Skip to main content
← CyberSafe@Home index

Digital footprint

Keeping safe online: your public scraps can become a dossier

Social platforms, marketplace profiles, public comments, breached data, photos and tiny repeated details can be stitched into a surprisingly useful picture of a person. The risk is not one embarrassing post. It is correlation.

Short version

Do not feed the internet a neat filing cabinet about your life. Lock down what should be private, separate audiences, remove old overshare, and assume a motivated person can join dots across platforms faster than you expect.

Source imagery

Swipe examples

Instagram logo

Image 1/3

Simple Icons: Instagram
LinkedIn logo

Image 2/3

Wikimedia Commons: LinkedIn logo initials
Facebook logo

Image 3/3

Simple Icons: Facebook

Public-information graph

Small public scraps become a useful dossier

This is a synthetic example, not a live investigation. The point is to show how ordinary public material can be joined across platforms: work, family, hobbies, locations, relatives, routines and recovery clues.

On phones, read this like a quick audit: what is public, what joins to another account, and what clue would make a scam sound personal.

dossier

identity + relationships + routines + leverage

3 public joins still easy

LinkedIn

role, employer, colleagues

Instagram

family, places, routines

Facebook

relatives, tags, old posts

TikTok

voice, rooms, habits

Reddit

interests, writing style

X / search

opinions, timing, links

Graph labels get cramped on a small screen. Swipe the platform clues, then go back to the graph and ask: which joins would make a stranger sound familiar?

Clue 1/6

LinkedIn

easy join

role, employer, colleagues

Clue 2/6

Instagram

harder join

family, places, routines

Clue 3/6

Facebook

harder join

relatives, tags, old posts

Clue 4/6

TikTok

easy join

voice, rooms, habits

Clue 5/6

Reddit

easy join

interests, writing style

Clue 6/6

X / search

easy join

opinions, timing, links

Dossier quality

Some joins are still available. This is less tidy for an attacker, but not yet boring enough.

Most useful fix

Visibility and photo clues are under control. Now split audiences and stop recovery-question bait.

Explain the jargon

Small terms, big consequences

Tap a term for the plain-English version and the practical move. No fake mystique, just the bit that changes what you do at home.

Swipe the terms one at a time below desktop width. Glossary cards can get wordy, and squeezing three of them into a tablet row helps nobody.

?OSINT

Open-source intelligence: information collected from public sources such as profiles, posts, photos, comments, breach mentions, websites and public records.

Do this: Audit what is public about you before assuming a stranger could not know it.

?Dossier

A structured profile built by joining small facts across sources. It may include identity, relationships, locations, routines, interests and weak points.

Do this: Reduce linkable public detail and separate audiences so the joins are harder.

?Correlation

The act of linking accounts or facts because they share handles, avatars, bios, names, writing style, locations, friends or links.

Do this: Avoid reusing the same handle, avatar and bio across every context.

?Recovery clues

Public details that help someone answer account recovery questions or sound convincing to a telco, bank, employer or relative.

Do this: Do not publish quiz answers, pet names, birthdays, schools, first cars or routine details as public entertainment.

Read these as three short household checklists. They stay stacked below desktop width so the action text does not get squeezed.

Do this

  • Search your own name, common usernames, email aliases and profile photos from a private browser window.
  • Lock down profile visibility, friend lists, old posts, tagged photos and location history.
  • Use separate usernames and profile images for public, professional, hobby and family spaces where practical.
  • Remove or blur school uniforms, house numbers, car plates, workplace badges, children's routines and recurring location clues.
  • Treat quizzes, viral prompts and 'about me' posts as data collection unless proven otherwise.

Check

  • Can a stranger find your city, employer, school, family links or routines?
  • Do the same usernames appear across platforms?
  • Can photos reveal locations, badges, plates or children's schools?
  • Are friend lists, tagged posts and old public albums visible?
  • Could someone answer recovery questions or craft a convincing scam from what is public?

Avoid

  • Thinking privacy means only hiding the one sensitive post.
  • Using the same handle, avatar and bio everywhere.
  • Posting routines in real time: school runs, holidays, home alone, shift patterns.
  • Leaving old teenage-era public posts online because nobody has looked for years.
  • Answering fun prompts that are basically password-recovery and social-engineering fuel with confetti.

