OSINT
Inventory your own digital footprint in an afternoon
A repeatable, privacy-safe workflow for finding what the internet knows about you — and deciding what to do about it.
Your digital footprint is the trail of information you leave online. Some of it you control; some of it you do not. This walkthrough gives you a practical way to map it in a single afternoon.
Before you start
Use a separate browser profile or virtual machine for this work. That prevents your everyday searches from influencing results and reduces the chance you accidentally reveal your own identity while looking.
Step 1: Search your identifiers
Start with the obvious terms:
- Your full name in quotes
- Usernames you have used across platforms
- Email addresses and old email addresses
- Phone numbers
- Your current and past home addresses
Use multiple search engines. Each indexes different content, and results can vary significantly.
Step 2: Check data-broker sites
Data brokers collect public records, marketing data, and social profiles. Many let you search for free and show a preview. Make a list of any site that has a profile on you. Most offer an opt-out process; some require identity verification. Document each request in a spreadsheet.
Step 3: Review social media
Log into each platform you use and review:
- Privacy settings
- Public posts, photos, and comments
- Profile metadata (location, employer, birthday)
- Tagged photos and mentions
- Old accounts you no longer use
Step 4: Inspect images for metadata
Photos can contain EXIF data: GPS coordinates, camera model, timestamp, and more. Before uploading images anywhere, strip metadata. On Linux or macOS:
exiftool -all= image.jpg
On Windows, PowerShell can remove basic properties, or you can use a dedicated EXIF removal tool.
Step 5: Look at the edges
Check:
- Public records (property, business registrations, court records)
- Archive.org snapshots of old websites
- Git commits that may expose email addresses
- Forum posts from years ago
- Breach databases (use Have I Been Pwned to check your emails)
What to do with the results
Not every piece of information needs to be removed. The goal is awareness and control. Prioritize:
- Items that could be used to answer security questions
- Current location or schedule information
- Contact details you no longer want public
- Content tied to your professional reputation
OPSEC note: If you find sensitive information hosted by a third party, removal requests are usually your first step. For serious cases involving doxxing or threats, document everything and contact the platform or relevant authorities.
Repeat regularly
A footprint inventory is not one-and-done. Set a reminder to repeat it every six months. The internet changes constantly, and new data appears as quickly as old data is removed.