With the prospect of Federal consumer privacy legislation like the American Data Privacy and Protection Act (ADPPA) increasingly dim in Congress in 2023, the Executive Branch and its agencies have recently suggested more direct measures toward regulating the US data broker marketplace.

During the White House session on August 16, 2023, the Consumer Financial Protection Bureau (CFPB) director announced two specific rule changes under consideration:

• Redefining certain data brokers as “Consumer Reporting Agencies”, which would make them subject to Fair Credit Reporting Act (FCPA) rules restricting data sale only for purposes specified in the act; and 
• Redefining “Credit Header Data” (which are basic descriptive personal identifiable info or PII, typically less-restricted than financial records/credit history themselves) as a “Consumer Report”, reducing the ability of companies to disclose people’s sensitive contact information unless in specific required circumstances.

Calls to regulate credit header data under FCRA have been made for over 20 years by privacy advocates, and recently reiterated by members of congress and consumer rights organizations. 

DeleteMe’s take: The proposed changes to rules would directly impact businesses of the major credit reporting agencies (Experian, Equifax, Transunion), as well as a range of industries who rely on credit header data for direct marketing and identity authentication purposes. 

But it would also cut off a major source of sensitive data used by less-scrupulous, less-regulated parts of the data broker landscape: “People Search”, “Private Investigator” and “Background Check Services” companies. Arguments that the changes would harm the ability of institutions to ‘prevent fraud’ is, in our view, one-sided and incomplete. The unregulated PII marketplace has allowed mass identity-based fraud to explode over the last decade, and forms of identity authentication relying on 3rd party PII verification have been in steady decline for years.

Learn more about DeleteMe and our work for privacy and cybersecurity at joindeleteme.com

Table of Contents

AddThis is a social bookmarking service that allows website owners to add social media sharing widgets and buttons to their websites (those rows of “share this” buttons you see on lots of websites are actually tracking visitors). They can then track and analyze data around the content shared through these widgets, and provide insights to advertisers. AddThis is on 14 million sites and generates 10 terabytes of data every day.

How it works:

When you visit a website that’s part of the AddThis network, you might notice a column or row of social media sharing icons (Facebook, Twitter, Google+, etc.) next to content like blog posts or articles. If you choose to share content using one of those buttons, AddThis collects data around what you shared, the words you highlight and copy on websites, your clicks, and the kinds of content you and your friends find most interesting. They also build huge social graphs around this data to find similar networks.

For example, let’s pretend you and your friends tend to share articles about cats to Facebook. Let’s also pretend you and your friends happen to be very responsive to ads for a certain type of cat food. AddThis will comb its social graph for sets of friends who also share those same kinds of articles to Facebook, and then show those groups the same cat food advertisements to see if those friends are as responsive as you and yours.

So what?

In AddThis’s words, “What you share and who you share it with can tell you a lot about a person. And when you look at what millions of web users are sharing every day, you can learn an awful lot about your customers.” Users are never informed that AddThis is harvesting their behavioral data, even if they never interact with a “Share this!” widget on any page. AddThis has set a precedent of changing how the massive amounts of data they’re gathering from the pages using their widgets is being used, without informing the publishers of those pages.

On one hand, AddThis has gotten into trouble with the FTC in the past with questionable uses of their technology, like installing cookies that, even when a user manually deleted them, could “revive” themselves within the user’s browser. On the other hand, AddThis is now an active member of two advertising industry organizations that are focused on protecting consumer privacy: the Network Advertising Initiative (NAI) and the Direct Advertising Alliance (DAA). AddThis no longer installs cookies on users’ browsers and the huge social graphs that they build are anonymized…but if they ever shared this data with someone who had even a fraction of your sharing interests affiliated with your real identity, that data can easily create a full picture of your social media activity and interests. This may not be information you want available to others.

How might AddThis benefit me?

AddThis’ goal behind all of the data collection they do around your social media sharing is to serve up more relevant ads based on your interests. They have also made it easier for you to share content from the websites that you like. (It’s worth noting that even when DoNotTrackMe blocks AddThis, you can still share that content just as easily.) Conversely, they’re making it easier for websites to track what kinds of content their readers like you are liking, and that (usually) means more of that same kind of content.

Want to dig even deeper? Check out AddThis’s privacy policy.
Read more about some of the other trackers DNTMe is now blocking:

• AdRoll
• Gravity
• LeadLander
• Dataium
• Meteor Solutions
• [x+1]
• Rapleaf
• KISSmetrics
• BlueKai

Table of Contents

Equifax has a lot of data about you. This data could have a significant impact on your life. 

Equifax is among the largest data brokers in the United States and one of three major credit reporting agencies. It collects and assesses consumer credit information through around 10,000 different companies or information “furnishers.” 

This data is then sold to financial institutions, employers, and marketers, but as demonstrated by numerous security issues, it can also end up in the hands of cybercriminals.

