There is now a very thin line, easily broken, which separates our physical and digital identities.
When you apply for a new job, many employers will try to find and evaluate your social media presence to ascertain if you are a suitable candidate. Advertisers will scrape publicly-available information on you, your social profiles, and your search history for targeted marketing.
A misjudged tweet from years ago or an inappropriate Facebook photo can destroy future job prospects or ruin a career. A Google search that reveals an old conviction can make it more difficult to get hired, and — whether true or not — allegations of criminal conduct spread online can cause misery and impact your mental wellbeing and job prospects in the long term.
There’s the idea that once something is online, it is immortal, immutable, and almost impossible to contain. In other words, you should not put anything online you wouldn’t want your grandmother to see in case the consequences damage you or your prospects.
However, keeping your digital information in check is not just about your online information. Monitoring the passive data collection conducted by companies from you is also important.
Abuse, stalking, and bullying may also factor as reasons to erase our digital footprints and seize control of our devices. (If you suspect your mobile device has been compromised by spyware or stalkerware, you can check out our guide for removing it here.)
If you want to take control of your privacy and online data, here are some tips to get you started.
Google and other search engines
The Google search engine, among others such as Bing and Yandex, can be used to uncover exactly what information about you is public and what the average person can quickly find out without the need for advanced tools, social engineering, or Open-source intelligence (OSINT).
Once you know what is online, you can start tackling the problem. Run a quick search and note any website domains that flag you, social media account links, YouTube videos, and anything else of interest.
- Quick tip: To stop your search queries from being tracked, switch to DuckDuckGo.
You may have the right to be forgotten
In the EU, citizens can request the removal of information from Google search results.
After filling in this form, requests are reviewed by Google employees on a case-by-case basis. You must provide the specific URLs you want de-listed, the search queries related to these URLs and you must explain why the tech giant should agree to your request.
“Our professional reviewers will manually review your request. Broadly, the reviewer will consider whether and how the information may be in the public interest and weigh this against your rights under the applicable data protection law,” Google says. “There are several reasons why information may be in the public interest. As part of the balancing exercise, Google looks to a number of different sources, such as the guidelines developed by European data protection regulators.”
Google may not accept every request to remove links relating to you. Reasons given for refusal include technical reasons, duplicate URLs, information deemed “strongly in the public interest,” and whether or not the content on a web page relates to professional lives, past convictions, work positions, or self-authored content.
At the time of writing, Google has received a total of 1.26 million de-listing requests and almost five million URL de-listing requests.
Have I been pwned?
You cannot take control of your digital footprint without knowing where and what information is stored — and potentially leaked.
The Have I Been Pwned service is run by cybersecurity expert Troy Hunt and can be a useful tool to discover if any account information belonging to you has been compromised or included in a data breach.
If you find an email address connected to you has been pwned, check to see what data breaches you have become embroiled in — and make sure you change your passwords as quickly as possible. You won’t be able to do much about the data leak itself, but this also could serve as a reminder of where you have opened online accounts.
Have I Been Pwned
Make sure you visit the Google Account page, where there are numerous settings that can boost your privacy, reduce data collection, or remove you altogether from the ecosystem.
Screenshot via ZDNet
Privacy checkup: The Google Privacy checkup allows users to prevent Google from saving your searches and other Google activity to your Google Account and turn off your location history.
You can also choose to disallow Google from saving web and app activities, Chrome history, YouTube history, voice and audio, and other data. Google has also introduced an auto-delete function for data stored.
In this section, you can also choose whether or not to allow Google to use your information for tailored advertising.
Security checkup: The Google Security checkup can be used to show you which devices have access to your account, including laptops, PCs, and handsets. You can also find a list of any third-party applications which have been granted permission to access your account. Revoke permissions as necessary. In addition, if Google finds an online account with your email and password, you will see an alert here.
Delete me: Found under Account Preferences, Google’s deletion service can be used to delete select products or remove your account entirely. You can also download a copy of all your data.
Google has also revealed plans to tighten up consumer security in the future, with a particular focus on giving Android users greater control over their information, following in the footsteps of Apple and the iOS ecosystem.
For a quick fix, use a service
There are several services available out there in which you can pay to keep your information away from data brokers.
One such example is DeleteMe, a paid subscription service that maintains tabs on data collectors and removes data including names, current and past addresses, dates of birth, and aliases on your behalf.
In turn, this can keep your private information off search results and away from platforms such as open people search databases.
When it comes to mailing lists, services such as unroll.me can list everything you are subscribed to, making the job of unsubscribing from newsletters, company updates, and more far easier.
However, this service is not currently available to those in the EU due to GDPR regulations.
Lockdown your social media accounts or delete primary accounts entirely
Facebook: In the Settings tab, you can download all of Facebook’s information on you.
You should also take the opportunity to lock down your account. In the Privacy tab, you should restrict your posts to ‘friends only,’ limit your past posts, and you can also decide to disallow lookups through your provided email address or phone number.
An important element that shouldn’t be overlooked here is the option to remove your Facebook profile from search engine results outside of the social networking platform.
Under the Location tab, consider turning off location data collection by Facebook, too.
If you look at Apps and Websites, you can also see what is connected to your Facebook account. If you choose to delete these, Facebook can also automatically remove posts, videos, and events the connected service posted on your behalf.
Twitter: Twitter also allows users to request their archive, which is all the information collected from you. This option can be found under the Settings and privacy tab.
In the settings area, you can also choose to lock down your account entirely and make tweets private and only viewable by those with your approval; you can turn off tweets containing location data; you can decide whether or not to allow email and phone number searches to connect others to your profile, and you can choose whether or not to allow others to tag you in photos.
