Your Digital Footprint Is Worryingly Easy to Match to Reality
Here’s how to stop bleeding information about yourself online.
As a person who helps other people manage their digital footprint, I actually dislike the phrase “manage your digital footprint”—it sounds corporatist, bland, and frankly neurotic.
But it’s also pretty serious. Your digital footprint is not just about an embarrassing “that’s what she said” tweet you posted that one time at 2 a.m.
In fact, the information we reveal online can be a personal and/or operational security risk. If you need proof, please consider the case of the Japanese singer who was assaulted after a stalker figured out her location by zooming in on the reflection in her eyes.
Whether you have a sensitive job, are going through a difficult divorce, believe you may be being stalked online—or, God forbid, all of the above—the impact of inadvertently revealing too much on the internet can be tremendous. Even when life is relatively calm, it’s always good to keep a handle on how what you reveal could end up being used, and by whom. And if, like a lot of Foreign Policy readers, you work in government, diplomacy, or other sensitive areas, then it’s not just your own life that’s affected.
So what are some basic steps you can take to get a better grip on what you are posting online?
First of all, don’t be paranoid. I know this sounds like a tall order in the year 2020, but paranoia simply saps us of energy. It’s not productive.
Instead, assess the situation soberly. I like this piece from Maria Farrell and my former colleagues at the Conversationalist, which essentially argues that we have an abusive relationship with our technology right now. We love our gadgets, but we can’t entirely trust them. For that, we need better legislation on tech and a better mindset.
But there are ways to improve the relationship we have with technology—and with other people through it.
One of the first ways to do that is to understand how the rules online are always changing. What seemed “safe” a few years ago may not be so safe today. In a world that has Google Street View and apps like the beer rating service Untappd or the fitness tracker Strava that give away far more about us than we might otherwise think, our location is usually easier to figure out than we believe. These changes won’t be the last ones; the possibility of bleeding our information into the internet only increases with time.
Malicious actors, be they creepy stalkers or foreign intelligence operatives, can and do cross-reference our information. For example, if you have your location posted on your public Twitter account, and you frequently post cropped but nevertheless distinctive photos from your city block, you’ve already given someone the tools they need to narrow down the options as to where you live.
Geolocation is merely the process of elimination. Give people enough data points—a distinctive curb, a prominent background landmark, and so on—and they’ll be able to find you. Here’s just one personal example of how it can work, in which I challenged people to guess where I was based on a single photo. Because I’d previously alerted my subscribers to the fact that I was traveling in Virginia, they found me despite the fact that the picture I posted seemed random.
When you post pictures matters a lot too. When I was dealing with a stalker, I avoided giving away my location in real time. Who wants to post, “Just sat down to dinner at [insert my favorite D.C. restaurant],” only to potentially have an unstable person show up along with the dessert?
It’s equally fine to ask others to refrain from tagging you in public posts, or to ask them to tag you later, or to otherwise respect your right to privacy. This is the 21st century; tagging people only with their permission is simply good manners now. Last winter, on a chilly night in Boston, I’d snapped a picture of the skyline, only to have the man I was with ask me to please not tag him in it—he didn’t want either one of our exes to, as he put it, “creep on us.”
I laughed and told him that I would never just tag without asking, but I was upset to learn that many other people in his life not only didn’t ask but would actively go against his wishes when tagging him online, exposing his personal life in ways that made him feel increasingly uncomfortable. You don’t have to have safety concerns to opt out of being featured in other people’s posts. Sometimes all it takes is an unpleasantly nosy ex, and, let’s face it, life is stressful enough without worrying about those people. Apps like Facebook that actively encourage tagging don’t help when it comes to normalizing a process too often done without other people’s consent.
When it comes to public posts, it’s also helpful to familiarize yourself with topics such as EXIF data, which gives us details about how and where a picture was taken, and how it can work across different platforms and websites. The same goes for the metadata on any files you may publicly upload—this is especially important if you manage your own website. There are pockets of information in the work that you are showcasing, and that information can and does get exploited.
Meanwhile, tools in photo editing apps can be a godsend for when you want to tweet a photo or post it to Facebook but don’t really want it to give too much away. For some reason, a lot of the people I talk to—older men especially, some of whom hold leadership positions in the military and politics—still think that photo editing apps are there for a younger woman to get rid of an annoying zit in a picture. They don’t realize how useful these apps are for blurring a distinctive background, a vehicle license plate, or, say, a document that’s on your desk.
A lot of people ask me if they should stop posting pictures altogether, but I think that all depends on what you do and your own comfort level. The one thing I absolutely ask people not to do is to post the view from their home windows—even if there is an adorable cat perched on the windowsill.
Speaking of our pets, you’ll be surprised how many people will post a picture of an animal while its tag, which gives away sensitive information like the owner’s phone number, is fully visible. The ability to zoom, zoom, zoom as seen in Hollywood movies may not exist, but a lot more can be picked out of a clear shot than you might think. Same goes for pictures in which you are holding your mail. And don’t even get me started on military personnel who think they’re being “anonymous” while forgetting to blur out name tapes and, sometimes, even dog tags. Again, a simple blurring tool can save you a lot of trouble when it comes to pictures like that.
Yet at the same time, when it comes to anonymity, our safest bet is to never count on it. People who believe in anonymity online tend to find out the hard way just how wrong they are—especially if they’re, say, trolling public officials on Twitter or conducting an affair. I’m not saying Foreign Policy readers, a very sober and clean-living bunch, would ever do such things, but it’s always better to just assume that your business is more public than it is private. Again, this simply cuts down on trouble.
If all of this is overwhelming and stressful, consider the fact that, at the same time, there is a lot of white noise on the internet. A lot of what we do online drowns in that white noise. Meanwhile, scandals involving say, leaked nude photos, are becoming so common that public standards will shift on them eventually. This may be an uncomfortable topic for some, but most women my age and younger have sent nudes. Men do it without even asking if the recipient is interested. Publicly posted information doesn’t exist in a vacuum—it exists at an intersection of political and social mores. Those change over time. When it comes to the politicians of 2040, a leaked pic from a vengeful ex hopefully won’t matter—but a statement that might have passed as edgy in 2020 could seem outright bigoted.
Changes mean that none of us is ever fully in control of our digital footprint, or of life in general. And that’s OK. The best thing we can do is play along and be as conscientious and as kind to others as we can. If infosec in 2020 taught me anything, it taught me this.