How to: Manage Your Digital Footprint
Search for your name in any search engine and you’ll likely encounter dozens of results, some of which might include personal information like addresses, email accounts, usernames, or family members. Each piece of information is often public and not typically seen as harmful. But together these parts of your identity make it much easier for a bad actor to target you and your loved ones for harassment, phishing, stalking, and more.
Most information available about people online is typically found in two places. The first is a site where you posted data voluntarily, such as your pictures and videos on social media, comments in user reviews and forums, and even classified postings for items you’ve sold.
The second is a data broker. These companies subsist entirely off collecting personal information, repackaging it, and selling to the highest bidders, Collected information can include your address, phone number, details about your family members, and more.
You cannot protect everything all the time, nor does everyone need to run through the same risk assessment over personal information online. But you can manage this data once you know what’s out there and what your needs are.
For example, someone who is concerned about targeted harassment, but must maintain a public profile for their work or activism, may have different needs than someone who rarely uses social media and just wants to protect themselves from identity theft.
This guide will walk you through why you should care about your digital footprint, the ways data is collected, and what you can do about it.
Why Do This?
The reasons why it’s worth taking the time to manage all this data are plentiful, but also depend on your needs. Some considerations include strengthening protections against:
- Doxxing: You may have seen the word “doxxing” used in a variety of contexts, but it’s essentially when a person collects information about an individual like your personal address or email accounts, then packages this information together and releases it for the purpose of causing harm. The collected data may lead to a coordinated harassment campaign that operates both online and offline, and may lead to threats to people’s safety. For more information about doxxing, find our blog post here.
- Phishing: Phishing attacks are designed to trick you into clicking a link, opening a document, or revealing your username and password so that others can remotely control your device, steal information, or spy on you. Some of these techniques are more generalized for a wide population—like the scams asking you to click a link to pay for a toll road or about fake jobs on LinkedIn, but others, usually called “spearphishing,” are targeted to specific individuals. Sometimes, the information that helps target these attacks—including details like an address, family members’ names, or even information about what type of device you own—is gathered by simply searching online.
- Stalking: The abundance of information that’s available about everyone online makes identifying and stalking someone much easier than before the internet. Someone may be able to easily track down an address and phone number, or that same information about family members.
- Identity theft and fraud: The more information that’s available about everyone, the easier it is for scammers to steal your identity and commit fraud. A scammer may be able to piece together information like the answers to secret questions based on your social media profiles, like the name of your first pet or your high school mascot, or even forge some types of documents using publicly available information.
How Do I Protect Myself?
The best time to take steps to protect yourself is before anything bad happens, because once this information is in the hands of bad actors you have far fewer options. It’s best to try to make that information hard to find in the first place—and we’ve got you covered on how to do this. Here are some steps to consider taking.
Start with a Strong Personal Security Baseline
The steps to protect yourself will be less useful if your personal accounts aren’t secure to begin with. If a bad actor, such as a stalker or ex-partner, can get into one of your important accounts, like an email or social media profile, they might be able to gain access to all sorts of the same sorts of private information you’re trying to prevent from getting out to everyone.
So, before you do anything else, establish a strong security baseline: use unique passwords (a password manager helps simplify this) and set up two-factor authentication for your online accounts to add an extra layer of protection when logging into your accounts.
We also recommend adding our install-and-forget tracker blocking tool, Privacy Badger, which lets you browse in peace and stops the sorts of web trackers that compile information about your habits for advertising purposes and for data brokers. It is also worth removing your advertising ID on your phone to help prevent some tracking there, too (directions for Android or iPhone). This way less information about you is available for purchase and it helps stop corporations from profiting from your online activities.
Doxx Yourself
The best way to see what information people might find about you online is to look for it for yourself. This is as simple as opening up a search engine and entering your name/nickname/handle/avatar and seeing what comes up. It can also be worth searching for your address, phone number, and email addresses directly to see what's out there.
It’s best to do this in a private browsing window or a separate browser than the one you normally use to ensure you’re not logged into any accounts that might skew the results (like a Google account). It’s not just searching your name though, you can dive even deeper with search operators to find information that’s deeply hidden. For a list of these search tricks, check out Reporters without Borders’ guide.
