中文 | বাংলা | العربية | Français | Русский
Photo: Pixabay
Editor’s Note: If you’re like most people, there are bits of information about you scattered around the internet. These breadcrumbs can be used to “dox” journalists — that’s when malicious actors track down and share private information, including phone numbers and home addresses. At the recent NICAR 2019 conference, New York Times security experts Kristen Kozinski and Neena Kapur shared the following tip sheet outlining how to dox yourself and safeguard your information before someone else can make trouble for you.
Search Engines
Google and Bing Search Operators
| Operator: | What it searches: | Example: |
|---|---|---|
| Site | Provides results of pages located on a specific domain. | site:facebook.com |
| AND/OR | Use the AND operator to return results containing two results. Use the OR operator to return results that contain one result or the other result. | “John Smith” AND (Portland OR Salem) |
| Asterisk | Google treats the asterisk as a placeholder for a word or words in a search string. | “John * Smith” |
| Hyphen | This operator allows you to exclude the text immediately following it. | “JohnSmith” -site:personalwebsite.com |
| Filetype | Filter search results by a single file type extension. Common File Types: ●DOC/DOCX ●XLS/XLXS ●PPT/PPTX ●TXT ●JPG/JPEG/PNG (image files) | filetype:xls intext:youremail@gmail.com |
Bing Search Operators
| Operator: | What it searches: | Example: |
|---|---|---|
| LinkFromDomain | Creates results that link to every website within a website. | LinkFromDomain:website.com |
| Contains | Allows you to filter search results by a single file type extension on a specific website. | Contains:csv site:website.com |
Google Alerts
Once you’re signed in to your Google account, you can set up Google Alerts here.
Tip: We recommend you use Google alerts with your personal Gmail account. This way, if you leave your company you still have the alerts.
Tip: Please note that any alerts you set up are saved in your Google account — while we recommend setting up alerts for information such as your phone number or physical address, we do not recommend setting up alerts for particularly sensitive information, such as your Social Security number.
Public Record/People Aggregator
There are hundreds of people aggregator sites out there — many large sites “feed” smaller sites, making them a good starting point for significantly decreasing your online footprint. Below is a short list of sites that we recommend starting with. (Note that these sites tend to apply to people who are currently US-based or have previously lived in the United States.) Once you’ve tackled those sites, within a few weeks, the amount of your personal data across people aggregator sites will significantly decrease.
See if you can find profiles of yourself on these sites and consider taking steps to opt out. Please note that some of these sites will request you provide some personal data to opt out, such as an email address, phone number and address. Here are some tips for this:
● Create a separate, “burner” email address to use for opting out. If you already have one, just use that.
● Set up a virtual phone number, like Google Voice or Sudo.
● Only provide sites with data they already have about you. If you see that they have an old home address, do not provide them with a current address, just provide them with the address they already have listed for verification.
● Don’t EVER provide a copy of any documents, such as driver’s license or passport.
| Site name: | Website: | Opt-out link: | Notes: |
|---|---|---|---|
| CheckThem | https://checkthem.com | https://www.checkthem.com/optout/ | |
| Radaris | https://radaris.com | https://www.safeshepherd.com/handbook/radaris.com | You are required to create an account when removing data. |
| Intelius | https://www.intelius.com | https://www.intelius.com/optout | |
| Fast People Search | https://www.fastpeoplesearch.com | https://www.fastpeoplesearch.com/removal | |
| White Pages | https://whitepages.com | https://www.wikihow.com/Remove-Your-Listing-on-WhitePages | |
| Family Tree Now | https://www.familytreenow.com | https://www.familytreenow.com/optout | |
| Spokeo | https://www.spokeo.com | https://www.spokeo.com/optout | |
| Instant Checkmate | https://www.instantcheckmate.com | https://www.instantcheckmate.com/opt-out | |
| Peoplefinders | https://www.peoplefinders.com | https://www.peoplefinders.com/manage | |
| MyLife | https://mylife.com | https://www.privacyduck.com/mylife-com-opt-out-deletion-instructions-from-privacyduck/ | The instructions will say to send a copy of your driver’s license to remove your data —please do not do this! Instead state that you are concerned for your safety in the email. |
| Been Verified | https://www.beenverified.com | https://www.beenverified.com/f/optout/search | |
| People Search Now | https://www.peoplesearchnow.com | https://www.peoplesearchnow.com/opt-out | |
| TruthFinder | https://www.truthfinder.com | https://www.truthfinder.help/remove/ | |
| Advanced Background Check | https://www.advancedbackgroundchecks.com | https://www.advancedbackgroundchecks.com/removal |
If you’d like to go further, take a look at IntelTechniques’ complete list of people aggregator sites with associated opt-out steps — but please note that The New York Times has not fully vetted all of these sites.
