These days, it can take little more than having a differing opinion on social media to antagonize the wrong people. But even if you're not involved in heated online arguments, you should at least be aware of which personal information about you is publicly accessible. This post is less about privacy threats by state surveillance or corporations but on how to make personal information used for harassment or identity theft less easily available to the public.
Imagine how someone with bad intentions would start gathering information. That should also be your first step: Look up yourself in different search engines in an incognito window. Search for your name, address, phone number and any other personal data that could be relevant. Essentially, try to "dox" yourself. You might find a school or company website with your name and photo. Or the list of entrants from a fun run you did 10 years ago with your year of birth. To get rid of unwanted search results, you can try to use the options big search engines like Google and Bing provide to remove personal information. Usually you have to fill out a form and provide identification to start the process. In the European Union, these companies also have to comply with the "right to be forgotten" which offers even more extensive removal options than the default tool. Keep in mind that these forms can only get rid of search results but they are still on the internet.
You would have to contact the website owner to remove the actual data. In some countries, the government provides publicly searchable databases for example for property owners, entrepreneurs, patent holders or voter registration. These can provide additional info if an attacker already has other information like name and date of birth. Social media or message board accounts should be deleted after they are no longer needed and fed with as little real data as possible. You could use websites like fakenamegenerator.com for services that don't need to know a real name, e-mail or phone number. Unlink your personal data as much as possible: Use separate e-mail addresses that do not contain personal info like names or birthdays or use disposable e-mail addresses. You could also use a personal domain name to generate infinite different addresses for different websites but these could be linked by the domain name. An advantage is however that you can simply disable an address and create a new one if it is ever leaked or compromised by spammers.
If you do own a domain name or website, check your Whois profile for personal information. Depending on the top-level domain, the registrar could display no personal data at all or full contact details of the domain owner. To avoid leaving traces of sensitive information everywhere, you should have alternative info you can safely make public. Separate virtual phone numbers are often available for free and can be easily disabled if they are ever abused. The same can be said for post addresses: Many postal services offer PO boxes so you don't need to give out a residential address. The carriers DHL and Hermes for example offer Pick Up Points in stores and through automated booths in many European countries.
The privacy of your personal data of course also depends on the security of your online accounts. Use two-factor authentication that is not based on your phone number but on USB security keys, authenticator apps or similar methods. A phone number could easily be compromised by so called SIM swap attacks where criminals trick wireless carrier employees into transferring your phone number to their control. This would enable them to reset passwords, take over accounts and access your private data. Protecting your privacy online is an ongoing process and is less about never giving out information, because that's basically impossible, and more about having control over when you share which personal data with whom.
Tags:
Privacy