It used to be the coolest thing to find yourself online. In the early years of the Google search algorithm and advanced cookies, programmatic advertising, and other “innovations”, there was a legitimate cool factor and novelty to being found, being seen, and being catered to online.
Now, it’s a liability of sorts, to have all your information online. To have your network potentially compromised, and the digital footprint you worked so hard to curate at risk of unwittingly exposing personal information to criminals, stalkers, hackers and others, is not a fun idea.
This article is about understanding how a digital footprint works, how the internet works and how persistent personal data in online services can be dangerous for you if you are trying to be more security focused.
Here are the best practices from this article to try to help you if you’d rather not read this article in its entirety:
- Audit what exists online about yourself so you know where you stand
- Delete old accounts, severe automation with companies you no longer utilize daily, consolidate email accounts, and adjust privacy settings on your social accounts.
- Use unique, sophisticated passwords that are not used anywhere else; preferably through a password manager that requires MFA to access/update.
- Use MFA (multi-factor authentication) in every possible way that makes sense.
- Only use properly secured and private internet access – preferably from places you know and can control.
- Know how to identify credibly, properly administered websites and limit yourself to transactions on sites that adhere to best practices for security/patches/updates
- Never interact with suspicious links, emails, or attachments
- Delete old accounts, and accounts not used regularly, and update apps and versions to the safest versions
- Monitor breaches, be ready to act quickly to change your passwords, and work with reputable companies
These are not a comprehensive collection of best practices, but they are a good start – we invite you to read further to get the theory and education behind these 9 list items.
Now for the background behind these best practices
What Is A Digital Footprint?
A digital footprint is the trail of data that you leave behind as you use the internet and digital devices. This can include your online activities such as searches, website visits, social media posts, online purchases, and more.
Essentially, your digital footprint is a record of your presence and behavior on the internet, and it can provide information about you to others, including companies, advertisers, and potentially even governments.
It is important to be aware of your digital footprint, as it can impact your online privacy and security. Additionally, your digital footprint can be a permanent record, so it is important to think carefully about what you post online and to be mindful of your online behavior.
The idea of permanence is sort of convoluted online – we will touch on that a bit later in this article – but this is certainly possible – to have “eternal” records stored online that include your information, even if this information is inaccurate or harmful.
How Does The Internet Work?
The internet is a vast network of connected computers, servers, and other devices that communicate with each other to exchange information. At its core, the internet is built on the idea of data transmission and exchange between interconnected devices.
Here’s a simplified explanation of how the internet works:
Devices: Computers, smartphones, tablets, and other devices connected to the Internet can send and receive data.
IP Addresses: Every device connected to the internet has a unique IP (Internet Protocol) address, which acts as its digital identity.
Routers: Routers are devices that direct the flow of data between networks. They receive data packets from one device, read the destination IP address, and then forward the data to the next router closest to its destination.
Protocols: The internet uses a set of standardized protocols to ensure that data is transmitted and received correctly. One of the most important protocols is the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol, which is responsible for breaking data down into small packets, transmitting those packets over the network, and reassembling the data at its destination.
Servers: Servers are specialized computers that store and serve up websites, applications, and other online content. When you request a web page in your browser, your device sends a request to the server hosting that website. The server sends back the requested information, which your browser then displays on your screen.
The Cloud: The “cloud” refers to remote servers that are accessed over the internet to store, process, and manage data. Instead of running applications and storing data on a local computer, many people now use cloud-based services to access their information from anywhere with an internet connection.
This is a basic overview of how the internet works. There are many more complex processes and technologies involved, but this provides a general understanding of the key components and how they interact to enable the exchange of information over the internet.
Be Careful of The Information You Give Online
Once upon a time, bandwidth, storage, servers, programming, and other component parts, whether hardware, software or skills-based, were expensive. Now everything on the internet regarding actual infrastructure is incredibly cheap in comparison.
It used to be too expensive to maintain databases on line if they were too large – and hardware was used locally to stage these databases and calls to the database when needed were easier than trying to host the database over the internet (cost wasn’t the only factor, but it was very expensive – and that’s the point of this exercise).
