Your digital footprint can be more revealing than you think
We all spend vast amounts of time divulging data online whether we realise it or not. From the status updates we post, the videos we share, the forums we browse, the websites we visit, the type of device we have, to even the amount of time we spend online reveals some piece of information about us digitally. Much of it might seem mundane, but if you start to piece together the seemingly insignificant pieces, pretty soon you have a very complete picture of who you are, what you like, what you do, and much more.
Social networks are goldmines of information
We’re all guilty of over-sharing somewhere on the web, and usually it’s on Twitter or Facebook. On average there’s 6,000 tweets per second posted to Twitter — and while that’s a lot of tweets, it’s also potentially a lot of information about you. People post all sorts of things to social networks that they really shouldn’t and having done a lot of digital footprint analysis over the years (some for TV), most people are shocked to learn just how much I could extract from a picture of them and a name. There was one person that springs to mind immediately that only realised the potential repercussions of what I had done, and what I could’ve done, after we’d finished filming and I’d stuck around to chat with our targets.
It’s all about joining the dots. With that person in particular, I’d only been given their picture and a name and they had a bit of a head start as they were warned someone would be researching them. From there I did a Google reverse image search to find any other places online they’d used that photo, a few Facebook/Twitter searches, grabbed any location information I could find and started Googling “target name, city”, and expanded from that. Within a few hours I had this person’s life in a 20 page document and could easily have convinced any of their friends that I knew them somehow in order to gain their trust to find out more.
This particular person had bought domain names in the past, so I decided to do a lookup on them. They were expired (they hadn’t renewed them), so I not only decided to buy them, but also requested previous owner information (sort of like the DVLA lookup) and had both their old domains but also their physical address. With the domains I created email addresses I knew they’d used to register twitter accounts, sent a password reset request (which came straight to me), changed the password, and took over the social profiles. From there, it just got a whole lot worse…
Location, location, location
Most social networks have the ability to geo-locate your status updates. Many people don’t turn this off and it’s something that reveals way more information than you realise. Sticking to the same person as mentioned above, I also ran a geo-location tool against their Twitter account(s) and retrieved a trove of information. To protect their privacy, ironic as that sounds, I’ll give some general (rather than specific to that person) examples of some great things people share:
- Tweets that said something related to “work” which are in the same location (and time) would give me an indication of when and where they work.
- “I’m at my friends/Mum’s/Granny’s house” would give me both their friends location and the indication that the target was out of the house.
- “This house is freezing” — thank you for confirming your address. Also great excuse to get in the house, boiler repairman, free insulation builder, etc.
- “Can’t believe it’s been 5 years since we got married!” — wedding date confirmed, possible password.
- “I hate being ill” posted from what appears to be a doctors surgery. Most people have a doctor within a few miles of home or work.
- “My bank, [bank name], suck!” — that’s a good way to socially engineer you. I’ll pretend to be your bank.
- Tweeting pictures without realising small pieces of information can be seen in mirrors/reflections are great too.
I didn’t just use the geo-locator on them specifically — I used it on EVERYONE they seemed to be friends with online, correlated that data and put it all on a nice map in Google Earth to spot overlaps. As the number of people you add to this increases, the chances of one of them revealing far too much about the target grows exponentially. From there it was easy to spot patterns and potentially cause a lot of havoc. Here’s a screenshot of what the geo-location tool can give me (with example data):
The internet’s not written in pencil, it’s written in ink
In the Social Network (the movie about Facebook) there’s a great quote by the character Erica Albright about how things on the internet are permanent. I loved this quote, because initially when I heard it I laughed and thought “yeah right, things disappear all the time on the internet — it’s transient” but, upon thinking about it, I was wrong. A lot of the services we used are archived or backed up somewhere online. People have even taken to building twitter bots that monitor MP’s accounts for deletions, screen-shots of Instagram posts that showed far too much by celebs are common too (that linked post was up for around 2 minutes tops), and of course there’s the Internet Archive’s Wayback Machine which saves copies of old websites.
We’ve all lost our temper and said things we shouldn’t have verbally to someone else at some point in our lives. Either we apologise and move on, or we try and forget about it — which most of the time works. Unfortunately saying something we really shouldn’t on social media or a random forum is permanent and saved for all eternity, somewhere. The internet has a memory, like an elephant that’s also really keen to share those memories.
My top tips
- Change your privacy settings on social networking sites to be more private to the general public.
- Check if your location data is tagged on photos, or status updates.
- Be careful not to post sensitive information.
- Double check images aren’t showing more than they should (bank statements on the table, reflections in mirrors revealing sensitive information, etc).
- Posting statuses about when you go on holiday, or birthday messages publicly can be used against you.
- Turn on “memories” or “on this day” apps that remind you of your posts from years back — use that to your advantage to prune embarrassing or sensitive ones.
- Never accept friend requests from people you haven’t physically met (or if you do, be aware they can see everything).