See yourself the way a stranger with bad intent would. Work through each check and record what you find.
This is a self-audit, not a test. The goal is to map your current exposure - not to judge it. Every finding comes with a specific action step.
1
Search your own name on Google
Open a private browsing window and search: "[Your Full Name]" [Your City]. Check the first 3 pages of results.
What do you find?
Good exposure profile on search. Revisit every 6 months - results change as you create new accounts or data brokers refresh.
Old profiles accumulate. Go through each one: deactivate dormant accounts, update privacy settings on active ones. Old forum posts and comment history are often the source.
Action: Use Google's "Results About You" tool (google.com/results-about-you) to request removal of results containing personal info. For UK residents, contact the ICO if a site refuses a removal request.
2
Check HaveIBeenPwned for your email
Go to haveibeenpwned.com and enter every email address you use. This checks your address against 14+ billion compromised accounts from known breaches.
What does it show?
No known breaches for your email. Check again every few months - new breach databases are added regularly.
Change the password for every breached service - even if you no longer use it, the credentials may be reused elsewhere. Enable 2FA on all accounts that support it.
Priority action: Your credentials are in active circulation. Use a password manager to generate unique passwords for every account. Change your most important accounts (email, banking) first. Enable 2FA everywhere possible.
3
Reverse image search your profile photo
Save your main profile photo, then upload it to images.google.com or tineye.com. This shows every site where your image appears - including ones you didn't post to.
What do you find?
Your image is only on accounts you control. Consider using different profile photos across platforms to make cross-platform tracking harder.
Old accounts are a common leak point. Deactivate or delete them. If you can't log in, most platforms have a removal request process.
Action: If your image is on sites without your consent, submit a removal request to the site and to Google's image removal tool. For UK residents, this may be actionable under GDPR data subject rights.
4
Check data broker listings
Search your name on Spokeo, Whitepages, BeenVerified, and FastPeopleSearch. These aggregate your address, phone, relatives, and estimated income from public records and purchased data.
What do you find?
Low broker exposure. Use services like DeleteMe (paid) or free opt-out guides to maintain this over time - brokers re-collect data periodically.
Submit opt-out requests to each broker directly. Most have a removal page. Expect 30-90 days for removal. They will re-collect - plan to repeat this annually.
Action: Your profile is fully built and purchasable. Use the free opt-out guide at privacyrights.org or a paid removal service (DeleteMe, Kanary). UK residents can use Article 17 GDPR right-to-erasure requests for EU-based brokers.
5
View your social media profiles as a stranger
Log out of your accounts (or open a private window) and search your name on Instagram, Facebook, and LinkedIn. Note what a stranger can see without following you.
What can a stranger see?
Good privacy settings. Review them after each major app update - platforms sometimes reset privacy settings during updates.
Remove location from your bio if present. Audit what your most recent 20 posts reveal. Consider moving to Friends Only for post visibility.
Action: Set all posts to Friends Only or equivalent. Remove check-ins and location tags from historical posts. Remove workplace, school, and relationship details from your bio. This information is valuable to social engineers and targeted scammers.