Below is a quick history of Equifax privacy and security issues, as well as steps you can take to protect your privacy. 

Equifax Privacy and Security Issues

The 2017 data breach is well known, but Equifax has had other security and privacy failings. Below are some of them. 

1970: First warnings of personal data collection and sale

Equifax has been collecting personal information about individuals for decades. In 1970, when it was still known as Retail Credit Company, Columbia University professor Alan Westin wrote about the company’s practices in the New York Times. 

The files the company kept on people, Westin said (as reported in a Wired article), “may include ‘facts, statistics, inaccuracies and rumors’ … about virtually every phase of a person’s life; his marital troubles, jobs, school history, childhood, sex life, and political activities.” 

Consumers had no way to see what these files contained. Most didn’t know they existed. 

That same year, Retail Credit Company was about to start computerizing its files, something that Westin found particularly worrying. He said the step would threaten civil liberties and privacy because access to people’s most personal information would become so simple. 

Westin went on to testify on the subject before Congress, and these hearings reportedly contributed to the passage of the Fair Credit Reporting Act toward the end of 1970. Some people also believe that this encouraged the Retail Credit Company to change its name to Equifax as a way to start “fresh.” 

2016: Equifax ignores a security vulnerability 

In 2016, a security researcher notified Equifax of a serious security hole: an online portal that was supposed to be accessible to Equifax employees only was exposed to the entire internet. 

Anyone could find personal information about Equifax customers by simply putting in a search term, wrote the Motherboard.

The vulnerability was not patched for six months, by which time the notorious 2017 breach (described below) had already occurred. This puts into sharp focus the lax security that companies that collect consumers’ personal information have. 

2017: Data breach and exposure of American salary information

In early September of 2017, Equifax announced a data breach that had been discovered in late July, potentially exposing personally identifiable information (PII) of 143 million consumers across the U.S., U.K., and Canada.

As reported by KrebsonSecurity, Equifax’s lack of security within TALX (pronounced “Talks”), one of their subsidiaries, has made it easy for hackers and ID thieves to access the employment and salary history of impacted individuals.

TALX provides payroll, HR, and tax services to employers online and operates as Equifax Workforce Solutions as of 2012. One of the popular features of TALX, known as “The Work Number,” allows for automated verification of employment and income used for prospective employers.

In May 2017, KrebsonSecurity recounted a security breach announced by TALX to its Work Number service, caused by unauthorized account access by hackers who were able to reset account PINs by successfully answering account security questions. 

By gaining access to this database, hackers can easily obtain, record, and index work and salary histories of the 143 Equifax hack victims announced in September 2017, using the PII that was breached and released during the July 2017 breach.

Threats of identity theft should not be taken lightly, as illustrated by Katie Van Fleet, the Seattle woman who’s claimed to have had her identity stolen 15 times since the Equifax breach. Additionally, it can take months or years to fully recover from being a victim of identity theft due to the extent that thieves have gone to in order to secure your identity.

2012 – Present

Ever since the Consumer Financial Protection Bureau database was put online, countless consumers have filed complaints against Equifax. For example, in 2022, there were 184,666 complaints filed by consumers against Equifax. This is a 24% increase from 2021. 

The most common complaint is about inaccurate information. Another common complaint was the improper use of consumer credit reports, i.e., someone checking their credit score without getting their consent to do so first.

Unfortunately, getting inaccurate information fixed seems to be a struggle for many consumers. According to CBS News, one consumer wrote, “Hello my name is XXXX XXXX and XXXX have been reaching out to all three credit bureau’s via mail trying to resolve this debilitating issue for the past 7 months to no available.”

2022: Equifax sued for inaccurate credit scores

In 2022, a coding error at Equifax led to some consumers applying for home and car loans being given an erroneous credit score. In at least one case, the inaccurate score is said to have led to a pricier auto loan. 

Steps to Improve Equifax Privacy

The good news is that Equifax gives consumers the option to take control of their personal information. 

Through Equifax’s online portal, you can do the following:

• Ask Equifax to see the kind of personal information they’ve collected about you. 
• Ask Equifax to delete your personal information. 
• Ask Equifax to correct inaccurate information about you.
• Ask Equifax to limit whom it shares your personal information with. 
• Ask Equifax to stop sharing your personal information with third parties.

For step-by-step instructions on how to remove yourself from Equifax, follow our guide. 

Table of Contents

Not comfortable with the idea of people being able to tag you in the photos they post on Twitter? You can change your Twitter settings to opt out of Twitter photo tagging.

By making yourself “untaggable,” you can prevent other people from being able to find photos of you on Twitter. 

The below guide will show you step-by-step instructions on how to stop other people from being able to tag you in photos on Twitter. 

How to Opt-Out of Twitter Photo Tagging (Mobile_

Step 1. On the Twitter app on your phone, click the profile icon. 

Step 2. Click “Settings & Support” and then “Settings and privacy.” 

