Your Digital Footprint

Thinking about the latest anti-privacy trend, I decided to organize my thoughts about digital footprint and what to do about it.

You leave traces every time you use the Internet (download an image, see a video, etc.). This does not only reveal your browsing history, but also allows people and businesses to create a digital profile of you.

The digital profile can reveal who you are, where you go regularly, who are your friends and relatives, what you like, and predict where you will be.

This data gathering is all over the place, so even if you’re privacy-conscious, your digital footprint is there and is very difficult to hide.

Digital Profiling

Digital profiling is “the process of gathering and analyzing information about an individual that exists online. A digital profile can include information about personal characteristics, behaviors, affiliations, connections and interactions” (source).

These profiles of you are being created by:

Companies: Google, Meta, Amazon, and others collect data to serve targeted ads and improve their services.
Data Brokers: Companies that buy and sell data about you to advertisers, insurance companies, and others.
Government Agencies: Law enforcement and intelligence agencies collect and analyze data for surveillance and investigations.
Bad Actors: Bad actors, criminals, cartels, you name it. can create digital profiles of their victims using publicly available information.

How Profiling Works

Connect various “unrelated” pieces of data of an individual to create a digital profile.

For Example: If you post a photo to Instagram from a coffee shop, you can reveal:

Location: GPS coordinates embedded in the photo metadata can reveal your location.
Time: Metadata can reveal when you were there (you can even check the shadows of the sun on objects to figure out the hour/day).
Friends: Who you were with (you can figure out the people in the photo if you tag them or if their face is visible).
Preferences: The type of coffee you like or type of shop you frequent.
Patterns: If you post photos from the same coffee shop multiple times over the days/months, someone might infer that it’s near your home or workplace.

This example was with just a simple photo, but businesses and individuals that specialize on data collection and analysis can do much more, like analyzing data gathered from websites you visit, login sessions, purchases, Wi-Fi networks you connect to, usernames, emails, your phone number, your IP (if not using VPN), phone IMEI, browser fingerprints, etc.

After gathering all this information and creating a digital profile of you, data brokers sell this information to 3rd parties.

The Shadow Profile Problem

A major problem that will not go away is shadow profiles.

Definition: A shadow profile is a set of data collected about someone without their explicit consent (source).

What is more dangerous, even if you delete your accounts or never sign up, some platforms still build profiles without your consent:

Facebook Shadow Profiles: Facebook creates profiles for non-users by extracting contact information from users who upload their address books.
Data Persistence: When you “delete” content from social media, it’s often only hidden from public view. The data remains on company servers for backup, legal, or analysis purposes (believe some companies retain this data for 3, 5, or 10 years for this reason).
3rd-Party Tracking: Advertising networks and analytics services track you across websites even without account logins through cookies, browser fingerprints, and tracking pixels.

Nothing to Hide, What is the Risk?

The “nothing to hide” argument is done by ignorant people that are oblivious or misunderstand the risks.

Privacy is a right, people act differently when they know they are being watched. No privacy means businesses, corrupt governments, and bad actors can create digital profiles of individuals and take action against them, such as:

Targeted Attacks

Detailed profiles enable targeted attacks:

Spear Phishing: Attackers use publicly available information to create convincing phishing emails referencing real info about your life, work, or relationships.
Social Engineering: Bad actors can impersonate your friends or yourself if they know your patterns, contacts, and preferences.
Physical Security: Posting vacation photos in real-time shows that your home is empty, allowing bad actors to take advantage.
Stalking and Harassment: Aggregated location and social data enables stalkers to track movements and predict future locations.
Association by Proximity: Being friends with or related to someone of interest to law enforcement or bad actors makes you a data point in their profile. Beware of who you are friends with.

No More Privacy

Once data exists online, anyone (with some effort) can use it:

Data Breaches: Companies holding your data get breached regularly. Your digital profile will end up in the hands of criminals or anyone targeting you.
Terms of Service Changes: Some companies change privacy policies regularly. Data you shared under one policy may be used differently later.
Corporate Acquisitions: When companies are bought, your data is part of the acquisition. New owners may have different views on privacy.
Government Access: Law enforcement can request data from companies and can gather data themselves.

