10.1 Auditing Your Digital Footprint

You cannot protect what you cannot see. Before choosing tools, settings, or strategies, the most important privacy step you can take is auditing what is already out there about you. A digital footprint audit turns an abstract risk into a concrete list — and concrete lists are something you can actually act on.

Active versus passive exposure

Your digital footprint has two components. Your active footprint consists of things you deliberately published: social media posts, forum comments, product reviews, blog entries, photos you uploaded. Your passive footprint is everything collected about you without direct action on your part: web browsing history, location pings, ad-tracking data, purchase records, and inferences drawn from all of the above. Passive data is typically far larger — and far less visible.

Step 1: Search yourself

Open a private/incognito browser window and search for your name combined with your city, your employer, and your phone number. Check both web and image results. This replicates what a stranger — or a potential employer, or a scammer — would see. Note anything surprising. Repeat on Bing and DuckDuckGo, since each engine indexes differently.

Step 2: Check breach databases

Visit Have I Been Pwned and enter every email address you use. The service, created by security researcher Troy Hunt, cross-references your address against publicly disclosed data breaches. A "pwned" result means your credentials appeared in a breach — even if the breach happened years ago. Act on every hit: change the relevant password and enable two-factor authentication where possible.

Step 3: Map your accounts

Make a list of every online account and social profile you have ever created — including dormant ones. Password managers can help here by surfacing saved logins. Dormant accounts are a genuine risk: they hold personal data but receive no security updates. Delete accounts you no longer use.

Step 4: Review platform activity logs

Google's My Activity shows what Google has recorded across Search, YouTube, Maps, and its advertising network. Facebook's Off-Facebook Activity tool shows which third-party websites and apps have been sending your behaviour to Meta. These dashboards rarely make for comfortable reading — but they quantify the passive footprint in concrete terms.

Step 5: Download your data

Major platforms are required by law (under GDPR and CCPA) to provide a copy of the data they hold about you. Use Apple's privacy.apple.com, Meta's Download Your Information feature, and Google Takeout. The resulting archives — sometimes gigabytes in size — reveal what has been collected and often prompt targeted deletion requests.

Your takeaway

A digital footprint audit is not a one-time event. Set a calendar reminder to repeat key steps — especially the breach check and account review — at least once a year. The companion course Data and Privacy covers the "Taking Your Data Back" phase in detail, including data deletion requests and opt-out procedures.