Skip to main content

Digital Footprinting in Cybersecurity

The average amount of time spent online has skyrocketed since 2010. Americans spend an average of 23.6 hours a week online, according to USC Annenberg's Center for the Digital Future as of 2020. 20 years ago, that number was only 9.4 hours each week.

But what makes the fact that individuals today spend more time online so unique? Isn't it exactly what we should be doing in this day of free WiFi and fast broadband services? Internet browsing is fun, but whether we are aware of it or not, we are all leaving traces of ourselves everywhere we go.

Your online behavior leaves digital footprints that might be used for good or bad. Companies, for instance, can profit by marketing their services to customers. However, it can make consumers vulnerable to unwelcome advertising.

In this article, we will discuss the following topics related to digital footprinting in cyber security.

  • What is a digital footprint?

  • What are the different kinds of digital footprints?

  • What are the Digital footprint examples?

  • What are the actions that leave a digital footprint?

  • Why is mapping your digital footprint important?

  • What are the Benefits of a Digital Footprint?

  • What Are the Risks of Having a Digital Footprint?

  • How do you identify your digital footprint?

  • Who can see your digital footprint?

  • How long is your digital footprint visible for?

  • How Do I Protect My Digital Footprint?

  • How Do Organizations Protect Their Digital Footprints?

  • Can I Erase my Digital Footprint?

What is a Digital Footprint?

The digital footprint also known as a "digital fingerprint", "digital shadow", or "digital dossier", is the data you generate when using the Internet for any type of activity that is linked to your individual identity. Your entire online activity, both via and outside of your accounts, on devices that are connected to the Internet is included in your digital footprint.Your digital footprint includes each and every click you make, each website you visit, each social media post you make, each email you send, anything you share online, and any information about you that is put online by others. More generally, your digital footprint is influenced by the impression that your actions leave behind online.

Because of this, when you question what information people may find about you online, your first inclination could be to worry about your reputation. Your digital imprint is connected to your way of life, even if it is not a true reflection. It is normal to worry about how you come across because our reputation affects our social relationships, our standing in society, and our chances for professional advancement. No matter if they are private or public, organizations are subject to the same rules.

What are the Different Kinds of Digital Footprints?

Your digital footprint is divided into two main categories: passive and active. Additionally, controlling one of them gives you extra power.

  • Passive Digital Footprint: Your passive digital footprint on the Internet is created by everything you "touch". This is the information you mistakenly publish online (often referred to as metadata), and it consists of the following information:

    • IP address of the user (which also reveals your location)
    • Specifications of the gadget you're using (model, version, etc.)
    • Your online activity (your browsing history)
    • Actions you take on these websites (how many times you have visited, pages you spent the most time on, buttons and links you clicked)
    • What type of browser you're using and what version it is (also called a browser fingerprint)
    • Your search term requests
    • You've made purchases online, plus more.

    The fact that you are not purposefully leaving this data behind gives it a passive quality. It combines information about the programs you use and your internet activities. Even if you gave permission for your passive digital footprint to be generated, you have little influence over it (generally, each website or app has terms and conditions you have to agree to in order to use it). For instance, if a website gets information about your activities, they are free to utilize it in accordance with the terms of service you accepted. To automatically display website content in your language, they could utilize your IP address. Or they might target you with advertisements for the goods you looked at using the cookies on your web browser.

  • Active Digital Footprint: Your digital activity, or the information you choose to share over the Internet, is another source of data in addition to the data you generate passively. This produces your active digital footprint when combined with your digital identity.

    Every email you write, web form you complete, video you post, and social network connection you make increases the amount of personal information you knowingly disclose online. Over time, these active data traces accumulate and form a more complete picture of your identity, possessions, interests, history, lifestyle, and connections. The individuals in your life contribute to your digital shadow whether or not they have an active digital presence.

What is a Digital Footprint and Its Types

Figure 1. Digital Footprint and Its Types

It might be intimidating to realize how much information makes up your current digital footprint. When the EU General Data Protection Regulation granted people the right to view the data businesses had on them, a deluge of revelations hit the media. Many people found it hard to believe their whole online existence was being recorded in the form of messages, calls, searches, preferences, images, videos, and other facts. Their idea of being the data's exclusive proprietors was challenged by this fact.

