People sitting around a table

adesso Blog

Methodology

13. July 2022 By Tobias Dieter

I have a (data) shadow – my digital footprint

Once a year, I receive an e-mail that sends me for a loop.

It’s an automatic reminder telling me that it’s Max M.*’s birthday today. He’s in my contacts, and he would surely be happy if I were to write him to wish him a happy birthday.

This is a wonderful little service for someone like me, who rarely writes down birthdays and is even less likely to remember them. But in Max’s case, it’s a morbid reminder because he died over ten years ago.

What you can learn from this situation

Digital identities can continue to exist for a long time after they were created.

This also applies to a much wider range of personal information available in digital form. Once the data has been collected, it is there forever. Further action is needed to delete the information, and in some cases, not all of it can be removed. This information about me or my online activities is called a digital footprint, or data shadow.

Online activities and devices can be traced back to a particular person via their digital footprint. You can leave an active or passive footprint:

  • Active means everything I (knowingly) disclose about myself such as on social media.
  • Passive includes all information collected on my person, for example, by tracking my activities on the Internet.

How big is my personal digital shadow?

As a general rule of thumb, the more often you use the Internet, the larger your digital shadow will be.

To get a good idea of how big your digital footprint is, I recommend googling yourself to see what information about you is available to everyone online.

This could include newspaper articles containing the person’s name (Bill M. wins 2nd place in a youth league ping pong tournament (2004)) to job portals (software developer looking for a job) or any kind of information made available to the public by the person that specifically matches the name you are searching for, such as a person’s public Amazon wish list or a review of the pond pump he or she recently purchased. And, of course, this also includes all the results from the image search, including photos that other people have posted online.

If you want to dig a little deeper, log on to a social media site (Facebook, Instagram, etc.), and you may find out more about your digital identity or identities there. Depending on the provider, the information that can be seen by other users will vary. Some online services offer settings options that allow the user to restrict access to stored data.

Keep this in mind: although the data cannot be seen by everyone, it is stored by the online service provider for an indefinite period of time.

The EU General Data Protection Regulation (GDPR) stipulates that data must be deleted when it is no longer needed. In reality, however, this rule is not strictly observed. As a result, personal data may be processed long after the active use of a service has ended like the example of the birthday reminder at the beginning of this blog post shows.

Now you understand what an active digital footprint is. Things really get interesting when you take a closer look at your passive digital footprint, which encompasses all the information that has been collected on your person by third parties, sometimes without your knowledge.

How I leave a digital footprint

A real-life example: I open a website

Before I can do anything, a cookie banner appears on the screen, recommending that I accept all cookies so that I can finally read the content on the website you wish to visit.

Now, you could argue that I know what is happening in the background because, as an informed citizen, I have made an informed choice about what data is collected on my person when I visit this website. But be honest: how many Internet users bother to click the ‘only use necessary cookies’ link, which is easy to miss and not featured prominently on the screen? If I don’t, a lot of data about me is processed in some cases. This could include:

  • how often I visit this page;
  • where I come from;
  • my IP address;
  • how long I view which content;
  • what links I click;
  • who or what I like;
  • the next page or site I visited;
  • and much more....

This data is immensely valuable for the people or companies that run a website. The entire process takes place in the background, during which profiles and personalised advertisements are generated. Or, to put it in the words that a data processor might use, the end product is an ‘optimised personal service that delivers the best possible user experience’, which sounds so much better. (wink wink emoji)

As you now see, there are many reasons to learn more about your digital shadow.

Once data about me, my activities and my preferences are public, I no longer have sole control over what happens to this information.

My data can then be used without any action on my part or even without my consent, which could also have an adverse effect on my reputation in certain cases. For example, my comments may be taken out of context or my private photos may be seen by people who I’d rather not have see them. A classic example of this would be the photos taken at someone’s graduation party while on holiday in Majorca, which could have a major impact on whether the person is selected to fill a position when applying for a job at a company.

Last but not least, cybercriminals can use another person’s digital footprint to gain access to accounts (phishing) or assume a false identity using stolen data.

Offline activities

In addition to online activities, there are many other ways to leave a digital footprint. It’s incredibly easy to sync the contacts stored on my phone with a car, but do I remember to delete them when I sell my car or return a hired car?

