Your Home Address And Other Personal Info Are A Search Away
Here’s what to do about it.
5 min
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
When you type your name into a search engine, you typically expect to see links to your social-media profiles or personal websites. But you might also find your home address, email, phone number, the names of relatives and more.
For many, this boon of publicly available personal information is upsetting simply because we want some level of privacy. For others, there is a concern that people can take advantage of these bits of free-floating information. Victims of domestic abuse who relocate could continue to be harassed. A man charged with attempting to assassinate Supreme Court Justice Brett Kavanaugh allegedly found the judge’s address on the internet.
Occasionally, someone will gather available information on a person and share it with the intent to intimidate or even incite violence. This method of online harassment is known as doxing.
Molly White, a 29-year-old software engineer, spends some of her free time editing Wikipedia articles about far-right extremist movements. The hobby, which she said is to provide trustworthy sources and combat misinformation on the site, has made the Massachusetts resident a doxing target. In February 2021, someone posted her address and photos of her apartment online, shared the addresses and vehicle information of her family members, and threatened her over email and text, she said.
“The worst of it for me is when they involve family members,” Ms. White said. While she acknowledges the risks she takes in her editing work, “my parents are not making that choice.”
Perhaps you don’t consider yourself a likely target of internet-troll ire. “You’re uninteresting until you’re not,” said Cindy Cohn, executive director of the Electronic Frontier Foundation, a nonprofit organization that advocates for safety in the digital world. If you are suddenly in the spotlight, you should assess your immediate safety and make sure people can’t get at you through information they find online, Ms. Cohn said.
Removing personal details for any reason requires patience and persistence, and it’s typically not a one-time move. Before you do, you need take steps to control what data gets shared in the first place. You should also recognize there will always be some information you can’t find or remove.
When you’re ready, here’s how to proceed:
Hide your search results
One of the first steps to limit easy access to personal information is to hide Google search results. In April, Google updated its search policies to let people request the removal of home addresses and contact information. It previously granted takedown requests for sensitive content such as ID photos and credit-card numbers.
You can fill out a multistep request form to remove the result from search. You indicate what kind of information you want to remove, whether the data is being shared with doxing intent, the URL (aka web address) where it’s located, and the search terms that surfaced the URL.
Google will then evaluate the removal request by determining if the information is relevant to public interest. Information tied to news coverage or government sources might not be approved for removal, but data found on people-search sites such as Whitepages typically would satisfy Google’s rules, said Danny Sullivan, Google’s public liaison for search.
In the coming months, Google plans to shorten the number of steps required to remove information by allowing people to start the process from the search-result page, Mr. Sullivan said.
If Google accepts your request, it will either block the URL from all searches or will block it from surfacing under queries containing your name.
The feature hides the result from Google search but doesn’t remove it from the internet entirely. People can still see the information if they know the exact URL or find it elsewhere.
To request that information be taken off the internet, you must go to the site hosting it. Look for a “contact” page and reach out directly if you feel comfortable doing so. If there’s no clear contact on the site, you can try to find the owner’s information through who.is, a site that saves domain-name registration data.
Digital libraries such as the Internet Archive’s Wayback Machine might save a record of your personal information if they back up people-finder sites. If you find your contact details, contact the archive to request removal.
Look for the opt-out forms
After working on search-engine results, you can next move to specific sites that make money by sharing your address, phone number, political affiliation and more. They’re often referred to as “people-search engines,” and removing yourself from them involves manually submitting an opt-out request for each one.
Michael Bazzell, a former cybercrime investigator and creator of the resource site IntelTechniques, recommends starting with larger sites including Whitepages, BeenVerified, Spokeo, MyLife, Radaris and Intelius.
The opt-out process varies for each site, but it generally involves:
- Searching your name on the site to find any listing
- Copying the URL to the listing
- Requesting that the company remove it through an online form, email request or phone call, depending on the site’s policy
Some sites don’t make the opt-out information easy to find, and when you do, you typically have to provide an email address or phone number to complete the process. Mr. Bazzell offers a list of links to hundreds of opt-out forms for data brokers on his website.
These sites aggregate information from public records (think housing deeds, utility bills, property taxes, etc.), so the listing might appear again when there is new information. One of Mr. Bazzell’s clients successfully wiped all her contact information from the internet and moved into a home without any public link to her name. But after she ordered a package online, her new address was sold to a data-marketing company and appeared online.
Steven Hank, a product manager at Whitepages, said opting out of the site should prevent your information from popping up on Whitepages again. But if the site receives new data (which could include a misspelling of your name), your listing might reappear.
