They’re tracking you. Yes, you. As you read this story, visit another website, post vacation photos on social media or look for a new pair of shoes — third-party data brokers, social media websites and other companies are recording it all.
Creepy? Yes, but that’s also the reality of using the internet today.
While the internet can seem like an ephemeral place where you can hop from website to website in anonymity, the fact of the matter is that everything you do creates a trail of data, or digital footprint, that can reveal a lot about you, said Stephanie Benoit-Kurtz, a principal security consultant for the IT services firm Trace3 and professor of IT for the University of Phoenix.
What Is a Digital Footprint?
“People often overlook the impact of their online life and how their online experiences contribute to a digital footprint,” Benoit-Kurtz said. “Even as you as an individual are super careful with your online social media presence, your digital footprint could be contributed to through almost no action of your own.”
That information is how Amazon knows exactly what pair of shoes and size to recommend to you, and how Target sends you an ad for baby products before you’ve even announced the pregnancy. It’s also how hackers and scammers get a hold of your email to send you phishing messages and pretend to be you to collect unemployment checks in your name.
Online privacy doesn’t really exist, but that doesn’t mean there’s nothing you can do about the size of your digital footprint.
What Is a Digital Footprint?
A digital footprint is the trail of personal data you leave behind while using the internet.
Every website you visit, every social media post you make and every advertisement you click on contributes to your footprint. That game app you downloaded, your FitBit, your smart home device — it all contributes to your footprint. Even when you apply for a job online and enter your social security number, you’re adding to your print.
It’s not possible to use the internet today without leaving behind a trail, said Robin Wilton, director of internet trust for the nonprofit Internet Society, which focuses on expanding access to the internet worldwide and protecting user privacy and security.
“Some of that trail you leave knowingly. You choose to tell someone something and some of it you disclose implicitly through the websites you visit or the places you authenticate,” Wilton said. “And some of it, you’re not conscious you’re doing it, and it doesn’t occur to you that you’re leaving these traces.”
The information you leave knowingly on the web is called your active digital footprint. It’s composed of any data you choose to share online. This includes things like posting on social media, registering for a subscription service or newsletter, and accepting cookies on a website.
Active vs. Passive Digital Footprints
- Active digital footprint: This includes the personal data you voluntarily share online, such as posting on social media, registering for new accounts and accepting cookies on a website.
- Passive digital footprint: This involves the personal data companies collect about you without your knowledge through things like third-party cookies, tracking scripts and code that tracks user behavior on a website.
The data companies collect on you without your knowledge or approval is called your passive footprint. This information is usually gathered through the use of third-party cookies and tracking scripts. These follow you around the web, collecting information on other sites you visit, how long you linger on a page and your personal information as you log in to other accounts.
Third-party cookies are highly prevalent on websites like Google and Facebook, which are accountable for the highest amount of tracking scripts, according to an analysis of web traffic by the anti-tracking firm WhoTracks.Me.
Some of your information is also collected by data vendors who then sell it to other companies for advertising purposes. They may even broadcast your email, name and phone number online.
Combined, each person’s digital footprint can end up being as uniquely identifiable as their social security number or passport.
Should I Be Concerned About My Digital Footprint?
It’s natural to feel a little exposed when thinking about the extent of your digital footprint. The majority of Americans feel like they don’t have much control over the information collected about them online, according to a survey from the Pew Research Center.
The good news is that companies don’t always have the entire scope of your personal information in their database. They may only track your email, login password and product preferences, for example.
“Organizations keep data about individuals for an extraordinarily long period of time, and the challenge with that data is the more you have ... the easier it is to lose control of that information.”
And some aspects of your digital footprint are useful. It’s what enables Google to surface the most relevant websites and your favorite e-commerce website to tailor their ads and product recommendations to you. Other cookies help you stay logged in on a website and remember what products were in your shopping cart.
The bad news is, data protection hasn’t kept up with data collection, Benoit-Kurtz said. Unless a company receives a request to delete your personal information, it will likely sit in their databases long after you’ve moved on. And it’s likely not being protected as it should.
