Many people are worried about how much of their personal information is online
Having your data exposed makes you vulnerable to blackmailing, surveillance, stalking, doxing, social engineering scams, identity theft and more.
But you can protect yourself—in some cases by removing this content, and in others by obscuring it.
Top Five Tips
Here are the top five things you should do to remove personal data from the internet—and make sure it remains deleted:
- Opt out of people-search databases
- Review your social media accounts for information that people can use to guess your passwords
- Review your smartphone app permissions and revoke access wherever possible
- Learn how to quickly search through complex privacy policies for red flags
- Check to see if your information was exposed in a data breach
Table of Contents
What kind of data is online and why is it there?
Given how many activities we do on the internet these days—from banking and shopping to socializing and studying—it’s not much of a stretch to assume that various marketing companies have our names and some basic contact information. However, the personal data being bought and sold online goes way beyond these basics, involving a level of detail that puts your privacy, and occasionally your physical safety, at risk. This is why you need to remove personal data from the internet.
- Your work history
- Your education level
- Professional licenses
This information is legally available online. However, cybercriminals who find this data can use it to learn other sensitive personal information about you, including your banking and credit card credentials, Social Security and passport numbers, as well as the login information for all of your online accounts.
Given 15 demographic attributes, an individual can correctly re-identify 99.98% of Americans in any anonymized dataset.
– Nature Communications
So, who is putting your private data online? There are three entities responsible:
- You – Through the use of online services, you leave traces of information online, often unknowingly, that can be collected by others.
- Business – Companies collect and sell your data to other businesses and individuals every day. Even for businesses that don’t do this, a corporate hack can lead to your information leaking in a data breach.
- Government – The government makes available certain types of personal data via public records.
Below, we’ll go through each category in detail, providing instructions both on how to remove personal info and how to reduce the chances of it being exposed in the first place. Some of these suggestions are easier to accomplish than others, and you can assess for yourself the level of risk and/or effort you’re willing to put into protecting your personal information.
Personal information you put online
Because of the ubiquity of the internet in our culture, it’s difficult to avoid putting your personal information on the internet. Even if you think you don’t share much private data, you probably do—it’s almost impossible not to.
Below are some places you are probably sharing too much personal information, as well as tips on how to remove personal info and reduce the risk in each situation:
Your social media accounts
You may spend a lot of time on one or more of these platforms: Facebook, Twitter, LinkedIn, YouTube, Instagram, Pinterest, Snapchat, WhatsApp, TikTok, Tumblr, and more.) But, should you trust them with your private information?
Some social media platforms are worse than others in terms of privacy. Facebook, for example, while still recovering from the 2018 Cambridge Analytica scandal, has recently come under fire for demanding that WhatsApp users agree to turn over their data to Facebook. And in 2020, hackers gained control of a number of prominent Twitter users’ accounts, leveraging them to tweet a bitcoin scam and downloading each user’s personal data, including their private messages, photos, videos, contacts, physical location history, and which users they had muted or blocked.
To reduce your risk:
Lock down your privacy settings
Your goal is to limit who can view your posts. On Facebook, go to the Basic Privacy Settings & Tools page and use the Privacy Checkup. For Twitter, go to the Safety and Security page to limit the visibility of your posts and stop people from looking you up via your email address or phone number. If you are on Instagram, go to its Privacy and Safety Center and set your account to “private.”
Don’t friend strangers
On social media profiles you’ve created for personal use, you should only friend people you know in real life. This is because once you friend someone, that person has access to all of the information in your posts. (Obviously, this tip doesn’t apply to sites like LinkedIn or dating sites, where the whole point is trying to meet new people—we’ll go into more detail on handling those sites below.)
Don’t friend people twice
It’s important to never friend anyone twice: you will likely be friending a fake account. Scammers create duplicate accounts of your friends hoping you won’t remember that you’ve already accepted a request from that person. Once inside your friend group, these people have access to your private information and all your posts. As such, if you get a friend request from someone you’re already friends with, be sure to report it. Don’t reflexively click “accept.” Always check to see if you’ve already friended someone.
