In this article I help you and your business identify possible dangers of displaying personal information publicly. This can impact information we publicly share in our personal and work lives that could put your digital data at risk, not to mention physical safety risks. Let's dig into this further.
Contents
What are the dangers of displaying personal information?
In an age where digital footprints are left behind with every click and connection, it’s crucial to recognize the potential risks associated with publicly displaying personal information. Take a moment to evaluate the stickers adorning your cars, the decorations in your home, or even the clothing you wear. Each of these items can inadvertently reveal your interests, beliefs, and personal details to malicious hackers who are always on the lookout for vulnerabilities.
Consider this: if you share a photo on social media that features those items in the background, or if you mention your pet’s name or display your computer setup, you might be unwittingly providing valuable information for cybercriminals. Using details from your posts for password recovery or security questions can increase your vulnerability. What seems like harmless sharing can turn into an open invitation for attacks.
Furthermore, there’s a significant privacy concern at stake. Sharing too much information can inadvertently disclose your location, exposing your family to potential threats such as violence or theft. Showcasing valuable items or revealing where you live may attract unwanted attention from those with malicious intent. In a world fraught with both physical and cyber dangers, it often feels necessary to minimise our public individuality to protect ourselves, our loved ones, and our workplaces.
Will this situation ever improve? Perhaps the answer lies in humanity's ability to rise above harmful behaviours. Only when we collectively move beyond malicious activities can we hope to create a safer environment for everyone.
What do people in Western countries feel their privacy situation is?
How do people feel about privacy these days?
It appears whether you live in western countries or other countries, people all over the world have the same reservations about the privacy of their data in our hyper digital world.
The state of privacy in China for example is characterised by significant government surveillance and control over personal data. The Chinese government employs a vast array of monitoring technologies, including facial recognition and internet censorship, to track citizens' activities both online and offline. While there is growing public concern about data privacy and security, many individuals feel they have limited control over their personal information, as the government prioritises security and social stability over privacy rights.
Recent developments, such as the Personal Information Protection Law (PIPL), aim to enhance data protection; however, the implementation remains inconsistent, and many still worry about the lack of transparency and accountability in how their data is handled by both the state and private companies. Overall, the balance between privacy and state control continues to be a contentious issue in China's socio-political landscape.
Across the Pacific in the USA, in a Pew Research Center survey, a significant majority of Americans express deep concerns about the privacy and security of their personal data. Approximately 60% feel that it's impossible to navigate daily life without having their data collected by companies and the government. A substantial 81% believe the risks associated with data collection outweigh the benefits, while 79% worry about how companies use their information.
Many lack confidence in corporations' stewardship of their data, with 70% feeling that their personal information is less secure than five years ago. Additionally, while 97% of Americans are frequently asked to approve privacy policies, only about 20% read them thoroughly before consenting. This widespread sentiment underscores the hidden dangers of publicly sharing personal information, as many individuals unknowingly compromise their privacy in a data-driven society.
Across the Pacific ocean, the majority of Australians are increasingly concerned about their personal information security. According to the latest ACAPS 2023 survey findings (Conducted by the Australian OAIC), 62% consider the protection of their data a significant concern, yet 57% are unsure of how to effectively safeguard it. While 74% view data breaches as a serious privacy threat—an increase from previous years—only 32% feel in control of their privacy.
Most Australians prioritise data privacy when selecting products and services, highlighting its importance as the third most significant factor after quality and price. Despite general awareness of Australian privacy laws, many desire greater protection from businesses and government agencies, with 89% advocating for more stringent regulations. Alarmingly, 47% of respondents reported being informed of a data breach in the past year, leading to various harms, including increased scams and identity theft.
Just recently the RTB (Real Time Bidding) data scraping saga has been revealed scraping personalised Advertising data of politicians and well known people: ABC Article: The sensitive data of Australia's security personnel is at risk of being on-sold to foreign actors
RTB scraping and combining that data to create a profile is a increasing threat recently covered around Patternz an ISA Security tool that used RTB. Article: Five billion people being tracked by Patternz surveillance tool
As concerns grow, citizens across the world increasingly favour proactive measures from organisations, emphasising the need for careful handling of personal information to mitigate risks in both digital and physical realms but also warnings and recommendations are given by authorities in most countries about being careful with your data online. But is it just online? Is there any data in the physical world that could affect your cyber privacy? Yes there is.
Let me make you, my readers, aware of many of the unknown dangers in order to protect ourselves better.
