With much data being readily available online, Internet users are rightly worried about the scope of the digital footprint they leave on the Internet.
Staying safe online goes beyond choosing a robust VPN or strong antivirus software to carry you through surfing the net. Being careless about sharing information publicly can result in a stolen identity, which could cost you a lot of money or – in the worst-case scenario – a legal action.
However, many of us are not fully aware of what constitutes a “proper” degree of data that we could post on social media or share during online surveys. And even then, how do you discover all the information that has once been shared and is now left on the endless expanse of cyberspace?
The Cybernews team has invited John Bourscheid, the Co-Founder of Removaly – a company that helps you identify your digital footprint – to discuss the matters of online traces and data collection.
Tell us how it all began. What is the story behind Removaly?
Removaly started after my fellow Co-Founder Kyle and I experienced our issues with cybersecurity and harassment. We both started looking for methods to wipe our personal information from the Internet, as we didn’t want bad actors utilizing our home addresses, phone numbers, or family members' information with ill intent.
I tried a competing data removal service once I realized the work involved in efficient PII removal. However, there were a few things about this service I thought could be improved upon. After discussing benefits and drawbacks with Kyle, and hearing his take on the difficulties of the DIY approach, we decided that we could make a superior product, so we set out to do just that.
We spent a few months brainstorming ideas, settled on a name and strategy, and started building. Kyle developed the incredible backend software while I built out our website and marketing assets. Over close to 18 months, we built, tested, and got Removaly ready for launch.
Once we were more than satisfied with our service offering, Removaly launched in June 2021. It’s been a rocket ever since, growing faster than either of us could have imagined and helping thousands in the process, all in the first year.
We utilize a customer-first approach, ensuring questions are answered in a timely fashion. We also run on a hybrid automated and manual system. The human element helps ensure no stone is left unturned when helping users find weak spots in their digital privacy.
Can you introduce us to what you do? What are the main challenges you help navigate?
Removaly is focused on helping website visitors, free users, and subscribers keep personally identifiable information (PII) away from bad actors and prying eyes. Through extensive onsite resources, free opt-out guides, vulnerability scanning, and a robust subscription model, we help people from all walks of life keep their personal information private.
Kyle and I know that plenty of people want to scrub their data from the Internet. However, many lack the time and availability to spend hours tracking removals, submitting opt-outs, and checking for re-occurrences. For others, the process is daunting to the point of being unsure where to start.
Our service streamlines the process, providing users a more efficient approach to see where vulnerabilities lie and weigh the best option for removing personal information. We offer free scanning to see what sites to target for removals, compared to a shotgun search approach many would otherwise navigate.
From an intuitive dashboard, users can then decide if the number of found vulnerabilities makes it worthwhile to have us handle the removals on your behalf. If so, you can watch in real-time as we opt out on your behalf.
Removaly is the only service on the Internet scanning every day to ensure all personal information stays removed. Data brokers acquire new information regularly. As a result, reoccurrences are common. We strive to ensure these reoccurrences are quickly eradicated and provide the closest thing online to permanent removal.
What is a digital footprint and how can an individual find out about their own digital mark?
Your “digital footprint” is the trail of information left behind when you interact online. Your footprint grows through actions such as subscribing to newsletters, shopping online, and posting to social media.
However, there are less obvious methods contributing to your digital footprints, such as device cookies and aggregating of personal data from apps, which are then sold to third parties. Typically, digital footprints are referred to as “passive” or “active.”
- Passive Digital Footprints. Passive digital footprints are created through the unseen collection of user information. A common example is analytics platforms across websites. Webmasters who enable analytics services can see IP addresses, locations, browsers, and other demographics of site visitors. Another example is larger social networks utilizing your engagement across their platform to target advertising and marketing that they deem is more likely to convert.
- Active Digital Footprints. Conversely, active digital footprints exist when users purposefully share information through engagement across platforms. Examples of this include posting to message boards from registered usernames, posting to social media, and accepting cookies on your browser.
- How can I find my digital mark? The most effective method is to check your name in search engines. Check both your first last name, as well as any spelling variations and maiden or former names. Reviewing these results will give you an idea of what kind of information about you is available in the public eye. One great way to automate future checks is to set up Google Alerts for instances of your name being added into search engine results.
Have you noticed any new types of cybercrime emerge during the pandemic?
Three things I have noticed a massive increase in since the start of the pandemic have been phishing and social engineering, ransomware attacks, and cyber harassment of digital influencers.
- Phishing and Social Engineering. The advent of the work from home revolution has created a huge target for cybercriminals, as many remote employees utilize insecure computers and mobile technology. During the transition period of office employees to a work-from-home style setting, bad actors shifted techniques, targeting employees by way of COVID-centric social engineering campaigns and phishing attacks. Those in the healthcare industry, financial services, retail, and public administration have been heavily targeted for phishing attacks, while administrators and public officials are more susceptible to social engineering.
- Ransomware. Consulting firm KPMG found that there is extensive evidence that the growth of remote work during the pandemic significantly increased the risk of ransomware attacks. One of the main reasons given for this includes far weaker cybersecurity on home technology compared to corporate alternatives. Another reason is a strong likelihood of users clicking through on COVID-focused ransomware emails, given the increased levels of anxiety due to the pandemic.
- Cyber Harassment of Digital Influencers. One of the more common issues we help alleviate are YouTubers, streamers, and influencers having personal information leaked through aggressive and harmful “doxing” campaigns. Streamers have faced everything from swatting to having threats of mailed pipe bombs lobbed at them online from bad actors.
