ANALYSIS

The Security Case for Cleaning Up Your Digital Footprint

There is a version of this question that has no clean answer. Nobody has run the study that would settle it directly: take a thousand people, remove half of them from data brokers and people-search sites and old accounts, leave the other half alone, and count who gets attacked over the following year. That experiment does not exist, and it is unlikely to. So anyone who tells you that data removal cuts your risk by a specific percentage is quoting a number that was never measured.

What does exist is a large body of research on the other half of the equation: how attackers actually use exposed personal data to reach their targets. That research is unambiguous. Exposed identifiers, recovery paths, and personal details are not incidental to modern attacks. They are the raw material. And once you can see how each category of exposed data feeds a specific attack, the question stops being philosophical.

Cleaning up your digital footprint improves your security in exactly one way: it removes inputs that attackers need. It does not make you invisible, and it does not stop a determined, well-resourced adversary who has decided you specifically are worth the effort. What it does is make targeting slower, less reliable, and more expensive. For most people, most of the time, that is the difference between being a convenient target and being a costly one.

This is not a comparison of removal services, and it is not a checklist of steps to follow. Both of those questions matter, and we have addressed them elsewhere. This article asks a narrower one: what actually changes when exposed data is reduced?

The clearest framework for thinking about who is exposed and to what comes from a 2022 systematization study by researchers at the University of Maryland and Google, which reviewed 85 separate papers on “at-risk” users — people who face elevated digital threats because of their role, their identity, their location, or the people around them (Warford et al., IEEE Symposium on Security and Privacy 2022). The study’s central point is that risk is not uniform. A journalist, a domestic-abuse survivor, an executive with payment authority, and a person recently named in a breach are all exposed for different reasons and to different degrees. That matters here because it tells you where cleanup pays off most, and why a single generic answer to “does this help” was always going to be wrong.

The security value is input removal

Cleanup improves security when, and only when, it removes one of six things an attacker needs. Each maps to a specific mechanism, and each is backed by research on how that input is used.

Attacker inputWhy it mattersWhat cleanup doesEvidence
Identity linksConnect usernames, accounts, and addresses into one profileBreaks the correlation pathsPerito et al.; Narayanan & Shmatikov
Verification dataAnswers the questions that gate access to your accountsRemoves the answersPavur & Knerr
Recovery pathsExposed phone and email enable account-recovery abuseReduces exposed reset channelsLee et al.
Stale credentialsOld accounts and reused passwords widen takeover riskShrinks the forgotten-account surfacePal et al.
Location & routine signalsMake threats better-timed and physically credibleReduces doxxing and physical-risk signalsde Montjoye; Eichenmüller et al.
Pretext materialMakes phishing and social engineering personalWeakens the personalisation attackers rely onLin et al.; Francia et al.

Every one of these is something an attacker gathers before they act. Remove it and you have not built a wall; you have taken a tool out of their hands. The sections that follow work down the table, one row at a time.

A targeted attack begins with reconnaissance, long before any exploit. Before anyone sends a phishing message or calls your bank, they assemble a picture of you: names, roles, addresses, phone numbers, family connections, old email addresses, usernames, employers. The more complete the picture, the more convincing everything that follows.

Two pieces of research show how little material this actually takes. The first, from 2011, examined how traceable usernames are across services (Perito et al., Privacy Enhancing Technologies Symposium 2011). The finding was that people reuse a small number of distinctive usernames across many sites, and that the more unusual a username is, the more reliably it links back to one person. A handle you picked once and reused for a decade is a thread that connects a professional profile to a forum post to an old dating account. Attackers pull that thread to build a fuller profile than any single site would give them.

The second is older and more foundational. In 2009, researchers demonstrated that people can be re-identified from the structure of their relationships alone — the shape of who they know — even when names and obvious identifiers have been stripped out (Narayanan and Shmatikov, IEEE Symposium on Security and Privacy 2009). Your network is itself an identifier. The pattern of your connections is close to unique, and it survives attempts to anonymise it.

Neither finding is new, and that is the point. The techniques for stitching a scattered footprint into a single profile have been understood and reliable for well over a decade. This assembly step is the same one we described in our analysis of how breach data becomes an identity pack used for executive targeting. Cleanup interrupts it at the source, by reducing the number of threads there are to pull.

Why small details become security material

The reason footprint cleanup is not cosmetic is that data which looks harmless in isolation is often exactly what an organisation uses to verify identity. Your date of birth, a previous address, the last four digits of an account, a customer reference number — none of these feel sensitive. All of them are routinely accepted as proof that you are you.