Don’t share details that people can use to triangulate your passwords or security questions
Be careful sharing any intimate details of your life, like the names of your family members, because hackers can use this information to figure out things about you that they can use to access your accounts. For example, if you list your mom under the “family members” section of your Facebook profile, and she uses her maiden name as part of her username, then cybercriminals now know your answer to the common security question “What’s your mother’s maiden name?” As such, it’s a good idea to review your profile and remove online information that might compromise your security.
Consider using a password manager
If you hate trying to remember the passwords for all of your accounts, think about using a password manager. These handy tools are a safe, privacy-conscious alternative to convenient social media logins. When you use Facebook, for example, to log into a website, Facebook gets the information about which third-party sites you use. This information then gets added to the profile Facebook uses to market to you.
Provide the bare minimum of info in your profile
Make sure you don’t enter any personally identifying information like your location, birth date, email address, or phone number. If you’ve already filled out your profile with these items, you’ll need to remove your information.
52% of people share personally identifying information on social media.
– Identity Theft Resource Center
Can’t delete an account? Enter fake dummy data
If you’ve used a service in the past and can’t figure out how to deactivate your account, filling out your profile with made-up information will ensure that no one can trace the account back to you. This is also a good practice for any services that are not well known or new, or that you’re not familiar with, because you never know what their internal data policies will be like and if they’re being careful or not. (The recent Parler hack that involved the publishing of all user data, including deleted posts, is an example of what can go wrong.)
Ask people to delete posts that contain your personal info
If someone has posted your private information online, there are several things you can do to remove your information. If the content is on social media, then it probably breaks the platform’s Terms of Service and you can flag it for removal. If the content is on another type of site, you’ll need to do some research to identify the individual who has the authority to edit or delete it. Once you know whom to contact, you’ll need to email that person, explaining how the content has harmed you (like exposing you to identity theft) and asking him or her to take it down. You can also read Google’s removal policies to see if your content meets Google’s removal guidelines. Unfortunately there’s no simple way to remove personal info that you didn’t post.
Ask people to untag you in photos
Your goal is to remove online information that might reveal your address or your children’s school. To reduce the chances of this happening, you need to contact every single social media friend or follower and request that they untag you in all their photos.
Avoid online quizzes or games
You might be tempted to find out which Disney princess you are or which Hogwarts house you belong in, but you’re better off not knowing. These quizzes and games can be used by scammers and hackers to gather personal details about you (like the names of your pets or your favorite color), which they then use to guess your passwords. In one example, two Ukrainian cybercriminals created online quizzes to get over 60,000 Facebook users to install browser extensions that extracted their profile data, including their friends lists, to offshore servers.
Google collects a disturbingly large amount of data about you through its many services.
Anyone who gains access to your account will have all this data at their fingertips, and this makes you vulnerable to stalking, identity theft, blackmail, and more unless you remove personal data from your Google accounts.
To reduce your risk:
Blur your house on Google Maps
To request blurring of an item (like your house, your car’s license plate, your street address, or a person’s face) in your home’s street view picture, follow these steps:
- On your computer, open Google Maps and navigate to the street view of your house.
- In the black box containing your address, click the three dots on the top right.
- Select “Report a problem.”
- In the window that pops up, select the items you want Google to blur.
- Enter your email address in the box provided.
- Click the reCAPTCHA box.
- Click “Submit.”
Ask Google to remove your personal information from its search results
It’s always a challenge to remove information from the internet. But, if your sensitive information shows up in Google’s search results for your name, and you’ve tried asking the site owner to remove your information from the website, then you can ask Google to remove your information from the search results. See the Remove your personal information from Google page for information about what kinds of content it will take down and instructions for doing so.
Delete Google services you rarely use
These services may be collecting information, even if you’re not using them. To delete them and remove online information they’ve been collecting about you, you can use Google’s Delete a service feature.
Turn off location history
Follow these directions for desktop and mobile devices:
On a desktop:
- Log into your Google account.
- Go to Data and personalization, and click “My Activity.”
- Click “Manage activity controls” under Activity controls.
- Turn off Location History and Web & App Activity.
On a mobile device:
- Log into your Google account
- Go to Data & Personalization
- Toggle Web & App Activity to “off.”
Delete your search history
Follow these instructions to erase your Google search history:
- Go to the My Google Activity page.
- Click “Delete activity by” in the left-side menu.
- Select a time period you want to erase. (Choose “All Time and All Products” to delete your entire history.)