Your passive and active digital footprints can be connected to one another, which happens regularly. As a result, your online identity has an impact on your daily life. The reverse of this is also true.

Passive Digital FootprintActive Digital Footprint
Tax recordsOnline comments
IP addressSocial media posts
Device informationLocation data
Favorite websitesChats ann text messages
Social security numberE-mails
Medical recordsShopping preferences
Browsing historyPhone calls

Table 1. Passive & Active Digital Footprints

Other sorts of digital footprints left by the following ways:

  • Sensor Data: Information obtained from cameras, microphones, and other types of sensors used in mobile devices, private homes, and public spaces.

  • User Input: Data resulting from user input, such as text messages transmitted from a mobile device, is referred to as user input.

  • Anonymous: Information that is created anonymously, such as remarks made under a pseudonym. Users can conceal their ID from services using technologies like VPN.

  • Personally Identifiable: Information about you that may be linked to your real name is personally identifiable.

What are the Digital Footprint Examples?

There are several ways that your digital footprint might increase. Your digital footprint could be made up of hundreds or even thousands of data fragments. Here are some illustrations of online behaviors that enlarge your digital footprint.

  • Data on online shopping

    • Making an internet purchase
    • Registering for coupons
    • Opening a user account at an online retailer
    • Shopping app downloads

  • Financial information

    • Using a mobile banking app
    • Purchase or sale of stocks
    • A new credit card is opened
    • Using payment applications like Apple Pay or Venmo

  • Data on social media

    • Utilizing a computer or mobile device to access social media
    • Using social network logins to access other websites
    • Using social media to send private messages
    • Posting images on social media
    • Leaving remarks on friends' social media postings
    • Registering with a dating site or app

  • Data on health and fitness

    • Using apps or fitness trackers
    • Accessing a health care website online
    • Setting up an email account with a gym
    • Online medical appointment scheduling

  • Reading and news data online

    • Purchasing a membership to an online news source
    • Article reading on a news app
    • Getting a newsletter subscription from a publication
    • Reposting content you've read

You can see that there are a plethora of online actions that might add to your digital footprint, therefore it's critical to realize that whatever you do or post online can be tracked.

What are the Actions that Leave a Digital Footprint?

Through our online actions, we leave a digital footprint that takes many different forms. However, a few of the worst offenders are:

  • Websites and online retail platforms: Most websites and e-commerce sites utilize cookies. These tools keep track of your online actions on the website and also log the websites you visit. These technologies gather data that help web marketers discover your preferences. Therefore, if Amazon suddenly promotes things you've just searched for on Google, simply know that it's your digital footprint at work.

  • Social media: The majority of users' internet time is spent on social networking networks. That implies that these websites make up a sizable portion of your digital footprint. This includes all of your tweets and retweets, private Facebook comments, likes, and videos, among other things. Your personal information is also part of your digital footprint on social networking sites. In other words, information that you voluntarily made public. As a result, you need to edit or keep an eye on what you post on social networks.

  • Smartphones and computers: Some websites do more than simply record your activity. The device you're using to access them is also identified by them. Although your account on these sites will be monitored as a security measure, this may also be used to gather data about your activities.

Why is Mapping Your Digital Footprint Important?

Digital footprints are important because of the following reasons:

  • They are comparatively permanent, and the owner has little control over how others may use the data once it is made public or even semi-public, as may be the case with Facebook postings.

  • A person's digital reputation, which is widely regarded as being just as significant as their offline reputation, may be determined by their digital footprint.

  • Before making recruiting decisions, employers might look into the digital traces of potential hires, notably on social media. Before enrolling a student, colleges and universities can look up their digital footprints.

  • Your online postings of words and images run the risk of being misunderstood or edited, which might lead to unintended offense.

  • A wider audience may see private group content, possibly compromising friendships and relationships.