Now anyone can spin up a website in minutes and pay $5/month for a significant amount of bandwidth, storage space and capability out of the box. Whole programs to run datasets, compute, render and produce websites are available open source, pre-packaged and easy-to-install and maintain.
What’s the point? If someone wants to host information indefinitely, they can easily. And there is no internet police to ensure that ethics, standards or best practices are maintained. So we have to be careful how much information we allow to go out onto, and remain on the internet that pertains to personal information or ancillary information that can help criminals or other bad actors take advantage of us online.
Why Know What Information Is Out There About You & How To Protect Yourself
How Digital Footprints Can Hurt You
Hackers could exploit the information left behind, or used on insecure connections or poorly maintained websites. Included in this mix of potentially harmful remnants of our digital footprint, and ways these pieces can hurt us are temporary cache files, IP address leakage, in-the-clear DNS and WebRTC queries, traffic correlation, browser fingerprinting, accidental Clearnet leakage, and stylometry.
But let’s not get too “in the weeds” about how the nuances of the internet protocols and networks change and can all be exploited at some level – instead let’s just state – there are a lot of ways that you can be vulnerable on the internet, so plan accordingly.
Insecure Websites, Insecure Wireless connections, and Open Wifi
Understanding and remediating your Digital footprint is just one part of the solution. The biggest culprit from a ‘devastating your life’ perspective is probably an active attempt at harvesting monetizable value from your information online.
So from a holistic “digital footprint” concept, this is stuff like XSS (cross-site scripting) and other methods, Phishing, and other exploits that attempt to steal your information and take credentials or access your private data, financial information, or login information.
XSS and Phishing are exploits that target websites that are minimally secured or out of date on protocols and tooling. Phishing is a method that attempts to get you to willingly give up information via email (or through other means) by seeming like a legitimate request for the type of information while being perpetrated by a bad actor.
So here are some rules:
- Don’t visit sites that throw red flags on your browser or which seem exceptionally out of date
- Use more complex passwords, and avoid saving them in browsers
- Use multifactor authentication where possible to ensure a greater level of security
- Don’t reply to suspicious emails or download/open a link, or interact with links on emails that are not from trusted sources – or even if they are – if they are questionable – reach out and verify the source and the specific request with the person in real-time.
- Use an up-to-date browser, and avoid tons of internet accounts. If you no longer use the services of a website – remove your account credentials and ask for a cancellation of the account.
How Hardcore Do I Need To Be To Keep Myself Safe Online?
Nefarious Hackers and Ethical Hackers (this author adopts a Penetration Tester’s daily workflow more often than not), sometimes go extreme. We may source used laptops, that are then linked to VPN’s, hosting accounts, and software paid for with crypto, loaded onto prepaid cards, and connect through open wifi connections, just to avoid easily being detected, or to avoid prosecution. You don’t have to got hat hardcore.
But the concepts are the same – you want people to see you as anonymous on the internet when possible in order to leave a sparsely populated digital footprint.
VPN’s aren’t the be-all-end-all. But they are sufficient to help mask locational data.
Paying with prepaid cards or cash equivalents isn’t necessary all the time – though they have their benefits in sketchy scenarios that require money transfer. Most websites that deal in two way financial relationships require KYC (Know your customer) data collection/identity confirmation – they are also some of the best protected datasets and websites on the planet so they pose less risk outwardly than other websites.
The biggest susceptibility is transacting with bad actors unwittingly. This includes being hacked on the network. Some rules to ensure this doesn’t happen:
Don’t connect to open Wi-Fi if you can help it. Certainly don’t enter credentials on sites while in those connections – browse as a guest or find a more secure internet
Use a password manager, and use a sophisticated password of more than 12 characters (more if you can do it)You can even use something that strings a phrase together with unique symbols or numbers as the separator. Make sure you have a hard to use password – and that you don’t share it
Use a different password for your accounts which have personal or financial information online – that is: never use the same password on two of these types of sites or more
Use Multi-factor authentication
Use updated apps, websites and work with credible companies that take security seriously
Delete unused apps, unused accounts, and remove account information from old devices and reset to factory settings
Keep alerts on dark web findings for breaches you may be a part of – as well as setting up an alert for data breaches in general, so you can be more proactive about changing passwords
What Are The Tools I Need To Stay Secure Online?