“Organizations keep data about individuals for an extraordinarily long period of time, and the challenge with that data is the more you have — especially the more obsolete data you have — the easier it is to lose control of that information,” Benoit-Kurtz said.
While more recent data receives more attention and security, data that’s several years old is more likely to slip through the cracks and become exposed, she added.
As a result, there are some notable risks to ignoring your digital footprint that are important to pay attention to.
Scams and Fraud
If you’re wondering why you receive so many spam emails or struggle with fraudulent financial transactions, odds are it can be tied back to an overexposed digital footprint.
It doesn’t take much for hackers to piece together your identity from online fragments, said Jim Van Dyke, senior vice president of digital innovation at Sontiq, a TransUnion company. Van Dyke has first-hand experience examining the impact of data breaches serving as an expert witness during the trials on Equifax, Facebook, Yahoo and Anthem breaches. He also founded Breach Clarity, which was acquired by Sontiq and helps people understand their exposure risk and solutions in the face of a data breach or hack.
While those major breaches draw most of the headlines, more often than not, it’s the under-the-radar ones from your pharmacist or local government that pose the greatest risk, Van Dyke said. Those places can include your phone, email, ID number and social security number, making them ripe targets to steal identities.
Still, all hackers need is your email and phone number to start targeting you with scams or phishing emails. They can also use other information from your digital footprint to pretend to be you.
“I’ve heard criminal testimony where they talk about what I call ‘trading up,’” Van Dyke said. “Somebody gets your phone number, they get your email address and then they go to a third-party site and get other information. They piece together a profile on you.” Then they can take that information and call your bank pretending to be you to get access to your accounts, he added.
You can never guarantee your information won’t leak, but you can take measures to protect yourself. Van Dyke recommends using different passwords so if there is a data leak, they don’t have access to all your private accounts. But you should also make sure you aren’t posting identifying information about yourself online like your mother’s maiden name, your email or address, and check your financial accounts and healthcare accounts monthly for irregular activity.
The internet never forgets. We see this time and again in high-profile situations where a person rises from obscurity as a celebrity, only for a social media post from their past to strike down their reputation. There’s even a term for it — it’s called getting “milkshake ducked.”
The average person likely isn’t going to be haunted by their past posts in such a public way, but the information you share online can still have an impact on your reputation.
Hiring managers still rely heavily on a person’s social media posts. For better or worse, 71 percent of hiring managers believe a person’s social media profile can help them determine whether a candidate is the right fit for the company, according to a survey of 1,005 “hiring decision-makers” from employee provider Express Employment Professionals.
It doesn’t matter how old some of those posts are either. While they may not reflect who you are today, they can still resurface thanks to algorithms on some social media websites that drum up old content and how easy it is to search someone’s profile, Wilton said.
This doesn’t mean you have to stop posting online, but Wilton recommends setting your profile to only be viewed by your friends to limit exposure.
For the most part, targeted ads are a harmless part of the web experience. Maybe they’re a tad invasive, but it’s part of the experience that if we click on a pair of Nike Air Force Ones, we’re going to see ads for those shoes on every banner across the web.
Here’s how it works: Companies can collect information about you based on your browsing history both on their site and the web via third-party cookies and then send you ads targeted based on that behavior. Sometimes that can cross a line and cause harm, Wilton said.
“What’s happening here is the user’s autonomy is being taken away because they are being exposed without their knowledge or choice to messages that encourage them to damage their own health.”
For example, a person who wants to quit smoking will likely search for advice and purchase nicotine patches and other supplements. Cigarette companies have access to that information and know that it only takes a tiny push to get that person to start smoking again. Nothing prevents them from targeting that person with ads that encourage them to smoke again.
“What’s happening here is the user’s autonomy is being taken away because they are being exposed without their knowledge or choice to messages that encourage them to damage their own health,” Wilton said.
This can expand to other situations like candy or high-fat food ads on children websites or gambling ads. In 2020, Facebook faced allegations of a biased algorithm that sent users ads that exacerbated socioeconomic biases.
