How to reel in, keep track of, and hide your footprint online. From tweeting and ads to IRC and Google.

There is a summary at the end of this post for anyone who struggles with the full text, although on this one I’m not sure it will be of much use.

Note: Knowing absolutely nothing about Apple products, I have omitted them from this post. Other than strictly online stuff, you’re on your own.

After a conversation with Jules Clarke on twitter over the measures that I have employed to protect personal data, control my digital footprint, and generally be more secure online, it came to my attention that a couple of the things I do are not especially common or at least aren’t something your average user considers.

After a recent resurfacing of a stalker who is mostly interested in digging up my personal history (thankfully it’s that rather than wishing to cause physical harm), I’d like to share just a few of the basic things that I have used to help limit my own spread of data around the web and prevent anyone from being able to explore my life through any trails I’ve left.

This is not a comprehensive list and some of the suggestions are simply about making you more secure than your average user rather than completely locking everything down so no one can ever find you.

I’ve attempted to format it in a way that you can jump to your area of interest, especially given that I have managed to make it so bloated with my chatty style of writing. My apologies for that! Regardless of the enormous amount of text, I do hope it can help some of you perhaps pick up some things you previously weren’t aware of.

I do kindly ask that people do not message me on twitter or elsewhere with their take on online privacy. I do understand this is something you may have an interest in, and you may disagree if your approach to these things differs, but as with anything in technology it tends to lead to a barrage of information or lecturing on things I already know.

If you have anything you wish to add to this list, however, you are welcome to add it in the comments below and if I feel like discussing it I will.

1) Use the Ghostery app/browser plugin. This prevents trackers on websites right down to Google analytics. You have the option to completely block all trackers on all sites, pause tracking if you wish for it to be temporarily disabled, or selectively choose which ones you wish to have blocked. You can find it on their website here

2) Use a VPN. I use a private one which is run by a friend on a home connection but there are a number of companies who offer them. Hide My Ass and AceVPN (this one I used and have reservations about), last I checked, have privacy policies which expressly state they do not collect and sell on your private data. There are a lot of VPN providers out there, but be sure to check their privacy policy to see what they do with your data. Some are also a rip off, only allowing you a certain amount of data with a premium cost so be sure to check data limits too.

What a VPN does is mask your IP address. Every website you visit, every service you use online, you give away your IP address which is a unique identifier. It can also be used to narrow down your location to a certain country and with some ISPs, the area in which you live.

By using a VPN, you connect to the IP address of a server designed expressly for the purpose of hiding your own. Your web browsing continues as normal without interruption, but instead of giving away your IP, you give away that of the server you’ve chosen. This means that if someone sets up a malicious website intended to get your IP address, they’re unable to. If you use Internet Relay Chat (IRC) – a place where things such as Distributed Denial of Service attacks aren’t uncommon at all if you piss someone off – it can prevent your internet connection from being clogged up with enormous amounts of data sent to your IP to take you offline. This is especially a problem if you have data limits or are on an IP address you cannot change.

You can still get viruses and malware as everything you do is still directed to your own computer so be aware of that.

For IRC you can also purchase products such a bouncer (BNC) which does the same thing, only expressly for IRC.

3) Keep an inventory. I have a spreadsheet that’s kept on a USB stick encrypted with PGP that contains the name of every website I have ever opened an account with as well as the usernames (note: not the passwords or security questions), email addresses and phone numbers that have been associated with the account (including what the back up address is). I also keep track of all my email addresses as well as any account that I have since closed, and how it was closed.

For example, recently I went through the list and closed around 60 accounts. Some of these accounts could, according to the companies, not be closed in a way that involves full deletion (this is bullshit but whether you start quoting the data protection act at them depends on your patience because fucking hell they run around in circles sometimes). If a lack of deletion is an issue, mark it down. I leave a note saying that I have removed all personal/identifying information I can from the account and deactivated it, or that I have hidden all of the contents but not closed it as I don’t wish to lose it.

