For centuries privacy was effectively established by the functional difficulty to obtain information without extensive manual research, in-person investigations, and complicated records retrieval. The security afforded by this built-in obstacle has largely been removed with the development of the internet and social media. The activities, movements, associations, and interests of people are now readily available using a handful of online resources.
An individual who is in a position to require some higher level of personal security and privacy would need to take some specific action to meet their need to be less vulnerable. Ten of the most effective means to improve security are described.
1. The obvious: Social media privacy settings. Facebook settings, LinkedIn details, and Twitter postings. Of course, setting privacy and being careful on what is intentionally posted online is the first step in protecting your online security.
2. Use at least 3 separate email addresses for online activities. If participating on discussion forums, picture hosting, or any website with a login, remember that there are resources such as Spokeo which will consolidate your accounts within view to the public. You may not publish enough sensitive information in one place to create a vulnerability, but if all postings and discussions were taken together, a person with bad intentions could cross reference enough intel to piece together something useful. As an example, go to a photo sharing site such as Photobucket or 4shared. Create an account, even without uploading any photos. You will discover that a Google search of your email address will reveal this account. From just this one account, a researcher could discover photos showing timelines of activity, associates, background clues, or assets. Even without photos, the username for the account would be visible which could then be searched again, to locate other sites where that online identity has activity.
3. Create a tracking site for your identity. For many clients we create a legitimate bio site with information about the individual. The page will have appropriate photos and positive information intended to be revealed. Behind the scenes however the page serves to track visitors to it. The tracking data will show how many people went to the page, it will reveal where they were located, their IP address, what company they were from (if using a work computer), and most importantly it will reveal what search terms were used to find the page. For example, it would be valuable to know if people were searching for “Joe Brown XYZ Corp. scammer” vs. “Joe Brown experience.” If Google searches (or Bing, or Yahoo) were showing up in the data which showed “Joe Brown home address,” this may also be cause for action and caution.
4. Search for data files with personal information. Deep web searches for any tracking info to your identity are helpful. Search “.xls SSN 123-45-6789” to see if your social security number has been inadvertently included in some spreadsheet online. Try your phone numbers, date of birth, and home address. Test for .doc files, .txt files, ,pdf and .php records. If any are discovered the source can be identified.
5. Upgrade your LinkedIn account to see who has searched for you or has viewed your profile. You can also look to see what other profiles were searched along with yours. This can provide valuable insight to what is the intention of visitors.
6. Strip off metadata from any transmitted files. If you are sending, uploading, or posting a file from your PC or phone to a different location, be aware that the data hidden within the file may contain more details than you intend to transmit. Photos can contain the type of camera used and GPS coordinates of the shot, even the serial number of the camera in some instances. PDF files can retain prior versions or redacted data you intended to remove. Word documents frequently retain prior versions and the content prior to revisions. All files have the potential to contain your name and the name of other contributors, as well as time stamps, location data, and IP address of the host machine. A file emailed to one person may end up posted online, so when sending anything do so with the preparation that the data could be public. Also, if you are scanning a faxed document be sure to remove the fax header detail line to make sure that the sender and receiver are both kept anonymous.
7. Google Images. If a web page contains your name, any pictures contained on that page may be associated with you on Google Images. Take a look to see which photos may reveal information about yourself or your location which is not intended. Also check Google Maps to make sure that the picture of your home does not reveal details about your private life.
8. Online public records. Real estate title records of official recorded documents are more frequently available online, without requiring a visit to the recording clerk or courthouse. Because of this, your records can be searched remotely by individuals not located near you. Most counties intend to redact personal information such as social security numbers, drivers license, and bank account info. However this is not always consistent. We frequently discover revealing information in official records which is useful for an investigation. One common oversight is a notarial oath for a signature, which may contain a drivers license number and expiration data. You can check your records and request redaction if personal information is discovered.
9. Photo recognition. Watch out for your avatars, profile photos, and other likenesses. Even if they are not associated with your real life name, advances in software allow for facial features to be compared and a person identified. Even if today a photo cannot be scanned successfully, that profile shot of you on an anonymous web forum may end up being associated with you at a later date, along with all of the discussion or activity that went along with it.
10. Regular audits of online presence. Whether you do it yourself or have an expert perform a thorough review, checking your publicly available records will help maintain privacy. The results will point to areas where activity needs to be monitored, or even where removal efforts can be pursued. One basic tool which any user can implement is Google Alerts. You can set up an automatic monitoring of any search term, such as your name, company info, or combination of words. If any new web page or reference to them appears online, you will receive an email message with a link to the location.
Online availability of vast amounts of personal information is a reality. While the genie cannot be returned to the bottle, a dedicated and intentional method of managing online privacy will improve the security of those who take the effort to protect themselves. Remember that anything placed online is out there forever.