privacy
It’s frankly concerning just how much online services — and people we’ve never met — know about us. In fact, most of this data lands online because of us: the average internet user has dozens of accounts — if not hundreds.
That’s why doing a vanity search on yourself is so useful and eye-opening. Think about it: your digital footprint has been building up for years. Social media, message boards, old marketplace listings — everything you’ve ever typed is just sitting there, waiting to go off like a ticking time bomb.
Carelessly posted photos, videos, or even old comments have been known to go viral years later, causing serious retroactive problems for the poster. You might be thinking, “Who’d even care about me?” Well, trust us, plenty of folks would. This ranges from angry exes, advertisers, and scammers, all the way to potential employers and government agencies. HR departments routinely deep-dive into candidates’ histories before hiring. Furthermore, data found by using shadowy services that search for information leaked in data breaches is frequently used for doxing and harassment.
So, if you don’t manage it, your digital footprint can unexpectedly come back to bite you. Sure, it’s impossible to erase it completely, but you can certainly try to minimize the amount of information available to everyone. Today, we talk about how to scrub your digital footprint without sliding into full-blown paranoia. (Actually, we’ve got a few extra tips tucked away for the truly paranoid among you too!)
Start by googling yourself regularly
First things first: enter your first name and surname, email address, and main usernames into a search engine and see what pops up. Beyond doing manual searches, there are several useful tools that can help you find your account details across dozens, if not hundreds, of services and sites — most of which you’ve probably forgotten about. Some examples:
- Namechk is a service designed to check the availability of usernames across more than 90 social networks.
- Web Cleaner lets you search for yourself across dozens of search engines without having to manually enter the query into each one. What doesn’t show up in Google might easily be discovered on Bing, Yahoo, and others.
Why egosurf? By searching for yourself, you’ll first see exactly where you once registered (and perhaps forgot about), and second, you’ll be able to check for any fake or impersonating accounts using your name. If you do find an imposter account, contact the website’s support team and demand they remove the fake profiles. Be prepared to verify your identity to the support agent, but remain vigilant: there’s a risk of phishing scams that exploit the KYC (Know Your Customer) verification process.
Get rid of old accounts and posts
Once you’ve dealt with the fake accounts and compiled a list of your genuine ones, it’s time to delete the superfluous and outdated ones. The fewer dead accounts online holding your personal data, the better. Don’t rely entirely on the initial search or your own memory. Dig deep into your email archives to see which sites and services message you as their user. You can also review the list of saved passwords in your browsers or password managers.
I once discovered an account I made — on a gun forum, of all things — which I’d used only once to message another member. While those specific details might not have made me easier to hack, an attacker could easily have extracted the password from that old, likely vulnerable message board platform. If I had reused that password elsewhere, I’d be in trouble. This is exactly why you should set up a unique password for every new account and store it securely in a reliable app.
To quickly tackle old accounts, check out the open-source service Just Delete Me. It even has browser extensions for Chrome and Firefox. This tool shows how easy or difficult it is to delete your information on specific websites, helping you decide if the effort is worth the reward.
Dealing with shadow profiles
Unfortunately, the accounts you’ve registered are only half the battle. Sometimes social media sites generate shadow profiles containing data on you that may persist even after you delete your account. These profiles can include information you never directly shared with the service. For example, you might have granted the Facebook app access to your phone contacts without ever importing them into your account. All the data from your address book could end up in that shadow profile.
Even more unsettling, sometimes these accounts get created for users who’ve never even registered with the service, by gathering data from other platforms and open sources. While it’s nearly impossible to completely prevent shadow profiles from being created, you can definitely minimize the damage. Go through your old apps, and revoke their access to your sensitive data — things like your camera, photos, contacts, location, and so on. Going forward, meticulously monitor which permissions you grant to each new app.
If you discover that your Google, Apple or social media accounts are still linked to a third-party service you haven’t used in ages, go ahead and unlink them. These old connections always increase your risk of a data breach or leak.
Invoke your right to be forgotten
If your searches turn up links to compromising or false information about you, you can utilize your right to be forgotten. This right was established in Europe in 2014 with the introduction of the GDPR, and similar concepts exist in other countries.
Submit a request using the dedicated forms provided by search engines. Google, Bing, and others have these available online. Some search engines lack a transparent mechanism for removing personal data, so for those, you can try reaching out through their customer support chat.
