You're Probably Sharing More Than You Think

March 04, 2026

Most people don’t get hacked through some elaborate technical exploit. They get compromised because information they willingly put online gets used against them. The less you share, the harder you are to target.

The problem with “harmless” information

Every piece of information you post publicly is a building block for someone with bad intentions. Your full name, birthday, hometown, employer, pet’s name, kids’ school, the car you drive — individually these seem fine. Combined, they’re enough to answer your security questions, impersonate you on the phone with your bank, or craft a phishing email convincing enough that you’d click it.

That Facebook quiz asking “What was your first car?” is harvesting security question answers. The birthday post where all your friends comment is confirming your date of birth publicly. The check-in at your kid’s school tells someone where your child is every weekday.

Social media is the biggest exposure

Public profiles. If your profile is public, assume everyone can see it — scammers, data brokers, stalkers, future employers. Check your privacy settings on every platform. Set things to friends-only at minimum.

Photos contain metadata. Many phones embed GPS coordinates, timestamps, and device information in photos. When you upload a photo, you may be broadcasting your exact location. Some platforms strip this data, but not all of them. Turn off location services for your camera app if you don’t need it.

Location sharing and check-ins. Posting that you’re on vacation tells people your house is empty. Real-time location sharing with anyone beyond close family is an unnecessary risk. If you want to share vacation photos, do it after you’re home.

Friend lists and connections. Scammers use your public friend list to figure out who to impersonate. The grandparent scam works a lot better when the caller already knows your grandson’s name and that he’s away at college — all pulled from your Facebook profile.

Data brokers already have your information

Sites like Spokeo, WhitePages, BeenVerified, and dozens of others aggregate public records and sell your name, address, phone number, relatives, and more. You can opt out of most of these individually, but it takes time.

A few things that help:

  • Search your own name periodically and see what comes up.
  • Use opt-out pages for the major data brokers. The process varies by site but usually involves submitting a removal request.
  • Services like DeleteMe or Privacy Duck will do this for you for a fee, if you don’t want to do it manually.

Your email address is a key

Your email is tied to almost everything — banking, shopping, social media, medical records. Treat it accordingly.

  • Don’t use your primary email for signups, newsletters, or anything you don’t fully trust. Use a separate address for that.
  • If your email provider supports it, use aliases or plus-addressing (like yourname+store@gmail.com) so you can tell who sold your address when spam shows up.
  • Don’t post your email publicly on social media or forums.

Passwords and security questions

Security questions are a liability. Your mother’s maiden name, the street you grew up on, your first pet — this is all information that’s either public or guessable. Use fake answers for security questions and store them in a password manager.

Reusing passwords is how one breach becomes ten. If you used the same password for a forum that got breached and for your email, an attacker now has your email. From there, they can reset passwords on everything else. Use a password manager and unique passwords for every account.

Enable two-factor authentication everywhere you can. An authenticator app is better than SMS, but SMS is better than nothing.

Smart home devices and apps

Smart speakers, doorbells, fitness trackers, and phone apps all collect data. Some of it is useful to you. A lot of it isn’t.

  • Review app permissions on your phone. Does a flashlight app need access to your contacts? No.
  • Smart speakers are always listening for their wake word. Be aware of what conversations happen near them.
  • Fitness apps that share your running route publicly are broadcasting where you live and what time you leave the house.

What to actually do

You don’t have to disappear from the internet. But tightening things up goes a long way:

  1. Audit your social media privacy settings. Make profiles private. Remove your phone number and birthday from public view.
  2. Stop taking online quizzes. They exist to collect data.
  3. Google yourself. See what’s out there and start cleaning it up.
  4. Use a password manager. Generate unique passwords for everything.
  5. Turn on two-factor authentication on email, banking, and social media at minimum.
  6. Use a separate email for signups and subscriptions.
  7. Review app permissions on your phone and revoke anything unnecessary.
  8. Think before you post. If a stranger could use the information against you, don’t share it publicly.

None of this is paranoia. It’s the same reason you lock your front door — not because you expect a break-in every day, but because the cost of prevention is low and the cost of not doing it can be very high.

← Back to Blog