- Click “Delete.”
Your email account
Make sure to follow email best practices, like always signing out when using a device you don’t own, avoiding public wi-fi, and using two-factor authentication, to keep your account secure. However, there are other things you can do to protect your personal information.
To reduce your risk:
Set up email accounts for different purposes
For example, you can use one account for your online shopping and video streaming accounts and another for your banking and other important accounts. This way, you not only avoid unwanted spam going to your main account, but you also reduce the risk of your financial accounts being compromised. Also, make sure each of these accounts has a strong, unique password. There’s no point in using separate email addresses if a hacker can access all of them using the same password, or a password that is only one or two characters different from the others.
Don’t send sensitive information via email
You should always assume that your emails are visible to people other than the recipient. As such, you need to be careful what kinds of information they contain.
Use a high-quality email provider that only uses encryption
Encryption makes it harder (but not impossible) for unauthorized people to read your emails. Most modern email providers, including Google and Outlook, require you to use an encrypted connection. For other providers, check on their policies. If encryption is not on by default, look for another service. You might also consider an extra-secure email provider, like ProtonMail or Mailbox.org.
Individuals with bad intentions can use the information you’ve posted on these sites to harm you. For example, your dating profile can be used as evidence in a lawsuit against you—even if you’ve canceled your subscription to the site.
The information in your profile also makes it difficult to remain anonymous. For example, people can use Google Image Search or TinEye to figure out who you are by looking at your profile pictures. Another way to identify you is to compare the pictures on your dating site to other pictures you’ve posted online.
To reduce your risk, you’ll need to remove online information that others can use to identify you (or avoid posting it in the first place):
Try not to use the same username you’ve used for other accounts
Someone could use this information to identify you.
Never share personally identifying information
This includes your full name, your date of birth, your address, or where you work. You’ll need to remove personal information like this if you’ve already added it to your profile.
Consider using a separate email address just for dating
This way, nobody can tie your other online activities to your dating profile.
Don’t use your real phone number when arranging a date
Instead, use a fake phone number. To create one, you can use Google Voice or an app like Burner, Hushed, or CoverMe.
Opt out of any location-tracking features
You don’t want any dating website to reveal your location to others.
Your personal website
Your website is one of the first places people look for you online. Is yours revealing too much information? A good personal website promotes the information about you that you want to share but does it in a way that avoids compromising your privacy.
To reduce your risk:
Don’t post personal information that someone could use to guess your security questions
For example, don’t share any details about your wedding, birthday, or similar events—and remove personal info like this that you’ve already posted. If you have created a website to manage your wedding planning, evites, and RSVPs, make sure it’s password protected.
Don’t store sensitive files on your server
It’s not worth the risk, even if you think these files are in a “hidden” folder.
Make sure all your plugins and server software are up to date
Software updates usually include security patches. To avoid getting hacked, always use the latest versions. If you’re using a managed hosting provider, like WPEngine or Wix, make sure it automatically installs security updates, as well as offering SSL, backups, and network monitoring.
Shopping loyalty programs
All loyalty programs, such as Sephora’s Beauty Insider, Starbucks Rewards, and the Amazon Rewards card, collect information about your shopping habits. However, many of them are also selling your information to data brokers.
To reduce your risk:
Request to opt out
Any program that sells your personal information should let you opt out of having your data sold—usually through a “do not sell my info” link on its homepage. However, if you’ve agreed to let a loyalty program share your information with another company (for example, a fulfillment partner), then this isn’t considered a “sale” of information because there is no exchange of money. So, just because a business claims to never sell your information does not mean it isn’t giving it away.
Enter the minimum amount of info required to sign up
When you are filling out a new account profile or other online form, be sure to only complete the required fields and include as few personal details as you can when doing so. The goal is to remove information from the internet that marketers can use to target you.
Consider using a dummy email address
Often, when you sign up for something that requires a valid email address, you are not only allowing that website to use your email address, you are also giving it permission to sell your email information to others. To keep your real email private, and to prevent it from generating any data about you, you need to set up a dummy account (also called a burner email account.)
The apps on your phone or tablet
Sometimes, however, they secretly collect your data via malicious malware that you accidentally install when you download a new app. This type of malware, which is known as a trojan because it hides a dangerous threat, lays dormant until you launch a certain app or website. When activated, the trojan instigates nefarious activities, such as harvesting your passwords, opening web pages, sending SMS text messages, making calls, or conducting transactions.