Step 3. Next, click “Privacy and safety.”

Step 4. Then, click “Audience and tagging.”

Step 5. Click “Photo tagging” and change the settings to “off.” 

How to Opt-Out of Twitter Photo Tagging (Browser)

Step 1. Log in to Twitter. From the left-hand side menu, click “More.”

Step 2. Click “Settings and Support” and then “Settings and Privacy.”  

Step 3. Next, click “Privacy and safety” and then “Audience and tagging.” 

Step 4. Then, click “Photo tagging.” 

Step 5. Disable the feature that lets people tag you in their photos.

Opting Out When You Don’t Know You’re In

It’s not just Twitter you need to worry about. The fact is that countless other websites expose your personal information without your knowledge. They’re known as data brokers, and they sell information about you to marketers, financial institutions, and even cybercriminals. 

If you care about your privacy, we have a series of guides on how to opt out of these sites. Or, we can do it for you.

Table of Contents

You need to learn how to remove yourself from background check websites.

Why? Because there’s something fundamentally wrong with background check websites.  They get our personal data through public record sources, like birth certificates, real estate purchase and sale records, lawsuits, marriage licenses, and even social media accounts–for free–and then they stockpile it, post it for the world to see, and sell it.  

Background check sites argue that they’re simply reposting public record information that already exists for anyone to access.  

In reality, they’re doing something completely different: they’re making all of our personal info more visible and more accessible than ever before. It’s not just a public record anymore; it’s super public. There’s a big difference between A) physically walking down to a courthouse and asking for a copy of a legal filing so you can find someone’s name and address from it and B) looking it up on a search engine from your couch.

For people with stalkers, a history of domestic abuse, a vindictive ex, or just a general interest in staying private, having their contact information (phone numbers, home addresses, etc.) so readily available isn’t just annoying; it’s dangerous.  

Getting personal data removed shouldn’t be as confusing and time-consuming as it currently is. Unfortunately, scrolling through long Terms of Use, privacy policies, and contact forms to find how to delete yourself, it becomes painstakingly obvious that many of these companies try to make it difficult to remove listings; after all, your data is their lifeblood.

Privacy laws have not caught up with this new reality yet. Lawmakers need to recognize that the super-public nature of these background check sites, aka people search websites, has strayed too far from our original concept of “public record,” and everything needs to be opt-in by default.  

If these companies want to profit off the facts that make us who we are–our names, ages, birth dates, addresses, and family members–we should have a say in that. And if we decide that it’s okay, we should see a cut of that profit. At the very least, these sites should have one uniform, simple, clearly-displayed opt-out method.

Until this happens, the burden is on us to play cat-and-mouse with these companies: we follow their convoluted rules and delete ourselves; they try to find us again.  

DeleteMe will do it for you if you want to save time, but if you’d rather do it yourself, see below for full instructions. If keeping your contact information private is important to you, please keep spreading the word to anyone you care about.

How to Remove Yourself from Background Check Websites

Click on each background check site for detailed, step-by-step instructions on how to remove your name from their database:

• Remove yourself from TruthFinder 
• Remove yourself from AdvancedBackgroundChecks
• Remove yourself from EasyBackgroundChecks
• Remove yourself from Background Report 360
• Remove yourself from Background Check Gateway
• Remove yourself from BackgroundCheck.Run
• Remove yourself from Arrests.org
• Remove yourself from CIA Data
• Remove Yourself from Find Out the Truth
• Remove yourself from Criminal-Records.org
• Remove yourself from Data Detective
• Remove yourself from Criminal Screen
• Remove yourself from CriminalSearches.com
• Remove yourself from Criminal Watch Dog
• Remove yourself from CriminalPages.com
• Remove yourself from DocuSearch
• Remove yourself from EasyBackgrounds.com
• Remove yourself from Inteligator
• Remove yourself from Intellicorp
• Remove yourself from Jail Alert
• Remove yourself from IntegraScan
• Remove yourself from Instant Background Report
• Remove yourself from Information Enterprises
• Remove yourself from Gov Background Checks
• Remove yourself from Free Background Check
• Remove yourself from Mughshots.com
• Remove yourself from Hero Searches
• Remove yourself from Smart Background Checks
• Remove yourself from BackgroundChecks.com
• Remove yourself from ArrestFacts
• Remove yourself from Sentry Link
• Remove yourself from USA Background
• Remove yourself from Rapsheets.org
• Remove yourself from People Spy
• Remove yourself from People Background Check 
• Remove yourself from USSearch
• Remove yourself from Spokeo.com
• Remove yourself from Radaris
• Remove yourself from PeopleFinders.com
• Remove yourself from Intelius.com
• Remove yourself from Beenverified.com

Note: The removal process varies from one background check site to another; some will request that you fill out an opt-out form, while others may ask you to send an email or call them using contact details found on their opt-out page.

