You know how bad rampant information sharing is for you and your family. It changes how you think and slowly bends your mind over time, making you susceptible to influence by advertisers and political interests. It exposes you to online identity theft and can ruin your finances. If you've ever been in a lawsuit, then you know the opposing side will use anything they can find about you online against you. And finally, over sharing online has been shown to generally lead to unhappiness.
So in this master guide, we're going to walk you through some important steps you can start taking right now to reduce your data footprint.
Most of us have long forgotten email addresses from school or other services (MySpace anyone?) that we've accumulated over the years. The first thing someone will do to learn more about you is to dig up those old accounts.
Ideally, you'll still be able to recover those email accounts. You'll need them for step 2.
Do this by first going through your old accounts (if you have access) and see who has been sending you email.
Next, perform a google search with each address, enclosing it in quotes to ensure you only get exact matches.
This gets a little tedious but it maximizes the chances of permanently erasing your old data. It's really important because there are automated bots which continually crawl the web and you'll want to ensure that they first overwrite your old data with nonsense before deleting it. This helps to ensure it won't be recoverable.
So go through all your old posts and replace them with a few characters or nonsense of your choice. An ellipsis ("...") is ideal for this as it's hard to search.
Reddit makes it really hard to remove old posts. Fortunately, there's a Chrome extension that will do the dirty work for you:
Wait a few weeks for the bots to overwrite their copies of your old information then delete your accounts. If there's no function for that, email the site operator and request them to do so.
IMPORTANT: Don't delete your email accounts. Just the accounts for other sites and services you've used in the past and no longer want.
Visit https://haveibeenpwned.com/ and search for each one of your email addresses. You might be shocked to see how many times your account was compromised if it's been in use for awhile.
At a minimum, you should immediately change all passwords on the affected accounts with randomly generated ones (a different one for each account). You might want to change your primary email address altogether.
Next, do a similar search using Yahoo or Bing for your email addresses and password. You're looking for dumps of your accounts. If you find any, repeat this step.
Note: Do NOT Google - they do a good job of hiding these results.
If your searches have turned up some personal data you would rather not share and you aren't able to delete the original account, then you can request Google to de-index it.
Google Content Removal Request
Go to your privacy settings here:
https://www.facebook.com/settings?tab=privacy
It's worth going through these. At a minimum, we suggest these settings:
Next, click on "Ads" on the same page. The URL for this is currently:
https://www.facebook.com/ds/preferences/?entry_product=ad_settings_screen&expand_ad_settings=0
Do the following:
Little known fact: deleting your social media account doesn't really do much, other than depriving the platform of a tiny amount of revenue. Facebook and Google collect shadow profiles so even if you don't use their services, they still are gathering an incredible amount of data about you.
A good example of this is Facebook's "social graph", an AI that literally watches what you do, reads over your shoulder, and gradually learns how to press your buttons. Want to learn how it works? Watch "The Social Dilemma" on Netflix.
We're less concerned about how it works here than just disabling it. This is tough because it operates on the majority of mobile apps, smart devices, televisions, tablets and computers. It's even buried in Windows.
This step is one of those that might be out of reach of many but as we get more than a few technically inclined readers here, this is the blocklist you want to enforce to completely disable Facebook on your network:
facebook.com
connect.facebook.net
fbcdn.com
fbsbx.com
fbcdn.net
instagram.com
instagramstatic-a.akamaihd.net
instagramstatic-a.akamaihd.net.edgesuite.net
cdninstagram.com
tfbnw.net
whatsapp.com
connect.facebook.net.edgekey.net
facebook-web-clients.appspot.com
fb.me
fbcdn-profile-a.akamaihd.net
h-ct-m-fbx.fbsbx.com.online-metrix.net
sac-h-ct-m-fbx.fbsbx.com.online-metrix.net
fb.com
Take the above list, drop it in your hosts file (to protect your computer) or your local DNS server (or a pihole) and that will do the trick.
Obligatory self-promotion: If you want to keep using Facebook but stop them from tracking you all over the web and on all your devices, then our product, Winston, is probably worth considering. We also block tens of thousands of other data collection methods and backdoors without breaking the web. It even makes browsing faster!
Visit Google's Activity Controls and turn "Web & App Activity" off:
https://myactivity.google.com/activitycontrols
Remember that lawsuit problem we mentioned in the opening paragraph? One of the first things an attorney will do when they go after you is to subpoena your old emails and believe me, they will use them against you. You can no longer legally delete them at that point.
So while you're doing all of these other steps, go through and permanently delete all of your old emails (especially business accounts). Then dump your trash.
While you're at it...
There are two good choices for this:
You don't want to be using big corporate email if you have a choice.
So far, we've used the same methods that a cybercriminal would use to gain access to your past, your email and probably your identity and finances.
Re-using old passwords is the single best way to roll out the red carpet to them. So get yourself a password manager and start generating unique passwords for every site you use.
Lastpass is great.
It's not privacy proof or perfect but it's a lot better than using a search engine that is deeply tied into almost every aspect of your life.
VPNs will cloak your IP address for non-web protocols, like file sharing. They also let you unblock content in other countries.
What they don't do is provide much privacy protection. We've already talked about how the big tech companies can identify you through a VPN. That's because IP cloaking is a necessary step... but not a sufficient one.
For instance, Facebook will track pageviews across sites by IP address and user agent. A VPN will block that. However, it won't stop the cookies and identifiers lifted from form fields that you fill out from being used to track you.
So if you say, place an order from Target or some other eCommerce site online with a Facebook pixel installed, your name, age, gender, phone number, email and address will all be hashed in a unique identifier that will sync across your devices and browsers, even on different IP addresses.
So consider IP cloaking as a mandatory first step but realize that it has very serious limits, especially when it comes to clearnet (internet) activity.
Shameless plug #2: We give you up to 30 IP addresses at a time and Winston just runs in the background without any help from you.
Have more tips you think we should share? Shoot us a line and let us know!