One example is the Anubis banking trojan (often downloaded in a financial app), which tricks Android users into giving it access to the accessibility features on their phone. This lets the program record every app that you launch and every letter you type, which means it can see your financial passwords. Once you grant it the permissions it asks for, you won’t be able to see what it’s doing.
The risk is greatest when you install from unknown sources. The same is true on your computer too, not just your phone.
To reduce your risk:
Delete old apps you don’t use anymore
The more apps you have on your phone, the more likely you are to have your data stolen.
Don’t allow apps to access data they don’t need
When installing an app, make sure the permissions it asks you to grant make sense. For example, a solitaire app doesn’t need to access your contacts, your photos, or your microphone in order to work. If the permissions an app asks for don’t make sense, then you should uninstall it.
Only download apps from reputable websites
You’ll be a lot safer if you stick with the Google Play store and the Apple Store, depending on your device because these sites usually check the apps they sell for malware. This doesn’t mean you are 100% safe though, because malware still exists in mainstream apps downloaded from these sites.
Don’t jailbreak your phone
Jailbreaking is a way of unlocking your phone that bypasses the security restrictions that limit what software programs can do on the device. The result is a phone that lets you do more, but at a high security cost.
If you’ve ever seen a “Not Secure” or “Website Not Secure” message while browsing the web, you’ve encountered an unsecure website. Another way to determine whether a site is unsafe is if the address starts with http instead of https.
Because SSL encrypts data that travels over the internet, it prevents third parties from seeing what you are transmitting. Sites that don’t have encrypted internet connections are therefore more likely to be havens for identity thieves and other scammers. To be clear, these aren’t necessarily “bad” websites. Many people don’t have SSL on their websites because it often takes a bit more tech savviness to get it set up. However, a lack of SSL is a sign that you shouldn’t provide any sensitive information to the site.
To reduce your risk:
Check the URL of every site you visit
Look for the https or a padlock image next to the URL to be sure it’s safe to use.
Never give out sensitive personal information on unsecured sites
It’s easy for cybercriminals to steal this information and use it against you.
Online shopping and web service accounts
Companies like Amazon and Netflix collect and store your personal information to help them predict what products you might be interested in and to streamline the process of convincing you to make a purchase. Obviously, having Netflix recommend movies to you is a good thing because this makes it easier for you to find good things to watch. However, these companies use the data they collect about you (including your purchasing, searching, and viewing behavior) to create a detailed profile about you, which they then analyse and use to target ads to you.
Unfortunately, if this trove of detailed behavioral data ends up in the hands of people-search sites or is sold to other entities, then anyone on the internet can potentially access this information.
To get the benefits of these services without putting your data at risk, you should:
Enter as little information as possible when you sign up
These companies already have access to an incredible amount of personal information about you. Don’t give them any more. Instead, you should only provide the minimum information required to complete a transaction.
Ask the company to delete your information
To ensure you aren’t unknowingly giving your personal information away when you sign up for a service, you need to learn how to find the red flags in privacy policies. Company lawyers write these policies to protect the firm against lawsuits, not to ensure you know what the business is doing with your information. As a result, they are often long, complex, and notoriously difficult to read.
Here are some tips on how to easily find out exactly what data the company collects and with whom it shares your information:
Look for the word “control”
This will highlight the items you can change.
A recent policy is a sign that the company takes privacy seriously.
Search for “we collect” to learn what information the company collects about you
Be skeptical of businesses that access your location data. No one needs to know your location data, even if they claim to aggregate it.
Look for the term “such as,” “not limited to,” and “like”
Be skeptical of businesses that access your location data. No one needs to know your location data, even if they claim to aggregate it.
Personal information businesses put online
Private companies collect your personal information in ways that have nothing to do with your actions. Often, they do so without your knowledge or consent—either by scraping information about you from the internet or by tracking your activity online.
Here are some of the main ways businesses expose your data online, as well as what you can do to remove personal data from their servers.