I’ve put together a template inventory, 2 pages long. It contains example accounts, both email and websites, and column suggestions for each.

inventory template

Example of an inventory of online accounts

4) Use a password management system. While it can be argued there’s a risk keeping everything in the same place, services handling such sensitive data pile large amounts of money into securing it. There are a few of these around such as Dashlane, LastPass, Roboform and others. Many password managers charge for some services, but there are some out there that are reasonably priced and easy to use.

They will keep track of passwords for you which makes it easier for you to use insanely complicated passwords. They tend to have a secure password generator built in, generating such things as lH^e63nm9CpfjADA@)*&J* (though you can remove special chars). You simply install the app or browser add-on, create and account and start saving.

With a password manager, you can use your account across any number of computers without having to remember details. Needless to say, you should keep the login information very private and use a good password for it. A full sentence is usually a good one, for example.

5) Email management. For any sensitive data you may get over email, use IMAP (is POP3 still a thing?) and ensure SSL is enabled. They’re options that every email provider should be able to support and, if they don’t, you should consider not using them.

If you are particularly concerned about the safety of something you are sending and the person on the other end is willing to take part in the handshake, use encryption methods such as PGP. There’s a few options you can find on Google along with how to use it.

If you have a custom email address on your own domain (or someone else’s), it’s worth looking into just how secure it is. Over the years I have seen some terrible shoddy practices from domain providers where breaches of customer has been a problem. A way that a lot of the risk can be taken away in this is by using something like Mozilla Thunderbird or Microsoft Outlook (ew). Set your email up so that once it has downloaded to your device it’s deleted from the server. Responsibility for backing up and storing your emails is placed squarely on your own shoulders so any loss of data is on you.

6) Use a good firewall. At the very least, use firewall. Any at all. You may find your router already has one, it’s worth logging in to it and looking under the ‘Security’ tab if it has one. Check the settings are allowing outgoing data while blocking incoming. You should also be able to set up blocked websites (bye-bye Daily Mail, if only I barely knew thee) and any particular rules for certain addresses and IPs.

If you’d prefer to use a software one for any reason, be it Microsoft’s inbuilt one if you’re using windows or some third party software, I’m afraid I have no recommendations now that Deerfield’s VisNetic has gone. Frankly that was a masterpiece of a firewall but sadly even the archive is now gone.

For years now I’ve been using a Firebox (a ridiculously over the top bit of kit for a home user). There are, however, an awful lot of reviews out there that can give you an idea of what’s available, both ones with fees and free. I would offer to rule a few out but given I’ve not used them for some time, they may well have changed. Beware of anything too bloated. It shouldn’t make your computer act like a kitten attempting to drag a row of terraced houses up a hill.

7) Use an anti-virus program. AVG and avast! are, for the most part, alright for home users if you don’t want to deal with fees. For complete coverage Kaspersky and BitDefender are probably the ones I would recommend if cost isn’t an issue, although I’m sure others would disagree with me as tends to be the case with anything. Symantec’s and McAfee’s products are ones I wish had a physical manifestation so I could throw them off a cliff, pick them up, and then throw them under an articulated lorry. That’s something I know I’m not alone in. They are the bane of many an IT professional’s lives.

Trend Micro also have some pretty good products that are worth checking out. HijackThis is a neat little tool that I used regularly used before the switch to GNU. It scans everything from start up applications to browser add-ons and, if there’s anything suss your antivirus may not pick up as it’s not technically a threat, HijackThis will. It can take some time if you’re unsure of what each thing in the list is, but Google is your friend for that. If you’re a techie it’d be no problem.

Malware Bytes is also reasonably good and I know a couple of IT management companies that use it when viruses become a problem on individual computers.

If you’re on any Linux/GNU system I probably don’t have to recommend anything at all, you’re likely on top of it, but look at clam av etc etc.

