Are you over-sharing online?

Illustration - digital footprints

You might think you're being careful about what post on Facebook, Twitter and LinkedIn – but over time your accumulated posts will inevitably build up a picture of who you are. That could include where you reside, what you do for a living, your childhood, your family composition, your birthday and more. All of which would be valuable information to a potential identity thief.

As an example, let’s say you post a picture of your child blowing out candles on a cake. Unless the metadata has been stripped first, you’ve probably also shared the date on which the picture was taken. If your child is young, it’s unlikely they waited until the weekend to celebrate, so there’s a good chance the date it was taken was their birthday itself, even if you didn’t post it until a few days later. If there are three candles on the cake, or a card with a number on it, that’s the other half of the equation: anyone seeing your post now knows exactly when your child was born. If you’ve used their birthday – or part of it – in a password or security question, that’s a chink in your digital armour right there, ripe for exploitation.

That’s not the worst of it. If you took the picture on your phone, the exact GPS coordinates of the place where it was taken could be embedded into the image file. That’s probably your home address, so anyone who sees the picture now knows exactly where to find that nice painting hanging in the background. If you’re a married woman and your friends list includes family members, it won’t be hard to deduce your maiden name – another common security question.

The list goes on. Photos of your first car, connections to school friends… every seemingly innocuous detail makes you more vulnerable to exploits and scams. And now consider the data you’ve scattered outside of social networks – CVs uploaded to job sites, links stored in a cloud-based bookmarking tool, ads you’ve clicked on, the emails you’ve received in a webmail inbox and the places you’ve been with your phone in your pocket.

Whether this data has escaped through over-sharing or been collected without your noticing, you can never get rid of it all. But you can shrink it down – and the obvious place to start is social media.

Shrink your Facebook footprint

Facebook is currently involved in a dispute with Apple over what information it's able to collect about users – but if you've ever used the platform then there's no doubt that it already knows plenty about you.

To find out what information Facebook is holding, log in through a browser and click the down arrow in the top-right corner. Click “Settings & privacy”, followed by Settings. Select “Your Facebook information” in the sidebar, then “Download your information”. Leave the default settings as they are and click “Create file”. It will take a short while for Facebook to collect the relevant information. When it’s finished, you’ll be able to download a ZIP file, whose contents you can peruse to see what’s stored against your name on Facebook’s servers. Armed with this data, you can decide what stays – and what should be removed.

Deleting content from Facebook is surprisingly easy, especially if you use the Manage Activity tool; this lets you remove batches of information at a time, rather than just individual items. The catch is, it’s currently only available in the Facebook mobile app. To access it, tap the menu button on the toolbar, then hit “Settings & privacy”, followed by Settings. Now select “Activity log”; to remove individual entries, tap the three dots on the right of the screen beside each one. To delete several entries at once, tap “Manage activity” and pick whether you want to manage posts, activity you’re tagged in or interactions such as likes, reactions and comments.

Whichever you choose, Facebook will pull up a list of the ten most recent data points, and scrolling down the screen will extend the list. Tap the box beside each item you want to remove, or tap the box at the top of the list to select everything that’s shown on the page (you might want to scroll down to extend the list a few times). Finally, tap the remove or recycle button – depending on what you’re deleting – at the bottom of the screen.

You can also delete content through a browser – it’s just more time consuming. Log in and click the down arrow at the top of the screen, followed by “Settings and privacy” and Settings. Click “Your Facebook information”, followed by “Activity log”. As you hover over each item in the sidebar, three dots will appear on top of it, allowing you to unlike things you have liked or move content you’ve posted to the archive or recycle bin.

While these functions let you manage your publicly accessible content, you should be aware that Facebook also collects data to make internal decisions about what to show you. To review this, select “Privacy shortcuts” from the “Settings & privacy” menu and then “Review your ad preferences” (in the “Ad preferences” box) or “Manage your information” (in the “Your Facebook information” box).

If you’re reviewing your ad preferences, click “Ad settings” in the sidebar and work your way through each of the sections in the “Manage data used to show you ads” section. Some of the settings you’ll find here let you prevent advertisers from reaching you on third-party websites based on your Facebook data, while others let you see the content categories Facebook thinks you’re interested in.

