As a follow up to my previous article on "The ‘So What?’ of OSINT" which details the potential risks and impacts of having your digital footprint exposed. This article focuses on the 'What now?' or the steps to take in order to clean up your digital footprint and reduce your overall risk from being caught out with OSINT.
I would like to note that in today's day and age your 'digital footprint' or what information/data you leave behind on the internet, whether intentionally or not, is becoming an important factor to consider in your life. Old photos, videos or even perceived politically incorrect comments can all potentially be used against you. A prime example that comes to mind is of the Harvard student who lost her job for posting a threatening TikTok video. So its more important now than ever to look after and tend to your digital footprint.
Now onto the steps...
The first step to take, is to find as much information and data on yourself as you possibly can via public means. This is something I often recommend people to do regardless if you are looking to clean up your digital footprint or not. It is an eye opening way of realising just how much of your personally identifiable information (PII) is out on the internet and how easily it can be found.
Now obviously you have an insiders knowledge advantage in this situation, but try to tackle this step from an outsiders perspective with zero or minimal knowledge. You can even try looking at if from different peoples perspective ie. friends, colleagues, family etc... Try to think about what information each group knows about you and how they could possibly use that to pivot and find further information.
How you actually OSINT yourself depends on your level of skill and prior experience, however here are some basics to get you going:
- Run various combinations of Google Dorks ie. "John Doe", "Doe John", "John Doe" + "Country_of_Residence". You can use this resource to help you: https://supple.com.au/tools/google-advanced-search-operators/
- Search social media sites
- Search government websites (especially if your based in the U.S as they expose a lot of personal data)
- Use a tool like Maltego
- Do reverse image searches
- Search for your aliases using sites like https://namechk.com/
Now that you have found everything you can on yourself, its time to start cleaning!
Purge Your Accounts
Start by deleting all your old and unused accounts. Make sure no one can find all those embarrassing teenage photos. A helpful resource for this is Just Delete Me which is a directory of direct links to delete your account from web services.
Along with reducing your digital footprint, this also helps in case any particular service gets breached and your information gets stolen, further reducing your risk surface.
This next step is pretty simple, simply go through any mail lists or newsletters you may be subscribed to but don't necessarily read anymore and unsubscribe yourself. This will again reduce your overall risk surface and prevent threat actors profiling or targeting you via your subscriptions.
Lock-down Your Active Accounts
Now that you have deleted all your old unused accounts, posts and unsubscribed for any unnecessary services its time to lock-down all your remaining services.
- Begin by deleting any old photos, comments and posts. Especially those containing your potential location, including photos with snippets of the exterior of your house.
- The people you are connected with on social media may not have very secure profiles so make sure to untag yourself from any photos, comments and posts you don't want to be associated with.
- Check your privacy and security settings. Make sure you profile is not publicly visible or searchable. Remove any third party access you may have granted in the past.
- Lastly, if you cant remove a particular section or piece of information on your account, replace it with some 'misinformation' or fake information. Change your date of birth, location or name, anything to throw off potential attackers or investigators.
Change Your Posting Habits
The best thing you can do to preserve your privacy and protect your digital identity is to change your mentality around what you post online. Photos, videos and social media posts which reveal your general location, phone number or birthday can be just as valuable as your passport, driver’s license or physical address.
Think before you post something online. Does it really need to be shared with the public (i.e. anyone connected to the internet)? A good mentality to have is to think that anything you post online will be there forever and could potentially be used against you in the future. Restraining your posting habits and being aware of what information you are sharing publicly will serve greatly in deterring attackers from targeting you. Additionally, it will save you time and effort should you decide you want to remove the content at a later stage.
In conclusion, I would really like to drive home the importance of maintaining and looking after your online presence. It is crucially important and could have severe ramifications in the future if left untended to. This is especially true for teenagers and young adults who have yet to start their careers!
Be wary that if you start treating the internet as your own personal megaphone, there will be a lot of people and organizations listening, recording and saving everything you say or do, and one day, it may just come back to haunt you.
Be Safe. Be Smart. Clean Up Your Digital Footprint.