In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
What Is a Digital Footprint?
A digital footprint, otherwise known as an “electronic footprint,” is a record of your online presence — a trail of sites you’ve visited, emails you’ve sent, and data you’ve left behind.
Whether you realize it or not, you’re actively and passively adding to your digital footprint every day.
- Active digital footprints are made up of information that you deliberately share online, like LinkedIn post comments, emails to friends or colleagues, and pictures uploaded to Facebook.
- Passive digital footprints contain data you may not know you’re sharing, such as your browsing history, IP address, or location.
What Can Someone Do With This Information?
Your digital footprint helps companies personalize your online experience — from the ads you see in Google search results to the promotion emails you get from your favorite stores. They can show you exactly what you might want to buy at exactly the right time.
But your digital footprint also competes with your privacy.
Using their own first-party data — along with Amazon’s purchase graph, Google’s search graph, Facebook’s social graph, Netflix’s movie graph, Spotify’s music graph, Airbnb’s travel graph, Uber’s mobility graph, and LinkedIn’s professional graph — companies can know almost everything about you [*].
This is unsettling for a few reasons:
- Some companies aren’t judicious with that information. Take fertility app Premom, for example. Last May, the Federal Trade Commission found that this company deceived users about its data-sharing practices [*]. Premom was found disclosing health data to domestic companies like Google and AppsFlyer, and two marketing firms in China.
- You’re at a higher risk of identity theft. The more personal data you have floating around on the internet, the easier it is for fraudsters to pepper you with scams.
- You may receive more unwanted solicitations. As marketing companies or data brokers collect flotillas of data on you, you risk receiving more spam.
While most Americans trust themselves to make the right decisions about their personal information. 61% still question if anything they do will make much difference [*].
For extra guidance, we’ve put together 10 steps to shepherd your digital footprint and identity.
How To Protect Your Digital Footprint
1. Inventory all online accounts
Scammers can excise your information from anywhere — including old accounts you never use. All it takes is one data leak or brute force attack to expose your personal data. Prevent this by:
- Deactivating old accounts and old email addresses.
- Unsubscribing from newsletters and promotions that you always move to trash.
- Deleting seldom-used apps.
- Resetting passwords for accounts you want to keep.
Also, use a Dark Web Scanner to see whether your passwords have been leaked. If they have, reset them immediately.
2. Enable strict privacy settings across accounts
Major laws like CCPA and GDPR have strong-armed companies into being more privacy-conscious. As a result, nearly all accounts have customizable privacy settings, letting you cinch the amount of data you’re sharing with them and their partners.
For email
Apple Mail users can enable Mail Privacy Protection to hide their IP addresses, stop senders from finding their exact locations, and conceal read receipts.
To turn on Mail Privacy Protection:
- Go to Settings → Mail → Privacy protection.
- Toggle on Protect Mail Activity.
Gmail users can adjust their security settings to ensure that no one else is getting their emails or using their accounts.
To check your Gmail security:
Open Gmail → Settings and click on the Accounts and Imports tab.
- Check Send mail as, and then confirm all the email addresses.
- Check Grant access to your account to verify that no one else can access your email.
- See Check mail from other accounts (using POP3) to confirm that all the email addresses are yours.
Click on the Filters and Blocked Addresses tab to:
- Verify your mail isn't being forwarded to an unknown account with a Forward to filter.
- Confirm that any filters that automatically delete messages are ones you set up yourself.
If you forward your Gmail to another email client, such as Apple Mail or Outlook, you’ll also want to double-check your POP and IMAP settings.
For social media accounts
On Facebook:
- Whenever you post, change your audience selector to Friends (not public).
- Choose who can see posts you’ve been tagged in by going to Settings & privacy → Settings → Profile and Tagging.
On Instagram:
- Review Instagram’s Privacy policy to weigh whether or not having the app is worth the risk to your identity. As of 2023, Instagram actively collects your name and password, the photos and videos you post, what you tagged and liked, your text message history, address book contacts, facial recognition data, and geolocation.
- Set your account to “private” so that users have to request to follow you. When your account is private, hashtagged photos won’t appear on the corresponding page either.
- Remove apps and websites you log in to with Instagram. Go to Settings, and then Website permissions. Tap on Apps and Websites, and then Active. Remove any unnecessary apps.
📚 Related: Social Media Security: How To Secure Your Profile (& Stay Safe) →
For browsers
Safari and Chrome have robust privacy and security functionality that limit the type and amount of data you share with the public and advertisers.
On Safari, go to Settings and check:
- “Prevent cross-site tracking.” Advertisers use this to market products based on your internet searches and buying behavior.
- “Hide IP address.” This blocks your IP address from known trackers.
- “Location.” Websites and apps must request to use your location.
- “Camera” and “Microphone.” Websites and apps must ask you if they can use these features.
On Chrome, run a Safety Check to:
- Turn on Safe Browsing to block malware and phishing sites.
- Update to the latest version of Chrome.
- Block harmful extensions.
- Remove permissions you granted to sites you haven’t visited in a while.
Safari already restricts third-party cookies, and now Google is following suit. Head to Privacy and Security → Ad Privacy to turn off targeted ads.
3. Only use legitimate apps and websites
Fake apps and websites contain malware that can spy on your browsing activity or take control of your device. Often, they look just like real apps and websites, displaying similar logos and copy.
Sometimes, scammers even spoof a website’s URL. But if you know what to look for, you can spot sham apps and fake websites from a mile away.
Take this site below, for example. The images are blurry, the font is generic, and the copy above Featured Products is a run-on sentence. Plus, the “luxury” items are suspiciously discounted to 50% off or more.