8) Restrict information. Use, say, the birthday of your mother when you open accounts rather than your own, your favourite musician’s last name instead of that of your Mother or Grandmother, and the name of the nearest major hospital instead of the one where you were born (or the next nearest if you were born local to where you are). While I wouldn’t really recommend writing down security information, you can keep track of what details you are using by writing things like “Mum’s <month>”, “<name of hospital” and so on. It would tip you off if you struggle to remember.

I know this seems ridiculous, but there are a lot of ‘phishing’ games that go around which ask you to use your Mother’s maiden name for this, your pet’s name for that. A good example is the ‘find your porn name using x’. It leads you to give up information which makes up a lot of security questions, and if you answer a few it’s possible some of the services you use could be compromised.

9) Social media. This is a long one given the enormous part it plays in our lives and some recent (and distant) experiences so please bear with me.

This is technically something that falls under the last point; restrict your data. As anyone following my new Twitter account will know and as I mentioned at the top of this post, I have a stalker. To illustrate the lengths that some people will go i’ll explain what it is he has done and the measures I can take to restrict his access. Much like the odd troll on there, he sets up scripts to search through account archives where possible as well as trying to break into accounts when he finds them. Being lax on both data and passwords, I had left myself very open to him and I was very lucky to notice his return so I could begin to fix my mistakes.

I had a lot of tweets on my old account which makes for a goldmine of information. It gives away details of every part of my life if pieced together, and with the right phrasing and buzzwords it could mean he finds some very painful information to confront and mock me with.

While it is easy to say ‘just delete your old tweets’, to do so can actually be a lot harder than you would expect. Twitter’s API only allows for the deletion of the first 3200 tweets through apps, and while tools like Twitter Archive Eraser are capable of going over it again and again, it can take a hell of a lot of time. It’s probably obvious and as I’ve explained, this is why I deleted my old account.

What I’ve done on my new account is set up Tweet Delete. It’s an application which automatically deletes your tweets after a set amount of time, meaning your archive never becomes that kind of mine of everything you share of your life.

On Facebook you’re a little more stuck as it’s up to your friends how information you share with them (i.e. tags, comments on their posts) is managed. If you put a comment on a public post, there is no way that you can limit it. You also need to be careful of the information apps you use collect on you; rarely are these things truly free. There is a pay off.

You can, however, limit a lot of other things. Who is able to add you as a friend can be changed to friends of friends if your social circle is not particularly wide and unrelated. If you go through the account settings you can also restrict how you are found; make it that no one can find you via your email address or phone number. If you go into your ‘about’ tab you can also restrict that information so others aren’t capable of seeing it, including things like your birthday, website, and other things you may have put on there. So that you don’t end up with your friends list showing to all and sundry you can open the ‘friends’ tab, click the ‘manage’ (little pencil in the top corner of the list) button and change the privacy.

One of your biggest friends on Facebook is easily the ‘Limit the audience of past posts’. Anything that was previously public or shared with friends of friends is automatically reeled in so that no one outside of your friend’s list can see it. This is right down to being unable to see the full image or comments on your public profile photo. It does not affect posts you have kept to yourself or limited to a custom audience. You can also set it up to stop automatic tags, both on other’s posts and on yours. It gives you the option to make it that you can review all tags before they’re applied, so you can be kept out of other’s posts or prevent friends from letting strangers see your content.

Facebook keeps things such as things or people you have searched for, and while packed with so much stuff it’s a little confusing, the Facebook activity log holds the answer. Go to ‘View Activity Log’ on the top of your profile, and click ‘More’ underneath Photos, Likes, and Comments. Towards the bottom of the list you will see ‘Search’. At the top of the page is the option to clear it. You can’t turn logging of search off, but it’s something (I’ve included an image as I know some have struggled to find it before.)

Where to find the search history on Facebook

Screenshot of where to find the search history on Facebook

The activity log is generally handy to filter out and figure out what you’re shared in the past, making it easier to delete where you feel it necessary. Of course, if they’re things you want to keep and otherwise don’t have copies of, you can download your Facebook archive.