Self-check questions

Questions that expose the real habit

Use these quick checks to find the next practical fix. The useful answer is not perfect security; it is whether the safer path is obvious when someone is tired, embarrassed or in a hurry.

On phones, swipe one question at a time. Use the first uncomfortable answer as the next household fix, not as a lecture.

check 1/3

Stranger search

Open a private browser and search your name, common usernames, email aliases and profile photo. What would a stranger know in ten minutes?

Good sign: They find public-professional basics, not family links, routines, school clues, live locations or recovery-question bait.

Watch for: If one search reveals employer, suburb, relatives and a holiday timeline, scams can start warm instead of generic.

check 2/3

Photo clue pass

Pick ten recent photos. What can be read from the background: uniforms, badges, plates, house numbers, school names, call screens, parcel labels?

Good sign: Sensitive clues are cropped, blurred, delayed or kept to a private audience.

Watch for: The risky bit is often not the face. It is the quiet detail sitting on the fridge, lanyard, laptop or street sign.

check 3/3

Quiz bait rule

Would you still post the answer if it looked like a bank, telco or email recovery question?

Good sign: Pet names, childhood streets, schools, birthdays, favourite teams and family links stay out of public prompt games.

Watch for: 'Just for fun' posts can train strangers to sound familiar and help them pass weak recovery checks.

Full guidance

More than a slide title

A practical OSINT-style model showing how harmless-looking fragments become a dossier, and how to reduce what strangers, scammers or nuisance actors can correlate.

Swipe one guidance note at a time below desktop width. The receipt cards appear first; these notes are the deeper explanation, not a wall to skim in one go.

  1. Note 01/05

    A dossier is built from joins, not magic

    A username match gives a lead. A reused avatar strengthens it. A LinkedIn role gives employer and rough income. Instagram adds family, hobbies and places. Facebook comments expose relatives. Marketplace listings can reveal suburb and items in the house. None of those facts need to be secret on their own. Together they become targeting material.

  2. Note 02/05

    What can be collected

    Public names, aliases, profile photos, bios, employers, schools, clubs, family relationships, comments, friends, locations, travel timing, kids' activities, vehicles, home details, shopping habits, political views, health hints and the language someone uses. A scammer does not need everything. They need enough to sound familiar.

  3. Note 03/05

    How it gets used

    A dossier can support impersonation, romance or investment scams, account recovery attacks, SIM-swap attempts, workplace targeting, stalking, harassment, fake invoices, doxxing or tailored phishing. The more personal the bait sounds, the less it feels like spam.

  4. Note 04/05

    The normal-person fix

    You do not need to disappear. You need audience control. Keep professional material professional, family material private, hobby accounts less linkable, and live-location/routine detail delayed or removed. If a detail helps a stranger predict where you are, who you trust or how to pressure you, it probably does not need to be public.

  5. Note 05/05

    Children and family links

    Children create a special problem because adults post the graph around them: school logos, sports fixtures, uniforms, birthdays, relatives, routines and locations. The child did not choose that exposure. Default to less detail, delayed posts and private audiences.

Scenario

Swipe one real-world mess at a time

Scenario 1/2

The stranger who sounds familiar

Someone pulls LinkedIn role, Instagram family references, Facebook relatives and marketplace suburb clues, then sends a message that sounds like it came from someone who knows the household.

Better response

  • Limit public profile detail
  • Separate usernames and audiences
  • Verify requests through a known channel
  • Remove old public family/location posts

Worse habit

Assuming the message is trustworthy because it contains real personal details.

Scenario 2/2

The public holiday post

Holiday photos go up in real time, while older posts and marketplace listings make the home suburb obvious.

Better response

  • Post later
  • Remove address-adjacent listings and house-number clues
  • Keep family posts to trusted audiences

Worse habit

Broadcasting absence, routines and location because the sunset looked nice.

More pages

Swipe guide pages

Page 01/12Routers & Wi‑FiPage 02/12Passwords & MFAPage 03/12Updates & AppsPage 04/12VPNs & ProxiesPage 05/12Family RulesPage 06/12Smart HomePage 07/12Work BoundaryPage 08/12AI AgentsPage 09/12RecoveryPage 10/12Home DevPage 11/12Online SafetyCurrentPage 12/12Products