Managing your digital footprint

The term digital footprint refers to the trail/traces of digital information (or data) that you create – and others collect – by your online activity (Muhammad et al., 2017). This includes web browsing (the sites you visit, the videos you watch, anything you click on), your Google searches, any text you type, the forums you contribute to, anything you upload or download, the IP address of your computer/device, your location, and more. Your digital footprint is permanent, but it can be managed. According to Carrothers (2018), the average American had 200-300 online accounts in 2020, and that number will soar to 300 by 2022. This number of passwords is already virtually impossible to memorize, and it is growing. Consider instead the efficiency of a password manager.

Without checking your computer, take a few moments to identify your online services, apps, forums or websites for which you have a login (Username and Password). Next, write down the usernames, email addresses or cell phone numbers you have used when you signed up for a web-based tool, service or account.

• Visit https://haveibeenpwned.com/ and check your username(s). Similar tools include https://www.namechk.com/ and https://knowem.com/.
• Visit https://www.avast.com/hackcheck/ and check your email addresses.
• At the https://haveibeenpwned.com for example, you can see where there may have been a breach associated with your email or phone number. You will also be able to see the billions of persons whose information has been breached.

Here are some tools to manage your digital footprint:

1. Use the Google search for your full name, username(s) and email address(es).

• Try variations of your name (spelling, short forms).
• Use search qualifiers (Boolean Operators) such as intext: John Doe (where John Doe is your first and last name) in the Google search field.
• Modify the above search to add things like your organization or place of employment, city, places where you volunteer, committees to which you are a member, etc.
•  Try searching your name in Google Images.
• Try searching your cell/home/work phone number(s).

2. You can complete the searches in other web search engines as well (e.g., DuckDuckGo, Bing, Yahoo, Qwant, or Yandex).

3. Check out online identity information aggregation tools such as PeekYou.com and Spokeo.com.

When you take the time to access these tools, you will learn much more about the extent of your personal digital footprint. Take a critical stance toward the personal information about you that is out there and calculate your level of comfort with the associated risks.

Identity and Access Management Online

There are identity and access management (IAM) tools that can help you identify yourself online, protect your identity and manage your digital footprint. Here are some of the key terms:

Authentication: Authentication is how you prove your identity. You have some authentication options. Authentication is usually accomplished through a combination of three elements:

• Something you know (e.g., password or personal question).
• Something you are (e.g., biometrics).
• Something you have (e.g., smartphone, swipe/prox/chip card, dongle or other hardware keys).

Of these three, something you know (e.g., username and password) is the most common method. Personal knowledge-based questions are often used as an alternate method of verification. Biometric identification is considered the most secure. Some authentication apps (e.g., Duo, Google Authenticator) are increasing in popularity, as are password keepers/managers.

Passwords are a popular means of ID management but there are definitely risks if users reuse their passwords across applications. There are multiple changes happening in the world of password management. Organizations are now routinely requiring password updates and changes. Passwords are giving way to passphrases as passphrases are more difficult to guess. Other types of authentication methods are emerging such as one-time passcodes over SMS or email. There is also an increase in single-sign-on (SSO) solutions for employees. As a result, Password Managers (or keepers) are increasing in popularity (e.g., 1password, Lastpass, Dashlane, Bitwarden, Google Password Manager).

Consider the use of alias users, temporary accounts, designated SIM card/smartphone. Some tools to consider for maintaining identity privacy include the use of:

• Alias users. You can have more than one email address to your email account. Let’s say that your work name is elizabeth.bold@mail.com but your friends know you as Liz or Betty. You can create alias user names to the same email account.
• Temporary/disposable email accounts. You may elect to create an account through a disposable account which often limits the collection and aggregation of your personal information. Consider the use of disposable email addresses such as Mailinator or Maildrop for verification emails.
• Designated SIM card/smartphone. This is an alternate SIM card—usually with an inexpensive, data-only plan, that allows you to provide a cellphone number at the time of account creation and maintenance (ex. password reset).
• Calculated security questions. By not giving truthful answers when setting up security questions you limit the potential for scaffolded attacks if a data breach occurs.
• Avoid recycling usernames and passwords. Make usernames that are app-specific (e.g., Johndoe-Facebook, Janedoe-Twitter).
• For more ideas, check out the New York Times article How to Protect Your Digital Privacy (Klosowski, 2019).

