Digital Footprints — Leaving Trails Behind For Cyber Forensics

In the modern Internet, whenever you visit a website, send an e-mail, pay for a transaction or download an image you leave behind data called a digital footprint. In simpler terms, this means leaving a trail of your activity on the Internet. Systems administrators create logs that can track activities like visiting a website by IP address and replying to messages by e-mail address.

A related type of data called digital fingerprints can lead to the identity of the user. Both types of data benefit cyber forensics analysts when they investigate cybercrimes or when performing a system audit. Unfortunately, cybercriminals can also use the information from a user’s digital footprints for their own devious means.

Tracking Your Internet Activities

Data is gold, meaning its valuable to third parties like marketing analysts and research firms. Data science is providing a goldmine of insights into the habits and behavior of users, which companies can analyze to target certain markets. As a result, more and more features to capture data from users are being used on websites and apps. Most of the time, users are either unaware or do not bother to care about their data being collected.

When you visit a website, you can be tracked based on your IP address. That can seem vague because an IP address does not relate to just one user since it can be many users using a public IP address for Internet access. It still leaves a trail that can be checked as proof that a user visited a site. This can be implemented with site cookies, which record the among other things (besides the IP address) a timestamp and computer name (if available).

Even when a user has a nickname or handle, when they visit a website or use a social media app, there will be a digital footprint left behind. A social media platform’s user account can be tracked. The time/date a user logs onto a social media app is recorded, along with their activities. This is very obvious when a user posts content to their social media account (e.g. Instagram, Twitter, etc.). Other data is also collected, like a user’s likes, follows and other engagement data that third parties will find useful.

Some activities you do may be in relation to that of others. For example, if you are on Instagram, another user can tag you and this reveals that you were with that person or persons in a particular location. Other ways where your activity is tracked under another person’s control is if they post a reply on your content and you replied back to it. Either way, if this was something you don’t want to be revealed to the public it will be until you remove the content (e.g. untag yourself from a post, etc.).

How Your Personal Digital Footprints Are Tracked

If you have an account on Google, among other platforms, you can find out what personal information is being tracked. Under Google -> Manage Your Google Account, you can check what Google knows about you with the information you provided when creating your account. There are other things they have recorded about your activities.

Under Google’s Personal Info section, you can see data Google has obtained during sign-up. This is more voluntary, based on their terms of service (TOS) and not obtained from a third party.

What is interesting about your Google account is how they can track you. This is in the Data & Privacy section under the options:

Your location can also be tracked by Google, to help them provide you more useful information about your area (e.g. restaurants, bars, shopping centers, etc.).

This might be too much information being provided to Google. Google uses the aggregation of the data for insights which can be made available to third parties. Users may still feel uncomfortable about this for the right reasons. If that is the case, users have the option to disable certain activity tracking like history on YouTube and the web. This also includes apps and ads. Basically Google records the things you have done and places you have been (based on location history).

A lot of these activities are not public (unless you reveal it), so they are only known to Google and the user. The problem is if a user’s account gets hacked, all this information is available to the hacker.

The Risks Of Revealing Too Much Information

The main problem with revealing too much personal information is it can be used against you. People do get caught on social media lying about their location when they post content and add the location. Someone can post a photo from their previous trips to warm Florida, but the user was actually in icy Minnesota based on the location check-in.

Users may also not like being tracked when they go to certain websites. A web browser (e.g. Chrome, Edge, Safari, Firefox, Opera) can keep track of a user’s browsing history, recording the date and time of visit to all websites. It can then be cached for faster access, but that also can be revealed to bad actors. It is best to delete browsing history when using a public computer, like in a library or classroom if certain details are too personal to reveal.

Law enforcement can also use the information when investigating users (platforms could be asked to surrender data about a user). The good thing about this is that criminal activities can tracked in this way, but what if it was not a criminal being tracked? It could be a politically persecuted individual.

According to Google, in their own words:

“Government agencies from around the world ask Google to disclose user information. We carefully review each request to make sure it satisfies applicable laws. If a request asks for too much information, we try to narrow it, and in some cases we object to producing any information at all. We share the number and types of requests we receive in our Transparency Report.”

If you visit a website often enough, you can start receiving targeted ads. It can be related to that website’s business or from an ad service. They can learn this from data analytics based on a user account that is signed in to an online service. The online service can provide that to third parties who purchase the insights from the data. This can also provide information to hackers to target a user’s account to steal data or obtain confidential information.

Synopsis

If you think you cannot hide everything you do on the Internet, it is good to know there are ways you can limit or hide your activities if you don’t want too much digital footprints being left behind.

There is a difference between average users and public figures, when it comes to digital footprints. The latter will probably not mind posting too much information since they thrive in the limelight of their followers. They want you to know they went to Paris or London, but most users may not be so willing to share. For other users, here are ways to manage your digital footprints online:

  • Use a computer with a VPN (Virtual Private Network) or proxy networks like Tor can help hide your trails, so third parties cannot track activities.
  • Do not visit or avoid websites with an invalid SSL certificate or no SSL certificate. These websites do not support “https”. Some of these sites pose a danger to user privacy and data.
  • Make your social media account private, if you don’t want random strangers to know what you are doing.
  • When using public computers, delete your browsing history from the browser. Close the browser after using, so it will initialize back to a clean slate.
  • Make posts intended for friends and family only private, especially if it contains location information.
  • Make sure if you are tagged in social media that your permission is requested for approval first, before it can be set.
  • After visiting a website you don’t intend to visit often, delete the cookies in order to prevent further tracking.
  • For more advanced users, use a virtual machine on a virtual network that cannot be easily traced back to a physical machine. This can be in conjunction with a VPN or proxy network for more privacy.

Wherever you go on the Internet today, whether it is to setup a server on a cloud provider, watch streaming videos or play online games, you are leaving behind a digital footprint. You can limit this for more privacy, but be aware that your data is being collected.

Note: The information provided is for educational or reference purposes only. Hacking and related activities are against the law and discouraged.

--

--

--

Best practice and implementations for cybersecurity

Recommended from Medium

Only 9% of visitors give GDPR consent to be tracked

Data privacy: anonymization and pseudonymization — Part 2

They’re Finally Regulating Sludge

Can You Still Perform Web Scraping With The New CNIL Guidelines?

CNIL Guidelines

Tips to protect yourself from Malicious QR codes

Is Apple Actually The Champion of Digital Privacy?

Right to privacy — Limiting Google (Android)

Foolish One Day/Wise the Next

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vincent Tabora

Vincent Tabora

Editor HD-PRO, DevOps Trusterras (Cybersecurity, Blockchain, Software Development, Engineering, Photography, Technology)

More from Medium

The Ninja Sensei’s Logbook: Browser-in-the-Browser Attack

The Ninja Sensei’s Logbook

CyberEd #22 Multi Factor Authentication

Cybersecurity is a serious matter… even if you think you don’t matter.

The Honey Pot Project