Social Media
Identify your social media accounts.
● Enter your commonly used handles into NameCheckr to see where that handle is being used. This can help you discover old accounts you may have set up, as well as keep an eye for impersonation accounts.
● Set up two-factor authentication on your social media sites. Check out Two Factor Auth for instructions on how to set up two-factor authentication for popular websites. We recommend using an authenticator application (aka a mobile security app or software token) rather than SMS text messages as your second form of authentication. This is a more secure method and prevents from attacks such as SIM hijacking.
Tip: You must have a Facebook account and be logged in to search for other Facebook users. The tool below will not show any results if you are not logged in.
● Visit Intel Techniques, and click on the “Tools” menu item on the top. From there, click the “Facebook Profile” menu item on the left, and select “Facebook Tool” from the drop down menu.
-
- Enter a Facebook username into the first field that says “FB User Name” (it’s the small box ABOVE the bigger white box), and press “Go.” You can find your Facebook username by visiting your Facebook profile. It will show up in the URL after the “/”.
- Once the user number is generated, copy and paste that number into the “Facebook User Number” field and press “Go.” This will populate the additional fields with your user number.
- You must have a Facebook account to see what is publicly available. Remember, you can’t do this for your own account — find someone to help with that.
● Select the View As option on your Facebook profile to see what personal information on your Facebook profile a user who is not friends with you can see.
● Consider modifying your privacy settings:
-
- Hide your Friends list (Settings → Privacy)
- Set approval request on picture tagging (Settings → Timeline & Tagging)
- Remove option for search engines to link to your profile (Settings → Privacy)
● Turn on two-factor authentication.
● Enable alerts for unrecognized logins.
● Turn on two-factor authentication.
Twitter Search Operators
| from | Messages username is sending out | from:yourhandle |
| to | Messages being sent to username | From:yourhandle to:friendhandle |
| geocode | Tweets occurring within range of specific GPS coordinates | geocode:40.753830318,-73.9 87329384,1km "mcdonalds" |
| AND/OR | Use the AND operator to return results containing two results. Use the OR operator to return results that contain one result or the other result. | from:yourhandle OR from:friendshandle |
| since:YYYY-MM-DD until:YYYY-MM-DD | Tweets occurring within a specific date range | From:yourhandle since:2005-01-01 until:2005-01-31 |
The in-app search field only shows users and hashtags related to search terms. However, you can search Instagram by “Google Dorking”:
● Site:instagram.com “username”
● Site:instagram.com “username” -site:instagram.com/username”
Turn on two-factor authentication.
Google Dorking for Linkedin:
● Site:linkedin.com “Google”
● Site:linkedin.com “Software Developer at Google”
LinkedIn Privacy Settings:
● To limit and protect your information navigate to: Me → Settings & Privacy → Privacy
● Turn on two-factor authentication.
Additional Resources
Check to see if your email or username has been associated with a data breach at haveibeenpwned.com.
To search the Internet Archive for personal information, use the Way Back Machine.
This tip sheet was originally shared as a handout at NICAR 2019 and is reproduced here with the authors’ permission.
Kristen Kozinski is an information security trainer at The New York Times. She is the founder of Don’t Click on That, a business that teaches small companies how to secure and protect their information online. She has also worked at Mailchimp as an application security engineer.
Neena Kapur is a senior information security analyst at The New York Times. She previously worked as a cyber threat intelligence analyst at Booz Allen Hamilton, where she developed deep and dark web reporting capabilities as well as cybercriminal tracking processes.
