How to Protect Your Digital Footprint: What You Can Do Now, and Where It Stops

Most advice on protecting your digital footprint stops at the obvious: pick strong passwords, turn on two-factor authentication, set your accounts to private, do not overshare. That advice is correct, and it is also where almost every other guide ends. It treats your footprint as a privacy-settings problem. It is not. It is a data problem, and the data accumulates whether or not your accounts are locked.

Protecting your footprint is really two separate jobs. The first is to stop adding to it — to close the channels that quietly publish information about you every day. The second is to tighten what is already there — to reduce what an outsider can assemble from what you have already put online. Neither is the same as removal, which is a third job with its own legal mechanics; we cover that separately in how to delete your personal information from the internet and how to disappear from the internet.

Protecting your digital footprint matters because that footprint is the raw material for everything that targets you: social-engineering pretexts, account-takeover attempts, fraud, and doxing all start from data you made available. The less of it there is, and the harder it is to connect, the less there is to work with. This guide focuses on the actions that actually change that — including several that the standard checklists never mention.

Start by seeing what is already exposed

You cannot protect what you cannot see. Before changing a single setting, it is worth knowing what an outsider can already assemble about you, because that determines which of the actions below matter most for you specifically. We have written about what that picture looks like in what does the internet know about me and your digital profile already exists. If you want that exposure mapped properly rather than estimated, that is what a Mirror investigation does.

With that picture in hand, the protective actions fall into a clear order.

Stop publishing metadata you cannot see

Every photo your phone takes can carry EXIF metadata: the GPS coordinates where it was shot, the exact timestamp, and the device make and model. You never see it, but it travels inside the file.

The obvious advice is that social media strips that out. It is half true, and the half that is false is the dangerous part. Major platforms — Instagram, TikTok, Facebook, X — do re-encode images and strip EXIF from the file other people can download. But two things follow. First, the platform keeps your original location data on its own servers; Instagram's own data documentation confirms it collects location information from the photos you upload. Stripped from public view is not the same as deleted. Second, several common channels do not strip at all: files sent as a document through WhatsApp or Telegram rather than as a photo, images shared through Google Photos links, photos sent over iMessage, and uploads pushed through social-media scheduling tools that bypass the normal pipeline. The file you think is clean often is not.

This is not theoretical. In December 2012, the fugitive software founder John McAfee was located in Guatemala because a magazine published a photo of him with the iPhone's GPS EXIF data left intact — the coordinates pinned him to a specific restaurant (NPR). He first claimed he had faked the data, then admitted it was real.

What to do now:

• Strip metadata before you upload, not after. On iPhone, the share sheet has an Options control at the top where you can switch Location off before sending or posting. On Android, Google Photos can remove location on share. For full control, the free command-line tool ExifTool removes every metadata field from any file.
• Turn off automatic location-tagging in your camera app so the data is never written in the first place.
• Remember that documents carry metadata too — Office files store author names and tracked-changes history, and PDFs retain creation metadata. Use the built-in "Inspect Document" or "remove personal information" function before sending anything externally.

Make your email address stop identifying you

The standard advice is to use a throwaway email for sign-ups. The practitioner version is more useful, because the problem is not spam — it is correlation. A single email address is the master key that ties your accounts together. Anyone working from open sources uses it to pivot from one account to the next, and breach-search tools let them check it against years of leaked databases in seconds. One address used everywhere means one thread that connects everything.

The fix is per-service aliasing: a different, disposable forwarding address for each site, all landing in your real inbox. Privacy Guides recommends SimpleLogin (now part of Proton) and addy.io; both have free tiers with around ten aliases and reply support, so the alias shields your real address even when you respond. Apple's Hide My Email, built into iCloud+, and DuckDuckGo Email, free at the duck.com domain, do the same thing.

Two things change once you do this. Your real address stops appearing across the web, so it stops being the pivot that links your accounts. And because each site gets its own alias, when spam or a breach notice arrives at one of them, you know exactly which company leaked or sold you — the alias is a built-in tripwire. The same correlation logic applies to your phone number, which is why a separate number for sign-ups is worth the small effort; we go deeper on why identifiers connect in username and alias correlation.

Your face and your username are identifiers too

Two of the strongest links between your accounts are ones most people never think to break.

