by Elias Abouzeid on September 26, 2019
In 2017, an Oregon woman struggled with opening utility accounts after moving to a new apartment. She discovered she had a low credit score, even though she always paid her bills on time. Soon, a collection agency called and said she owed cable companies thousands of dollars in Michigan. It turned out that she was part of a data breach, and the compromised information came from a very old email account she hadn't touched in years.
In 2018, Richard Overton, a World War II veteran and the nation’s oldest living man, discovered a “considerable amount” missing from his checking account after a thief used it to purchase savings bonds. He eventually learned that someone had managed to steal his social security number and his checking account number.
Identity theft is not just possible—it’s common. There is a bucket of publicly available data representing your identity stored on all of the websites you visit, and it can be discovered by any individual who knows how to collect it. This is known as Open-Source Intelligence (OSINT).
Although this sounds alarming and makes privacy seem improbable, there are strategies you can implement to use the internet safely and securely—and potentially remove the digital fingerprints you've already left behind.
How Identity Theft Begins
Someone who collects information about you will generally begin by scraping the internet to find intel. This can start with knowing your name, and then potentially finding your Twitter, Facebook, and/or LinkedIn profiles. From there they can utilize what you post—comments, photos, videos, events, and interactions—to build a map of who you interact with professionally and personally. They can also utilize people search engines to gather your home address, phone numbers, history of employment, business records, and tax records.
Even if they don’t have your real name, there are plenty of other starting points they might use:
- With your email address, domain searching services can reveal your legal name. With over 4,500 public data breaches and 810 million individual records associated with them, the individual can take advantage of comprised databases or hacked emails that may reveal your personally identifiable information.
- With your telephone number, reverse caller ID services can provide your name, address, businesses, and relatives.
- With your domain name, they can employ analytics and tools to find the IP addresses associated with the domain, real names used when the domain was created, hidden pages that reveal social networks, and domain history, which can result in your email address being leaked.
- With a common username you use online, they can leverage search engines to find other social networks and archives that might have a connection. Based on the information gathered, they can begin to search for associated email addresses.
Having this detailed information about you, depending on their motivation, can lead to several outcomes—some benign, some malicious.
Typical bad actors are interested in:
- Doxing, in which some information is released (or sold) to the public so others can perform malicious attacks. The information they release usually contains birth name, home address, employer information, school information, family members, personal phone numbers, and more.
- Identity theft
- Financial benefit
Privacy is Power
Over 60 million Americans have had their identity stolen. In digital health as much as physical, an ounce of prevention is worth a pound of cure.
This short list of actions can help you begin reclaiming your digital anonymity:
- Compartmentalize your personal, business, and online lives. Use separate usernames, passwords, and devices—whatever you can to delineate your actions. If you need help organizing everything, store your emails and passwords in a trusted password management tool.
- Use a temporary email address or username when signing up for non-critical sites.
- Generate a phone number, such as a Google Voice number, for any “text for deals” promotions. Avoid using your real phone number whenever you can, and don’t just give out your phone number to anyone who asks.
- Stay up to date with websites like www.haveibeenpwned.com to make sure none of your email addresses or passwords have been included in any security breaches. If they have, change them.
- Do not link social media accounts together.
- Never send personal information through email or text, including your social security number, credit card information, a copy of your driver’s license or driver’s license number, PINs, passwords, and so on.
- Install browser extensions such as Privacy Badger to stop known tracking scripts from loading.
Erasing your digital footprint is not easy and goes far beyond this discussion. There are professionals who can help you completely disappear from the public eye—so if you’re serious about wiping your online slate clean, you might need their help.
For more basic protection, though, there are a few things you can do on your own to make some progress:
- Google your most basic information and create a list of your findings:
- Full name (with quotation marks)
- Home address
- Phone number
- Dissociate yourself from emails or forums that you no longer visit by deactivating your accounts.
- Change your email addresses, passwords, and last used IPs via VPNs.
- Submit a request to Google to remove your cache and submissions.
Disappear from the Public Eye
The path to extreme digital privacy is incredibly hard to navigate and requires implementing and maintaining strategic habits. These include big lifestyle changes: watching your actions on traceable networks, keeping your home address private, policing the utilization of mobile devices, altering your employment strategies, purchasing vehicles and houses more cautiously, and developing a path for all payments so they do not lead back to you. It takes a lot of effort to manage it all. But for many, the benefits are worthwhile.
Privacy is the power to selectively reveal oneself to the world. In today’s always connected culture, we often don’t value privacy until it’s gone—and if your privacy is truly gone, it’s virtually impossible to bring it back.
If nothing else, let this information inspire you to think twice before sharing your true identity all over the internet—and consider implementing the small but effective measures that can bring a sense of privacy and security back into your life.
“You need to know things the others don't know. It's what no one knows about you that allows you to know yourself.” ? Don DeLilloz
Elias Abouzeid is a member of the Calder7 team at Relativity, where he continuously works to enhance the security of the platform.