Online Privacy Tips from an Ethical Hacker

I recently had someone come to me with an issue regarding a potential stalker. They were concerned that this stalker was finding a bunch of info on them online, and even cold calling up their friends for info about them. I spent an hour with her and came up with 14 online privacy tips which I hope will help you as well!

#1 Google yourself occasionally (including using your name, common screen names, phone number, address, etc)

This is probably the number one way someone would try to find you online. Click on all the results that you think are relevant, that any normal person would do (maybe up to page 3-4 if you have many results?). Check your social media pages, did you find photos and information that you don’t want revealed? Change the privacy settings as you see fit then! (Linkedin is especially tricky since you kind of want recruiters to find you, but you don’t want strangers to know things).

Tip – this is a really good resource for looking up all the accounts with the same username: https://knowem.com/

#2 Do a people search on yourself

This is the next thing people would try to find you using online. If you don’t want to show up on these sites, most of them have a “opt-out” or “delete my information” form you can fill out. You probably don’t have to pay for a report if you are just going to opt-out but you can if you’re curious what they have on you.

Tip – This one is my favorite for looking up someone for free: https://www.truepeoplesearch.com/
(https://www.truepeoplesearch.com/removal if you want to opt-out)


And the opt-out links to some other common people search pages (credits to this reddit post):
intelius – https://www.intelius.com/optout
411.com – https://411.info/manage/
Acxiom – https://isapps.acxiom.com/optout/optout.aspx
Zabasearch – https://www.zabasearch.com/block_records/
Spokeo – https://www.spokeo.com/optout
Beenverified – https://www.beenverified.com/f/optout/search
Peekyou – https://www.peekyou.com/about/contact/optout/
USSearch – (They also) use Intelius. https://www.intelius.com/optout
findpeoplesearch – http://www.findpeoplesearch.com/customerservice/
Peoplefinders – https://www.peoplefinders.com/manage
Peoplelookup (difficult to do) – https://www.peoplelookup.com/privacy-policy#updating-or-removing-your-information
Peoplesmart – https://www.peoplesmart.com/optout-policy
PrivateEye – https://www.privateeye.com/static/view/optout/
Whitepages – (follow #8, but tricky and annoying.) https://www.whitepages.com/data-policy 
USA People Search – https://www.usa-people-search.com/manage/
Public Records Now – https://www.publicrecordsnow.com/static/view/optout/
DOBSearch – https://www.dobsearch.com/people-finder/pf_manage_help.php
Radaris – https://radaris.com/page/how-to-remove
Fastpeoplesearch – https://www.fastpeoplesearch.com/removal
Voterrecords.com – Find your listing. Click view details button. All the way at the bottom, click “Record Opt-Out”


#3 – Use a credit monitoring service.

This way, if someone DOES get hold of your social security number and tries to open an account under your name, you will get notified right away. Another good tip is to freeze your credit (Apparently, this is much easier after the Equifax breach)

Tip – I use Creditkarma.com cause it’s free and probably good enough.

#4 – Sign up for credit card/banking alerts

Very similar to #3.. if someone steals your CC or debit card info, you’ll know right away and can put an end to it quick. Do emails or texts, whatever you’re comfortable with. A friend of mine from NoVAhackers suggested this useful site as well to generate one time card numbers, although you have to use a debit card or bank account so you’ll be missing out on cashback.

Tip – I like to turn on the alerts specifically for “card not present” transactions.

#5 – Use a fake birthday for sites you don’t care about

Why give away your real birthday if you don’t have to? These things get leaked all the time.. I would suggest creating a “fake birthday” that you always use so you can recall it if you need to.

Tip – your fake birthday could be maybe a month before or after your real one, or a day?

#6 – Use long/complex passwords and different passwords for different sites

Dumps of passwords are leaked on the internet all the time by criminals. If you use different passwords for different sites, they can’t get into all of your accounts with one leaked password. At the very least, keep your email password safe – since many accounts just need your email to reset the password. Also, longer passwords are harder to crack. Most online dumps only have the weak passwords cracked, so you may avoid the problem altogether by having a long/complex password.

Tip – haveibeenpwned.com and https://intelx.io/ are good resources to know if your data has been leaked online. Lastpass is also what I use for password management.