The Role of OSINT in Exploiting Publicly Displayed Information
Open Source Intelligence (OSINT) refers to the process of collecting and analyzing publicly available information to uncover valuable insights about a person or organisation. In today's interconnected world, OSINT can be used to exploit personal information that individuals unknowingly share in both cyberspace and the physical world.
What is OSINT? Open Source Intelligence (OSINT) is the practice of gathering, analyzing, and using information that is publicly available, often referred to as "open sources." This includes data from the internet, social media, public databases, news articles, forums, and even information visible in the physical world. OSINT is widely used in cybersecurity, law enforcement, corporate intelligence, and even by malicious actors such as hackers or criminals. The main advantage of OSINT is that it utilizes data that is readily accessible without the need for hacking or breaching security measures, making it both a powerful and low-cost method of gathering intelligence.
From social media profiles and online forums to bumper stickers on cars and clothing logos, every piece of publicly displayed information can be used to create a detailed profile about you. This makes it crucial to be aware of the potential risks involved in sharing details that may seem harmless, as they can be pieced together to reveal your identity, location, habits, and more.
How is OSINT Undertaken?
1. Collecting Data from the Digital World:
Social Media: One of the richest sources for OSINT is social media platforms like Facebook, Twitter (X), Instagram, and LinkedIn. These platforms often reveal personal information like your full name, location, job, family relationships, habits, hobbies, and interests. Even harmless posts or check-ins can give away your real-time location or routines. For instance, posting about a vacation while you're away can expose your home to burglary risks.
Public Databases and Forums: OSINT also involves scouring public records, databases, and discussion forums. Information such as addresses, phone numbers, work history, or even opinions expressed in forums can be pieced together to build a detailed profile of a person.
Search Engines and Websites: OSINT tools often make use of simple web search engines like Google to find personal details. People may unknowingly leave traces of information, such as email addresses or home addresses, on websites that are indexed by search engines.
Public Sharing of Files: Information shared in public domains—like cloud storage links, PDFs, or any documents containing sensitive metadata—can be accessed and analyzed to extract personal or business-related details. Often, metadata such as GPS locations embedded in images or documents can also give away vital data.
2. Collecting Data from the Physical World:
Cars and Homes: Information publicly displayed on your vehicle (like bumper stickers with your child’s school logo or parking passes) or visible from outside your home (like security system signs or house number plaques) can be used as OSINT. These physical clues can provide insight into your lifestyle, habits, or affiliations that can be exploited.
Clothing and Accessories: Logos or badges on clothing (such as those of specific workplaces, schools, or interest groups) can also provide a wealth of information. These details can be leveraged to discover more about your work, hobbies, or social connections, making you vulnerable to targeted social engineering attacks.
Workplaces and Public Environments: Displaying personal or sensitive information in public settings, such as leaving business cards, badges, or access cards exposed, can give attackers a head start in identifying your workplace, your role, or even your access rights within an organization.
The Dangers of OSINT in Both Worlds
When public information is available both online and in the physical world, malicious actors can combine these sources to create a complete profile of an individual or a business. This can lead to severe security and privacy breaches. Here's how OSINT works in different areas:
Digital Exposure: Hackers or cybercriminals use OSINT to gain insight into your personal life or business. For example, finding your email address and then cross-referencing it with a password leaked in a data breach could enable them to access your accounts. They can also look at your social media to perform social engineering attacks, where they impersonate you or trick you into sharing more information.
Physical Exposure: In the physical world, an attacker might learn your habits through the visible information you display—such as when you're away from home or where your children go to school—allowing them to plan targeted actions like burglary or stalking or violence or breaking in in order to access your IT devices, plant surveillance to monitor you to enter your credentials on your devices (eg: cryptocurrency logins), and so many more digital and physical reasons.
Defense Against OSINT Exploitation
To defend against the risks of OSINT:
Limit Digital Footprint: Be cautious about the amount of information you share online. Avoid posting real-time locations, personal details, or photos that reveal too much.
Hide Physical Clues: Remove or minimize visible identifiers from your car, home, and belongings that could provide insights about your daily life.
Manage Public Sharing: When sharing files online, strip away unnecessary metadata. Review privacy settings on all your social media platforms and restrict access to personal data.
Regularly Audit Information: Periodically search for your own personal or business data to see what is publicly available and take steps to remove or conceal sensitive details.
Understanding the methodology of OSINT helps you recognize how your publicly shared information, even in innocent forms, can become a liability. By managing both your digital and physical presence, you can reduce exposure to potential threats.
Let's dig deeper on how to defend ourselves from potential OSINT theft and the exploitation of stolen personal data.
How to defend yourself for possible attacks related to display of personal information?