Going Beyond Learning How to Remove Yourself from Background Check Websites

Having your personal information so readily available online puts you at increased risk of harassment, identity theft, and other threats.

Unfortunately, the above are not the only websites where people can find information about you, from your full name, date of birth, and aliases to court records and bankruptcies. To see an even longer list of people search sites, including Whitepages.com, zabasearch, mylife.com, and instant checkmate, go to our guide, where we detail the opt-out process for some of the most popular data broker sites.

Remember: data broker sites relist people once they collect more information on them, so you need to make removal requests to these sites regularly. Don’t have the time? DeleteMe can send opt-out requests on your behalf on a continuous basis.  

Table of Contents

Your passwords are weak. 

This is an assumption, of course, but if you’re anything like most internet users, it’s likely to be true. 

Consider this:

• The most common password is still “123456.” 
• Two-thirds of Americans reuse passwords. 
• About 6 in 10 US adults have names or birthdays in their passwords. 

With data breaches, identity theft, and financial fraud on the rise, having a predictable password makes you increasingly vulnerable. In fact, your accounts may have already been hacked into or your identity stolen; you just may not know this yet. 

If you want to improve your online security and privacy, changing your passwords is the easiest thing you can do. It is also likely to have the biggest impact. 

Below we show you how secure your password is by reviewing some simple tips, techniques, and tools you can use when creating passwords. 

What Does It Mean to Have a Good Password, and How Can I Create One?

Avoid popular passwords. The more unique and random you can make your password, the better. 

Entropy, a measure of randomness, can help you decipher whether your combination of letters, numbers, and symbols has enough randomness to be a strong password. Using common words makes weak passwords.

Any words you can find in the dictionary, and any repetition of those words, decreases entropy and makes a password hack far more likely. 

Using personal information for passwords, like the year you were born or your spouse’s name, is likewise a big no-no. The reason why is that cybercriminals can easily find this information online. 

Using one password across multiple websites (social media, bank accounts, etc.) also puts all of your online accounts at risk. 

Password length matters too. Use as many lowercase letters, uppercase letters, numbers, and symbols as possible within the website’s limits, and remember to change your password from website to website for optimal password strength.

If you struggle coming up with strong passwords, you could try creating passphrases instead.

Alternatively, a password manager might be a better option. Password managers often come with a password generator and are deemed more secure than just relying on memory to remember passwords (even with cybersecurity breaches like the one that affected LastPass). Just remember to use a strong master password, as cybercriminals can also use brute force techniques to guess these.

How Secure Is My Password? Testing the Strength of Your Passwords

There are many free tools online that can assist you in testing the strength of your password. Here are a few “password strength meters” where you can enter your password to see how long it would take a potential hacker to crack it and gain access to your private information:

• https://howsecureismypassword.net/
• Password Strength Testing Tool | Bitwarden
• How Secure Is My Password? | Password Strength Checker (security.org)
• Password Meter – A visual assessment of password strengths and weaknesses (uic.edu)

These tools can also tell you whether your letter, number, and symbol combinations have adequate entropy to create a unique password. 

You can also use tools like this one by Home Security Heroes to see how long it would take AI to crack your passwords. With the use of AI, cybercriminals can crack most passwords instantaneously. 

Don’t Forget MFA (But Don’t Rely On It)

Even if you’re confident in your password security, it’s still a good idea to set up multi-factor authentication (MFA).

MFA adds an additional step in the login process, so even if a cybercriminal gets their hands on your password, they won’t be able to sign into your account – they’ll have to provide more information.

At the same time, MFA is not foolproof.

Recent security breaches demonstrate that criminals can bypass MFA with attacks like SIM swapping (where they convince your phone provider they’re you in order to have your phone number transferred to their phone) or MFA fatigue (where they spam you with MFA push notifications until you accept.

Why Should I Remove My Personal Information from the Internet? 

If your personal information is freely available on the internet, then cybercriminals will be able to find a way to hack into your accounts.

For example, cybercriminals may use your personal information to answer password reset questions or send you personalized phishing emails where they trick you into revealing sensitive data or downloading malware.

As a result, it’s a good idea to ensure there’s as little personal information available about you online as possible. Keep your social media accounts private, never overshare on forums, and make sure to opt out of data brokers (read more about these shadowy companies and what they do with your personal information in our ultimate guide on data brokers). 

Table of Contents

23andMe might be one of the more popular direct-to-consumer genetic testing companies on the internet, but it’s by no means the only one. 

In the last few years, more online genetic testing companies have popped up for various purposes, from discovering ancestry information to figuring out potential health risks and even identifying whether you and your partner are “genetically compatible.” The uses may differ, but one thing remains a big concern: your privacy.

While at-home genetic tests can provide exciting and helpful information, consumer privacy may be compromised along the way. 

The reason why is that these tests often ask for more personal information than necessary, including health information and data about family members. In reality, all they need is a way to contact you and connect you to the test you send them.