Under the Safety portion of the tab, you can prevent your tweets from appearing in the search results of those you have blocked on the micro-blogging platform. You can also deactivate your account entirely.
Screenshot via ZDNet
Instagram: Facebook-owned Instagram has a number of privacy settings you can also change to maintain an acceptable level of privacy.
By default, anyone can view your photos and videos on your Instagram account unless you are a minor. However, by going to your profile, clicking Settings, Account Privacy, and switching ‘Private account’ on, you can make sure your content is only viewed by those you approve.
Remove everything: A more extreme option is to delete all of your primary social media accounts completely.
In order to do so on Facebook, you can go to Settings & Privacy>Settings>Your Facebook Information>Deactivation & Deletion to deactivate it. This gives you the option to return at a later time and does not delete your data. Your settings, photos, and other content are saved, but you will not appear beyond unclickable text.
Deactivating your account gives you the option to take a break and return later and will take you off searchable results.
However, you can also permanently delete your account. If you have trouble finding this setting, you can also type “delete Facebook” in the Help Center tab.
Screenshot via ZDNet
You are given a grace period to change your mind and log back in. It can take up to 90 days before the deletion of content on your wall and in your account will begin.
To delete your Instagram account, log in and go to the request deletion page. Once you have submitted an answer as to why you are deleting your account, you will be prompted to re-enter your password, and then a delete account option will appear.
Delete and deactivate old accounts
The best security key While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
Do you have a MySpace account? Do you have old, unused customer accounts with e-commerce platforms that you only remember you opened when they send emails that detail recent discounts and deals?
When information such as your name, physical address, telephone number, and credit card details are spread across multiple businesses, should these companies experience a data breach, your data is up for grabs.
Unless the account is one you use frequently, consider deleting it permanently. It is a pain to find, remember credentials, and recover passwords associated with old accounts, but this is an important step in locking down your data.
Remove old social media and blog posts
Is it really necessary to preserve what you had for breakfast one morning in 2017 or your review on a now-defunct retail shop near you? Probably not.
We are all responsible for the information we post online, but it does not have to stay there once it is posted. Effort and time are required to comb through old posts, but the result is worth it, and this may also train you to be more selective about the information you share in the future.
… and if I can’t delete embarrassing content?
Oversharing is never a good idea. However, suppose you have come across embarrassing forum posts or messages that you do not have the privileges required to delete, and the only other option is to contact organizations and webmasters directly?
When you contact them, make sure you include a link to the content you are concerned about, give your reasons, and hope they agree to delete it. However, do not expect an immediate response.
Find your old accounts and deletion options
To find your old accounts, visit Have I Been Pwned, check the lists of connected apps in your Facebook and Google accounts, and if you have a password manager, they will store the credentials of accounts you have used since signing up.
You may have to manually login to each account you want to remove and, depending on the service, delete them from there — or you may have to contact the service provider with the request, such as via email or by submitting a ticket. If you aren’t able to delete your account, remove any sensitive information and if you can change the linked email address, name, and any other identifying factors.
Justdeleteme.com is a helpful directory containing guides to removing accounts from countless online services and a rating on how hard it is to remove: ranging from “easy” to “impossible.”
Another alternative is Account Killer.
If you cannot delete online accounts outright and can only deactivate them, before you do, wipe as much content from them as possible. If the account is no longer relevant to you, consider changing the name and personal details connected to it, as well as removing or changing photos to generic alternatives.
When it comes to active accounts such as on Facebook or Twitter, anonymity or aliases can help keep your digital and physical presence separate.
It is against terms of service to not use your full, correct name, but it is still common practice for many to change their surname at the least to prevent work and personal accounts — and lives — from colliding.
On Twitter, users will often choose aliases, and there is no reason why you can’t, too. Using profile pictures which do not show your face and names which do not directly correlate to you may help.
Set up a second email account for junk
Another way to keep your digital footprint clean of debris is to separate online services between email accounts. If you need to provide an email address for a one-off purchase, for example, consider using a junk email address — which will quickly become full to the brim with promotional material but will keep marketing databases separate from your primary email address. For example, you could set up two Gmail accounts, one as a primary and one as a delegate for spam and potential junk.
Use a Virtual Private Network (VPN)
A VPN can mask your IP address and create a private tunnel between yourself and online services. This tunnel ensures that data and communication packets sent between a browser and server are encrypted, which in turn can prevent eavesdroppers from harvesting your information or tracking your online activity.
There are services out there that are both subscription-based and free. It is generally better to sign up for a paid service if you can — no VPN service is truly ‘free’ given the cost to create and maintain the infrastructure required to route traffic. Therefore your data may be used or sold to third parties in return for VPN services.
What about Tor?
If you are inclined to further anonymize your footprint, consider using the Tor onion router network. The privacy-conscious activists use Tor, and those seeking a means to circumvent censorship barriers such as the Great Firewall of China. If you use the network to browse the Internet, anyone attempting to monitor you would be met with a series of nodes used to divert your encrypted traffic, making it very difficult to trace you back to an original IP address.
The most permanent measure
Starting from scratch may seem extreme, but it could be worth considering in some cases. The outright deletion of email accounts, social media, and e-commerce services won’t immediately destroy all data or search results connected to them, but it will, over time, make them less likely to appear.
Just make sure that before you take this irrevocable step, you have backed up any data that you want to keep, such as irreplaceable photos you have uploaded to social media or document scans stashed away in your email inbox.