useful to screenshot messages in case they are later unsent.
- You can change who can contact you, view your stories, send you notifications and see your location in your privacy settings.
- You can remove a friend or block them.
- You can turn on Ghost Mode so your location is not visible to anyone else on the Map.
- You can choose to only share your location with select friends.
- You can leave a Group Chat.
- You can set up two-factor authentication to verify it’s really you logging in.
- You can report abuse, including harassment and other safety concerns.
- You can mute or block accounts.
- You can report abusive behaviour, either specific Tweets or accounts.
- You can protect your Tweets so only people who follow you can see them. This will also mean that you receive a request whenever anyone new wants to follow you, which you can approve or deny.
- You can report any accounts that are impersonating you.
- You can change your location settings so this information is not attached to your Tweets.
- You can make your account private, or turn off the setting which allows others to discover your account.
- You can control who can view your videos, who can message you and who can comment.
- You can filter and delete comments.
- You can block an account or remove a follower.
- You can change who can view your liked videos.
You can stop your videos from being downloaded, and choose who can Duet with you or Stitch your content.
- You can report a video, comment, direct message or account.
- You can untag yourself from videos and limit who can tag you on TikTok.
- You can add two-step verification and lock your WhatsApp with Touch ID, Face ID or Android fingerprint lock.
- You can change your settings so only those you choose can see when you are online or last seen.
- You can block and report unwanted contacts.
- You can change your group privacy settings so only some contacts can add you to a group chat.
- WhatsApp allows users to “unsend” messages so if you are keeping track of evidence, it could be useful to screenshot messages in case they are later unsent.
You can turn off location tracking for your device, though this will prevent some apps from working (e.g. maps or finding stolen phones). Here are guides on how to do this on Apple or Android. Apple also has a checklist to manage location sharing which will provide further guidance.
You can also turn off locations on your photos. If you take a photo with a mobile device, it may add a geo-tag to the photo that says where the photo was taken. You can follow the steps in the links above for your Camera app to remove location services from working with photos.
Here are guides on how to turn off location tracking in different social media apps:
If you do not want to turn off location tracking, it can still be worth changing how your location is shared. Apps default to using “Precise Location” where it’s very specific about where you are, so turning this off will make it safer as it’s an approximate area. You can do this on Apple or Android.
- Check your car’s manual or the manufacturer website for details of how to remove the history of visited destinations from built-in satnav.
- If you use a separate tool like Google Maps to navigate, then deleting recent directions can stop someone with access to your account from seeing where you have been. Here’s how to do this on Google Maps or iPhone Maps.
- If you have a newer car, there might be a companion app which enables location tracking, remote locking/unlocking and access to certain features. The manufacturer should have further details on how to address this, for example FordPass Connect or it could be set up through an Apple Wallet.
- You can also speak to your car dealership or a mechanic about sweeping the car for tracking devices that someone might have attached to the car.
Small tracking devices can be used to monitor locations. These can be concealed or disguised as other objects like chargers or children’s toys. Devices you use that have Bluetooth may have location access, and this is true of medical devices as well like insulin pumps or hearing aids.
If you’re concerned about online banking, get in touch with your bank directly as they will have specific measures to help you, for instance flagging up fraud warnings. This is particularly important if your abuser has access to a joint account. For more information on contacting your bank and regaining control of your finances, check out Surviving Economic Abuse’s resources. All banks also offer two-factor authentication to add security to your online banking.
Surviving Economic Abuse runs a helpline in partnership with Money Advice Plus, you can contact this Financial Support Line on 0808 1968845 (Mon-Fri, 9am-1pm and 2pm-5pm). Calls are free and they provide interpreters on request if English is not your first language. They can support you with problems you’re experiencing around economic abuse and banking, as well as talking you through how to safely open a new bank account if needed.
Online access to medical records
From November 2022, patients over the age of 16 in England can access more detailed information from their medical records through online apps. This access will become automated so all patients can access this service unless restricted by their GP. GPs can hide online visibility or block online access so your records can be safer. There are verification processes for setting up online access but if you feel you may be pressured to do so, then the measures below might help.
It’s important that your GP is still documenting any reference to domestic abuse because you may need this evidence later, but they can do this and remove online visibility. Here are some steps you can consider for your records if you think your partner may be accessing them, or might pressure you to access them:
- Ask your GP to use the “104” code on your records. This code says “Enhanced review indicated before granting access to own health record” and will mean that no-one can pressure you to access your medical records if you don’t want to. You would then need to go to your GP and go through extra verification to set up online access if you wanted this later.