Secure Online Shopping and Banking

Today’s digital banking affordances make it easier to manage your finances, pay bills and send money online. Lake and Foreman (2021) report that 57% of consumers say that they prefer online banking to in-branch banking, but this raises privacy issues. Reflect on what and how you purchase online and how the pandemic has affected your online purchasing. Lake and Foreman report that consumers are not always proactive about protecting their personal and financial information (2021). A recent study found that only 42% of Americans using online banking have separate passwords for separate accounts, and only 23% of Americans reported that they use a password manager (Lake & Foreman, 2021).

Here are some suggested tools for securing online payments and banking:

• Use only secured sites (indicated by https:// at the beginning of the URL);
• Never give your banking PIN/password over the telephone or by email; No legitimate bank will ever ask for it!
• Monitor your accounts weekly for fraudulent activity;
• Set up limits on your credit card purchases with your bank;
• Ask for 2-factor authentication (2FA) for any purchases/transactions. (e.g., SMS (text) confirmation);
• Do not conduct online banking or purchases over public/open wireless networks;
• Confirm suspicious emails with your bank (or the seller) prior to clicking anything;
• Use secure passwords for e-transfers; and
• Consider using a credible third-party to mediate online purchases (to avoid sharing your banking information with the seller).

Web Browsing: Best Practices

Web browsing (aka web searching or Googling) is the original and most common internet function (after communication), yet it still poses significant privacy risks. Web Browsers are computer applications that provide the user with the interface through which they can access the internet’s (world wide web) websites, data, and documents. Web browsers applications vary with respect to functions, features, and security/privacy tools. The most common web browsers are Internet Explorer/Edge, Google Chrome, Mozilla Firefox, Opera, and Apple’s Safari. Your activity online (e.g., web browsing) HAS VALUE and can be monetized by website providers. The most common tracking methods include browser cookies, IP addresses, and usernames.

Cookies are made up of data that your browser creates, stores, and exchanges with various websites you visit in order to personalize and expedite your web browsing. Provider cookies are not all bad, and can be very useful, but avoid third-party cookies—these are the ones that collect your data for the purpose of sale/profit (usually in the form of advertising). Other types of cookies include tracking cookies (when was the last time you visited the site, how long you were there, what you clicked on, etc). When you connect to the internet, your device gives information to the server on the website that you visit. This information is called a device fingerprint, a machine fingerprint or a browser fingerprint. Hauk (2022) explains that, “Browser fingerprinting is a powerful method that websites use to collect information about your browser type and version, as well as your operating system, active plugins, time zone, language, screen resolution and various other active settings” (pp. 6). Some browsers such as Chrome and Safari allow the user to restrict certain types of cookies.

Here are some tools to ls to protect privacy while browsing the web:

• Check to see if your browser has a privacy mode such as Incognito Mode. Use this mode especially if using a shared computer.
• There are web browsers that were created with privacy as the primary function; examples include DuckDuckGo, Brave, TOR browser, Waterfox, Epic.
• Clear your browser cookies regularly.
• Consider using a VPN service before browsing.
• Exit the browser when not in use. Most browsers can be set to clear cache/cookies upon exiting the application.

There are other privacy-enhancing tools such as: using VPNs, Proxy addresses and data encryption.

VPN: A Virtual Private Network

A VPN is like a tunnel that only has two openings: one sender and one receiver. Data between these two parties travel in/through the tunnel but can’t leave the tunnel except via one of the two openings. While in the tunnel, data cannot be added, modified, or removed by any third parties. This secure tunnel between sender and receiver is possible through something called encryption. Encryption is the process of masking (or changing) data so that only the intended recipient can read it. To anyone else, the data is unreadable. VPNs disguise your data so that it cannot be intercepted while in transit across the internet. VPNs also change the IP address your device broadcasts, which helps protect your location as well. It is similar to a proxy server. Nadel (2020) states that the beauty of the VPN is that it can turn your computer into an anonymous machine.