The clearest demonstration of this came from security researcher James Pavur, who in 2019 submitted subject access requests to more than 150 companies using only a name and publicly available details, and received back sensitive personal data from a substantial share of them, including home addresses, account information, and more (Pavur and Knerr, Black Hat USA 2019). The requests worked because the verification questions the companies asked could be answered from information that was already exposed. We covered the mechanics of this at length in our analysis of the Article 15 verification gap. The relevant point here is simpler: the small details are the verification material. Remove them from circulation and the questions that gate access to your accounts get harder to answer.

The phone number problem: recovery paths

Your phone number is not a contact detail. It is authentication infrastructure. It receives one-time codes, it sits behind account recovery, banks use it to confirm transactions, and telecom support treats control of it as proof of who you are. That makes an exposed phone number one of the highest-value items in a footprint.

The definitive study on this examined how well mobile carriers protect against SIM swaps, attacks where someone convinces your carrier to move your number to their device (Lee et al., Symposium on Usable Privacy and Security 2020). The researchers tested the authentication procedures of five U.S. prepaid carriers and found that all five used challenges an attacker could defeat with readily available biographical data of the kind that circulates in breaches and broker records. They then identified 17 websites where an account could be taken over on the strength of a SIM swap alone, without ever needing the password. Sixty days after the researchers disclosed the problem, nine of those 17 sites were still vulnerable.

The chain is direct. Exposed personal data lets an attacker pass a carrier’s identity check. A successful SIM swap hands them your inbound codes. Those codes unlock accounts that rely on your number for recovery. Reducing where your number is publicly listed does not close the carrier’s weakness, but it removes the material the attacker needs to exploit it. This is one of the concrete ways footprint reduction feeds into the account-takeover defences we describe under the Lockdown.

Exposed recovery paths are where an attacker turns leaked data into a hijacked account. The Lockdown finds the breached credentials and open reset routes tied to your name and closes them.

Check breached credentials

The credential and forgotten-account problem: stale credentials

People assume that once they stop using an account, it stops mattering. The opposite is true. Old accounts hold old passwords, and old passwords keep working in ways that are easy to underestimate.

The naive version of the risk is password reuse: the same password leaks in one breach and an attacker tries it everywhere else. The real risk is subtler. Research from 2022 studied what the authors call credential tweaking — attackers do not only try your exact leaked password, they try predictable variations of it, because people change passwords in predictable ways (Pal et al., USENIX Security 2022). A password that leaked as “Summer2021!” tells an attacker to try “Summer2022!” and “Summer2023!” against your other accounts. The leaked credential remains useful long after you changed it, and it remains useful even at accounts where you never used that exact string.

This is why cleanup includes finding stale accounts you have forgotten, rotating passwords that have appeared in breaches, and removing the reset paths that keep those dormant accounts reachable. Each forgotten account is a live entry point, and each reused-or-tweaked password is a key that opens more than one door.

Two clarifications matter here, because it is easy to overstate the fix. First, no amount of footprint cleanup substitutes for a password manager and unique credentials; cleanup reduces exposure, it does not replace basic account hygiene. Second, the same body of research that documents these attacks also documents the limits of the usual defence. A large, long-term study of phishing inside a real organisation found that awareness training alone does not reliably stop people falling for well-constructed attacks (Lain et al., IEEE Symposium on Security and Privacy 2022). We have written before about why this points toward diagnosis and exposure reduction rather than training as the more dependable lever. The takeaway for footprint cleanup is that reducing the attacker’s material is more reliable than expecting people to spot every attempt.

Why personalisation changes the attack: pretext material

Attackers do not need to break anything if they can convince you to act. And what makes a fraudulent message convincing is detail — the specific, personal, accurate detail that only a real correspondent should have. Your footprint is where that detail comes from.

Two findings frame this. The long-standing one comes from a University of Florida study that ran simulated spear-phishing against 158 users over three weeks (Lin et al., 2019). Two of its results matter here. Susceptibility varied sharply with the content of the message, both the persuasion technique used and the aspect of the target’s life it invoked, confirming that a message tailored to the person is materially harder to resist than a generic one. And the users who were most susceptible tended to underestimate their own susceptibility, a gap between confidence and vulnerability that personalised attacks are built to exploit. The more recent finding concerns automation. A 2024 study compared phishing text messages written by humans against messages written by an AI model and personalised to the target, and found that the AI-generated messages were often rated as more convincing, with recipients frequently unable to tell which was which. That study was small — 28 participants — and its authors are explicit that the result is suggestive rather than statistically settled (Francia et al., 2024). But the direction is consistent with everything else we know: personalisation works, and it is now cheap to produce at scale.