A lot of social media and other accounts do also allow you to be notified every time someone logs in, the IP address that they use, and their location. If you are worried someone may be accessing your account this is definitely worth employing in the arsenal of things you can use.

Though for a lot of people it’s certainly over the top, going over posts every few weeks to delete ones over a certain age can stop it from becoming an overwhelming task later on.

10\ Make sure you have a back up for account access. Although this wouldn’t be necessary if you keep an inventory and use a password manager, it’s not uncommon to abandon email addresses that are associated with any number of accounts. Over time passwords and security questions are forgotten and, if that email address is among them, it can leave you completely locked out of any number of accounts, unable to do anything about it. You can stop this from happening with a second email address and phone number.

Most email accounts, and sometimes others such as social media accounts, now ask that you put a phone number of secondary email address in your settings so that if you’re locked out it can be used to verify who you are and give you back your access.

As with other things, it’ worth checking the privacy policy of websites you’re not especially sure of before this information is handed over. Some rather less than secure companies will readily admit they sell on your information to third parties who may use it to send you spam. Online pharmacies and a whole shitload of ebay sellers are terrible for this.

Online pharmacies are relevant as recently one or two got in trouble for their handling of NHS prescription data (presumably in raw format, mind), although in fairness, anonymised data is also handled badly by the NHS under their scheme. You can learn how to opt out of that here but it’s obviously a whole other barrel of ferrets.

11) Two-step verification. This is another obvious one, I know, but also a very, very handy one providing you’re able to get a mobile phone signal or access your email account. You enter your password, and the service will send a code which you have to enter before you are given access. Not all services allow for this to be done through email, a mobile phone number may be required.

If you live out in the Styx, as mentioned, getting a signal can be impossible which can make it difficult to impossible for some services.

12) Clear you browser on closing. Go to the settings in your browser and search for the options to clear your history. Somewhere there should be the option to delete your history every time you close the browser.

13) Clear and turn off your browser history in Google. This is quite simple but an option that a lot of people are completely unaware of. In fact, a lot of people have no idea that their Google account even keeps their search history, which can make things just a little bit awkward if somehow someone gets ahold of it given the kind of things we all search for. I imagine a lot of people would be confused if they found I was looking up eating nasal mucus for sexual gratification and shitting dicknipples (I don’t recommend that one). Don’t worry though, there is a way you can stop this being an issue and Google has a nice little run through of how here. 

14) Do not click any links you do not recognise. Again, this does seem obvious, but with the way we share links around now you can end up accidentally having a problem from clicking something from a person you trust.

This goes for shortened links, unfamiliar and suss looking domains, too. If the link is from someone you know and it looks legitimate but you’re unsure, search google for it. It can give you some idea of what it is you’re going to be looking at and any virus checkers on your browser should alert you to issues.

A lot of link compilers that are used on Twitter to collect the day’s news stories a person has looked at (and then shared via that same system) include malware. While I’ve managed to offend a person by refusing to look at one before because of this, it can even cause problems right down to an influx of spam accounts as clicking has alerted them to your presence. It’s better someone’s annoyed you won’t look at something than deal with that.

When receiving emails, even if it looks like it’s perfectly legitimate and from a company you recognise and not caught by a spam filter, it’s better not to click any links but instead go to the website in question manually to do it. Some look quite sophisticated and mask what they are well. It’s better to be safe than potentially hand your IP, password, and other information over to someone with malicious intent.

Summary: Unfortunately I am unable to walk you through the steps in so few words, but I’ve made it so that hopefully you can get the gist if you look over the bold areas of the post and explore the ones that interest you. From two-step verification to keeping an inventory of accounts, they’s just some largely basic things that can help keep you a lot more secure than your average home user and generally keep you more in control of your footprint.

Edit: Some things I have not mentioned here that are useful.