Kyle and I have created dedicated resources to help streamers keep their personal information out of the hands of threat actors and were heavily involved in the Hate Raid Response mitigation effort in late 2021.
How does one’s personal data end up publicly available on the Internet?
You would be shocked at how much personal information is already widely available online. Where I live here in Jacksonville, Florida, our county has a completely public property record search under the guise of “Fair and Accurate For All.” Many states have property records unable to be removed from the public eye. Data brokers target public record sites to scrape info to grow their database of user information.
Public records are the most common way to disseminate personal information through data brokers and people search websites. Property records, court cases, arrest records, marriage licenses, and even death records are all typically publically available and vulnerable to being scraped by data brokers.
However, it goes beyond just common public records. Some sites, such as Radaris and MyLife, scrape information from public LinkedIn profiles and tack this information onto standard found data grabbed from public records or other data brokers. Other sites will scrape publically-available voter registration records and tie your political affiliation and address to your full name. Some even note any political donations made, how much, and when.
Phone directories, financial disclosures, divorce records, sex offender registries, and more. There is truly no end to the amount of information that is publicly available to you and your loved ones.
What are threat actors usually trying to gain by taking advantage of one’s data?
The answer to this can vary wildly. While having information such as your home address, phone number, birth date, and more publicly available, everyone from identity thieves to cyberstalkers has a cracked-open door to more alarming amounts of personal information.
Here is an example. A professor gives an unstable student a bad grade on a final exam. The student can quickly find the professor’s home address through a site such as Fast People Search, comparing it with a faculty directory. From the Fast People Search listing, they can also see relatives' names. They find the professor’s wife’s name, locate a Facebook account, which shows her employer, and note that they have no kids or pets.
Fast People Search also shows a list of phone numbers. The disgruntled student calls the landline to ensure nobody is home. Then, they copy and paste the home address into Zillow, which brings up an MLS listing from a few years prior. From the Zillow listing, the unstable student can cross-check against family Facebook photos to ensure the house is correct and then scan through real estate photos and Google Street View to find vulnerabilities and entry points into the house.
The professor and wife return home from work hours later to find their back picture window broken and their home flooded from a hose in the backyard.
While this may be an extreme example, it has and does happen far more often than you would think. From identity thieves to ransomware, cyberstalkers to fraudsters and beyond, having public access to sensitive personal data is all harm and no good.
In your opinion, what key best practices and security measures should everyone adopt to protect their data?
I strongly recommend, in the expanding digital age, that all individuals remain mindful of the amount of personal information they share publicly across the Internet. My co-founder Kyle and I recently did an interview with Influencive about privacy tips for influencers. Many of the same tips and tricks apply.
Some of the simplest but most effective measures that individuals can take include:
- Working to get your personal information removed from people to search websites and data brokers. We offer extensive opt-out guides, explaining in detail how to go about doing so.
- Keeping all social media accounts private. Even with private social media accounts, don’t overshare information.
- When creating passwords, make them strong and secure. A mix of uppercase and lowercase, letters and numbers, and punctuation is best, and don’t utilize numbers that can easily be related to your life.
- Be careful when utilizing free WiFi networks. These connections are notoriously insecure and leave your data vulnerable. The same goes for insecure web pages. Look for the HTTPS and the little lock icon.
What data privacy issues would you like to see resolved in the next few years?
In a perfect world, in the next few years, other states would adopt similar rules and statutes to the California Consumer Privacy Act, or CCPA. The six main facets of the Act provides residents of California with the following rights:
- Knowing the personal information that is being collected about them.
- Knowing if their personal information is being disclosed or sold, and to whom.
- The option to say no (or opt-out) of the sale of their data.
- The ability to access their data.
- Requesting businesses to delete any kind of personal data about consumers collected from the consumer through interaction with digital properties.
- The option to not be discriminated against by organizations and businesses for exercising their rights to privacy.
Further adoption of similar laws to CCPA by other states will assist in helping aid consumers in stronger privacy controls.
In an even more perfect world, the United States would utilize a modified version of the European Union’s Global Data Protection Regulation (GDPR).
GDPR uses far more stringent protocols than CCPA, working to further the personal data privacy of individuals in the European Union. ProxyClick provides a deep dive into the differences between CCPA and GDPR here.
In the end, essentially any updates to privacy laws in the United States would be a step forward in resolving some of the most alarming privacy concerns individuals face in the continuing digital age.
Would you like to share what the future holds for Removaly?
Through a mix of user feedback and our visions for the future, Kyle and I have big plans for the continued growth of Removaly. Being a self-funded company without any backing venture capital, we have full control of pushing out updates and enhancements quickly and efficiently, without the need to consult with investors or stakeholders.
We are working on consistently adding new sites to our coverage map, having grown from 35 at launch to over 50 less than nine months later. Additionally, we are rolling out value-added service offerings based on some individual concerns and ideas we have heard from our users, including offering Removaly as an employee benefit for companies looking to provide more privacy-conscious solutions for their workforce.
However, regardless of the future growth of Removaly, our main focus will always remain on the wellbeing, privacy, and security of our users. We aim to remain self-funded, but with continued growth, pour more service features in for our subscribers. Additionally, I am working on expanding our resource library of opt-out guides, comparison guides, and privacy-focused articles further.
The ultimate goal is to provide a “one-stop shop” for users looking to keep their private information away from prying eyes. Until everyone who wants to maintain a comfortable level of anonymity can do so, Kyle and I remain the vigilant knights of data removal.