If you’re interested in digging even deeper, there are a number of useful tools to help you do so. For example, OSINT Framework links to a variety of tools for doing these kinds of more comprehensive searches. We recommend starting with the username, email address, and social networks sections.
It’s common to be overwhelmed by what you find: there can be much more data about you than you expected available online. If it feels overwhelming, remind yourself that this is normal, and that you are on your way to reducing that information and taking the necessary steps to protecting yourself. Take note of any pieces that strike you as high priority to deal with. Keep track of what the information is and where you found it.
Another approach to consider is holding a get together with trusted friends or family and doxx each other. Others might think of alternative ways to search for information about you, might recognize data you consider harmless as potentially dangerous, or recover data you’ve totally forgotten about.
Minimize Your Publicly Available Data
When you searched for your name online, you may have found your information on several “people search” sites that list your address, phone number, email addresses, and other personal information.
This data is usually assembled by data brokers. The information they gather is often from public records and online trackers, and augmented by commercial transactional data.
Data brokers pose a significant risk. Because the data broker industry uses targeted surveillance combined with information captured from public records, they provide extremely detailed datasets for whoever wants to purchase them. These datasets can provide surveillance access for law enforcement, and can feed directly into the risks posed by doxxing campaigns.
None of this information is secret, and most of it is not necessarily damaging on its own. But pulled together, it can form a comprehensive picture of a person’s life.
You can ask each of these companies to remove your information through often complicated, multi-step processes. For a list of these companies and directions for removing data, check out journalist Yael Grauer’s data broker opt out list. Doing this manually is possible, but tedious. Most sites will require you to confirm an opt out through an email, and you’ll often need to do this multiple times over the years, as the information is often repopulated over time.
For a simpler—though more costly—approach, professional services like EasyOptOuts and Optery claim to help minimize the data available about you online from these data brokers and similar sources. Beware that data brokers work by continually scraping public records and repopulating their data, and so services like these can require ongoing subscriptions to be most effective. They also cannot (and do not) promise comprehensive coverage across all possible sources. Research reviews of these types of these serviers and consider whether they can successfully target the data sources you are most concerned about. For some people, it may be worth taking some of the DIY steps for the most problematic results, then using an automated service for everything else.
Some U.S. states offer “address confidentiality programs,” sometimes called “Safe at Home.” These services essentially act as proxy addresses for your home, relieving the risk brought on by property records, voting records, and data brokers that may make that information available.
Audit Social Media Accounts
Make a list of every social media or forum account you’ve had over the years so you can review any public facing information in those accounts. If you use a password manager , take a look through the accounts inside the password manager to come up with this list to investigate.
Next, review the account settings in each of these accounts to ensure you’re comfortable with the privacy options. It can be useful to think about how you use these accounts and who you want to communicate with. For example, it may make sense to keep a LinkedIn account public while you’re job hunting, but if your Instagram profile contains personal photos of your life, consider making it private. If you do not use your social media account for any sort of public communication or activism, it may be best to make it private.
For more information on specific settings, The New York Times maintains a useful checklist for settings to consider changing on all the popular social media services.
Remove Yourself from Google Results
Google has a couple ways to monitor and control the information that’s displayed about you on Google Search. First, head to the “Results about you” page, then enter your information. Once set up, you’ll get notifications if some new types of information about you appear in Google Search.
If you find results that include personal information like a phone number or address on Google Search, you can also ask the company to remove those results by following these instructions. However, note that if Google approves your request, that doesn’t mean the website that hosts that data deletes anything. It can be found through other search engines. But this process can still be useful since Google remains the most popular search engine.
Some External Resources
Removing personal information is a bespoke problem and solutions vary based on your needs and your location. There’s no one-size-fits-all checklist or guide, but a number of external resources exist that can help you build your plan according to your needs:
- PEN America’s Online Harassment Field Manual provides practical tips for ways to deal with doxxing before, during, and after it occurs.
- The Washington Post’s checklist includes a number of steps you can take on various social media sites to minimize the data that’s available.
- The Coalition Against Stalkerware’s “Resources” page includes resources in different parts of the world that may be able to assist with potential spying or stalking.
- Consumer Reports’ Security Planner has a wide range of basic security and privacy tips that can help with your personal data hygiene.
Whatsmyname.app is useful for checking known usernames across various social media sites (and is also useful for spotting impersonation attempts).