  • TRUSTe’s opt-out removes you from many major targeted advertisers (the notifications for their website is hilarious in Ghostery).
  • Ad-Aware by lavasoft which blocks pop-ups (which your browser should anyway) and the majority of adverts across all website, they also do all sorts of other security products.
  • Duckduckgo, a search engine that has privacy in mind, for example they don’t track you the way that Google do. I personally don’t find it to be as good as google and it can be glitchy as hell. I find most home users won’t go near it with a barge pole but it depends how far you wish to go. As long as you turn Google’s tracking and history collection of, I find mind people carry on using it.

The internet as a lifeline.

A friend and I have recently been discussing the importance of the internet in our lives growing up. We are both physically disabled and suffer from mental health problems, our lives and ability to socialise face-to-face have been severely affected as a result. Both of us have been housebound from time to time, unable to leave due to our afflictions. It got me thinking about just how important the web is for many in our situations, and the lifeline it can offer.

I missed out on the social experiences of school; I didn’t go round friends houses, I didn’t have the opportunity to rebel against teachers, I didn’t sit and chat with my peers in the cafeteria at lunch. In a way I was completely isolated from an entire section of my life, or at least a section that everyone else seemed to have had. Even the structure and routine in school baffles me, I’m not sure I’d ever be able to work in that environment, concentrate on work in the way you’re taught to as an adolescent.

The web has been a blessing , it’s allowed me to move and socialise beyond my homes without having to go anywhere, speak to anyone, and suffer any anxiety or physical hardship that comes with going out. It’s a side of the web that is often overlooked.

Firstly, you come in as an equal online. You can explore, you can speak to people, you’re just like everyone else. It doesn’t matter if you’re unable to walk, it doesn’t matter if you twitch from time to time, if you’re crying for no reason or can’t move for pain. You don’t get funny looks for having an obvious ailment or for being in a wheelchair. You don’t have people staring to try and spot what’s wrong with you if it’s not somthing obvious. You are just like everyone else.

You obviously have the option to bring up your disability if you wish, but with your online self it’s only there if you choose to inform people about it. If you’re anxious about sharing that particular part of you, you simply have to omit it. It’s not always an obstacle like it can be away from the screen. For so many of us, our disability can be seen and eventually human curiosity takes over leading to probing questions that we would prefer not to answer, I completely understand why some choose not to disclose it on here for this reason. Even if it does come up most people will tend to overlook it, whereas it becomes a topic of conversation nearly every time when you meet new people at say, the local cafe.

You can join clubs, forums, and communities of individuals who are also going through the same struggles and understand you situation, find people you can be open with, joke with, get frustrated with, without going through the anxieties you may do within a wider social group. You can have a conversation without finding yourself squirming with self-consciousness, anxiety, and embarrassment, as a lot of the time I find myself doing, or trying very hard not to do.

“I couldn’t leave the house much when I was younger. If I did I always had to be supervised by my Father who was my full time carer back then. When you are stuck at home all the time you don’t get the playful chatting, sharing of secrets or arguing with friends that you might do if you weren’t sick. I used to get funny looks from other kids my age, people wanted to know what was wrong, some were frightened and a lot just thought I was weird.”

Platforms like social networks, IRC and forums can be an amazing substitute for this if you feel like you’re missing out as you’re growing up, or even as an adult. You can find support groups where you can discuss the issues that are appearing in your life, you can have conversations with people you may be unable to interact with otherwise. You can make friends and even have that playful conversation with quips, sarcasm and jokes, just as you would offline. You can become a part of a community even if you’re unable to leave home.

“IRC was awesome as a kid. My Uncle put it on my computer and told me to just start talking to people. I went on and just started chatting to whole groups of people all over the world. Chatting about things like films and music, I learned about bollywood and religion, laughing at jokes, making fun of people when they do stupid things like you see friends doing all the time. I could be the person I felt like I was instead of ‘that kid in the wheelchair’. I made a lot of good friends who I still talk to on places like facebook and I have met a lot of them in real life too. I know what is happening in their lives and their personalities and they know mine. I have got a lot of benefit from having the relationships with them. I don’t feel like I have missed out as much as I would have without it”.