#7 – Enable 2 factor authentication

You’re already halfway through my online privacy tips! This one is pretty obvious, but a hacker would need to get into your phone (or other device) AND have your password to get into an account.

Tip – If you use Android, Google Authenticator is a good app for this. I’d keep some backup physical recovery keys though locked in a safe somewhere, or install the tokens on a backup phone as well in case your phone goes missing.

#8 – Enable pin phone number porting protection

Related to #7 above.. We now have a bunch of logins linked to our phones. Internet criminals have been known to maliciously port over phone numbers so they own your phone number! You can add an additional layer of security on your account by adding “pin protection” for porting your number by calling your carrier.

Tip – don’t use your birthday as your pin aha.

#9 – Use antivirus, but don’t pay for it

It’s pretty much been proven that free antiviruses do just fine against most threats. Why pay for something you don’t need? However.. do use antivirus, since you never know when it might come in handy. It’s very little effort and resource usage for a huge deterrent against attacks.

Tip – I’ve used a combo of Windows Defender, Avast boot scan (when I need it), and Malwarebytes to keep my computer safe.

#10 – Occasionally just reinstall your operating system

Honestly this mostly just gets rid of the apps i never use, or forgot that I installed (in addition to anything malicious on there). Windows is absolutely terrible at cleaning up behind itself too, so getting rid of all of that history is just good hygiene in general. It does take quite a long time to reset though, and you have to make sure your data is somewhere safe while you wipe your C drive :). Viruses that can persist through this exercise are rare to come across.

Tip – make a “clean” state that you can restore to after you do this. It might be easier than trying to download your OS again, find your serial keys, etc.

#11 – Use a digital phone number, preferably in random area code.

This phone should forward to your real phone number, so that you can hide your real phone number and use it only for those close to you and banks and other things you really care about. The “throwaway” phone number can be changed at any time as needed if you feel like you need to get a new number for any reason. The “random area code” idea is to let you more easily identify robocallers, since they usually try to emulate the area code you’re in.

Tip – I use Google Voice. It’s got great long distance rates, integrates well with my phone, and actually does WiFi calling better than my own carrier.

#12 – Don’t download random phone apps, especially outside of the official Play/Apple store.

The absolute easiest way to get malware on a phone honestly is just to do it outside the play store. There’s lots of good phone hygiene tips like use some sort of lock screen… don’t leave your phone unlocked unattended, etc.. Be mindful of the permissions too apps are asking for too.

Tip – your new shiny phone game probably doesn’t need access to make calls. 🙂

#13 – Use a Webcam Cover

People are creepy. The last thing you want is someone random on the internet staring at you while you’re doing who knows what! Honestly I’ve accidentally shown my face on just way too many Zoom calls than I’m willing to admit. Having a webcam cover really helps with that.

Tip – use a reusable one that you can slide so you don’t have to keep worrying about finding another sticky note.

#14 – Use a VPN in Public

When you’re on a public network.. always use a VPN! It’s just too easy for hackers to mess with you when you’re on the same network as them. Using a VPN encrypts everything and makes it a million times harder for them to mess with you. Major stores like Starbucks and other big name brands are doing better with their pubic WiFi, putting your computer on a different “mini-network” from other computers (Airlines however are awful at doing this), but hackers can still host their own rogue hotspot and “pretend” to be Starbucks or whoever you’re actually trying to connect to.

We’ve got a good guide in the tip below to make your own VPN server for cheap, or you can just buy one available on the market. I would choose one that is right for your purposes (if you want cheap, I personally use Windscribe, but go for one in a non-five eye country if you REALLY don’t want anyone knowing what you’re doing, including the government.) There’s a detailed comparison here, but if you just want something easy to read, this one is also a good source.

Tip – if you want to setup your own VPN server, you can do it pretty quickly with our guide here.

Conclusion

Anyway, I hope you learned at least a thing or two after reading these online privacy tips. This really has just come from what I’ve learned in the information security world and just some of the habits I’ve gained over the years. I honestly do stand by all of this advice, as I think it’s far too easy to find someone online with all of the information available. Stay safe out there!

Leave a Reply

Your email address will not be published. Required fields are marked *