What’s worth protecting?¶

What is actually at stake in technology-facilitated abuse? Not just devices, and not just passwords. The assets at risk here are the pieces of your digital life that, when accessed or compromised, give someone else control over where you go, who you speak to, and how safe you feel doing either.

The key insight is this: identity comes first. If your identity infrastructure is compromised, everything else follows from it. Devices can be replaced. Accounts can be reset. But if someone controls your primary email address, your phone number, or your recovery credentials, they effectively control the keys to everything built on top.

Identity anchors¶

These are the root assets. Everything else in your digital life is built on or recoverable from them.

Your primary email address is the master key. Almost every other account can be reset via your inbox. If someone has access to your email, they can work their way through your other accounts one reset at a time.

Your phone number is nearly as important. It is used for two-factor authentication, SMS verification codes, and account recovery across most major services. Control of your number, through a shared account or a SIM swap, means interception of those codes.

Government-issued identity (passport, driving licence, national insurance number) matters because it underpins account recovery processes at banks, telecoms providers, and official services where higher-trust verification is required.

Access hubs¶

These are the accounts that themselves control many other accounts.

Your Apple, Google, or Microsoft account is the gateway to an entire ecosystem: your devices, your app purchases, your location history, your cloud backups, your photos, your contacts, and in many cases your work and financial services. Whoever holds access to this account holds access to a significant portion of your digital life.

A password manager, if you use one, holds the keys to every account stored within it. It is highly valuable to protect, and worth auditing for any accounts or access shared during a previous relationship.

Private communications¶

Messages, email threads, call logs, and voice notes. These matter both as evidence (of conversations, agreements, or behaviour) and as intelligence: someone with access to your communications can monitor your plans, identify your support network, and intercept conversations with solicitors, support services, or friends.

Communications are also a target for deletion or manipulation. Messages can be changed before screenshots are taken. Evidence of abuse can be removed. Conversations can be taken out of context.

Location and routine¶

Real-time location and historical movement data. This includes GPS from your phone, cell tower logs, transport card records, fitness app routes, and geotags on photos. Individually these feel incidental. Together they describe your daily routine, your home address, your workplace, your support network, and your patterns of movement.

Location data is particularly dangerous because it allows someone to anticipate your movements, not just monitor them. Showing up somewhere you did not announce is not a coincidence when your calendar is synced to a shared account.

Social graph¶

Who you are connected to: friends, family, colleagues, support workers, solicitors, doctors. Your social graph is both a target and a vulnerability. An abuser can use it to monitor your support network, apply pressure through intermediaries, or send messages in your name to isolate you from people who might help.

It is also the source of your safety net. Protecting it means knowing who has access to your contact lists, your social media connections, and your shared communication groups.

Reputation¶

What others believe about you. This has become a distinct asset class as digital evidence has become easier to fabricate and harder to verify. Your reputation can be damaged through selective use of real content, manipulated screenshots, AI-generated material, fake accounts, or false reports to employers, schools, or social services.

Reputation harm is particularly difficult to recover from because the platforms and institutions that receive false information are not equipped to verify it, and the burden of proof often falls on the person being targeted.

A word on this section¶

You are not at fault for having a digital life. The problem is not the technology; it is how it is used against you.

Understanding what is at risk is not meant to be overwhelming. It is meant to give you a starting point: what matters most, where to look first, and what to prioritise when the whole picture feels too large to take in at once.

Identity first. Then access. Then everything else.