Proxy Server

Unlike VPN’s which encrypt/secure all data exchanged during a session, Proxy Servers are used only to mask/change the IP address your device broadcasts with a different IP address generated by the proxy server. Since privacy and location data can be inferred via your IP address, there is value in protecting this piece of private information while browsing. Proxy servers do not encrypt your data. Some free proxy servers will log your information and sell that information to others for profit. A proxy server is not required if you are using a VPN service

Data Encryption and Privacy

Encryption is a concept that has been around for centuries – not a new concept. It involves protecting an important message from being read/modified even if the message is intercepted while in transit from sender to receiver. The study of encryption is called cryptography. In computing terms, encryption is usually done via complex mathematical algorithms and uses a set of protocols – the rules used to encrypt (and later decrypt) a message. Unencrypted data is called plaintext data and can be read by anyone. Encrypted data is referred to as ciphertext. You can encrypt data in transit using a VPN, but you can also encrypt data at rest on your device. You might choose to encrypt an individual file, folder, or entire drive. Encrypted files are usually protected by a password.

The Role of Email in Digital Privacy

Tools To Manage Privacy Through Email

Email is the primary tool for business communication. Electronic mail—email—was created at the same time as the first computers. Email is a form of asynchronous messaging – meaning a server stores the email until you log into that server to retrieve it. Conversely, instant messaging (IM) is a form of synchronous messaging. Despite its age, email is a communications/messaging platform that continues to grow, with a projection of over 330 billion emails sent per day by 2022 (Radicati Group, 2018). An email account/address is integral to the overall internet experience, with most services requiring email-based verification for new users. Email is also the most common attack vector for cyber attacks, with experts estimating that “an individual’s email account is more likely to be broken into than their house” (Waschke, 2017, p.3).

By default, email sends in plain text, making it one of the least secure forms of electronic communication. Email allows malicious actors to instantly reach thousands of users around the world with a single click. Private information can be inadvertently shared by email users through the following means: social engineering emails, phishing or spear-phishing emails, personal health information (PHI) requests, and banking or financial fraud. For some reminders about PII from the U.S. Department of Education’s (2016) perspective, watch Personal cybersecurity: How to avoid and recover from cybercrime [2:53].

Email Privacy Tools and Tips

• Enable 2FA to access your email.
• Move sensitive emails off your email server (your inbox) and into an encrypted file on your device or cloud.
• For sensitive emails, use an email service that was designed with privacy in mind.
• Never open attachments until you confirm with the sender.
• Create multiple email accounts that are used for different purposes (work, personal, financial, social, news/subscriptions, etc) and sort/forward the useful email to your private account (the one that you never provide to anyone).
• Use a VPN when accessing your web-based email account(s).
• Be suspicious of every message! Carefully check the sender’s address. Hover over any links (to see the URL’s without having to click).
• Never include PII in the body of an email – regardless of the recipient.

Some email services are designed with privacy at the core. ProtonMail, Hushmail and Tutanota are examples of email providers that provide encryption and other privacy-enabling tools (such as aliases and expiration dates). Consider using disposable or temporary email services for verification purposes. Examples include:

• https://www.guerrillamail.com/
• https://10minutemail.com/
• https://www.throwawaymail.com/

Secure Messaging, Calling, and Tools

Traditional text messaging—also called Short Message Service (SMS)—was the original form of text-based messaging on cell phones. As cell phones evolved into smartphones—which included built-in cameras and applications (or apps), there came a concurrent desire to send photo/video content via text messaging. Multimedia Message Service (MMS) was created to meet this need. Neither SMS or MMS messages are encrypted, which means messages can be intercepted and read as plain text by others. The desire for increased privacy in text messaging gave rise to encrypted messaging apps designed to protect communications by ensuring only the intended sender and receiver(s) have access.