While this cleanup of search results won’t actually remove the data from the original website, it will make the information significantly harder for the average person to find. If you need the actual data deleted, you must contact the owners of the websites where the information is posted. The service who.is can help here: it will show you whose name the domain is registered to. From there, it’s old-school OSINT: search for the site creator on social media, reach out privately, and try to negotiate a removal. If a friendly approach fails, you may need to use your country’s legal system as leverage.
Set up data breach notifications
Data leaks happen online virtually every day, exposing massive amounts of personal data: IP addresses, names, phone numbers, email addresses, payment info, and much more. Websites like Have I Been Pwned allow you to enter your email and get alerts if it shows up in a new leaked database.
However, for a comprehensive approach and greater convenience, it’s best to monitor leaks through Kaspersky Premium — we search for breaches using both email addresses and phone numbers. You can add all your email addresses and phone numbers (for yourself and your family) and be confident that we’ll warn you about a breach almost immediately, thanks to the Kaspersky Security Network (KSN) — our global threat intelligence infrastructure.
Unfortunately, preventing leaks single-handedly is an impossible task for the average user. So, the best defense is to limit how much personal data you share when registering new accounts.
Check internet archive services
Perhaps the most popular of these services is archive.org. Information you’ve deleted from other places might still be stored here, as the service takes snapshots of web pages and keeps them even after the original site is taken down.
Send an email to info@archive.org. Include the specific URL you want removed and specify the time period you wish to exclude from the archive. To ensure the data is deleted, explain your situation in detail. Clearly state that your personal data was posted without your consent.
Clean up your inbox
An email inbox overflowing with old messages that contain private information is also part of your digital footprint. Go through your mail using keywords like “password”, “SSN”, or “account”, and delete any emails containing this sensitive data. Unsubscribe from old mailing lists. This lowers the chance that your email address will leak from a marketer’s database. To safeguard the emails you need and to spot phishing attempts in time, use Kaspersky Premium.
Erase local traces
Don’t forget to regularly — at least once a month — clear your browser history, cookies, and cache on all your devices. Alternatively, set up your browser to clear this data automatically when you close it. This lessens the chance of an outsider collecting information from your device if they gain access to it.
On smartphones, you should disable or periodically reset your advertising identifier. Both Android and iOS privacy settings have options for this, which we discussed in detail in our post How smartphones build a dossier on you.
Review your privacy settings
If we were to break down all the privacy settings for every popular service, we’d need an entirely separate blog for that. Wait a second… we have one! The easiest way to check and adjust your privacy and security settings is through our free service, Privacy Checker. It will guide you on how to configure popular social platforms, services, and even operating systems to your desired level of privacy — ranging from the “Who cares about me?” mindset to the “Everyone is watching me” level.
Erase your nudes
If you find your intimate photos circulating online, or if an extortionist is threatening to share them with your contacts, don’t panic. Immediately reach out to StopNCII.org. And next time, only send intimate content to people you absolutely trust. Use secure messaging apps that offer an auto-delete feature for messages. When taking intimate photos, do so in a way that makes it impossible to identify you.
The “paranoid mode” bonus for the truly anxious
- If you want to leave no trace on the internet whatsoever, be ready to go fully offline, or at least severely restrict your digital life. This means no social media under your real name, and an absolute minimum of online services — only the essentials. For details on how to safely restrict your gadget usage, check out our post Digital detox: How to take a safe break from screens.
- Use messaging apps that feature end-to-end encryption and self-destructing messages. For search, use DuckDuckGo or Tor: that way your queries aren’t tied back to you. Ditch Gmail for encrypted email services that don’t require a phone number, like Temp Mail or Proton Mail. For smartphones, use a completely open OS that isn’t tied to Google/Apple (like GrapheneOS).
- To leave minimal digital tracks, rely on virtual machines running Whonix or Tails OS.
- If you know how to work with scripts, you can use them to fully purge your comments from social networks. Open-source scripts exist for platforms like Discord, Reddit, and Telegram.
- If you aren’t satisfied with half-measures, you can declare war on data brokers. These firms collect all available data about you to create a digital dossier, which they then sell. We detail who these brokers are and how to fight them in our post Why data brokers build dossiers on you, and how to stop them doing so.
- Finally, create multiple online personas: this is a radical but effective way to confuse data collectors. Use different names, birth dates and emails for different spheres of your life. Invent a separate alter ego for professional activity (with a clean résumé and neutral posts), and another for personal communication. The less the internet can tie your various activities together, the better for your privacy.
Ready for a safer digital life? We have a few more useful tips for you:
