Ask HN: How do you manage your digital footprint in 2023?
In the recent months I've become more aware of my digital footprint and have been doing a lot digital spring cleaning. Of course we all know nothing really gets permanently deleted from servers but anything I'm able to remove from the public such as reddit/forums submissions and posts I have been doing so. What I'm currently doing is attempting to sign-in into any website where I supplied my real name, phone number and attempting to change/update it to a different name, remove phone number, billing details (example: LiveNation, Regal Cinemas, Retail stores)
70 comments
[ 3.4 ms ] story [ 124 ms ] threadBoth might require you to get the paid account instead of the "free" one though.
If you do need to sign up, give fake info, or highly redacted info. If I decide later they actually need it, I can update it in the account settings. Nobody's ever cancelled my account because I said I was born Jan 1 over 120 years ago.
Do digital purchases via some middleman, like a PayPal account backed by a credit card, Apple Pay, etc. Lots of sites have PayPal checkout flows and it saves you having to share your CC directly.
Come up with site-specific usernames and store them in your password manager. That way you don't build a stable cross-site identity unless you're doing it intentionally for branding.
This way I can be reasonably sure they've tied all my activity to my singular account. Instead of my shipping address, IP etc being all over the place. When they don't have a delete account button, I request it via email. Seems to work fine. Obviously can't be sure it's actually gone, but that's okay. Ever since Adobe leaked my PII, it's out there anyway.
I've been forced to actually say the "19" part for compliance/safety/security reasons multiple times.
They've not cancelled by account, but it's weird the things companies insist on hearing.
I can confidently say that nothing I’ve ever posted on the internet would be ruinous to my career or personal life.
My spending time on *.advocacy in the 90s would be more embarrassing in a teenage high school picture type of way.
Reject the notion that you NEED these BigTech services and don't let them hold your life, well-being, or friends hostage.
Previously I was getting by fine with a pre-paid LG flip phone and buying around $100/yr of minutes/service from TracFone.
Buy your own domain, attach it to Fastmail (or use your direct @fastmail address if you don't want to own the domain). Then have Fastmail IMAP fetch the mails from your gmail addresses.
Create a filter that shows you which mails come from gmail-sourced accounts and go through it every once a while, visit those sites and change the addresses. It's a slow process but that way you won't lose any important emails.
I think my Gmail address is used by one store that refuses to give users the option of changing the email :D And they have loyalty bonuses that carry over between years so I can't be bothered to create a new account.
The fun part is when I do get spam I know exactly which site has sold my info. It is a handy way to know who to never do business again with.
Not if using whatsapp/messenger for calling over wifi and the probability that the other person has an app capable of calling over wifi different than whatsapp/messenger is rather low.
But it's a lame, weak gambit. If the collective you weren't terrified of privacy you wouldn't try this every time there's a discussion about privacy online.
It’s a company I know you have heard of
Where’s the lie in my statement? Do you fly? Use credit cards? Use a cell phone? Have a bank account? Ever applied for credit? Go to a doctor?
I’ve worked with both payment processors and integrated with EMR/EHR systems. I’m well aware of the information captured. No one cares about your Reddit history.
This seems like a stretch, right? It could be in someone's *major* financial interest to care. For instance, imagine if someone takes out a life insurance policy and a year later, they tragically pass away. If the person posted on Reddit that they did certain illegal or quasi-legal substances, and the insurance company wants to see if they can avoid paying, wouldn't they perform a cursory Internet search to see if they can make a case that you "obtained your policy through fraud"? (i.e. if you didn't disclose in your application that you use those drugs -- which if you did they would have declined you). Or for instance, if a death was ambiguous and could be argued to be a suicide, and the person posted online that they were depressed. Suicide in many situations forfeits life insurance.
I'm picking life insurance as examples, but this is just one reason why it's probably wise to have almost zero public communication about yourself that's able to be tied in any way to your real identity.
And note: I'm not disagreeing at all with your main statement, that unless one is living the real hermit life, "the government," if motivated enough, already can access so much information about you that this kind of stuff is small potatoes.
I posted in another reply that my earliest postings on the internet that you can still find are from my Usenet postings in 1994 - when I was 20.
I’ve always been mindful of what got put in permanent form.
Today it’s harder because everyone has a video camera in their pocket and can disseminate the video worldwide. I’m very aware of that.
The life insurance company could already go through your health care records and it would be much more definitive.
But if you were remotely in IT, you could get an invite. I did, and I was peanuts.
My modest understanding is that the modem is operating at a lower layer of the networking stack, so the DHCP server involved in actually issuing you an IP, higher up in the stack, doesn't need to worry about identifying you -- it's happy to give anybody an IP because it knows that if it can see you, the modem-level authentication has confirmed you're someone who is paying your Internet bill.