- Talk to your GP about removing specific records from online visibility, so anything related to domestic abuse would not be seen if someone else were to access your records. Also consider if there are other records that your abuser could monitor like injuries, mental health treatment, contraception, or sexual health records. It’s important to note that these may be shown on your record as not available for online access.
- Consider that your address may be shown in your online records so if you need to ensure your abuser does not know your location, ask your GP to use the “104” code to block your records from automated access.
- For anyone under 16, someone will still need to go in-person to the GP practice but if you have children, then it may be worth going to your GP before they turn 16 and asking for their records to be blocked from automated access using the “104” code as well.
- If you think someone else has access to your online medical records, you could change your password to prevent this. This should be a strong password like three random words put together (for example, OrangeRoseKoala or LeftStitchDoor). The longer and more unusual your password is, the harder it is to crack. It’s important to log out after you’re finished.
If you have any questions about this process or need support, you can talk to a fully trained female support worker through Live Chat.
How to tell if your device has been hacked
It can be hard to tell if a device has been hacked but here are some things to look out for:
- The device is running slowly
- The device keeps rebooting
- Your battery runs out quickly
- Excessive data use
- The device gets very warm
- Apps start automatically
- Emails report logins from unusual locations or devices you don’t recognise
- Unexpected messages from apps
- Someone receiving messages you haven’t sent
If you’re concerned about this, you can review the apps you have installed to see if someone else has installed something without your consent. Here’s how to find the full list of apps on Android, Windows or Apple. You should repeat this process with any children’s devices in case there has been parental surveillance apps installed.
You can also reset your device. This will immediately stop sharing with all people and apps, and you can change your password and emergency contacts here. People may notice if they no longer have access to your information so, please consider when it might be safe for you to do this. This will also potentially remove digital evidence of the abuse so it can be helpful to talk this through with a specialist beforehand.
If you need to talk this through with someone, use a safe device (for example, a friend’s, work phone or library computer) and contact a Support Worker through our Live Chat.
You can submit a cybercrime report online to ActionFraud. If you register as a user, you can save and resume a partially completed report, track progress, add information and receive email updates. These reports will be sent to the National Fraud Intelligence Bureau and may be distributed to a local police force if there is enough information to take action. If you have any questions about reporting and what that process might look like, you can talk this through with a fully trained female Support Worker via Live Chat or by email.
It is understandable to want to remove evidence so you’re not reminded of it, but collecting it helps to show abuse over time. The evidence can’t be edited or manipulated in any way and it needs to be documented systematically, in order, in a secure way. It’s important not to put yourself at risk to gather evidence, don’t take any steps that could alert someone that you’re doing this. If you are considering gather any evidence, legal advice could be really important. For help with this, you can contact Rights of Women’s criminal law advice line.
Documenting evidence means you can accurately record abuse as it happens. This could include keeping a log of incidents, printing out emails or call records, taking screenshots of texts, social media posts or messages, voice messages. These could include admissions of abuse, threats of violence, or photos you did not consent to. It’s important to do this as soon as possible as an abuser may “unsend” messages or delete proof of the abuse.
Here is how to take screenshots on:
Make sure any email printouts include the sender, recipient, date and time, and any text messages include the message, contact information, date, and time. With social media screenshots, it’s important to include the full URL at the top of the window, as well as taking screenshots of the abuser’s profile so you can show who this is from
It’s important to store evidence in somewhere that your abuser isn’t able to access, for instance, creating a new email for this purpose, having a backup drive or USB to upload important images, using a password-protected journal online (with a password they do not know), hiding printed evidence somewhere they will not look, or a combination of these to protect what you’ve collected if these are discovered.
If you keep a journal, you can use this to log incidents as they happen. Information that may be helpful to include could be: who the abuser is, what the behaviour is, when it happened (date and time), where it happened (URLs, details of online accounts), witnesses, any other relevant information.
If you have found a hidden camera, microphone or tracker that shows you’re being monitored, it can be really tempting to get rid of it, but this can alert your abuser that you are aware of this, and it can stop you from being able to document it. It may be useful to ask the police to document the evidence before removal, or to talk to a support service about your next steps. You can contact a fully trained female Support Worker via Live Chat or by email. When you do this, it’s important that you specify if the device you’re using is safe (for instance, a computer at work or the library). You can also find your local service in the Women’s Aid Directory and contact Rights of Women’s criminal law advice line for information about obtaining legal advice.
Additional steps to protect your devices
You can set up each of your accounts with a strong password like three random words put together (for example, OrangeRoseKoala or LeftStitchDoor). The longer and more unusual your password is, the harder it is to crack. It’s important not to use anything associated with you (e.g. names of children or pets, birthdays) and to log out whenever you’re finished.