Encryption is the most popular method of securing data such as instant messages while in transit across a network. Secure messaging apps will encrypt message data in transit and at rest. This is called end-to-end (E2E) encryption. Popular secure messaging products include Signal, Wickr, Wire, Telegram, Threema, Viber, and Apple’s iMessage. Other applications like Instagram, Twitter, Facebook Messenger, WhatsApp, and Snapchat are encrypted in transit but not at rest—and therefore not E2E. For example, the Meta/Facebook family of messaging apps (Instagram, FB Messenger, and WhatsApp) are encrypted from other parties but not from Meta/Facebook, who can view, save, and analyze messages sent on these apps.

Secure Messaging for Video and Phone Calls

Due to the pandemic and the resulting trend to work and learn from home, more people are using digital tools to communicate in both audio and video formats. Popular video calling tools include Zoom, WebEx, Skype, Google Meet (or Duo), GoToMeeting, Bluejeans, Microsoft Teams, and Apple’s FaceTime. For telephone calls (audio only) encrypted communications are possible through a technology called Voice Over Internet Protocol (VOIP). VOIP calls convert our spoken words (audio) into digital format and encrypt those data before transmitting them to the other party. The receiver decrypts the message and converts it back to audio format. This enables secure voice calling.

Lee and Grauer (2020) explain that while Zoom supports E2E encryption it does so at the cost of other key functions and features, as well as requiring Zoom users to configure security functions. Zoom’s (2021) white paper on security provides a list of security functions such as logins, but Lee and Grauer report that it is not E2E encryption but rather the type of encryption called Transport Layer Security (TLS). TLS is used to secure data transmitted to and from HTTPS websites. On the other hand, FaceTime conversations are reported to be private because FaceTime uses E2E encryption (TechBoomers, 2017).

Privacy in Social Media

Social media sites and platforms are highly interactive online spaces that support interpersonal communication, the creation and maintenance of social connections, and the sharing of digital content and resources that are primarily user-generated. They support the creation of communities (also called social networks)—both personal and professional—that support learning, idea-sharing, conversations, opinions, and interests. Users create member accounts, create profiles, and connect with other information sources, people, and organizations. First iterations of social media platforms emerged in the late 1990s and early 2000s. Popular platforms include Twitter, Instagram, Facebook, TikTok, YouTube, LinkedIn, Snapchat, Pinterest, Reddit and Discord.

User-generated digital content is the lifeblood of social media sites. Users share content they create. Their likeness, home address, names of family members, personal identity information, place of work, political affiliation, relationships, race, gender identity, medical conditions, physical location, financial status and a myriad of other PII is openly shared (and permanently recorded). Further, in order to personalize the user experience (UX), social media sites request personal information from the user in order to suggest connections, contacts, news sources, and other digital content of interest. This information can be sold for significant profit to advertisers and other interested parties.

Facebook’s average annual revenue is $55 billion. The company’s net worth is nearly a trillion dollars. Many of the privacy concerns in social media stem from users who voluntarily post private information on social networks. Madden (2012) in an early study of privacy management on social media sites, found that the oldest users and the newest users were the most careful about their privacy settings on social media. It may be that some of the data privacy-protective models will emerge from models employed by the American military (e.g., Davison et al., 2021).

Tools and Strategies for Privacy when using Social Media

• Check the privacy settings associated with your social media account. Every social media site has these settings.
• Use an email address/account dedicated to that platform (e.g., Tdorian33.facebook, tdorian33@gmail.com, tdorian33.twitter, etc.).
• Assume that your posts, comments, content, videos, photos, and audio can be accessed by people other than the intended recipient(s).
• Do not post or share PII such as birthday, cell number, banking info, health info, usernames and passwords, vacation plans, relationship info, etc.
• Remove all geotagging and Exif data from any images you post (e.g., selfies).
• Confirm connection requests PRIOR to accepting them. Confirmation by phone or email works best.
• Avoid surveys and quizzes that ask you to provide partial information (e.g., month of birth, first initial, year of birth, gender identity, age ranges).
• Use multi-factor authentication to access your social media apps.
• Avoid login options such as “log in using Google” or other accounts.
• Avoid tagging people in the photos you post/share with others.
• Many social media users seek to have many followers, likes, and upvotes. Chasing these metrics may result in posting something you might regret.
• Consider digital permanence; once it’s posted, you lose control over it.
• What you post may be shared with your professional circles, so post carefully.
• Close unused accounts and delete data beforehand.