As a result, reading these companies’ privacy policies and using online safety procedures when registering for an online genetic test to protect your identity, location, and personal information is the best way to take the test safely. 

Genetic Testing Privacy Policies

We read the privacy policies and FAQs from 23andMe and some competitors, including XCode, MapMyGenome, GenePartner, Pathway Genomics, AncestryDNA, MyHeritage, and iGENEA. If you choose to take a genetic test from any genetic testing services, we encourage you to read the privacy policy for your own benefit.

Still, we know that privacy policies can be tricky to navigate and sometimes hide information. 

In fact, some of the policies we read seemed a bit vague in areas–claiming that they collect or use the genetic information for what they deem “necessary for legitimate business purposes.” One company even wrote that they could use a customer’s genetic data for research purposes or for a third party without the customer’s consent. Now, do you see why it’s imperative to read those privacy policies carefully?

Many of the companies remind you in their privacy policy that if law enforcement comes knocking for your information, they are required to hand over your genetic profile and everything connected to it–all of your personal information. 

If you don’t give the service your real personal information in the first place, it would be extremely difficult to link the genetic information back to you. 

Some companies caution that “there can be no guarantee of privacy,” even given their encrypted information and secure systems–another reason not to share data with them.

One company based outside of the United States even coaxed customers into participating in research by first noting that a consent form was necessary for the procedure to begin. The consent form allowed the company to use the customer’s genetic information and results for research. The privacy policy made it seem as if the customers had a choice in the matter: “With your consent, the delinked data….will be part of our research database. This will help you serve the Indian community better and contribute to health science.” While customers of 23andMe have the choice to opt out of research, this company made research necessary for participation in the genetic testing procedure.

Privacy Concerns and Privacy Laws Around Personal and DNA Data

When it comes to the use of genetic information, there are few privacy protections available.

For example, the Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Nondiscrimination Act of 2008 (GINA) are two federal laws that deal with genetic information privacy.

However, even though HIPAA applies to the results of genetic tests administered by your healthcare provider, it does not extend to direct-to-consumer (DTC) genetic testing companies. Similarly, while GINA safeguards individuals from being discriminated against by health insurance companies and employers, it doesn’t cover other third parties or other kinds of insurance companies.

Just a handful of state laws provide better DNA data privacy. For example, in 2021, California passed the Genetic Information Privacy Act (GIPA), a genetic privacy bill. The bill establishes requirements for collecting, using, and disclosing consumer DNA data from direct-to-consumer genetic testing services.

This lack of legal protection creates a potential for a multitude of privacy risks, particularly because DNA data can’t be de-identified.

Keep Your Personal Information to Yourself

Most genetic testing companies’ privacy practices are risky to consumer privacy.

As a result, the best thing you can do when using one of these services is to provide as little real information about yourself as possible during the entire process. 

The only reasons that genetic testing companies need your personal information (i.e., name, phone number, home address, email address, etc.) are to:

• Send you the testing kit 
• Link your genetic test to your profile so that you can receive your test results.

As long as you provide a way for the company to contact you–through email and telephone number forwarding–you can choose not to provide your real personal information. 

The only caveat here is that if you want a 100% safe experience that cannot be linked to you, you’ll have to choose a shipping address that you have access to but isn’t your actual home address. You could try a friend’s home address or even a more distant connection if they are willing to receive your package.

After you handle the shipping situation, you are all set to sign up and order the test. You’ll want to turn on a VPN or Virtual Private Network to reroute your IP address. This will make it appear that you are browsing from somewhere other than your current location–whether that is somewhere else in the United States or halfway across the world.

Next, you should make sure that you have a tracker blocker or private browsing mode on in your browser. Note that Private Browsing, Incognito, and similar modes do not guarantee your private browsing experience and do not always block ad trackers. 

When asked for your personal information, you can make up a fake name to keep yourself protected. Then, use a fake email (an email that isn’t linked to you)  or set up email and mobile phone number forwarding using masked email services to provide a way to contact you without giving out your real information.

At this point, you’ll be asked to enter a billing and shipping address as well as payment information. By using either a prepaid debit card or a masked credit card, you can pay for the genetic test without giving out your real credit card information. For a prepaid debit card, you should use a made-up billing address.

So far, these companies have not been able to collect any of your actual private information. Some companies may ask you to complete additional questionnaires, which they claim will give you a better report because they will have more background information. But is this necessary, or is it just another link back to your identity? Based on our experience, you can still get a lot out of the genetic test and do not need to answer these additional and often invasive personal questions.

When your test arrives, you can use the same masked personal information to link your test to your previously created profile. Don’t forget your VPN and tracker blockers! Since the postage is prepaid to send back your test, you have officially completed your portion of the procedure without giving up any of your real personal information.

By spending a few more minutes setting up privacy parameters when purchasing a DNA testing kit, you can protect your private information and prevent it from being linked to you in case of a data breach or another sticky situation.