  • Cybercriminals are able to take advantage of your digital footprint, exploiting it for things like phishing to get access to accounts or fabricating identities based on your data.

It is important to think about what your digital footprint says about you because of these factors. Many people make an effort to regulate their digital footprint by exercising caution when using the internet in order to limit the data that may be collected.

What are the Benefits of a Digital Footprint?

Digital footprints can relate to both individuals and companies or organizations. Digital footprints have both advantageous and disadvantageous effects, just like any online service. Below you can find some of the benefits of a digital footprint.

  • Digital footprints raise awareness of brands

  • Particularly on social media platforms, your digital presence forges and strengthens ties between you and other people.

  • By luring social media influencers and customers to your digital assets, such imprints may be financially beneficial.

  • Based on customer browsing patterns, retailers create personalized advertising materials, enhancing the return on advertising efforts.

What Are the Risks of Having a Digital Footprint?

Next to the benefits of having a digital footprint, it includes the following important risks:

  • Whether you like it or not, every online activity you take affects your digital footprint.

  • These traces might be used against you, especially by hackers who could use your personal data to steal your identity.

  • Confidential information may be unlocked by a data breach that takes place as a result of the exploitation of flaws in a financial or healthcare system, leaving consumers vulnerable to scams.

  • Digital footprints compromise your privacy because they make it simple for anybody to follow your online movements.

How Do You Identify Your Digital Footprint?

Here are some tips to search and find your digital footprint.

  1. Search engines are a good place to start: Numerous open-source intelligence websites advise you to enter your first and last names to start and see what results in you receive; we've all definitely done that. However, there are several search operators you can use to boost your Google game. A letter or string of characters known as an operator can be used in a search engine query to concentrate your search. For instance:

    • See if any email addresses associated with you can be found by searching for FirstName Lastname@.
    • Search for FirstName LastName filetype:doc (exactly as it appears, with no spaces)! to check if your name appears anywhere in any Word documents. Additionally, you might replace the file extension with another well-known file type like jpg, xls, pdf, etc.
    • Your name will appear everywhere in the search results if you enter intex:FirstName LastName. Be sure to compare your current name to any prior ones if you have changed your name in the past.

  2. Lookup a few particular websites: There are several websites devoted to compiling/aggregating all of the information about people that is readily available to the public. Check out what you can learn about yourself, for instance, at the next websites:

    • PeekYou.com
    • Familytreenow.com
    • Piple.com
    • Spokeo.com
    • Radaris.com

You could be surprised by the information that these websites compile in one location. You may find that there is quite a dossier about you, including information about your name, age, relatives, former residences, towns, and more.

The good news is that many of these sites DO allow you to opt-out if what you see worries you. To mention a few, Techlicious and Lifehacker both published articles with advice on how to unsubscribe from several of these websites. Although opting out won't get rid of the data, it will make it more difficult to find because it won't be collected in one location.

  1. Run a search for images: Don't forget to check what photos could appear in a search for certain photographs when you're using your preferred browser.

  2. Search on HaveIBeenPwned: Your login and password have been compromised if a Google search is performed, but HaveIBeenPawned can tell you for sure. It's regarded as a trustworthy location to check the security of your email accounts and is run by a cybersecurity specialist.

  3. Perform Google Privacy and Security Checks on your own: Google gives you some control over the data they save about you, including your voice and audio activity, contacts, location history, YouTube history, and more. To view your Privacy settings, go to your Google Account page. Run a Security Check-Up while you are there as well. You may find out from there which devices are authorized to access your account.

  4. Look at your social media: Make sure your privacy settings are secure on the social media platforms you use often by deactivating outdated accounts.

  5. Use the OSINT Framework: Visit the OSINT (Open Source Intelligence) Framework for other areas to look for information. This website displays a list of websites that may have information on you, including your email address, IP address, social media profiles, people search results, instant messaging, phone numbers, and more.

Who can see your digital footprint?

Advertisers and other third parties could keep some of your online footprint information, making it difficult for the typical individual to access it. However, unless you secure your profiles by keeping them private, a lot of what you do online, particularly when it comes to social media, may be viewed by nearly anybody, including future employers.