Major browsers like Safari, Firefox and now Google Chrome have banned third-party cookies (though it may still have a limited impact on targeted ads).
Still, the best way to avoid ads like that is to go to your browser settings and turn “send a do-not-track signal” on to limit some of the exposure other companies have on your web activity and block pop-up ads.
Invasion of Privacy
These days the proliferation of IoT devices and apps mean almost every aspect of people’s lives are recorded somewhere on the web.
If companies don’t encrypt that information or protect it to the highest standards, that can pose serious personal risk. For starters, it can reveal where you live, when you’re home and give them access to those devices.
There can be legal ramifications, too. This sounds drastic, but it’s a real issue that’s been brought to the forefront for many women who use period tracking apps in a post-Roe v. Wade America, Wilton said.
Data on the app can reveal whether a user is pregnant or not, while other phone apps can track a user’s location and pinpoint them to an abortion clinic. As a result, this can increase the user’s exposure and risk.
Ultimately, it’s important to recognize situations in which your digital footprint can be used against you, especially in a shifting legal landscape, Wilton said.
The best step you can take is to turn off location tracking while using an app, using a VPN to muddle your location and consider carefully what health information you want an app to track.
What’s Being Done to Protect My Digital Footprint?
For as much data as companies collect about us without our approval, you might be wondering what’s being done to protect your information.
In many cases, the answer is often not enough, Benoit-Kurtz said. Few companies are taking steps to encrypt or tokenize user data to prevent bad actors from doing anything with it once they get a hold of it. Still, there are some positive developments.
For starters, cybersecurity insurance firms are putting companies on notice that they have to do a better job protecting customer data or they could be charged with negligence, Benoit-Kurtz said.
In addition, data regulations — like the General Data Protection Regulation in the European Union, and the California Consumer Privacy Act and Virginia Consumer Data Protection Act in the United States — give consumers the right to request companies delete personal information about them. The CCPA also gives consumers in California the right to opt out of their data being collected by third parties and fines companies if there’s been a breach.
Colorado, Connecticut and Utah have also signed similar privacy regulations, while other states are considering their own bills.
“So, there is an active awareness and even maybe an awakening of organizations that they need to do more to secure their data,” Wilton said.
When there is a breach, companies also have to send a notice to consumers. The problem is, those can be riddled with jargon and often downplay the risk associated with the breach, Van Dyke said. His advice: Assume a bad actor has your information, change your passwords and monitor your private accounts for fraudulent activity.
Unfortunately, the burden often falls on the user to protect their digital footprint.
Can I Erase My Digital Footprint?
The short answer is no. It’s part of the price we pay for being connected to the internet. Even if you were to cut the cord on all internet services, your data is still on profiles with local government, medical facilities and so on.
And you might not want to fully remove your footprint. A curated profile that emphasizes your professional achievements, for instance, can help you elevate your reputation.
Data that contributes to your digital footprint also drives a more personal browsing experience and powers apps that can help monitor health conditions.
How Do I Protect My Digital Footprint?
While you can’t erase your digital footprint, you can focus on its size and exposure.
The best place to start is to do a quick search on yourself using your name and current city, Van Dyke said. This will show you just how public and accessible your personal information might be.
5 Steps You Can Take to Protect Your Digital Footprint
- Practice good digital hygiene.
- Adjust your browser settings.
- Maintain separate accounts.
- Muddle your digital profile.
- Request third-party websites to remove your personal information.
“For the average person, I believe it will change your behavior in terms of what you’re sharing,” Van Dyke said. “You’ll see what’s out there and if you take a few minutes to think about how some of that data got out there, you’ll realize that it was something you shared.”
Below are a few steps you can take to protect your personal data and limit your exposure.
Practice Good Digital Hygiene
A quick and simple way to protect your digital footprint is to take basic precautions. The most obvious ones include creating unique passwords, using two-factor authentication and avoiding banking on unsecured networks like at a coffee shop or a hotel.