I used to run an open source router a long time ago, which made changing your router WAN MAC something you could easily script.
https://xkcd.com/463/
And you don't have a cellphone? Kudos to you but I, for one, do not envy you.
General spammers? Get a cheap / free SIM card every few months to rotate your number. Per domain email (hn@yourdomain.biz) makes it harder for people to match your emails between services.
Firefox containers, adblock, cookie control stops general tracking.
If you don't care about the longevity of an account, just sign up for a new one. Reddit makes that pretty easy, for example. That'll stop most people tying your Bigfoot Erotica to your political campaign.
If you want to defend against a nation state tracking you... Well, you can try using cryptocurrency, VPNs, disposable VMs, and solar-powered batteries from your cabin in the woods - but you only have to slip up once.
Somebody may want to read the conversation in the future and now they will experience missing comments
I’ll concede that it may be rude, but given the trade-offs, I’m ok with being rude in this respect.
There's another guy with the same first name and last name as me, and I feel a little bad for him that any time folks go looking for him they get me. For example: I had a short conversation with his mom on instagram whey she tried to add me as a friend (to be fair to her, my profile picture is kind of silhouetted). He presumably has a similar gmail address - I got a few emails from the military about the blended retirement system; I replied to explaining things and they apologized and straightened it out right away. I also get some occasional emails from his apartment complex and I've never been able to get them to recognize that I'm not their tenant.
Things that I post on hn/reddit/etc are generally meant for the world to see, so it's rare for me to delete a post.
I do run a pi-hole and ublock origin to cut down on various forms of tracking.
I've had the idea of auto scrubbing yourself from these websites as a side project idea, but never really committed to it
Facebook you can reasonably hide. Linkedin still seems to have some expectation of openness by companies... but I haven't interviewed in a while. My linked in no longer has my name. Is that a big deal with companies?
- email on a personal domain name, local IMAPs/SMTPs relay to a third party ones for crappy antispam practice by giants, but having anything at home migrating the domain to another third party is easy and almost no one have my real mails addresses only dedicated or spare aliases easy to drop being just a third party an alias;
- homeserver with most of my services, so no need for third party stuff by well-known name (let's say Alphabet/Microsoft etc) so not so many nor much used accounts;
- I have, again, a craphone (Android-based macro-spy [1] device) since I have an EV as a primary vehicle now and I can't manage public recharge on the go properly without... BUT it's just for limited usage, and as for email most do not have my mobile number, just VoIP accounts on a home PBX;
- not much social (HN, Reddit) just because Usenet is almost full only of spam...
My biggest digital footprint is mandated de facto by:
- government, who push connected services who happen to be crappy stockpiled crap, I can't do much for them beside annotate and diffuse any bad design and issue;
- crappy surveillance capitalism crap built-in modern vehicles, again I need a car, I do not strictly need a new one but it's still useful for some aspects so...
- crappy IoT crapware, I normally confine it, it's just domestic p.v. and hot water heater, managed in a separate network by my homeserver and operated via Home Assistant WITHOUT internet access for them except for rare crapware updates needed here and there...
No smart dumbwatches, spy environmental mic called typically "digital assistant" devices, no video spying tools commonly know as IP cameras (ok I have some, but again managed via the homeserver, with no direct internet access to them) or smart TVs, ...
So far it does work a bit...
[1] because in the past such information-munging devices was smaller and typically paid by those who spy, now are bigger, apparent and maintained and paid by those spied on, and apparently most of them like that...
1Pass+Fastmail will automatically generate forwarding random emails, as will Apple now. I prefer it coming to my own domain though to retain control.
Other details I frequently just make up (name, age, address), unless they're necessary for the service. eg. shipping needs my real address.
I wish there was a phone forwarding service that could randomize the number, similar to the Hide My Email that Apple does. I have a Google Voice, but that's a single number that can't be easily changed.
For things like supermarket rewards that just need a 10 digit number, I've thought about changing them all to 111-111-1111 or something similar. All I want is the real price of goods, but that needs an account of some sort.
(I did go through the FB history one night manually and deleted some of the edgier shit I posted well over a decade ago - I'm not that person any more).
Fastmail masked emails for all mailing lists and random sites. It's easy to sort them when the address is used only by one location - and as easy to drop if they start spamming.
1Password generated passwords for everything has been the standard for a decade now.
I use my real name only on sites where linking the content I create being linked to my person isn't a bad thing. (Books I've read, a few social media sites where I curate what I post etc).
I'm lucky because young me picked a really popular book with a cool character to choose my nickname from, so that's another way of obfuscating which account is mine and which are someone completely different.
Ended LinkedIn 5 years ago.
Don't use social media. Irony, considering employer.
Use throw away email addresses and phony names wherever possible.
Anywhere that asks for employer or social security number, I just laugh.
Don't give out your deets. I use ad blockers and am not interested in being some corporation's product.