It is also helpful to use a password manager which will safely secure your passwords. This means you can use unique, strong passwords for each account, and you don’t have to remember all of them. It’s safer to do this than to save passwords to your browser as you can log out of your password manager (this will be the most important password to remember) and this way your abuser won’t be able to log in as easily.
Turning on two-step verification helps to keep your accounts secure. When you’ve set this up, you’ll be sent a notification when someone tries to log in to that account. If it’s you, then you can use a fingerprint, face scan or code sent to you to access your account. If it’s someone else, this stops them from being able to log in so you’ll be much safer online.
Shared mobile plans – if you have a shared mobile plan then other members of the plan may have access to your location, call or messaging activities, contact your network provider.
You can manage your family sharing settings.
iPhones – Settings – Privacy & Security – Safety Check – Manage Sharing & Access
You can manage access to your location, find out which apps have access to what data about you (e.g. microphone, camera), what devices are signed in with your Apple ID, which trusted phone numbers are set up for the verification process, your passwords and your emergency contacts.
For further details on security and privacy, check Apple’s Personal Safety User Guide and their other resources:
For further details on security and privacy, check the Android Safety Centre.
If an abuser knows your Wi-Fi password or can access your router, this could mean they could access the network even if they are not in the property. Changing the password can prevent them from having further access, particularly if the router still uses the default password from the provider. If you need help with this, you can contact your internet service provider who can talk you through the process:
- BT 0800 111 4567
- PlusNet 0800 432 0200
- EE 07953 966 250
- Sky Broadband 03442 411 653
- Virgin Media 0345 454 1111
- Talk Talk 0345 172 0088
- Vodafone UK 08080 034 515
- Shell Energy 0330 094 5801
- Glide Student 0333 123 0115
- Zen Internet 01706 902001
- Ask4 0114 303 3200
- KCOM 01482 602 555
If an abuser knows your login details, they can remotely access smart devices like TVs, smart locks, doorbells, CCTV cameras, and more. You can secure your smart devices by changing the username, using a strong password and multi-factor authentication. It can be worth resetting all the smart devices in your home, as well as the router’s Wi-Fi password so devices linked to the router cannot be accessed without the new password. Before resetting, consider whether you may need this digital evidence of the abuse for reporting, or if an abuser may notice that they no longer have access and may escalate their behaviour.
If you don’t know the password or can’t access the account, you can check to see if there’s an option to ‘reset’ the device on the support area of the manufacturer’s website. Here are some resources for the most common smart devices:
- Google Home – sharing settings, review your Google activity, reset your devices
- Alexa – remove an adult from your Amazon Household, review your Alexa Voice history, reset your devices
- Yale Smart Locks – set access levels, reset your devices
- Ultraloq Smart Locks – manage users, reset your devices
- Ring devices – edit or delete Shared Users, reset your Ring Doorbell
- Nest – remove access to your Nest home, reset your Nest camera or doorbell, reset your Nest thermostat
- Honeywell smart thermostat – remove access from another user, reset your device
Scammers may try to gain your trust by pretending to be someone you know or using details about you online to make a message seem more legitimate. Find out more about how to spot scam messages or calls and how to report them. It’s best to avoid opening attachments from senders you’re not sure of, or clicking on links on suspicious messages like this.
If you want to keep documents safe and secure away from a device you’re currently using, one of the ways of doing this would be to back up the data to the cloud or an external hard drive. This could mean that you have a safe place to store logs of what’s been happening, or you can save important documents and photos if you’re planning on leaving. It’s important to ensure that your abuser does not have access to a cloud account or that you hide the external hard drive in a place you’re sure they will not find. Find out more about backing up your data here.
Applying updates to apps and your device software as soon as they’re available helps to keep your device secure. These updates often include protection from viruses and malware so it can be good to turn on ‘automatic updates’ in your settings if this is available.
Most phones can be set up to send your latest location to emergency contacts and call local emergency numbers. This can be done on both Apple and Android, but it’s important to remember that if one of your named emergency contacts is an abuser, you may want to update (or remove) this information so they are not informed of your location or you contacting emergency services.
Further information and support
Chayn’s Do-It-Yourself Online Safety guide is available in multiple languages: English, Arabic, Spanish, French, Farsi, Pashto, Urdu, Russian and Italian. This provides information for survivors about how to protect yourself and the technology you’re using.
You can contact a fully trained female Support Worker via Live Chat or by email. When you do this, it’s important that you specify if the device you’re using is safe (for instance, a computer at work or the library).