OSINT

Inventory your own digital footprint in an afternoon

A repeatable, privacy-safe workflow for finding what the internet knows about you — and deciding what to do about it.

Your digital footprint is the trail of information you leave online. Some of it you control; some of it you do not. This walkthrough gives you a practical way to map it in a single afternoon.

Before you start

Use a separate browser profile or virtual machine for this work. That prevents your everyday searches from influencing results and reduces the chance you accidentally reveal your own identity while looking.

Step 1: Search your identifiers

Start with the obvious terms:

  • Your full name in quotes
  • Usernames you have used across platforms
  • Email addresses and old email addresses
  • Phone numbers
  • Your current and past home addresses

Use multiple search engines. Each indexes different content, and results can vary significantly.

Step 2: Check data-broker sites

Data brokers collect public records, marketing data, and social profiles. Many let you search for free and show a preview. Make a list of any site that has a profile on you. Most offer an opt-out process; some require identity verification. Document each request in a spreadsheet.

Step 3: Review social media

Log into each platform you use and review:

  • Privacy settings
  • Public posts, photos, and comments
  • Profile metadata (location, employer, birthday)
  • Tagged photos and mentions
  • Old accounts you no longer use

Step 4: Inspect images for metadata

Photos can contain EXIF data: GPS coordinates, camera model, timestamp, and more. Before uploading images anywhere, strip metadata. On Linux or macOS:

exiftool -all= image.jpg

On Windows, PowerShell can remove basic properties, or you can use a dedicated EXIF removal tool.

Step 5: Look at the edges

Check:

  • Public records (property, business registrations, court records)
  • Archive.org snapshots of old websites
  • Git commits that may expose email addresses
  • Forum posts from years ago
  • Breach databases (use Have I Been Pwned to check your emails)

What to do with the results

Not every piece of information needs to be removed. The goal is awareness and control. Prioritize:

  1. Items that could be used to answer security questions
  2. Current location or schedule information
  3. Contact details you no longer want public
  4. Content tied to your professional reputation

OPSEC note: If you find sensitive information hosted by a third party, removal requests are usually your first step. For serious cases involving doxxing or threats, document everything and contact the platform or relevant authorities.

Repeat regularly

A footprint inventory is not one-and-done. Set a reminder to repeat it every six months. The internet changes constantly, and new data appears as quickly as old data is removed.