This is something I can’t agree with more. Without the web growing up I would have had very little interaction with the outside world, an incredibly narrow view of what it’s really like out there. The only people I really had the chance to converse and spend time with were my immediate family and a close family friend. You can only learn so much, in general and about how to communicate, if you only have a very small group of individuals to pick things up from.

There’s also so much I simply wouldn’t know as I used the web to research subjects which took my interest in order to fill my time, as well as the gaps in my education. At the age of 11 I was withdrawn from school for a year after a disagreement with the school leaving me excluded, Upon returning the next year, back in year 7, I was unable to attend after half a term (I think) as I simply couldn’t manage it anymore. I was given home tuition for an hour a day in order to work towards GCSEs inmathematics, English, science, art, and history, but there were still a number of times I was unable to take part in those lessons due to having bad days.

I commend my tutor for what she tried to teach me in the time allotted, and particularly for nurturing my fascination with modern history which I have since explored in depth, but sadly it did leave a lot of gaps. It’s hard to get a comprehensive education in so little time. I would spend a lot of time in front of a computer, researching bits and pieces of subjects on my own and finding my interests. This wasn’t structured, structure is something I’ve always struggled with as it’s not something I’ve experienced much with learning. It’s led to frequent subject hopping and interesting changing, too. With so much information available and so much I wanted to learn, the more I looked different subjects, one after another. Combined with that lack of structure, it’s made it very hard to pin down any interest in particular that I want to stick with. It may have brought these difficulties but it has provided me with an education in a wide range of subject that I would likely not have otherwise.

At the age of 15 my home tuition ceased as I was moved out of the area, from the South East to the West Country. The politics surrounding home tuition are immensely difficult and I made the decision not to fight, at the time not understanding the importance of qualifications or structured learning. I continued to move through the web, I learned about IT, pharmacology, history – just about everything that took my interest. Back then there was no Wikipedia and news sites were rather sparce compared to now, but you could always find some articles to read eventually or someone to talk to who’s well versed in the subject. I’ve many people to thank for talking to me and allowing me to pick their brains for a few hours at a time. I largely have chat networks like IRC to thank for my English skills, having spent so much time conversing with people, picking up on spelling, grammar, and context.

To many I’ve spoken to about this, the idea of “growing up online” and not really having much face-to-face contact with other individuals. The average person I talk to about it seems to think it’s a terrifying thought. For me and others in similar situations it’s exactly what’s happened. To me it feels quite normal, my life is still playing out online in a way because ultimately it’s what I know. I also realise that, no matter how strange or ‘terrifying’ the notion is, the alternative is worse.

Imagine being 14 years old again. You cannot go to school, you can barely move around the house, social experiences like sports are automatically counted out. After a while anxiety can take over. If you haven’t really socialised in a long time or travelled anywhere, the idea of suddenly doing that can be nauseating – I still struggle with it a great deal today and I’m sure many who are reading this can relate. Although the communication over the internet does provide some relief to issues like anxieties, with places like twitter being an amazing support system (as I’ve learned lately), it doesn’t overcome many of the emotional issues that can arise off-screen. So how bad could it be without the web?

Now imagine being in the above situation and having no one to talk to, no support group outside of family, no communication, little idea of what’s going on outside the abode you’re sat in. By not going to school you have lost your main arena for social contact as a child. Aside from a place of learning, it’s a place where most people grow as a person, where you learn a lot about discipline, about the world around you. It’s where you find a lot about your identity; you figure out what your opinions are and begin to find your place in that world. You can get some semblance of all of this by interacting online, imagine what it must be like without it.

For those who could have gone through that hypothetical situation, who could have been unable to really participate fully in the society surrounding them, I can’t find the words to tell you just how important the web can be but I do hope this gives you some idea.

Reworked/reworded from something I wrote on this a while ago.