People-search sites and data brokers
Data-broker companies, which exist to buy and sell your personal data, are a $200 billion-year industry. These firms (which include marketing and people-search companies) scrape the internet for public records, social media postings, your purchase history, your cell phone data, and more to build a detailed digital profile of you. They then analyze your data for patterns and insights and sell this information to credit card companies, banks, insurance companies, marketing firms, and anyone else who will pay.
Because many data brokers compile enough personal information about you to enable someone to guess the answers to your password-reset questions, stalk you, or steal your identity, they are a significant security risk.
You can find a comprehensive list of these companies, as well as links to their privacy policies, at the Privacy Rights Clearinghouse website.
“Most have no idea who these companies are and how they got their data on them, and they would be very surprised to know the intimate details that these companies have collected on people.”—Amul Kalia, analyst at the Electronic Frontier Foundation
To reduce your risk:
Google yourself to see who has your data
Before you can remove information from the internet, you need to know where it exists online. Therefore, the first step is to enter your full name in a search engine to see what kinds of results show up on the first few pages. This will show you who has your information.
Search with modifiers
Search for your name in combination with another identifier. For example, Jane Doe Company X or Jane Doe San Diego. This will give you a wider variety of results, especially if you have a popular name.
Opt out of people-search sites
Once you’ve found the top sites selling your data, you need to opt out to remove your information. There are over 100 sites that sell your information, so you’re not getting rid of all risk with this step. But, at least you are getting at the low-hanging fruit. For step-by-step instructions on how to get these companies to remove your personal data, see our article How to remove yourself from the top people-search sites. If this task is too onerous to tackle alone, we offer several privacy products that do all the work for you.
Monitor sites for new instances of your data
Getting a site to remove personal info isn’t as easy as it sounds. These sites will often re-add your personal data whenever they find a new public record about you online. Therefore, you need to keep searching for your name online to verify that the information you want deleted remains gone.
The news is filled with headlines about new data breaches or privacy scandals. From the Equifax hack of 2017 to the Marriott data breach of 2018, data breaches continue to grow in terms of severity and frequency. In 2020, these breaches exposed 36 million records.
Unfortunately, data breaches fuel a thriving black market of stolen personal data.
You may not think there’s anything you can do to protect yourself against data breaches at third-party companies, but that’s not true. There are steps you can take to protect yourself, even if your username and password get revealed.
Use two-factor authentication
Two-factor authentication means requiring another factor beyond a password—like a passcode you must enter to finish logging in. This extra step makes it harder for people to access your accounts, even if they already know your username and password.
Create strong and unique passwords
Let’s face it. It’s much easier to just use the same password for every account. However, this creates a real security nightmare if your password is ever compromised because once someone has your password, that person now has access to all your accounts—and all the personal data they contain. The best way to protect your data is to use a password manager, which will create robust, new passwords for every site, and, most importantly, remember them all for you. It’s also a good idea to select password-reset questions that aren’t traceable using breached data or people-search site information.
Tracking cookies, also known as third-party cookies, are tiny text files generated by websites other than the web page you are viewing. They are usually linked to ads on a page, but you don’t need to click on the ads to activate the cookies associated with them. Unless you take steps to block cookies, they allow analytics companies or advertisers to track your movements as you surf the web. This data often gets compiled into third-party marketing databases and people search sites. While these companies supposedly erase any identifying factors before distributing it, it’s actually quite easy for someone to combine it with other available data to pinpoint an individual’s identity.
While it’s tempting to assume saying “no” to cookies when asked and enabling Do Not Track (DNT) on your browser will fix the problem, these steps are not sufficient protection. To ensure that you aren’t being tracked online, you need to also install privacy extensions on your browser.
Some of the best privacy extensions are:
- Disconnect—Finds and exposes invisible trackers.
- MyPermissions Privacy Cleaner—Alerts you when someone is trying to access your data.
- Ghostery—Not only blocks trackers, but also shows you how blocking might affect your browsing.
- Privacy Badger—Analyzes how companies are tracking you.
- HTTPS Everywhere—Automatically displays each site’s HTTPS version.
Your phone company
Your cell phone carrier always knows where you are. Even if you turn off location sharing in all your apps, you can’t stop your phone company from tracking your location. After all, these companies need to pinpoint which cell tower you’re accessing to coordinate the handover as you move through different cells.
You would think they would guard this data carefully, but unfortunately they don’t. In fact, AT&T, Verizon, Sprint and T-Mobile were recently fined $200 million for selling this data to third-party distributors without their customers’ permission.