Information is the biggest tool. It has the most impact. For instance many people don’t know simple things like: Passwords matter, and must be changed when breeches occur, and must be more sophisticated, but usernames are almost never important in the grand scheme of things.
BUT: usernames matter if you have a targeted attack against you individually, because they can help an attacker round up information about you collectively.
Knowing how to recognize a suspect email, or a badly outdated website by using multiple informational points will help keep you safe.
Knowing how to utilize a password keeper, and how to change passwords properly, and how to manage your digital footprint from a day to day perspective is powerful.
Here are some tools:
- MFA (Authy, Google Authenticator, Yubikey, etc.) tooling whether hardware or software based
- A Password Manager (LastPass, Bitwarden, Keeper, etc.)
- A decent alert system/monitoring product (Equifax, Experian, etc.)
- A routine – changing passwords and monitoring for breaches
- Security Awareness training (you can find some things online at places like youtube, but could also study for a test like the CompTIA Security+, or get it through workplace programs or online educational portals like O’Reilly)
Some notes: Yes – Breaches happen to password managers, banks, and other institutions that you wouldn’t think are easily breached. And that doesn’t make them bad, but you must be aware of how this works and how to mitigate concerns afterward. These are better than not having them in place, even if a breach happens.
Digital Footprint Cleanup Overview
A full audit of your current situation regarding your digital footprint and online accounts/passwords/automations.
It’s as simple as that. You cannot improve until you know where you stand. And you WILL BE SURPRISED how much you will find that you forgot was still there. Here are some good places to start:
Delete Old Email
Email accounts are a gold mine for sensitive personal information, and they may allow hackers to reset passwords on third-party sites that users have forgotten about.
This might allow them access to those services and additional information, which they could then use to conduct phishing attacks to harvest more information from the victims.
To delete previous email accounts, you must first log in with a valid username and password. However, not everyone remembers their email password for a ten-year-old account. As a result, you’ll need to contact the email service provider to request account credentials.
If an email account is not utilized for a certain period of time, some email services providers, such as MSN or Yahoo, will erase it automatically. Otherwise, you’ll have to log into the account manually to remove it permanently.
Delete Data Brokers
These brokers never ask for our permission or agreement before collecting our personal information, but they do so nonetheless to profit from it.
Some companies specialize in brand management that charge for annual “protection plans” that ensure the removal of personal information from data-broker services.
Delete Old Accounts
If you signed up for any forum or anything, delete all of those accounts if you don’t use them. It would help if you deemed small-medium-sized sites to be less trustworthy.
And most of all, if you have any social media account and want no digital footprint there, delete all of your accounts.
To completely delete all social media profiles, you’ll need to log in to each one. All of the main social media platforms, including Facebook, Instagram, Twitter, and TikTok, claim to remove your information as soon as you delete your account.
While we don’t know if this is accurate, the best thing we can do is remove the accounts and make sure no other accounts are active. It may take a few weeks for the content to be removed from Google search results once it has been deleted.
We enjoy free apps, but we must remember that downloading them is still a transaction. We consent to provide these corporations with our personal information, such as online habits and location data.
Once such information is public, it is gone and likely to be sold to other businesses.
Use Safe Browsers
Suppose you wish to stay under the radar after removing previous accounts. In that case, I advocate using a platform like the Brave Browser for general internet browsing and using search engines like Tor (integrated with Brave) wherever feasible.
Both of these systems are based on the protection of personal information.
Use Ad Blockers
Although Brave Browser has a built-in ad blocker, if you aren’t using that, I highly recommend you download Fair Adblocker for free at the Google Extensions store. Just make sure to allow Defiel!
This will prevent you from joining up for promotions, newsletters, or phishing schemes that collect your personal information and use it against you.
While erasing your local Web browsing history ensures that no one can see what you’ve been searching for, it won’t prevent your ISP from keeping track of your visits.