People facing physical threats should check for new listings monthly, Mr. Bazzell said.
Ms. White set up a Google Alert to notify her when a new search result surfaces for her name. Try setting up alerts for your name, plus your city of residence or your phone’s area code. For people with common names or the same name as a celebrity, alerts could get messy, but it also means your personal information is likely harder to find.
Using a third-party service
Removing your contact information from one site doesn’t mean it isn’t available on 10 others. DeleteMe is a service from Abine Inc. that, for a fee, will erase listings and monitor new ones on behalf of clients. (It also offers a free do-it-yourself guide.) Instead of you having to go through the opt-out using your personal email address and phone number, DeleteMe makes the removal requests, said Abine co-founder Rob Shavell.
The service’s basic plan—which starts at $129 a year for a person—checks for new listings on a quarterly basis. NortonLifeLock Inc.’s Privacy Monitor Assistant performs a similar service for a similar price. Abine and NortonLifeLock are accredited by the Better Business Bureau.
Expecting to have every digital trace removed isn’t realistic, however.
“There is no such thing as perfect,” Mr. Shavell said.
Reprinted by permission of The Wall Street Journal, Copyright 2021 Dow Jones & Company. Inc. All Rights Reserved Worldwide. Original date of publication: July 23, 2022.
Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’
Americans now think they need at least $1.25 million for retirement, a 20% increase from a year ago, according to a survey by Northwestern Mutual
Passwords aren’t enough to fend off hackers; these dongles are the best defense
4 min
Strong passwords are very important, but they’re not enough to protect you from cybercriminals.
Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as “two-factor authentication,” or 2FA, as the nerds know it.
I’ve written about all the different types of 2FA, such as getting those codes sent via text message or generated in an authenticator app. Having any kind of second factor is better than none at all, but physical security keys—little dongles that you plug into a USB port or tap on your phone during account logins—offer the highest level of protection.
Security keys have been around for over a decade, but now they’re in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.
Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they come with a $30-and-up added cost. Plus, what happens if they get lost?
I’ve used security keys since 2016 and think they are actually easier to manage than codes—especially with accounts that don’t require frequent logins. They’re not only convenient, but they can’t be copied or faked by hackers, so they’re safer, too.
Here’s how to weigh the benefits and common concerns of adding one or two of these to your keychain.
Which security key should I use?
Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:
- YubiKey 5C NFC ($US55) if you have a USB-C laptop or tablet
- YubiKey 5 NFC ($US50) for devices with older USB ports
Other options include Google’s Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless. Most smartphones these days have that, since it’s the technology behind wireless payments such as Apple Pay.
Adam Marrè, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance, which governs the standards of these devices.
How do security keys work?
To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet’s port or hold the key close to your phone for wireless contact.
Apple requires you to add two security keys to your Apple ID account, in case you lose one.
Typically, when you log in, you just go to the app or website where you’ve set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. (Some keys have a metal tab you have to press to activate.) At that point, the service should let you right in.
Why are they so secure?
Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping. That’s where thieves convince carriers to port your number to a new phone in their possession, and they use it along with your stolen password to hack your accounts.
Even if they don’t go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.
Security keys protect you in two ways: First, there’s no code to steal, and second, they use a security protocol to verify the website’s domain during login, so they won’t work on fake sites.
You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.
In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.
What happens if you lose your key?
The most important rule of security keys is to buy an extra one (or two).
“Think of your security key as you would a house or car key,” said Derek Hanson, Yubico’s vice president of solutions architecture. “It’s always recommended that you have a spare.”
If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.
Where can you use a security key?
Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social–media accounts and your government accounts.
When it comes to financial institutions, many banks don’t offer security-key protection as an option, though most leading crypto exchanges do.
What comes after security keys?
Security professionals and tech companies widely agree that passkeys are the future. They’re a new type of software option that combines the high security of a physical key with the convenience of biometrics such as your face or fingerprints. Passkeys are supported across the Android, iOS, Mac and Windows platforms, and some of your favourite sites already let you use them.
You can create a passkey on Facebook in security settings by following the app’s instructions under the security-key option. Dropbox has a similar passkey setup. Once you’re done, you’ll use your face or fingerprint as a second factor, instead of a code or key.
Eventually, physical security keys could be what we keep safe in strong boxes, as backups for our biometric-enabled passkeys. Even then, you’re probably going to want to have spares.
Following the devastation of recent flooding, experts are urging government intervention to drive the cessation of building in areas at risk.