Even so, always be sure to read the company’s privacy policy to know what will happen to your genetic information, and keep creating strong, unique passwords for all your accounts.

Don’t Forget to Opt-Out of Genetic Testing Sites

Even if you don’t give a genetic testing company your personal information or take a test, they may still have personal data about you. 

For example, besides DNA testing, Ancestry.com genealogy service also provides sensitive information based on public records. Therefore, personal information that can be used to impersonate you can be easily accessed through genealogy databases online. There have also been instances of DNA databases being hacked.

Luckily, you can opt out of these kinds of databases. We have a whole series of guides that walk you through opting out from genealogy sites, including:

• How to opt-out from Ancestry
• How to opt-out from Family Tree Search
• How to opt-out from Rootsweb
• How to opt-out from Geni
• How to opt-out from Genealogy.com
• How to opt-out from Ancient Faces
• How to opt-out from FamilyTreeNow
• How to opt-out from Archives.com

Or, we can do it for you if you subscribe to our data broker removal service. 

Table of Contents

You used to have just one resume:  it was paper, you controlled everything in it, and you gave it to hiring personnel.  You got to choose exactly how to present yourself.  

For better or worse, that period in hiring history is now over.  Today, you have two resumes:  the traditional one that you carefully write and edit and distribute, and the nontraditional, digital one that’s the sum of your online activities.  

Many hiring personnel will look at both. Read on for our advice on putting your best foot forward online.

Unfortunately, many people aren’t aware of how public their digital selves are.  Job seekers can no longer afford to neglect their digital resumes and cover letters.  Employers want to know as much as they can about you, and the trail of activity you leave behind you on the Internet gives them a much more detailed view into your life than a carefully-worded resume does.  

Think of it strategically:  when job hunting, you now have another channel to present yourself and make a great first impression (and we’re not just talking about your LinkedIn profile, either).

Online Presence for Job Seekers: Is It Really That Important?

Yep. A CareerBuilder survey found that 66% of employers look up a job candidate online, and 70% look at their public posts on Facebook and other social media platforms. 

There are now even companies that streamline the process of screening job applicants based on their social media presence and other online profiles.

In rare cases, employers may even ask potential hires for their Facebook login information as part of the hiring process. 

Factors to Consider When Deciding Whether or Not to Post Something Online

You want to balance the positives of social networking, like expressing yourself and connecting with people, against the risks.  

One-third of employers who check social networking sites in hiring have passed on a candidate because of a red flag they found in the process. Assume that everything you post on social media sites and elsewhere online (including forums) is public or will end up public.  Ask yourself if you’d be comfortable with it being in a major newspaper next to your name.  

What does it mean for something to be objectionable?  It depends on the workplace culture of the employer you’re interviewing with, but always ask yourself if it’s something you would do in the office or at work or that you can imagine other employers doing.  If the answer is no, de-tag, delete, or don’t post.  

Here are some general guidelines, with particular emphasis on photos:

• Apply the highest standards to your profile pictures.  These are the ones that employers are most likely to see.
• Focusing on drinking = bad.  One glass of wine in your hand or a beer in the background is probably fine, but holding three shots up to your face isn’t.
• No drugs or drug paraphernalia.
• No sexually explicit or overly suggestive photos.
• Please don’t document your makeout/hookup through tags.

Certain posts are riskier than others.  

Of hiring managers who declined to hire a candidate, 49% did so because of provocative or generally inappropriate photos and posts, while excessive drinking or drug use came in behind at 45%.  Poor communication skills, like misspellings and bad grammar, came in at 35%.  33% of hiring managers didn’t choose a candidate because that person had publicly badmouthed a previous employer; 28% for discriminatory comments about gender, religion, or race; and 22% for lying about qualifications.

Steps to Take to Sanitize an Unflattering Digital Footprint

First, do a Google search of your name to see what comes up on search engines. This will give you a good idea of what the web is saying about you. 

Then, because a picture’s worth a thousand words, start with photos.  De-tag and delete any photos you’re uncomfortable with being seen by a potential employer.  You can download everything from Facebook in one quick step so you have copies of your pictures.  

Another important cleanup action is removing your personal information from background check websites.  

You may have found your personal information publicly listed and up for sale on background check websites, also called data brokers or people search websites (read more about these websites in our ultimate guide on data brokers).  One example is the site Spokeo.com.  Take a second now to visit Spokeo and search for yourself; we’ll wait.  You’ll probably be shocked by what comes up (and FYI, here’s how to remove your listing).

Many employers purchase background checks on potential hires as part of the hircess.  

However, background check websites are notorious for providing inaccurate files, sometimes reporting that a potential hire has a criminal record when they don’t, or getting other factual information wrong.  The FTC fined Spokeo $800,000 for actively marketing its background checks to hiring managers and recruiters.