As you use social media, consider turning your account private and limiting what information you share like your car, hometown or other identifiable information. A simple question to ask yourself is, would you put that information on a sign outside your home? If the answer is no, then don’t post it, Van Dyke said.
Like locking your door or shutting your windows, small measures like this can sometimes deter or at least make it more difficult for a bad actor to piece together your digital footprint and steal your identity.
Adjust Your Browser Settings
Internet browsers have come a long way toward providing tools to help users protect their data, though some like Mozilla Firefox and Brave offer more protection than others. Whatever browser you choose to use, Wilton suggests going into the settings and blocking third-party cookies and disabling pop-up ads. He also discourages saving passwords or any other personal information like your address or debit or credit card numbers.
“When we talk about digital footprints and privacy, one of the key concepts is, ‘Am I able to keep data inside the context in which I intended to disclose it?’”
Blocking third-party cookies alone can go a long way as that will prevent some websites from tracking your data after leaving their page. Firefox also allows you to block tracking and lets users know when they’ve successfully blocked third-party cookies. Other browsers like Opera or Epic offer built-in VPNs for extra secure browsing.
If you want to take your browser protection to the next level, Wilton recommends using separate browsers for different activities. For activity he isn’t worried about privacy, he’ll use a general browser like Safari. For more private information like banking, he’ll use a browser with more advanced security features such as Firefox or Brave.
This prevents companies from tailing him across the web and collecting information he doesn’t want to share with them.
“You can certainly try and separate data into its correct contexts,” Wilton said. “When we talk about digital footprints and privacy, one of the key concepts is, ‘Am I able to keep data inside the context in which I intended to disclose it?’”
Maintain Separate Accounts
Taken a step further, Wilton suggests using separate accounts for different activities. The most common example of this is having a work and personal email, which helps curate the information you receive.
Wilton even maintains separate phones — one for calls and another for WhatsApp — and both on pay-as-you-go SIM cards to limit how much data is collected on him. If you have one device, he recommends using WhatsApp in one context (say, work-related conversations) and Signal (perhaps for friends and family) in another. The same goes for browsing, too.
The goal is to prevent any one company from getting a complete picture of his social graph, which allows companies to build your digital footprint without collecting any information directly about you, thanks to your connections. With this method, they get a curated view of his personal information and who he associates with, and as a result, Wilton can control what information he allows them to collect.
Not everyone may be able to afford to have separate phones or the discipline to go to that extent. Still, having a variety of email addresses for different contexts and using one browser for general web surfing and another for sensitive accounts like banking can make an impact.
“There’s a trade-off here between convenience and privacy,” Wilton said. “I’m willing to make that trade-off.”
Muddle Your Digital Profile
Whenever you sign up for new accounts or subscriptions, they typically ask you for your name, email, birthday and even where you live. In some cases — like health insurance or on government documents — it’s vital that your information is accurate.
If you’re creating a blog profile or signing up for a retail website where that information isn’t necessary, however, Van Dyke suggests entering a fake birthday or city location. You can even sign up under different variations of your name.
This can help muddle your digital footprint, creating false leads that make it more difficult for hackers to get a complete picture of your identity.
Request Third-Party Websites to Remove Your Personal Information
In some situations, your private information may already be out there. Data brokers have no qualms about sharing and selling your personal information.
If you do come across websites sharing your email or personal information, you can request that they remove it, Van Dyke said. You can either do this manually by messaging them or sign up for a service like DeleteMe, Kanary or OneRep.
That said, if your information is out of date, you may want to consider leaving it up there in the spirit of subterfuge, Van Dyke added. There’s no harm in letting those websites think you still live in Atlanta and still use an outdated phone number.
“You end up with a healthy pollution profile, where you leave the outdated information out there and ask providers to take down your current information,” Van Dyke said.
Ultimately, it’s impossible to avoid leaving a digital trail behind you as you use the internet. Even a seasoned cybersecurity pro like Benoit-Kurtz admits that her private information is probably out there for bad actors to use.
You may not be able to disguise yourself entirely, but you can at least leave some false tracks to make it a little bit harder for companies and hackers to follow you.