This latter information can be quite eye-opening. It’s not always spot-on: I discovered that I was being targeted for content related to Assassin’s Creed, yet I haven’t played a computer game in more than 20 years (not even for career development). For the most part, though, the list was scarily accurate – it even knew the brand of watch I wear. There are links on the page that let you remove any categories that don’t apply, or which you’d simply prefer Facebook not to use for targeting.

If you want to get off Facebook altogether, the “Manage your information” section provides links to delete your data and close your account. If you’re hesitant about leaving the platform because you don’t want to lose touch with friends or family members who are using Facebook Messenger, there’s good news; it is possible to continue using Messenger for instant messages even after deactivating your main Facebook account.

If you decide to take the plunge, point your browser at Facebook's account deactivation page, enter your password, complete the form and click Deactivate.


You might imagine that Facebook-owned Instagram would offer similar levels of control over your content. Sadly, that’s not the case: you can discover a lot about the metrics that are used to determine what you’re shown in the app, but you can’t always correct or delete any incorrect inferences.

To see what Instagram thinks of you, open the app and tap your icon at the end of the toolbar, followed by the three lines at the top of the next page. Tap Settings followed by “Ads | Ad topics” and untick subjects that don’t interest you. If you tap into Security, rather than Ads, and hit “Access data”, you can see your apparent interests in blocks by selecting “View all” under “Ad interests” – but you can’t delete items recorded here.

What you can do is flag unwanted adverts individually. Tap the three dots above them in your feed then tap “Hide ad”. You can specify whether the ad is irrelevant, shown too often or inappropriate.

Shrink your Twitter footprint

Last year Twitter was hit by an embarrassing security breach that gave hackers access to numerous high-profile accounts, exposing all sorts of personal information associated with those accounts.


2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world


What information is Twitter keeping about you? To find out, log in through a browser and click More in the sidebar, followed by “Settings and privacy”. As with Facebook, the information is provided as a bulk download: with “Your account” selected in the second sidebar, click “Download an archive of your data” in the third, and enter your password. Click the “Request archive” button and Twitter will compile a Zip file. It will send you an email when it’s ready for collection.

Once you know what kind of information is in the database, you can make more informed decisions going forward. There are also some specific settings that it’s worth looking at (all of the menu options mentioned below are found under the “Privacy and safety” section of Twitter’s settings).

If you want to restrict your tweets so they can be read only by people who actively follow you, click “Audience and tagging” and click the box beside “Protect your tweets”. While you’re in this section, you can optionally disable photo tagging too, which stops people identifying you in photos they post to their own profiles. Once you’ve protected your tweets, you’ll be asked to authorise any future follower requests, rather than allowing anyone who wishes to follow you do so.

A specific privacy issue that we mentioned earlier is the possibility of giving away your whereabouts. To prevent Twitter from reporting your location, click “Your tweets”, then “Add location information to your tweets”. Untick the box and, optionally, click the link to wipe location data from tweets you’ve posted in the past.

Again, like Facebook, Twitter builds up an internal profile of you that’s used to select ads and suggest content. You can review this and remove specific interests from your record as you wish. To do so, click “Content you see | Interests” and untick the box for each subject you’d rather not hear about.

As for items you’ve actively shared, it’s easy to delete individual tweets by clicking the three dots icon on each one and selecting “Delete tweet”. Twitter doesn’t provide any way to remove whole batches of posts, but a number of third-party services have sprung up to plug the gap – check out,, or If that’s not good enough, you may choose to go the whole hog and delete your Twitter account.

Shrink your Google footprint

Google offers an extraordinary range of products and services, many of which collect a whole lot of personal information – either for publication or for internal usage. Fortunately, the company also provides a single centralised dashboard from which you can keep track of everything that’s being stored about you across Google’s numerous sites and apps. To access it, start by navigating to and logging in.

Once you’re authenticated, a good place to begin is Google’s Activity controls page. Here you’ll find options to turn off whole categories of data collection, including location data, data gathered by Google-owned websites and Chrome, and data collected by devices such as your phone and tablet.

