← Home security index

Digital footprint

Keeping safe online: your public scraps can become a dossier

Social platforms, marketplace profiles, public comments, breached data, photos and tiny repeated details can be stitched into a surprisingly useful picture of a person. The risk is not one embarrassing post. It is correlation.

Nigel version

Do not feed the internet a neat filing cabinet about your life. Lock down what should be private, separate audiences, remove old overshare, and assume a motivated person can join dots across platforms faster than you expect.

Instagram logo
Simple Icons: Instagram
LinkedIn logo
Wikimedia Commons: LinkedIn logo initials
Facebook logo
Simple Icons: Facebook

Public-information graph

Small public scraps become a useful dossier

This is a synthetic example, not a live investigation. The point is to show how ordinary public material can be joined across platforms: work, family, hobbies, locations, relatives, routines and recovery clues.

On phones, read this like a quick audit: what is public, what joins to another account, and what clue would make a scam sound personal.

dossier

identity + relationships + routines + leverage

3 public joins still easy

LinkedIn

role, employer, colleagues

Instagram

family, places, routines

Facebook

relatives, tags, old posts

TikTok

voice, rooms, habits

Reddit

interests, writing style

X / search

opinions, timing, links

Dossier quality

Some joins are still available. This is less tidy for an attacker, but not yet boring enough.

Most useful fix

Visibility and photo clues are under control. Now split audiences and stop recovery-question bait.

Explain the jargon

Small terms, big consequences

Tap a term for the plain-English version and the practical move. No fake mystique, just the bit that changes what you do at home.

?OSINT

Open-source intelligence: information collected from public sources such as profiles, posts, photos, comments, breach mentions, websites and public records.

Do this: Audit what is public about you before assuming a stranger could not know it.

?Dossier

A structured profile built by joining small facts across sources. It may include identity, relationships, locations, routines, interests and weak points.

Do this: Reduce linkable public detail and separate audiences so the joins are harder.

?Correlation

The act of linking accounts or facts because they share handles, avatars, bios, names, writing style, locations, friends or links.

Do this: Avoid reusing the same handle, avatar and bio across every context.

?Recovery clues

Public details that help someone answer account recovery questions or sound convincing to a telco, bank, employer or relative.

Do this: Do not publish quiz answers, pet names, birthdays, schools, first cars or routine details as public entertainment.

Do this

  • Search your own name, common usernames, email aliases and profile photos from a private browser window.
  • Lock down profile visibility, friend lists, old posts, tagged photos and location history.
  • Use separate usernames and profile images for public, professional, hobby and family spaces where practical.
  • Remove or blur school uniforms, house numbers, car plates, workplace badges, children's routines and recurring location clues.
  • Treat quizzes, viral prompts and 'about me' posts as data collection unless proven otherwise.

Check

  • Can a stranger find your city, employer, school, family links or routines?
  • Do the same usernames appear across platforms?
  • Can photos reveal locations, badges, plates or children's schools?
  • Are friend lists, tagged posts and old public albums visible?
  • Could someone answer recovery questions or craft a convincing scam from what is public?

Avoid

  • Thinking privacy means only hiding the one sensitive post.
  • Using the same handle, avatar and bio everywhere.
  • Posting routines in real time: school runs, holidays, home alone, shift patterns.
  • Leaving old teenage-era public posts online because nobody has looked for years.
  • Answering fun prompts that are basically password-recovery and social-engineering fuel with confetti.

Full guidance

More than a slide title

A practical OSINT-style model showing how harmless-looking fragments become a dossier, and how to reduce what strangers, scammers or nuisance actors can correlate.

A dossier is built from joins, not magic

A username match gives a lead. A reused avatar strengthens it. A LinkedIn role gives employer and rough income. Instagram adds family, hobbies and places. Facebook comments expose relatives. Marketplace listings can reveal suburb and items in the house. None of those facts need to be secret on their own. Together they become targeting material.

What can be collected

Public names, aliases, profile photos, bios, employers, schools, clubs, family relationships, comments, friends, locations, travel timing, kids' activities, vehicles, home details, shopping habits, political views, health hints and the language someone uses. A scammer does not need everything. They need enough to sound familiar.

How it gets used

A dossier can support impersonation, romance or investment scams, account recovery attacks, SIM-swap attempts, workplace targeting, stalking, harassment, fake invoices, doxxing or tailored phishing. The more personal the bait sounds, the less it feels like spam.

The normal-person fix

You do not need to disappear. You need audience control. Keep professional material professional, family material private, hobby accounts less linkable, and live-location/routine detail delayed or removed. If a detail helps a stranger predict where you are, who you trust or how to pressure you, it probably does not need to be public.

Children and family links

Children create a special problem because adults post the graph around them: school logos, sports fixtures, uniforms, birthdays, relatives, routines and locations. The child did not choose that exposure. Default to less detail, delayed posts and private audiences.

Scenario

The stranger who sounds familiar

Someone pulls LinkedIn role, Instagram family references, Facebook relatives and marketplace suburb clues, then sends a message that sounds like it came from someone who knows the household.

Better response

  • Limit public profile detail
  • Separate usernames and audiences
  • Verify requests through a known channel
  • Remove old public family/location posts

Worse habit

Assuming the message is trustworthy because it contains real personal details.

The public holiday post

Holiday photos go up in real time, while older posts and marketplace listings make the home suburb obvious.

Better response

  • Post later
  • Remove address-adjacent listings and house-number clues
  • Keep family posts to trusted audiences

Worse habit

Broadcasting absence, routines and location because the sunset looked nice.

More pages

Routers & Wi‑FiPasswords & MFAUpdates & AppsVPNs & ProxiesFamily RulesSmart HomeWork BoundaryAI AgentsRecoveryHome DevOnline SafetyProducts