Discrimination and Manipulation

Profiles can be used against you in ways you never consented to:

Targeted Pricing: Companies use profiles to show different prices to different people based on predicted willingness to pay.
Insurance and Employment: Some insurers and employers use data broker information to assess risk or screen candidates.
Political Manipulation: Profiling enable political advertising designed to manipulate emotions and influence voting behavior.

Reduce Your Digital Footprint

Perfect privacy is nearly impossible, but you can reduce unnecessary data collection and make profiling more difficult. The idea is to create a balance between your own privacy efforts and ease of use. Perfect privacy can be painful in everyday life.

Separate Your Digital Identities

Don’t use the same username, email, or profile across all services:

Use Different Usernames: Avoid using the same handle across platforms. This makes correlation harder.
Create Context-Specific Email Addresses: Use separate emails for different purposes (shopping, social media, work, banking).
Email Aliasing Services: Tools like SimpleLogin, AnonAddy let you create unique addresses for each service that forward to your main inbox.
Different Profile Pictures: Don’t use the same photo across platforms. Reverse image search makes correlation trivial otherwise.

Strip Metadata from Photos

Before uploading images anywhere use metadata removal tools like exiftool to remove its metadata.

Note: Most social media platforms strip EXIF data automatically, but this happens on the server-side, they see the metadata before removing it. Strip it yourself before uploading.

Disable Location Services: Turn off location access for apps that don’t need it.
Disable Location History: Disable Google Timeline, Apple’s Significant Locations, and similar features from similar apps.
Wi-Fi and Bluetooth Scanning: Disable “Wi-Fi Scanning” and “Bluetooth Scanning” in location settings.

Use Different Payment Methods

Break the payment trail:

Virtual Card Numbers: Services like Privacy.com, your bank’s virtual card feature, or credit cards that generate single-use numbers prevent merchants from sharing your real card number.
Separate Cards for Different Uses: One card for online purchases, another for recurring subscriptions, another for in-person transactions.
Crypto: Use Monero or similar privacy-friendly cryptocurrencies for payment.
Avoid Linking Everything to One Account: Don’t link every service to the same PayPal or payment account.

Social media is the easiest place to leak information:

Review Old Posts: Search your own name and usernames periodically. You might be surprised what’s still public.
Limit Tagging: Configure privacy settings to approve tags before they appear on your profile.
Don’t Post Real-Time Locations: Share vacation photos after you return, not while you’re away.
Separate Personal and Professional: Use different accounts for personal life versus professional presence.

Use Privacy-Focused Tools

Where possible, choose services that don’t monetize your data:

Browsers: Firefox with privacy extensions (uBlock Origin, Privacy Badger), or Brave.
Search Engines: Use DuckDuckGo or Brave Search instead of Google.
DNS: Use encrypted DNS to prevent your ISP from logging every domain you visit.
VPN: Always use a trusted zero-knowledge VPN like Proton or Mullvad to browse the web. A VPN hides your IP address from websites and your ISP (but the VPN provider can see your traffic).
Password Managers: Use unique passwords for every service. If one gets breached, others remain secure. OnePassword, Bitwarden and others are great. DO NOT USE LASTPASS.

Final Thoughts

Everyone has been digital profiling you for years. The best you can do to protect yourself is to make informed decisions on what data you’re comfortable sharing and take reasonable steps to limit unnecessary exposure.

Start protecting yourself by making a few changes that make sense for your threat model and lifestyle, then build from there for maximum privacy.

Further Reading:

Digital Profiling#

How Profiling Works#

The Shadow Profile Problem#

Nothing to Hide, What is the Risk?#

Targeted Attacks#

No More Privacy#

Discrimination and Manipulation#

Reduce Your Digital Footprint#

Separate Your Digital Identities#

Strip Metadata from Photos#

Minimize Location Sharing#

Use Different Payment Methods#

Review and Minimize Social Media#

Use Privacy-Focused Tools#

Final Thoughts#