The first is your profile photo. Reverse-image and facial-recognition search engines can take one picture of your face and find every other public place it appears, across news sites, blogs, and forums. Reusing the same headshot on a professional profile and a pseudonymous account is enough to connect them. A face is a biometric: unlike a password, you cannot rotate it. For any account you want kept separate from your real identity, use a different photo, or none.

The second is your username. Reusing one handle across platforms is the single easiest way to be correlated — checking a username against hundreds of sites is a one-step operation. Distinct handles for distinct contexts cost nothing and break that chain. The accounts most likely to expose you here are usually old ones you have forgotten about, which is a problem in its own right: the accounts you forgot about are the ones that expose you most.

Lock down what your phone gives away

Your phone broadcasts a tracking identifier — the advertising ID — that lets apps and data brokers tie your activity together and build a profile that ends up for sale. Most guides on this subject never mention it.

On iPhone, go to Settings > Privacy & Security > Tracking and switch off Allow Apps to Request to Track; with this off, your advertising identifier is returned to apps as all zeros, and every app is treated as if you told it not to track. Then go to Settings > Privacy & Security > Apple Advertising and turn off Personalised Ads. On Android, open Settings > Privacy > Ads and choose Delete advertising ID. The Electronic Frontier Foundation has made the case for doing this on every device. While you are in there, audit app permissions — location, contacts, microphone — and revoke anything an app does not genuinely need.

Rein in what tracks your location

Location is the single highest-value signal in your footprint — it reveals where you live, where you work, and when you are away from both. Two everyday sources leak it continuously.

Google's Location History. Google Maps still records your movements through the setting now called Timeline. In late 2024 Google moved this data from its servers onto your own device and set a three-month default auto-delete, so it is no longer a cloud archive sitting in your account — but when it is switched on, it is still a complete, mapped log of where you have been. If you do not need it, turn it off: in the Google Maps app, open your profile, go to Your Timeline > Location & privacy settings, and switch Location History off, or set auto-delete to the shortest window.

Fitness apps and smartwatches. The risk here is not the watch on your wrist — it is the sharing layer of the app behind it. Strava defaults a new profile to public and, unless you opt out, contributes your activity to its Global Heatmap. This is not hypothetical: in 2018 that heatmap traced the perimeters and patrol routes of military bases in Syria, Iraq and Afghanistan because personnel exercised with the app on its default settings, and in 2024 journalists used the same public data to track the movements of the security staff protecting several world leaders. After the first scandal Strava began hiding the first and last 200 metres of each activity map by default — a useful patch, but the profile and heatmap contribution remain public unless you change them. The platforms differ: Apple keeps fitness data in Apple Health with no public feed, Garmin can expose activities if visibility is left public, and Fitbit, now under Google, is more a data-collection question than a public-route one. The rule is the same across all of them: set your profile and activities to private or followers-only, enable the hidden or privacy zones around your home and work, and turn off public sharing. The same applies to any app that posts your location by default, including dating, social, and check-in apps.

The convenience features that quietly rebuild your footprint

A few defaults work against you every day:

• "Sign in with Google or Facebook." Convenient, but it builds a single graph linking every service you use, and it makes that one account a single point of failure. For anything sensitive, register with an email alias and a password instead. Periodically review and revoke the third-party app connections in your Google and Facebook security settings.
• Contact syncing. When an app uploads your address book, it feeds the social graph and lets platforms build shadow profiles of people — sometimes people who never signed up. Turn off contact upload in messaging and social apps.

None of these is exotic. They are defaults that most people leave on, and each one is a channel quietly putting data back into circulation after you have cleaned up everything else.

Where do-it-yourself protection stops

Everything above is about the data you still control — what you publish, what your devices emit, how your identifiers connect. Done consistently, it meaningfully shrinks your footprint going forward.

What it cannot touch is the data that is already out of your hands. Information already sitting in people-search platforms, indexed by search engines, or circulating in breach corpora will not respond to a privacy toggle. That requires removal, which has its own process — the legal opt-out routes are set out in our data-broker opt-out guide, and where the do-it-yourself route reaches its ceiling, we can carry out the removal for you.

And for anyone whose exposure is high enough that protection needs to be deliberate and ongoing rather than a one-time clean-up — a public profile, a sensitive role, a reason to be targeted — the settings checklist is a starting point, not the destination.