Skip to main content
← CyberSafe@Home index

Digital footprint

Keeping safe online: your public scraps can become a dossier

Social platforms, marketplace profiles, public comments, breached data, photos and tiny repeated details can be stitched into a surprisingly useful picture of a person. The risk is not one embarrassing post. It is correlation.

Short version

Do not feed the internet a neat filing cabinet about your life. Lock down what should be private, separate audiences, remove old overshare, and assume a motivated person can join dots across platforms faster than you expect.

If you only do one thing, start here

For yourself or someone you are responsible for helping, search your name, common usernames, email aliases and profile photos from a private/incognito or logged-out browser. This shows something closer to what a stranger sees; it does not make you anonymous.

Done when

You can answer this without guessing: Can a stranger find your city, employer, school, family links or routines?

If you have five more minutes

  • 2Use this to protect your own accounts or help someone with consent/responsibility. Do not use it to stalk, harass, dox or pressure someone.
  • 3Lock down profile visibility, friend lists, old posts, tagged photos and location history.
Instagram logo
LinkedIn logo
Facebook logo

Public-information graph

Small public scraps become a useful dossier

This is a synthetic example, not a live investigation. The point is to show how ordinary public material can be joined across platforms: work, family, hobbies, locations, relatives, routines and recovery clues.

On phones, read this like a quick audit: what is public, what joins to another account, and what clue would make a scam sound personal.

dossier

identity + relationships + routines + leverage

3 public joins still easy

LinkedIn

role, employer, colleagues

Instagram

family, places, routines

Facebook

relatives, tags, old posts

TikTok

voice, rooms, habits

Reddit

interests, writing style

X / search

opinions, timing, links

LinkedIn

easy join

role, employer, colleagues

Instagram

harder join

family, places, routines

Facebook

harder join

relatives, tags, old posts

TikTok

easy join

voice, rooms, habits

Reddit

easy join

interests, writing style

X / search

easy join

opinions, timing, links

Dossier quality

Some joins are still available. This is less tidy for an attacker, but not yet boring enough.

Most useful fix

Visibility and photo clues are under control. Now split audiences and stop recovery-question bait.

Teaching model, not a scan: these toggles do not inspect your home. Treat amber or red results as prompts for a real check on the device, account, router or family process they describe.

Explain the jargon

Small terms, big consequences

Tap a term for the plain-English version and the practical move. No fake mystique, just the bit that changes what you do at home.

?OSINT

Open-source intelligence: information collected from public sources such as profiles, posts, photos, comments, breach mentions, websites and public records.

Do this: Audit what is public about you before assuming a stranger could not know it.

?Dossier

A structured profile built by joining small facts across sources. It may include identity, relationships, locations, routines, interests and weak points.

Do this: Reduce linkable public detail and separate audiences so the joins are harder.

?Correlation

The act of linking accounts or facts because they share handles, avatars, bios, names, writing style, locations, friends or links.

Do this: Avoid reusing the same handle, avatar and bio across every context.

?Recovery clues

Public details that help someone answer account recovery questions or sound convincing to a telco, bank, employer or relative.

Do this: Do not publish quiz answers, pet names, birthdays, schools, first cars or routine details as public entertainment.

?Private/incognito window

A browser mode that avoids using your normal signed-in session and local history for that search.

Do this: Use it to see closer to what a stranger sees. Do not treat it as anonymity.

Do this

  • For yourself or someone you are responsible for helping, search your name, common usernames, email aliases and profile photos from a private/incognito or logged-out browser. This shows something closer to what a stranger sees; it does not make you anonymous.
  • Use this to protect your own accounts or help someone with consent/responsibility. Do not use it to stalk, harass, dox or pressure someone.
  • Lock down profile visibility, friend lists, old posts, tagged photos and location history.
  • Remove or blur school uniforms, house numbers, car plates, workplace badges, children's routines and recurring location clues.
  • Treat quizzes, viral prompts and 'about me' posts as data collection unless proven otherwise.

Check

  • Can a stranger find your city, employer, school, family links or routines?
  • Do the same usernames appear across platforms?
  • Can photos reveal locations, badges, plates or children's schools?
  • Are friend lists, tagged posts and old public albums visible?
  • Could someone answer recovery questions or craft a convincing scam from what is public?

Avoid

  • Thinking privacy means only hiding the one sensitive post.
  • Using the same handle, avatar and bio everywhere.
  • Posting routines in real time: school runs, holidays, home alone, shift patterns.
  • Leaving old teenage-era public posts online because nobody has looked for years.
  • Answering fun prompts that are basically password-recovery and social-engineering fuel with confetti.