The security implication is that pretext material is a category of exposure in its own right. Every accurate personal detail an attacker can find is one more thing that makes a fake message believable. Removing that material does not make you immune to social engineering, but it degrades the quality of the pretext an attacker can build, which is the part of the attack they most rely on. This is the exposure that matters most for high-visibility individuals, and it is central to the protective work we describe under the Shield.

Location and routine exposure

Some of the most sensitive material in a footprint concerns not your identity but your movements. Travel posts, home and work patterns, delivery records, ride histories, fitness routes, and public check-ins combine into a picture of where you are and when, and that picture can become a physical-security concern, not only a digital one.

The mathematics of this is stark. A 2013 study of a mobility dataset covering 1.5 million people found that just four approximate location-and-time points were enough to uniquely identify 95 percent of individuals (de Montjoye et al., Scientific Reports 2013). Location data is close to impossible to anonymise, because so few points are needed to single a person out. A handful of casually shared locations is often enough to distinguish you from everyone else in a dataset.

What that means for people who are actually at risk is documented in a 2025 interview study with activists who operate under real adversarial threat (Eichenmüller, Kuhn, and Benenson, 2025). The study is small and qualitative, eight in-depth interviews, so it is illustrative rather than representative, but the participants articulate the link clearly: for someone with a capable adversary, location exposure is directly connected to physical safety. Reducing where your movements are visible is one of the few footprint measures with a bearing on the physical world, and it is a core reason the doxxing-to-physical-threat pathway is worth taking seriously.

The rebuilding problem: data brokers and lead generation

If cleanup only had to be done once, this would be a shorter article. The reason it is ongoing work is that the ecosystem actively rebuilds the records you remove.

Two recent studies show why. The first is a large-scale examination of how data brokers handle deletion requests under the California Consumer Privacy Act, covering all 543 officially registered brokers in the state (van Kempen et al., 2025). More than 40 percent failed to respond to access requests at all, in apparent violation of the law. Worse, brokers that did respond frequently asked for additional personal information to verify the request — information they had not previously held — so that exercising your right to deletion could itself expand your exposure. The removal process is inconsistent, unstandardised, and in some cases counterproductive.

The second study traces what happens to personal data submitted through online lead-generation forms — the quote requests and sign-up forms that feed the lead-marketing ecosystem, which is a distinct thing from data brokers and from people-search sites and worth naming precisely (Vekaria et al., 2026). The researchers instrumented over 100 lead-generation sites and monitored controlled contact details. They watched sensitive information flow to more than 70 distinct third parties, observed data being augmented and in some cases fabricated with additional attributes, and received thousands of telemarketing calls — often within seconds of submitting a form.

Together these describe a system that regenerates. People-search platforms repopulate from broker feeds; brokers repopulate from lead-generation and public records; lead-generation forms feed the whole chain. A one-time cleanup reduces your exposure at a moment in time, and then the ecosystem begins refilling the gap. This is the friction that makes durable removal hard, and it is why sustained reduction, the ongoing work of the Eraser, is a different proposition from a single pass.

Because brokers and lead-generation feeds keep rebuilding your records, exposure reduction is ongoing work rather than a one-time task. The Eraser removes broker and people-search records by hand and re-checks them as they repopulate.

Reduce broker exposure

What cleanup actually improves

Exposure-map diagram titled What footprint cleanup actually removes. A dense cluster of footprint points with red and amber findings and connecting links thins to a few faded points on the right, with one gold point remaining, labelled less to pull on. Beside it, six attacker inputs cleanup removes: identity links, verification data, recovery paths, stale credentials, location and routine signals, and pretext material, each with the mechanism it disrupts.

Each input has now been demonstrated rather than asserted, so the six-part model can stand as a conclusion.

Cleanup does not stop all attacks. What it does is specific and demonstrable:

  • It removes identity links that connect your accounts into a single profile (usernames, handles).
  • It removes verification data that answers the questions gating access to your accounts (dates of birth, address histories, account fragments).
  • It removes recovery paths that sit behind account resets and SIM-swap fraud (exposed phone numbers, dormant email accounts).
  • It retires stale credentials that keep working through reuse and predictable variation (old passwords, forgotten accounts).
  • It reduces location and routine signals that bear on physical as well as digital safety.
  • It degrades pretext material that makes phishing, vishing, and impersonation convincing.

There is a secondary benefit worth naming. Reducing old, stale, and duplicated exposure also improves the signal quality of any monitoring you do. When there is less outdated noise attached to your name, a genuinely new exposure is easier to see. Cleanup makes the monitoring that follows it more legible.

