Your digital footprint: It’s bigger than you realize

Every day, people follow a set of digital routines. Some people read the news online while drinking their morning coffee. Others check their work email from their smartphone. Still others log into social media to see what’s going on with their friends and family. 

Consider the statistics for a few minutes. In 2007, the Pew Research Center reported that 47% of all internet users had searched for information about themselves online, with 25% of internet users saying that a photo, names of groups they belonged to, or things they wrote that had their names on it were available online. 

However, this was before social media became a global phenomenon. In September 2006, Facebook became available to all users older than thirteen who had a valid email address. Simultaneously, LinkedIn reached 8 million members by the end of 2006. 

Today, the digital landscape looks different. Consider the statistics on the top types of websites visited and apps used during June 2022:

For every interaction people have online, they leave behind digital hints about themselves. By understanding what a digital footprint is and how threat actors can use it, people and organizations can protect themselves more effectively. 

What does digital footprint mean?

A person’s digital footprint is the trail of personal information created during online interactions. Some examples of interactions that create a digital footprint include:

• Social media posts
• Newsletter subscriptions
• Online reviews
• Online shopping
• Streaming media
• Reading news

A person’s overall digital footprint consists of active and passive digital footprints.

Active footprint

A user’s active footprint consists of information that the person purposefully shares. Examples of this information include:

• Social media accounts, usernames, profiles, and posts
• Online forums
• Online forms, like downloading a whitepaper or subscribing to a newsletter
• Emails
• Blog posts
• Website cookies

Passive footprint

A person creates a passive digital footprint when they don’t know that someone is collecting their information. Some examples of these unintended traces are:

• Websites collecting visitor information, like how many visitors, number of visits, location they visit from, and IP address
• Applications using geolocation
• Advertisers compiling and analyzing data about purchases and activities for ad targeting
• Social media networks collecting information about likes, shares, and comments
• Search engines collecting search history data

What is in a digital footprint?

Most people hate the answer, “well, it depends.” Unfortunately, when discussing the information in your digital footprint, the type of information collected directly relates to your online interactions, and everyone uses the internet differently. 

Shopping history

When you shop online, stores collect information about your:

• Search history
• Items viewed
• Purchases made

Online retailers collect this information so that they can suggest other items that might interest you, hoping you’ll spend more money. 

Streaming history

Every entertainment streaming service collects and shares data about what you watch, listen to, or play. Similar to ecommerce, this information allows them to make suggestions based on your interests. 

Social media activity

All social media companies collect, analyze, and use data about your online interactions. For example, they collect information about:

• What you’re interested in 
• Hashtags you follow
• People you follow
• Likes
• Comments
• Shares 
• Status updates

With this information, they can create targeted advertising campaigns. Since businesses know their information will get in front of their ideal customer, they’re willing to pay the social media network. 

Online search history

Search engines are the websites where you input your search term, like Google, Yahoo!, or Bing. Most search engines collect information about your search history so that they can personalize search responses and get advertising dollars. Some information they collect includes:

• Search terms
• Search dates
• Results clicked
• Number of times you searched for a term
• Number of times you returned to a given result

Browsing history

The browser is the application you use to access the internet, like Chrome, Safari, or Firefox. Browsers collect more information than search engines do. For example, they contribute to your passive digital footprint with data like:

• IP address
• Device type
• Geographic location
• Time spent on a website
• Locations clicked on a website
• How you found the website
• Actions taken after visiting the website
• Time you accessed a resource

Additionally, you may have given the browser permissions that contribute to your active digital footprint by letting it save your:

• Usernames
• Passwords
• Credit card numbers
• Phone number
• Address

Fitness and health data

Health apps and smartwatches collect data that can include:

• Steps per day
• Number of hours slept
• Heart rate
• Blood pressure
• Weight
• Blood oxygen level

Email

Although you may want the emails in your inbox, they can still track data about you. Often, marketing emails will track whether you opened the email or followed a link in the email. Additionally, some email providers collect information that they use to sell services. 

Private messaging and chat apps

Even if you’re not sharing information publicly, private messaging applications and social media direct messaging tools still need to collect some information. Depending on the application, it may collect:

• Phone number
• Email address
• Contacts data
• Location
• Device ID
• User ID
• Purchase history
• Metadata

Data brokers

Data brokers aggregate publicly available information from across the internet and then sell it. Some examples of locations where data brokers obtain information include:

• Social media
• Motor vehicle records
• Census data
• Voter registration records
• Real estate records
• Court documents
• Credit bureaus

Examples of data brokers include:

• WhitePages
• PeopleFinder
• FastPeopleSearch
• Spokeo

Dark web forums and markets

Cybercriminals steal data so that they can use it in an attack or sell it, and they do the latter on the dark web. Accessing the dark web requires a specialized browser, called Tor. Encrypted websites and forums create anonymity, making the dark web a hotbed of criminal activity. Additionally, dark web URLs use random, constantly changing combinations of numbers and letters, making them difficult to find and monitor. Cybercriminals use dark web forums and markets to sell and buy information stolen during data breaches so that they can use it to perpetrate fraud or other crimes.

How do cybercriminals collect digital footprint data? 

A digital footprint isn’t a bad thing. However, you should understand ways that cybercriminals can collect data and how they can use it. Cybercriminals collect digital footprint information in several ways:

• Scraping social media networks: Collecting information about contacts, interactions, work history
• Purchasing information from data brokers: Accessing information about name, address history, phone number
• Buying leaked data on the dark web: Gathering data about login credentials or malware on devices

How does a digital footprint impact cybersecurity?

Depending on the information cybercriminals have, they can use a person’s digital footprint as part of different attack methodologies.

Social engineering

A social engineering attack manipulates people, using a convincing pretext to trick them into taking an action that’s against their best interests. The more information cybercriminals know about you, the more convincing their social engineering attack is. Consider the following information that they can find on your LinkedIn profile:

• College attended
• Job history
• People you know
• Actions you take, like posts you comment on or people you interact with
• Interests you have
• Email address
• Phone number

With this data, they can build out a profile and story that appears convincing enough. They can build a relationship with you by referencing people you know or pretending to be someone you know. Once trust is established, getting a victim to perform an action such as clicking on a malicious link or handing over sensitive information is not difficult.

Fraud

If cybercriminals have your name and an email, they can perpetrate fraud by impersonating you online. If they have more information, like a credit card number compromised during a data breach, then they could open fake bank accounts or fraudulently purchase gift cards as a way to make money. 

Credential theft

Often, people reuse passwords across multiple accounts. If cybercriminals purchase stolen credentials on a dark web marketplace, they can try the password against other potential accounts. For example, if they purchase compromised email account credentials, they can try to use the email address and password for streaming sites, social media, or bank account logins. If they can connect that email with your LinkedIn account, they can guess at your company email and try a known password to gain access to corporate resources.