Self-check questions

Questions that expose the real habit

Use these quick checks to find the next practical fix. The useful answer is not perfect security; it is whether the safer path is obvious when someone is tired, embarrassed or in a hurry.

Stranger search

Open a logged-out or private browser and search your name, common usernames, email aliases and profile photo. This shows a view closer to what a stranger sees; it does not make you anonymous. What would they know in ten minutes?

Good sign: They find public-professional basics, not family links, routines, school clues, live locations or recovery-question bait.

Watch for: If one search reveals employer, suburb, relatives and a holiday timeline, scams can start warm instead of generic. The privacy mode is only for a cleaner view, not cover.

Photo clue pass

Pick ten recent photos. What can be read from the background: uniforms, badges, plates, house numbers, school names, call screens, parcel labels?

Good sign: Sensitive clues are cropped, blurred, delayed or kept to a private audience.

Watch for: The risky bit is often not the face. It is the quiet detail sitting on the fridge, lanyard, laptop or street sign.

Quiz bait rule

Would you still post the answer if it looked like a bank, telco or email recovery question?

Good sign: Pet names, childhood streets, schools, birthdays, favourite teams and family links stay out of public prompt games.

Watch for: 'Just for fun' posts can train strangers to sound familiar and help them pass weak recovery checks.

Scenario

The stranger who sounds familiar

Someone pulls LinkedIn role, Instagram family references, Facebook relatives and marketplace suburb clues, then sends a message that sounds like it came from someone who knows the household.

Better response

  • Limit public profile detail
  • Separate usernames and audiences
  • Verify requests through a known channel
  • Remove old public family/location posts

Worse habit

Assuming the message is trustworthy because it contains real personal details.

The public holiday post

Holiday photos go up in real time, while older posts and marketplace listings make the home suburb obvious.

Better response

  • Post later
  • Remove address-adjacent listings and house-number clues
  • Keep family posts to trusted audiences

Worse habit

Broadcasting absence, routines and location because the sunset looked nice.

Threatening or extortion message

Someone uses public details or private images to threaten, stalk, shame or demand money.

Better response

  • Preserve screenshots, URLs, handles and timestamps
  • Tell a trusted person
  • Block and report through the platform
  • Contact school, work, platform support or police/emergency channels for threats
  • Do not negotiate alone

Worse habit

Deleting everything in panic or trying to bargain privately with the extortionist.

Why this advice holds

The details behind the advice

See how harmless-looking fragments become a dossier, then reduce what strangers, scammers or nuisance actors can correlate.

  1. A dossier is built from joins, not magic

    A username gives a lead. A reused avatar, LinkedIn role, Instagram family photo, Facebook comment and marketplace suburb can turn that lead into a usable profile. None of those facts need to be secret on their own; the join is the problem.

  2. What can be collected

    Public names, aliases, photos, bios, employers, schools, clubs, relatives, comments, friends, routines, locations, vehicles, home details and old posts can all help. A scammer does not need the whole life story. They need enough to sound familiar.

  3. How it gets used

    A dossier can support impersonation, romance or investment scams, account recovery attacks, SIM-swap attempts, workplace targeting, stalking, harassment, fake invoices, doxxing or tailored phishing. The more personal the bait sounds, the less it feels like spam.

  4. The normal-person fix

    You do not need to disappear. Split audiences. Keep work material public, family posts private, hobby accounts less linkable and location updates delayed. If a detail helps a stranger find you, pressure you or impersonate trust, it probably does not belong in public.

  5. Children and family links

    Children create a special problem because adults post the graph around them: school logos, sports fixtures, uniforms, birthdays, relatives, routines and locations. The child did not choose that exposure. Default to less detail, delayed posts and private audiences.

  6. Defensive use only

    This audit is for your own accounts or people you are responsible for helping. It is not permission to stalk, harass, dox, pressure or monitor someone. If the work starts feeling like surveillance, stop.

  7. Harassment, stalking or sextortion

    Preserve evidence, block and report through the platform, tell a trusted person, contact school/work/platform support where relevant, and use police or emergency channels for threats. Do not negotiate with extortionists alone.

More guides

Routers & Wi‑FiPasswords & MFAUpdates & AppsVPNs & ProxiesFamily RulesSmart HomeWork BoundaryAI AgentsRecoveryHome DevOnline SafetyCurrentProducts