How long is your digital footprint visible?

Almost permanent. And the reason for this is that knowledge persistence often appears in unanticipated ways. The various pieces of information the digital world holds about you make up your digital footprint. However, this is not restricted to the data that applications, websites, online services, platforms, and other organizations now hold on their servers. It includes information from backups, devices owned by others, your older gadgets, and information in a variety of formats (old CDs and memory sticks, for example).

Although some claim that the Internet has a short memory, there are several examples to the contrary.

You may have to directly request that your data be completely erased from the company's database, even after you delete one of your accounts. then have faith that they will follow through and complete the task. For instance, 30 days after you delete your account, a social network completely deletes your posts and activity (on average). However, you will need to delete your browser history by hand if you wish to.

Laws are crucial for controlling how much data businesses may gather about you and how long they can keep it. As an illustration, the EU's GDPR mandates that businesses not keep browser cookies around for more than a year.

Although it is reasonable to realize that your digital footprint is permanent, you can still take steps to keep it safe.

How Do I Protect My Digital Footprint?

Being aware of your digital footprint is a smart idea because potential companies, universities, and other people may check up on your online identification. Here are some pointers for safeguarding your private information and controlling your internet reputation.

  • Search engines may be used to examine your digital footprint: Google your name to start the search. Include your full name, first and last, and any other spellings. Look up both your old and new names if you've changed your name. You may get an idea of what information about you is available to the general public by looking through the search engine results. You may get in touch with the site administrator to ask them to take down any results that portray you negatively. Setting up Google Alerts is one method for keeping an eye on your name.

  • Reduce the number of sources that mention you in the news: Whitepages.com and real estate websites, for instance, could include more personal information about you than you would like. These websites frequently contain personal information like your age, address, and phone number. If this makes you uncomfortable, you can get in touch with the websites and ask them to delete the content.

  • Don't provide as much info as possible: Your digital footprint grows every time you give personal information to a company. You raise the chance that one of the businesses that store your data may misuse it or experience a breach, giving it to the wrong people. So, think about if it's worthwhile before submitting that form. Exist any alternative options for obtaining that data or service without revealing your personal information?

  • Check your privacy settings once more: You can choose who sees your postings using the privacy settings on social media. Check these settings to make sure they are at a level that is comfortable for you. Facebook, for instance, lets you create personalized lists of individuals who may see particular posts and limit posts to friends only. Keep in mind, too, that privacy settings only offer protection on the specific social networking platform.

  • Don't share too much on social media: Although social media makes it simple to interact with others, it can also make excessive sharing simple. Be cautious when sharing details about your whereabouts, vacation itinerary, or other personal matters. Your social media bio shouldn't include your phone number or email address. It's best to refrain from "liking" your own bank, doctor, pharmacy, etc. as this might attract scammers to your sensitive accounts.

  • Skip dangerous websites: A secure website should have a URL that begins with https:// rather than http://; the "s" stands for "secure" and denotes the presence of a security certificate. Additionally, to the left of the address bar, there ought to be a padlock symbol. Never divulge any private information, especially financial information, on insecure websites.

  • Don't share sensitive information on public Wi-Fi: Since you can never be sure who set up a public Wi-Fi network or who else could be keeping an eye on you, it is fundamentally less secure than the one you have access to at home. When using public Wi-Fi networks, refrain from transferring private information.

  • Remove previous accounts: Getting rid of outdated accounts, such as social media sites you no longer use or newsletter subscriptions you no longer read, is one approach to lessen your digital footprint. Eliminating inactive accounts reduces your vulnerability to data breaches.

  • Use a password manager and generate secure passwords: Maintaining online security will be made easier with a strong password. Long passwords with a combination of upper- and lower-case letters, symbols, and numbers are considered strong; they should be at least 12 characters long and ideally longer. The harder it is to crack your password, the more complicated and involved it is. You may create, save, and manage all of your passwords in one safe online account by using a password manager. Refrain from writing them down or revealing your passwords to anybody. Avoid using the same password across all of your accounts, and change it frequently.