Your best bet is to review the information these sites list about you and either make sure it’s correct or remove it from the site.

We’ve step-by-step guides on how to remove your name from some of the most popular data broker sites. 

Alternatively, our premium DeleteMe service will do the removals for you continuously (data brokers tend to relist individuals as soon as they gather more information on them, even if they had opted out previously). 

Balancing Online Authenticity And the Need for a Professional Image

Think of the job search process for the limited time period that it is:  you won’t have to be this strict forever.  It’s also unnecessary to censor so much that you aren’t yourself.  You can still speak about what’s interesting and exciting and funny to you but do so eloquently and with an eye for potentially risky content.

Use social media profiles and commenting to create a personal brand, improve your online reputation, and showcase your skill set.  

If you’re prepared for a little self-censorship, posting under your real name can be a smart strategy.  Knowing that anything you say online may show up when someone looks you up, use your postings (on personal websites, social media accounts, or elsewhere) to your advantage.  Post intelligent, grammatically-correct, spell-checked, well-reasoned content.  Express yourself in the field in which you want to become established.  Don’t forget that good search results can be better than no search results.

You can also create positive online content to bury negative online content, either by creating your own website or posting on existing sites.

Certain sites consistently appear high in the search results, and by simply creating a profile on them with your name and a bit of identifying information, you can suppress negative results. Make sure you set your privacy settings to be publicly viewed and only post content you’re absolutely sure you won’t regret later. Here’s a list of sites to use:

• Twitter
• LinkedIn
• Facebook
• Google+
• Pinterest
• Blogger
• Quora
• Reddit
• Flickr

We hope these FAQs were helpful, and good luck getting hired! 

Table of Contents

In mid-December 2019, over 770 million email addresses and passwords were posted to a popular hacking forum. Known as Collection no 1, it is one of the largest collections of breached data in history. 

Although it’s been a few years since Collection no 1 made news headlines, it still matters. 

The reason why is that most people never change their passwords after a breach. This means that the passwords that were exposed in Collection no 1 are more than likely still being used by millions of Americans today, and you may be one of them. 

Here’s what you need to know. 

What is Collection no 1?

Collection no 1 was discovered by security researcher Troy Hunt, who runs a breach-notification service Have I Been Pwned. Rather than a single hack of a very large service, this breach comes from around 2,000 databases.

What is most scary is that the passwords released were “dehashed.”  In other words, the methods used to scramble those passwords into unreadable strings have been cracked, leaving them fully exposed.

Who is Responsible for the Breach?

According to Security reporter Brian Krebs, Collection no 1 is just a single offering from a seller who claims to have at least six more batches of data. The identity of this seller remains unknown. 

Since the data was being advertised and discussed on a criminal forum, in theory, almost anyone visiting that source has access to it.

Who is a Victim?

According to Hunt, the list contains about 1,160,253,228 unique combinations of email addresses and passwords,” and “21,222,975 unique passwords”. 

About 82% of the email addresses have appeared in previous breaches shared among hackers, but about 140 million email addresses have not been seen before.

Why Does Collection no 1 Matter Today?

Study after study shows that most people don’t bother changing their passwords after a breach happens. Or, if they do, their new passwords are very similar to those that were breached, making it easy for cybercriminals to guess. 

Users also typically continue to use exposed passwords across other online accounts. So even if they change their password for the compromised account, cybercriminals can still use that same password to breach other accounts.

In one survey, more than 6 in 10 people were found to use the same password that was compromised in a breach to secure other accounts. 

In 2019, Sergey Lozhkin, a security expert at Kaspersky Lab, said of Collection no 1, “This collection can be easily be turned into a single list of emails and passwords: and then all that attackers need to do is to write a relatively simple software program to check if the passwords are working.” 

From there, it’s easy for attackers to do a lot of damage. According to Lozhkin, “The consequences of account access can range from very productive phishing, as criminals can automatically send malicious emails to a victim’s list of contacts, to targeted attacks designed to steal victims’ entire digital identity or money or to compromise their social media network data.”

Were You Affected?

You can check if your email address was compromised at Have I Been Pwned.

More than likely, it has. 

As Hunt said in 2019, “If you’re one of those people who think it won’t happen to you, then it probably already has.” Even if you’ve signed up for a harmless forum years ago that you’ve long since forgotten about, your email and password could be compromised.

How Can You Stay Safe from Credential Stuffing?

Credential stuffing attacks are possible because so many people reuse the same password for many different accounts.

Consequently, it’s critical that you use strong, unique passwords for all your accounts. 

But be warned: personal information does not equal “unique.” Your birthday, spouse’s name, or the street you grew up in does not make for a strong password. This kind of personal information is widely available on the web via sources like social media accounts and data broker websites, which means that cybercriminals can easily guess your passwords. 

Consequently, make sure to opt out of data broker sites. Even if your passwords are unique, criminals can still use data broker databases to trick you into handing your credentials over. Read more about data brokers in our ultimate guide.