To remove personal info from third parties, go to your provider’s website and look for a “Do Not Sell My Information” link to click.
Your bank, credit card company, and mortgage lender
Every time you apply for credit, you are giving away your personal information to that credit provider and whoever that provider shares your data with.
To reduce your risk, get credit monitoring. These services watch over your credit reports and let you know about any changes in them. If you’re not eligible for a free service, it’s worth it to invest in one to find out about potential credit fraud as soon as possible, rather than years down the road, when your credit is already ruined. However, you should read the paperwork carefully and not sign any optional clauses about data sharing.
Personal information government puts online
The government makes certain personal data (like marriage licenses, birth/death records, court records, and real estate transactions) available to ensure the public good and maintain accountability. Because of this, you’ll have a hard time removing or sealing your public records to protect your privacy. However, there are some rare exceptions:
- You have experienced stalking or domestic violence.
- Your court records contain data that could pose a threat to public safety.
- You were arrested as a juvenile for a minor crime.
Since the average person will find it nearly impossible to remove or hide public records, the most practical way to obscure your personal information online is to opt out of the people-search sites that are scouring government databases and compiling the information into profiles. After all, most people wouldn’t know which government agencies to contact to find the original records, so getting them removed from people-search sites provides a level of practical obscurity that protects your privacy in almost all cases.
That said, if you do want to try to remove personal data at the source, try the following suggestions.
If you want to make your public records private, you can edit them or ask for them to be removed at your county clerk’s office. Some of the records housed in a county clerk’s office include:
- Birth certificates
- Marriage licenses
- Civil circuit files
- Old wills
- Court records
- Deeds and mortgages
- Probate cases
- Government surveys
Before you visit, you should check that the office is open and verify the types of ID you will need to bring. Often, this information will be on the county clerk’s website, along with any forms you might need to fill out ahead of time.
When you arrive, be sure to ask the following questions:
- What types of data can you remove?
- What information can you change? For example, can you replace your full name with just your initials?
- What information can you redact? At a minimum, you can usually redact your telephone number and some of your Social Security Number.
- Can you use a P.O. Box instead of a street address on any documents?
If you own real estate, you should also ask to view the liens and property ownership information in the Uniform Commercial Code (UCC) database, because your Social Security Number might be listed there. The UCC is supposed to be accessible to the public, so be persistent if the clerk pushes back at your request.
You probably know that the DMV regularly releases your data to government entities investigating crimes. However, you might be surprised to learn that the DMV also sells your data to private investigators, insurance companies, car manufacturers, data brokers, private billing companies, security companies, collection agencies, alumni groups, bulk marketing firms, and targeted advertising businesses.
Unfortunately, you can’t ask the DMV to stop selling your data, as it was made legal through a number of loopholes in the Drivers’ Privacy Protection Act of 1994. However, there are two things you can do to remove online information:
Reduce the amount of data that is available about you online in other places
This way, nobody can build a very comprehensive profile about you.
Are you OK with everyone knowing exactly what happened in your messy divorce trial? Probably not. In addition to the potential for embarrassment, personal data from court cases can be used to blackmail you, harass you, or steal your identity. Further, if you were convicted of a crime, this information can cause you to be denied housing, a job, or fair insurance prices.
To keep your court case information as private as possible, you should talk with a lawyer about sealing your records. You might meet the criteria for getting your record expunged or sealed or meet some other exception that will allow the court to hide your record or remove your information.
Next steps and further reading
As you can see, removing personal information from the internet can be a complex task. You not only need to learn the most effective strategies for deleting or altering your personal information, but you also need to understand how this information gets online in the first place.
Even after you remove information from the internet, this information will likely keep popping up online. This means that the task of securing your personal information never really ends. You’ll always need to keep monitoring the internet for new instances of your information.
The sheer number of steps required to fully protect your personal information might seem overwhelming at first, but there is a lot you can do. Plus, you don’t need to do everything at once. The best place to start is by establishing some good privacy habits, like watching what you share on social media.
If you need any advice about online privacy best practices, feel free to give us a call. We are happy to offer complimentary consultations about your specific situation. We also have several self-help articles you can read if you’d like to learn more about online privacy.