Everyone’s online traffic must pass via their Internet Service Provider’s servers to access the Internet. This allows your ISP to see which websites you’ve visited.
As a result, erasing your Web history locally does not prevent your ISP from accessing your whole browser history.
Depending on where you reside, your ISP may be collecting your web surfing history and the information from all of your digital communications to send it over to government officials.
It is critical to use a Virtual Private Network (VPN) at all times to ensure that your online privacy is protected.
A VPN scrambles all of the data that comes and goes from your devices as it passes through the ISP servers. The ISP will no longer be able to see which websites you are viewing due to this.
Many of the applications we use nowadays will ask for access to your phone’s location or contacts before allowing you to use them.
For example, Yelp will ask for your location to find nearby restaurant options; nevertheless, Yelp will track your location as long as it is permitted. Switching from ‘Always Allow’ to ‘While Using the App’ is one approach to avoid this.
This is more difficult than it appears. Ideally, you should establish a commercial mail agency address and use it for all correspondence rather than using your personal address. Bills, bank accounts, credit card accounts, and even driver’s licenses are included.
Any of your bank accounts will report your address to the three major credit bureaus, and they should all be aware of your change of residence after a few months. Then you must file a dispute with all three organizations until your old home address is removed from your record.
The Idea Of Permanence Online & Records That Are Difficult to Remove
It’s important to remember that every single company you interact with and share information with, including medical or private health information, financial information, and other highly important data, has a backup record of that information connected to the internet in some way.
Most companies have very few reporting requirements and securitization requirements and face little to no consequences if there is a breach where this information is hacked into or leaked. At least as long as they weren’t involved in the leak/hack or can prove that it was not a material shortfall in the required minimums.
The idea of permanence is odd on the internet. First of all, even if someone somewhere is still hosting information, it still has to be found. There are billions of websites. It’s pretty difficult to get ranked in competitive keywords on Google, and search engines are relatively bad at indexing esoteric information.
That said, because it’s so cheap to host data live on the internet in real-time – if someone knows certain things and how to search for connections between those esoteric pieces of data, your information can easily be conglomerated into something more damaging.
Because many of us at one time at least, WANTED to be indexed or wanted access to social media sites and put out information about ourselves into public forums, etc., some of that information lingers on. And with some pieces obtained on the “dark web” or through hacking or putting social engineering efforts into it, this information can provide insights that leave us vulnerable.
It should be known that sometimes websites are not run by ethical or professional organizations. You could have inaccurate data about you online, and some of that information can be nearly impossible to get removed or corrected, even if you can prove that you have done nothing to warrant the information.
Alas, it’s important to do what you can and utilize progressive legislation, such as DCA takedowns and other state and national laws and industry options. In the wake of the release of ChatGPT and other AI-assisted and AI-driven tools for web search, the options for remedying inaccurate information about you as an individual will likely be increased, even if there is a whole paradigm shift about how the search will shake out.
Now, back to reality: search isn’t the entire internet. Email, social media, web3, IPFS (and other network-based architectures seeking undeletable/immutable data on shared systems), and a host of other remnants and services make up a much broader place where information can hide. The more information there is about you – the easier your digital footprint is. And you’ll do well to explore beyond simple search and social metrics to help protect data from being compiled in order to harm you.
A breach of your data is not an “IF” situation, it WILL happen at some point. Be prepared to handle it in the most aggressive and proactive way possible.
But as a prepper, you know that you are ahead of the curve – so enact the best practices now, and minimize your worries, improve your ability to react, and learn how to further adopt a security first mindset with internet usage and identity protection online.
The most important things you can do are utilizing great passwords, multi-factor authentication, questioning everything, and working only on secured, private networks you can control, while working only through vetted, stable, security first websites, apps and softwares.
If you do these things, you are doing everything you can on the baseline to keep yourself protected and to curate a properly protected digital footprint.
Now, we hope you learned something from this article, and if you liked it, please consider following us on Facebook, Twitter, Pinterest, and Instagram. Also, consider sharing this content and subscribing to get 100+ free survival ebooks.
If you liked this article, check out these too: