How to keep your personal information safe from creeps on the internet

December 6, 2018

Horrific events such as the shooting at the Capital Gazette and the pipe bomb sent to CNN’s New York offices show that it’s important for newsrooms to take security seriously.

But tinted windows and locked doors only protect journalists when they’re in the newsroom. Outside of our offices, we’re on our own.

One of the best things we can do to protect ourselves is to protect our personal information. With the proliferation of websites that share addresses, phone numbers and more, that’s not as easy as it once was.

Here are seven sites and sources to address to keep your personal information personal.

Whitepages

I’ll bet a good chunk of you didn’t know Whitepages was still around. Some aren’t old enough to remember the thud of the phone book as it hit your porch, and tripping over it for weeks until someone finally picked it up.

Either way, know that the Whitepages are available online, for free, and that your address and possibly even your phone number are available to the public within a few keystrokes.

Results include phone numbers, addresses (including a map), previous locations and family and relatives. Pro users can access more extensive information, including cell numbers, aliases and age. Users can also register for free to get an alert when any of this information changes.

Whitepages doesn’t make it easy to find out how to opt out. Here’s how.

  1. Search for your Whitepages page. You’ll need to enter your first and last names and, if your name is common, a location.
  2. Click “view details” on your listing. You may have more than one listing. Start with the one that has more information.
  3. Copy the URL of the listing you’d like the move. The URL should include some variation of your name, location and a some random characters.
  4. Open the opt-out page. Paste the URL into the form and follow the steps. They’ll ask you why you want the listing to be removed and to click to checkbox to confirm that the listing is you.
  5. Supply a phone number and answer the automated call from Whitepages. I couldn’t seem to get the call through on my cell (probably because I’m signed up for T-Mobile’s call protection), so I had to use my work phone.
  6. Enter the number Whitepages provided when you gave them your phone number.
  7. That’s it! Whitepages says it takes up to 24 hours for a listing to be removed.

whitepages screenshot

Pipl

Most of these tools are useful in the hands of professionals but harmful when used by actors of malicious intent. I’ve used Pipl for both.

The site offers a name, username, email or phone lookup. Type one in and Pipl often offers a trove of data, including the person’s job, education, known usernames, phone numbers, locations and family members. It also surfaces links to social media profiles and other associated sites.


RELATED ARTICLE: Two solutions for creating safe and unforgettable passwords (and preventing nuclear scares)


Pipl uses a “deep search robot” to gather its information and doesn’t offer a one-click removal from its site. It does, however, include instructions on how to remove individual pieces of information.

You essentially have to look at the source sites and individually remove information from them or make them private. It’s tedious, but Pipl is a helpful way to source all of those pages so you don’t have to look them up individually through a search engine.

    Pipl screenshot

    Spokeo

    Spokeo is similar to Pipl, but offers less information for free. Search by name, phone number, email address or actual address and Spokeo displays some information — aliases (no, “Ren” isn’t short for anything), age, relatives and locations — for free.

    Paying users can access much more information, including contact information, social media profiles, family information and even court records (with an additional fee).

    Spokeo collects information from third-party sources but, unlike Pipl, allows users to remove their listings. Here’s how.

    1. Search for your listing. Spokeo only asks for a first and last name, so you may have to poke around a bit if you’re one of the world’s many John Smiths.
    2. Copy the URL from your listing page.
    3. Visit the opt out page and paste the URL into the opt-out section. You’ll also need to apply an email address for confirmation.
    4. Click the link in the email to remove your listing. Spokeo says it can take two to three days for updates to be reflected. The site also recommends checking in periodically, because its crawler will eventually gather new information.  

    Spokeo screenshot

    Stalkscan

    Facebook’s privacy settings have been simplified a lot over the years. Maybe too much.

    Where Facebook’s privacy options once felt like controls in the cockpit of an F-15, they now feel more like plastic play tools for kids — you’re going through the motions but not sure you’re actually doing anything. (Especially after the ability to see your profile as a different user was disabled in the wake of a hack that exposed 50 million accounts.)


    RELATED ARTICLE: How to protect yourself as the battle for responsible technology wages


    A tool called Stalkscan confirms that there’s a lot more information publicly available about you than you might realize.

    Copy and paste your Facebook profile’s URL into the tool to see all of the information available to users who aren’t your friends. Once you find it, you can untag yourself or change the individual privacy settings for the post or piece of information.

    I recommend starting with “Pictures” under the “Profile” section and systematically running through each option until everything you want private is private.

    Or you can just deactivate or delete your Facebook account, neither of which are as difficult as they used to be.

    Stalkscan screenshot

    TweetDelete

    Snapchat and Instagram Stories are popular because they’re ephemeral — send them out, let people enjoy them and then watch as they disappear in a day or so. Rather than wait for amateur internet investigators to surface some old out-of-context tweet to get you fired, why not make Twitter ephemeral, too?

    A tool called TweetDelete can automatically delete old tweets after a certain time — anywhere from one week to a year — or delete all of your tweets wholesale.

    Why would you want to delete your tweets? Because they say a lot about you.

    To see what I mean, check out Luca Hammer’s Account Analysis. Searching for my Twitter handle (@itsren) shows you that I tweet mostly between 9 am. And 5 p.m. on weekdays, that I share links to Poynter and The New York Times most often, and that I’m most often chatting with my colleagues. Not very interesting, but imagine if I was a politician or part of a bot network.

    TweetDelete screenshot

    Your website

    If you own a website or two (or couple dozen, in my case), it’s worth periodically checking in on your DNS records.

    When you register a domain name, the WhoIs protocol makes that information publicly available. The information includes the registrant’s name, address, phone number and email address.


    RELATED ARTICLE: It’s time for newsrooms to reevaluate their security measures


    Though this information is required, many URL registrars and site hosts offer some type of privacy protection for an added cost. Plenty of them offer the first year for free. Keep an eye on your domain names to make sure this protection doesn’t expire and that you’re not inadvertently sharing information that you don’t want public.

    whois screenshot

    Your résumé

    Lastly, don’t overlook the details if you’re trying to protect your privacy. A few years ago, I built a minimalistic new portfolio website, scrubbed my information from the DNS records (it has since returned) and … promptly uploaded my resume with my home address and cellphone number to the internet.

    Between careless user error, database hacks and public records, there are plenty of ways that your private information can find itself online. If you want to monitor it closely, set up a Google Alert (free) for your name or address or, if you’re really serious, sign up for a paid service like WebWatcher (which you can get for free if you were part of the Marriott data breach).

    We have a long way to go when it comes to our physical security, but we are nowhere near prepared when it comes to our digital security. Start working on the latter right now.