You can also limit what information is collected and used by YouTube: this will probably cause you to receive less relevant video recommendations, but you may not consider that a great price to pay for enhanced privacy.

At the bottom of the page there’s a link to the advertising settings page. If you want to see random ads, rather than ones based on your behaviour, just click off the switch labelled “Ad personalisation”. This only affects advertising on Google sites, but if you visit the Your Online Choices website you can similarly turn off advert personalisation for dozens of different companies.

If you want to remove your own content from your Google account – such as contacts, calendars, Drive data, ebooks, Play store purchases and so forth – it’s a good idea to download an archive of your content in advance, just as with Facebook and Twitter, which you can do from the Account Dashboard. When you visit this page you’ll see a long list of all the Google services that your identity is connected to; to download data for any of these individual services, click the down arrow to expand it, then click the three dots at the bottom of its card, followed by “Download data”. Clicking the main “Download your data” link at the top of the page will download a complete archive of content from all the various services.

Bear in mind that this page only shows information for the currently logged-in Google account. If you have multiple accounts – one for work and a personal account, for instance – you’ll need to repeat this process for each one. You can keep track of which identity you’re using by checking the account image at the top right of the dashboard pages.

Shrink your Microsoft footprint

Like Google, Microsoft has helpfully centralised a lot of its privacy settings in a unified dashboard. You can download a copy of your activity by clicking “Download your data”, followed by “Create new archive”. The file that’s delivered will include things like your search and location history and other personal information, but it won’t include data generated in applications such as Office Online or the Outlook calendar. To download those items, you’ll need to go into each product and manually make a copy of whatever you want to keep.

One information repository that’s of particular interest is what’s known as Cortana’s Notebook. Microsoft is scaling back Cortana as a general-purpose voice assistant, but since its introduction

which is where Cortana keeps track of things it’s learned about you, to help it provide relevant answers to any questions. You’ll find a link to this at the top of the Privacy page, with the data broken into sections covering topics such as your commute, weather preferences, news stories that interest you, stocks you’re tracking and so on. The more information Cortana has squirrelled away, the more effective it will be – but, if you’d rather wipe what it knows, click “Clear Cortana data” in the right-hand sidebar.

Like Facebook and Google, Microsoft also provides an easy way to opt out of so-called behavioural advertising, which by default serves up content based on what it knows about you. To do so, visit Microsoft’s Ad settings page and turn off all of the switches for personalisation.

Don’t forget to also check your privacy settings in Windows itself. Press Windows+I to open the Settings app and click Privacy, then use the switches to manage what the operating system can and can’t do. The standard settings allow the OS to show ads based on your interests and websites to access your language lists to provide locally relevant content, but these can be turned off at the flick of a switch. You can use the App permissions link at the left to block third-party apps from accessing information such as your location and account settings too.

Prevention is better than cure

The companies we’ve focused on above have huge databases of personal information, but don’t think your digital footprint stops there. It also extends to, for instance, the online supermarket that brings your groceries, the public library you use to download ebooks, your favourite digital magazine stores and anywhere you’ve ever saved your credit card details.

To audit and curate exactly what all of these services know about you can be a time-consuming business. However, it’s made a lot easier by services such as Rightly, which provides direct links to all manner of companies, with options to see what information they hold about you, to opt out of marketing or to request deletion.

It’s also important to realise that even if you take direct action, close your accounts and ask companies to scrub you from their databases, your information may still be out there somewhere. The things you publish online can find their way into an incalculable number of third-party services, without your ever knowing about it.

The only truly safe course of action, therefore, is never to publish anything that you might regret sharing in the future. If that’s not realistic, the next best option is to lock down any services you actively use from the very start, to prevent them from gathering personally identifiable information in the first place.

Nik Rawlinson is a journalist with over 20 years of experience writing for and editing some of the UK’s biggest technology magazines. He spent seven years as editor of MacUser magazine and has written for titles as diverse as Good Housekeeping, Men's Fitness, and PC Pro.

Over the years Nik has written numerous reviews and guides for ITPro, particularly on Linux distros, Windows, and other operating systems. His expertise also includes best practices for cloud apps, communications systems, and migrating between software and services.