A fake e-commerce store. Source: URLVoid
4. Use a secondary, throwaway email
Create a free email account for shopping or non-critical transactions, and forward messages from there to your real inbox. If your throwaway email gets hacked, crooks won’t gain access to your contacts or personal details — they’ll just see your spam emails.
5. Use a password manager, VPN, and MFA
Generate and store strong passwords with a secure password manager. Where possible, enable multi-factor authentication (MFA), too.
Whenever you log in, you’ll need to supply your username, password, and another authentication factor, such as your Face ID or fingerprint. Even if hackers get hold of your password, they won’t be able to access your account without your face or fingerprint.
Virtual private networks (VPNs) provide another means of online protection. They encrypt your IP address, location, online activity, downloads, and personal data — even when you’re on public Wi-Fi networks.
Paid services like iCloud Private Relay, for example, stop websites and network providers from creating (and selling) a detailed profile of iPhone user preferences and buying behavior.
Note that VPNs can’t, however, mask your absolute online identity or cookie information.
6. Set up automatic software updates on devices
Cyberciminals actively seek out software vulnerabilities as a means to hack your device. Don’t open yourself up to that risk —enable automatic software updates.
On a Mac:
- Click on the Apple icon in the upper left corner of your screen.
- Click on System Settings → General → Software Update.
- Click on the information icon, and toggle on Download new updates when available.
On a Windows device:
- Click on Start → Settings → Update & Security → Windows Update.
- Select Advanced Options.
- Select Automatic under Choose how updates are installed.
7. Be careful about what you share online
Scammers use any resource to gather information about you and your family. They consider social media platforms, phishing scams, and Dark Web data breaches all fair game.
While there’s no way to remove all of your personal data from the internet, you can limit what you share in the first place.
- Don’t tag your location in social media posts. Scammers can stalk you or steal your mail.
- Limit your information on online profiles. Scrub social media sites of your birthday, home address, and your relationship status. All of these could be answers to account security questions.
- Avoid sharing information online. This includes your passwords, banking details, Social Security Number (SSN), and any other confidential data on social networking sites.
- Don’t accept friend requests from strangers, and never reply to emails or texts from contacts you don’t recognize.
- Don’t discuss your travel plans on social media. You could be a target for local scams — or invite a burglary at your home while you’re away.
8. Remove your information from data broker sites
Data brokers collect data about you and sell it to marketing agencies. Removing your information from data broker lists reduces unwanted solicitations and decreases the chances of your data ending up in the wrong hands.
Each major data broker has a different opt-out process. At a high level, you’ll need to:
- Find a list of brokers to contact, such as Acxiom, CoreLogic, Epsilon, Whitepages, and Spokeo.
- Review the opt-out process on their websites, and make note of what information you’ll need to prepare.
- Submit each opt-out request.
- Wait for opt-out confirmations.
- Double-check that your information was removed from each broker by typing your name into a search engine.
Doing this manually can require a great deal of time. Identity Guard offers opt-out services that can process data broker opt-outs on your behalf.
9. Stop direct marketing offers, junk mail, and spam calls
Credit card and insurance offers:
Go to OptOutPrescreen.com, a service that removes your name from prescreened credit card and insurance offers.
Scroll down, and click on the CLICK HERE TO OPT-IN OR OPT-OUT button.
Select one of these options:
- Five-year opt-out to remove your name from lists for five years. This can be completed electronically. You’ll need to share your first name, last name, and street address (SSN and birthdate are optional).
- Permanent opt-out, which removes your name from lists indefinitely. You’ll have to print, fill out, and mail in the form.
Your request will be effective with the main credit bureaus (Equifax, Experian, Innovis, and TransUnion) within five days of submission.
Direct marketing offers:
Add your phone number to the National Do Not Call Registry. Head to DoNotCall.gov. Click on the Register Your Phone button → Register here → enter your phone number and email.
- Once you register, you’ll get an email from Register@donotcall.gov. You must click on the link in the email within 72 hours to complete your registration.
Sign up for a do-not-mail service. There are two major services: DMAchoice and Catalog Choice. Here’s how to sign up for each:
- Head to DMAchoice.org. Click on Sign me up for our signature do-not-mail service, DMAchoice, and fill out the required name, address, and email fields. To complete your registration, you’ll need to pay a $5 administrative fee via PayPal or credit card.
- Head to CatalogChoice.org. Click on Sign up today and create an account. You’ll get an email with a link to confirm your account (beware, it may go to Spam). Once you’ve confirmed, you can search for and cancel catalog subscriptions.
10. Set up various alerts
Google alerts can help you find your name and other information on websites that you never knew about. In 2023, Google rolled out a “Results about you” dashboard to help users find search results with their phone number, email, or address.
- To kick off the process, fill out your full name and the phone numbers, email addresses, and home addresses that you want to check.
- Then, choose whether to receive an email or push notification when any of that data is found. You should get results in a few hours.
If you’ve found personally identifiable information (PII) or an explicit image of yourself on the web, you can request to remove it from Google Search.
You can also use Dark Web Monitoring services like Identity Guard or Aura to see if any of your passwords were leaked. Some of these services come with identity and credit alerts, too.
If you become a victim of identity theft, Identity Guard is ready to help with 24/7 U.S.-based dedicated case workers and a $1 million insurance policy.
- Identity Guard continuously monitors your financial accounts, credit, and online identity — notifying you of compromises as soon as they happen.
- In addition to real-time updates, Identity Guard’s built-in password manager and Safe Browsing tools keep your most sensitive information hidden from scammers.