The buyer or person who rents the car after me then has my contacts. One can only hope that the data is simply deleted without the person looking at it first.

Do I always log out when I watch films in my hotel room on Netflix, Disney or Amazon Video? Do I erase all the data in my smartphone’s memory when I sell it?

What can I do now to not lose complete control over my digital life?

  • Taking stock: Where is my data located in the first place? Since I have already googled myself, I already know a lot about the information available publicly about me and who provides it.
  • Data reduction: Profiles that are no longer being used should be deleted. If you cannot delete them on your own, you can request that the website operator or online service provider delete them. The right to be forgotten is an integral right set forth in the General Data Protection Regulation, helping people who wish to have the data deleted make use of this right. If it is still not possible to delete your profiles, try to change your personal data and profile pictures so that they allow as few conclusions to be drawn about you as possible.
  • Data minimisation: Sharing personal data increases the size of your personal digital footprint. For that reason make sure only to disclose as much information as is actually needed. Here’s an example: you are requested to enter your e-mail address and phone number in many contact forms. If you look more closely, you’ll see that you often only have to enter one or the other; the second field is optional. So why provide more information than necessary?
  • Privacy settings: These settings can be very helpful. On Google and a number of social media sites, it is possible to customise the privacy settings to manage who can see my posts or what data can be used for what.
  • Choosing what information to disclose: Think long and hard whether the world really needs to see what you had for lunch, what your hobbies are or where you’re going on holiday. Criminals might see in your contact information or recent photos from Thailand that you are away on holiday and decide to break into your home and rob you. Tip: Do not enter your exact home address in your car’s sat-nav system. If your car is stolen, the person who stole it will know where you live. If worse comes to worse, not only will your car be gone, but your home will be cleared out as well, since the thief will be able to get to your flat or house before you can because you don’t have a car now.
  • Trust: Do not disclose information about yourself if you are in a non-secure setting. When you’re online, always make sure that the URL of the website begins with https and not http, and that a padlock symbol is displayed in the address bar. If this is the case, you are on a secure website protected by a security certificate.
  • Secure passwords: Accounts can be hacked. Good password protection can help prevent this. Use passwords that are at least 12 characters in length that include both numbers and special characters. Never disclose passwords or other account information such as answers to security questions. Do not use the same passwords for more than one service. Password managers such as KeePass help you keep track of all your passwords.
  • Mobile devices: Check the share settings in the apps you use on your mobile devices. Ask yourself if location tracking always has to be on, for example.
  • VPN: The use of a virtual private network (VPN) can help you conceal your identity and, in particular, your location by hiding the IP address, meaning that your online activities can no longer be tracked. There are numerous solutions here, including browser extensions.
  • Incognito mode: All major browsers provide a feature that allows users to restrict the ability of companies to track your online activities. The Tor browser offers a variety of effective security mechanisms that let you surf the Internet with a high degree of security.
  • E-mail: It is very good to have more than one e-mail address. For example, you could set up one address for all your online activities (shopping, newsletters, etc.) and one for private use. If the first one were somehow to get into the wrong person’s hands, your personal communications are still protected. Tip: If you suspect that your e-mail address may have been hacked, go to https://haveibeenpwned.com/ to check if it has.
  • Nicknames: Use your real name as little as possible. If you can use nicknames, do so. The same applies to the photo of yourself that you post. If you are wearing sunglasses in the photo or take a profile photo, this can make it difficult to identify you as the real person.

At the end of the day, it comes down to your personality and individual risk assessment on what and how much you want to reveal about yourself. Despite all the precautions you may take, it is very difficult not to leave digital tracks and nearly impossible to reduce your digital footprint to zero after the fact once you have been online for several years.

By the way, it is also possible to contact a service provider if you notice that the personal data of other people is being processed unlawfully. One e-mail is often all it takes to stop receiving birthday reminders the next year for someone who is no longer around to receive it.

Would you like to learn more about exciting topics from the adesso world? Then take a look at our blog posts that have appeared so far.

Picture Tobias Dieter

Author Tobias Dieter

Tobias Dieter has been working for adesso as a Managing Consultant in the areas of information security, IT service management and data protection since 2022. One of his main areas of work is the conception and implementation of security awareness campaigns.

Category:

Methodology

Tags:

Sustainability

Digitalization

Websites

Save this page. Remove this page.