  • Observe your medical records: Reviewing your medical records on a regular basis is a smart data hygiene practice. Along with money data, identity thieves target medical and health information. Their medical records may merge with yours when crooks exploit your personal information to receive medical care in your name.

  • Before posting, consider: Both what you write or say online and what others reveal about you convey information about who you are. Your digital imprint may not always reflect how you would like to be perceived. Examples include posted photos, blog comments, YouTube videos, and Facebook postings. Posting only content that enhances the perception of you that you want others to have of you will help you leave a favorable digital imprint.

  • After a breach, move quickly: Take urgent action if you believe your data may have been exposed in a breach. Contact your bank or credit card company to report the breach if there was a financial loss. Any passwords that may have been uncovered should be changed. Change your passwords everywhere if you've already used them for other accounts.

  • Apply a VPN: Your digital footprint may be protected by utilizing a virtual private network, or VPN. This is because VPNs conceal your IP address, so effectively masking your online actions. This safeguards your online privacy and can stop websites from setting cookies that record your web browsing history..

How Do Organizations Protect Their Digital Footprints?

Top tips for businesses to protect their digital footprint are as follows:

  • Keep a list of all domain names registered: Keep track of the domains that your company owns. Inform your IT team and staff members not to set up any domains utilizing work email for their personal purposes.

  • Watch out for typosquatting: Attackers are searching for domains that resemble one another and may be used to set up phishing attacks against the target company, such as names ending in ".net" rather than ".com". Look up your organization's domain on https://dnstwister.report to find typosquatting or inadvertently similar domains, and then block them at your firewall or proxy wall.

  • Lookup Information on The Dark Web: Attackers frequently discuss compromised passwords or sensitive information about organizations on the deep and dark web to organize cyber-attacks. The deep/dark web should be searched by your security team for unusual mentions of your company.

  • Examine your credentials for leaks: Keep an eye out online for credential leaks involving your company and its personnel. Watch out for data breaches on significant websites like LinkedIn, where your staff may have profiles. If you discover such a leak or breach, tell them to change their passwords. Final step: Implement a password change policy for all staff members, especially those with access to sensitive data or privileged accounts.

  • Examine Open Ports: Monitor open ports on your public-facing IPs that are accessible through the internet, such as your website or services that are exposed to the general public. If port 3306 is left open, an attacker will be able to access your database without authorization, just to give you an idea of what might happen when crucial ports are left open. An intruder can access your system remotely if Port 22 is left open. Use https://www.shodan.io to rapidly seek available ports for your public domains and IP addresses. If not necessary, close any open ports. Whitelist IP addresses for authorized users if a crucial service or administrative control panel is hosted on your public-facing IP address or domain and needs an open port for remote access. Ports should be closed if not in use. Whitelist IP addresses for authorized users only if your public-facing IP or domain hosts a vital service or admin control panel that needs an open port for remote access.

  • Limit the Sharing of Documents: Employ a firewall or proxy to impose access restrictions on publicly available data sharing websites to deter employees from posting business files. Shared documents on these websites run the risk of being accessed by unauthorized individuals, resulting in data leakage. Make sure only the intended users have access to the data when distributing secret documents from your organization's official storage systems, such as Sharepoint.

  • Eliminate inactive employee accounts: Immediately deactivate or block access to an employee's accounts, especially those with privileged access, if they leave your company. Existing employee accounts that are no longer in use should also be disabled or canceled.

Can I Erase My Digital Footprint?

Partially, yes. But, it is difficult to completely cut your ties with the internet. There are some elements of your digital trace that you can never completely remove (like social media profiles) (e.g. government records).

But it doesn't have to be so upsetting to have an ever-expanding digital shadow. You may gain more control and have a more manageable online presence by routinely cleaning your accounts, emails, messages, and other digital information.

Keep in mind that nefarious hackers may utilize outdated information they discover online about you to combine with your current digital footprint to locate a weakness. To avoid the corporation keeping copies of your data, you may occasionally wish to totally purge an online account before deleting it.

Cleaning up your digital footprint one account and gadget at a time is the best method to erase it.