For a fuller explanation of these tools, see the Office of the Privacy Commissioner of Canada’s (2019) post staying safe on social media (2019).

This chapter focused on the various digital tools and technologies used in the way we communicate digitally, and the role those technologies play in the protection and preservation of our digital privacy. The definition of digital privacy in this e-book is the expectation of privacy unless informed consent has been given. This definition includes the understanding that digital persons can exercise some discretion with respect to how and where they share their digital information. The description of the tools and technologies in this chapter was designed for that purpose.

References

Alengo. (2011, September 07). An abstract image of a digital footprint [Photograph]. Canva. https://www.canva.com/media/MAEJHU4HMk8

Caruthers, M. (2018, May 11). World password day: How to improve your passwords. Dashlane Blog. https://blog.dashlane.com/world-password-day/

Davison, C. B., Lazaros, E. J., Zhao, J. J., Truell, A. D., & Bowles, B. (2021). Data privacy in the age of big data analytics. Issues in Information Systems, 22(2), 177-186. https://doi.org/10.48009/2_iis_2021_185-195

Hauk, C. (2022, February 17). Browser fingerprinting: What is it and what should you do about it?. PixelPrivacy. https://pixelprivacy.com/resources/browser-fingerprinting/

Katzenberger, P. (2019, January 21). Luminous laptop [Photograph]. Unsplash. https://unsplash.com/photos/iIJrUoeRoCQ

Klosowski, T. (2019, May 03). How to protect your digital privacy. New York Times Privacy Project. https://www.nytimes.com/guides/privacy-project/how-to-protect-your-digital-privacy

Lake, R. & Foreman, D. (2021, April 05). Increase in digital banking raises consumer data privacy concerns: how to protect yourself. Forbes Advisor. https://www.forbes.com/advisor/banking/digital-banking-consumer-data-privacy-concerns/

Lee, M. & Grauer, Y. (2020, March). Zoom meetings aren’t end-to-end encrypted, despite misleading marketing. The Intercept. https://theintercept.com/2020/03/31/zoom-meeting-encryption/

Madden, M. (2012, February 24). Privacy management on social media sites. Pew Research Center. https://www.pewresearch.org/internet/2012/02/24/main-findings-12/

Matejmo. (2018, February 02). Encrypted spreadsheet [Photograph]. Canva. https://www.canva.com/media/MAEE1UdvCws

Muhammad, S. S., Dey, B. L., & Weerakkody, V. (2018). Analysis of factors that influence customers’ willingness to leave big data digital footprints on social media: A systematic review of literature. Information Systems Frontiers, 20(3), 559-576. https://doi.org/10.1007/s10796-017-9802-y

Nadel, B. (2020, April 16). How to use a VPN to tighten security for remote teaching. Tech & Learning. https://www.techlearning.com/how-to/how-to-use-a-vpn-to-tighten-security-for-remote-teaching

Office of the Privacy Commissioner of Canada. (2019, August). Staying safe on social media. https://www.priv.gc.ca/en/privacy-topics/technology/online-privacy-tracking-cookies/online-privacy/social-media/02_05_d_74_sn/

Oleshko, A. (2018, May 18). Glowing lock icon [Photograph]. Canva. https://www.canva.com/media/MADesctbO30

Radicati Group (2018). Email statistics report, 2018-2022. The Radicati Group, Inc. https://www.radicati.com/wp/wp-content/uploads/2018/01/Email_Statistics_Report,_2018-2022_Executive_Summary.pdf

Techboomers. (2017, April 21). Is Facetime safe, private and secure?. https://techboomers.com/t/facetime-safety-security-privacy

U.S. Department of Education. (2016, October 12). Email and student privacy [Video]. YouTube. https://youtu.be/hm82nRxi0yg

Waschke, M. (2017). Personal cybersecurity: How to avoid and recover from cybercrime. Apress: Springer. https://doi.org/10.1007/978-1-4842-2430-4

Zoom. (2021, August). Security guide: White paper. https://explore.zoom.us/docs/doc/Zoom-Security-White-Paper.pdf