Table of Contents

Your Facebook likes say a lot about you. From your sexuality to your race and politics, liking things on Facebook can expose more of your life to third parties (other users, advertisers, researchers, politicians, etc.) than you may realize. 

That’s not to say you can’t keep liking things on Facebook, though. You can still show your appreciation for posts/videos/ads etc., and maintain your privacy. All you have to do is hide your likes. 

How Your Facebook Likes Predict Personality and Expose You 

That Facebook likes can overexpose you isn’t a new idea. About a decade ago, researchers from Cambridge University analyzed 58,000 Facebook profiles. They found that a person’s Facebook Likes, which are public by default, are highly accurate in predicting personal, sometimes sensitive, details about them.

Simply analyzing a person’s Facebook Likes was 88% accurate in predicting whether a man is gay or straight, 95% accurate in predicting whether a person is Caucasian or African American, and 85% accurate in determining whether someone is a Democrat or a Republican.

The researchers concluded that Facebook Likes “can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private.”

Most Likes that serve as predictors of other attributes, including whether a person is in a relationship or a substance abuser, aren’t obvious–it’s not as if single people Like pages called “I like being single” and Beyonce’s “Single Ladies.” 

Instead, Likes that have seemingly no connection to certain personality traits are surprisingly linked. The researchers gave a few good examples:

The best predictors of high intelligence include 

• “Thunderstorms” 
• “The Colbert Report” 
• “Science” 
• “Curly Fries” 

On the other hand, low intelligence was indicated by:

• “Sephora” 
• “I Love Being A Mom” 
• “Harley Davidson” 
• “Lady Antebellum.” 

Good predictors of male homosexuality included:

• “No H8 Campaign” 
• “Mac Cosmetics” 
• “Wicked The Musical.” 

Conversely, strong predictors of male heterosexuality included:

• “Wu-Tang Clan” 
• “Shaq” 
• “Being Confused After Waking Up From Naps.” 

Facebook Likes: They’re Everywhere

7.4 million websites have Facebook Like buttons (not to mention the buttons all over Facebook itself), and that number is growing. Users can Like almost anything: photos, comments, musicians, brands, celebrities, and pages. 

Social buttons like Facebook’s Like button aren’t just for sharing: they’re trackers. Unless you’re using an anti-tracker tool to block them, they know which sites you visit and what you do on a website, even if you never click them. The mere fact that they’re present on a page means they’re tracking you.

The study mentioned above illustrates how the little things you do online can be used to create a highly detailed picture of who you are. 

You may not think that a Like here and there says anything about you, but they all add up–especially with Facebook’s Graph Search that displays all your Likes with a single search…and those searches can be incriminating, embarrassing, or even dangerous (“Men in Iran who are interested in other men,” for example). 

Plus, the long list of people with whom Facebook shares data includes advertisers, app developers, law enforcement, and other companies.

Even if you’re trying to be discreet by leaving personal information out of your profile, others can figure it out through your public Likes. If researchers with a limited budget can learn this much about a person through their Facebook Likes, imagine how big companies, advertisers, or governments could use–or misuse–that data. 

Are you the type of person who takes risks? Maybe an insurance company will hike up your rates. Are you politically conservative? Maybe a potential employer will pass on hiring you because of it. Are you someone who loves coffee? Maybe online retailers will charge you more for it than someone else (Google filed a patent for price discrimination based on online social data).

How to Hide Your Likes On Facebook

Facebook lets you hide your likes without unliking whatever it is you liked. To do this, you will need to set your likes to private. Here’s how:

Step 1. Log into Facebook and navigate to your profile. 

Step 2. Click on “More” and “Likes.”

Step 3. Click on the three-dot icon and then “Edit the Privacy of Your Likes.” 

Step 4. From the list of categories (“Movies,” “Television,” “Music,” etc.), select what you want to keep private by clicking on the world icon on the right. 

Step 5. Choose who you want to be able to see your likes (“Public,” “Friends,” “Only Me,” and “Custom.” Click “Save.” 

It’s Not Just Facebook 

Set your Facebook Likes to private, but remember: it’s not just your Facebook activity that can give third parties a glimpse into your life. 

Every time you interact online and offline, you leave a trail behind you. Whether it’s your social media activity, loyalty card use, vehicle registration, or something else, data brokers constantly collect your information. These companies compile your personal information into a single profile which they then sell to anyone who wants access to it, from advertisers and insurance companies to acquaintances and cybercriminals. Read our ultimate guide on data brokers to learn more about this shadowy industry.

There’s no way for you to know if someone bought access to your data broker profile. However, that doesn’t mean you are powerless against the industry that makes a living from your data. 

Most data brokers let people opt-out from their databases. As long as you remove your personal information from these sources—and do so continuously—you can reduce your exposure. Follow our opt-out guides to delete yourself from popular data brokers. Or let us do it for you.