None of this is immunity. It is cost. Every input removed raises the effort, time, and reliability an attacker has to spend to reach you, and for the large majority of threats — which are opportunistic and target whoever is easiest — raising that cost is what moves you out of range.

Who benefits most

Because risk is not uniform, the security value of cleanup is not uniform either. It is highest for people whose role, visibility, or circumstances put an adversary on the other side of the equation. Drawing on the at-risk framework cited at the outset, the groups where footprint reduction is most security-relevant are:

  • Executives, founders, and board members, and anyone with payment or transaction authority.
  • Family offices and the principals they serve.
  • Public figures and people with a significant online presence.
  • Cryptocurrency holders, whose exposure has a direct financial target attached.
  • Journalists and activists.
  • People experiencing stalking or harassment.
  • Anyone recently named in a breach, whose exposed data is in active circulation.

For individuals, this maps to the exposure discovery and reduction work of the Mirror and the Eraser. For those facing capable, targeted adversaries, it is the protective posture of the Shield. And where the exposed person is an executive whose exposure is really an organisational risk, it becomes the domain of a Corporate Audit or, for principals and their households, a Family Office engagement.

The bottom line

Cleaning up your digital footprint does not make you invisible, and it does not stop an adversary who has decided you are worth unlimited effort. What it does is remove the inputs that nearly every attack depends on. It makes you harder to profile, harder to impersonate, harder to locate, and harder to socially engineer. Each removed input is one fewer tool in an attacker’s hands and one more point of friction between them and you.

That is not a guarantee. It is security value, and it is measurable in the only currency that matters against opportunistic threats: the cost of reaching you.

Sources

  1. Warford, N., Matthews, T., et al. “SoK: A Framework for Unifying At-Risk User Research.” IEEE Symposium on Security and Privacy, 2022. arXiv:2112.07047.
  2. Perito, D., Castelluccia, C., Kaafar, M. A., Manils, P. “How Unique and Traceable Are Usernames?” Privacy Enhancing Technologies Symposium, 2011. arXiv:1101.5578.
  3. Narayanan, A., Shmatikov, V. “De-anonymizing Social Networks.” IEEE Symposium on Security and Privacy, 2009. arXiv:0903.3276.
  4. Pavur, J., Knerr, C. “GDPArrrrr: Using Privacy Laws to Steal Identities.” Black Hat USA, 2019. Whitepaper.
  5. Lee, K., Kaiser, B., Mayer, J., Narayanan, A. “An Empirical Study of Wireless Carrier Authentication for SIM Swaps.” Symposium on Usable Privacy and Security, 2020. USENIX.
  6. Pal, B., et al. “Might I Get Pwned: A Second Generation Compromised Credential Checking Service.” USENIX Security, 2022. USENIX.
  7. Francia, J., Hansen, D., Schooley, B., et al. “Assessing AI vs Human-Authored Spear Phishing SMS Attacks: An Empirical Study Using the TRAPD Method.” 2024. arXiv:2406.13049.
  8. Lin, T., Capecci, D. E., Ellis, D. M., Rocha, H. A., Dommaraju, S., Oliveira, D. S., Ebner, N. C. “Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content.” ACM Transactions on Computer-Human Interaction, 2019. doi:10.1145/3336141.
  9. de Montjoye, Y.-A., Hidalgo, C. A., Verleysen, M., Blondel, V. D. “Unique in the Crowd: The Privacy Bounds of Human Mobility.” Scientific Reports, 2013. Nature.
  10. Eichenmüller, C., Kuhn, L., Benenson, Z. “‘My Whereabouts, my Location, it’s Directly Linked to my Physical Security’: An Exploratory Qualitative Study of Location-Dependent Security and Privacy Perceptions among Activist Tech Users.” 2025. arXiv:2501.16885.
  11. Lain, D., Kostiainen, K., Čapkun, S. “Phishing in Organizations: Findings from a Large-Scale and Long-Term Study.” IEEE Symposium on Security and Privacy, 2022. arXiv:2112.07498.
  12. van Kempen, E., et al. “Consumer Beware! Exploring Data Brokers’ CCPA Compliance.” University of California, Irvine, 2025. arXiv:2506.21914.
  13. Vekaria, Y., Demir, N., Kollnig, K., Shafiq, Z. “Understanding Data Collection, Brokerage, and Spam in the Lead Marketing Ecosystem.” 2026 (preprint). arXiv:2604.06759.

Share this briefing

If this was useful, sharing it helps others protect themselves. It also helps keep the intelligence briefings free.