I will go in-depth regarding as many areas of public exposure that could be used to hone in more information about you and those you need to keep safe. Get ready folks, this is going to be a wild ride.
Hide info on social media & apps online
This has been talked about for quite some time but sometimes we all get slack with it. When you post on social media, yourself and your place and your possessions and things like that, you are risking these things being used to hone in on a number of details, both for cyber and physical theft and attack in person. Here's some ideas on what to remove depending on your preferences:
Social media apps additional info hiding tips
Review your social media posts across all platforms to see if you've got any personally identifiable information such as your pets, kids, your possessions or revealing potential clues of your location to the wider public
Are you celebrating birthday or anniversary days which could be used to workout those dates? Don't post about it online if your account is publically viewable.
Are you sharing your kids' names or pet names on social media? Apart from being a privacy concern, the other issue is that if you're using any of those details in your password recovery questions or as part of your password, then it's best not to use such details especially if you post about it.
Basically only leave information online that you do not care about and will not be used to identify you or be used in circumventing any cyber defences such as online accounts that might be using those pieces of information.
Hiding details that you don’t want public in posts and social media accounts are such as as personal milestones, locations, personal details in bio, personal interests, metadata on photos (some social media don’t remove the GPS coordinates embedded in metadata of photos), hide lists of friends or followers, hide your birthday, place of birth, current location, consider locking down your account if you don’t influence to just keep in touch with friends, hide personal details from photos by removing the posts (look carefully for those).
Don’t accept follows from strangers if your account is locked/private as they may want to squiz on your content to narrow down their data and undertake social engineering attacks and phishing attacks. There is a ton of fake accounts that impersonate a love interest that could get caught in a sextortion or cryptocurrency scams lose money.
Remember public posts and reels don’t really disappear if you post them publicly as someone can copy the data and then reuse it in the future.
Don’t post your holidays while you're on holidays as this could encourage break ins for the purpose of hacking or theft.
Review all privacy and security settings on apps and social media apps.
Be mindful of public interactions!
Avoid commenting or interacting publicly on controversial posts that could attract unwanted attention or give clues to your interests or opinions that could be exploited in phishing or social engineering.
Also avoid revealing or bragging about your assets online such as physical possessions, showing off clothes, cryptocurrency, money, bank accounts and showing off your wealth unless you want to increase chances of physical or digital theft. If you still want to remember to have a large security services if you can afford it. If you can't afford a large security service stop flaunting your expensive stuff if you want to reduce chances of theft digitally and physically.
Sharing or “Personalising” your details for optimising Ads
The advertisers have assured us in the past that ad networks are very secure and data they collect about us are not sent to nefarious individuals. But that is no longer true despite promises in updated terms and conditions.
Our Ad Disclaimer: You might be wondering why I have ads on my articles. I use Google AdSense to place ads here and on other articles. I write these pieces free of charge for you and don't receive compensation for the hours of research and preparation involved. Google AdSense is one way for me to recoup a small portion of that effort. In my opinion, Google AdSense itself isn't the problem—it's simply a tool that places ads. The real issue lies with the advertisers and advertising marketplaces, including Google, who collect and sell personal information. They track what sites you visit via your web history on your Google or Facebook or other platform account—and they then use that data to target you with more effective ads that are placed on websites like ours. Everyone does that to earn something and as I'm a tiny blogger I get almost nothing. The real question is: who are they selling this data to, and are they ensuring it’s truly anonymized?
When it comes to privacy, the real criminals in my opinion, aren't the websites (like mine) that show the ads in exchange for free content (and yes who wants to pay for anything anymore or can pay for anything anymore?), but the corporations and marketplaces like Google that profit from exploiting personal information collected from your viewing history on your own Google account and who correlate that with viewed ads on websites. Their lack of transparency and proper verification of RTB (Real Time Bidding) marketplace raises serious concerns about who gets access to your data and how it’s being used. If the data isn't being properly anonymized and can be correlated with enough data, then it could be misused in ways that go beyond simple ad targeting—affecting your privacy on a deeper level.
With the rise of surveillance tools like Patternz which was scraped using anonymised data from Google and other advertising platforms using Real Time Bidding (RTB) market, Patternz (made by security company ISA Security) tracked over five billion users globally, the risks of exposing personal information have never been greater. Data collected from everyday activities—through apps, websites, and devices—can be exploited by companies and governments for purposes far beyond advertising, including surveillance. As privacy concerns grow, it's vital to take steps to protect personal information both online and offline, as failing to do so can leave individuals vulnerable to misuse, profiling, and potential exploitation in areas like AI-driven warfare.
How to protect your personal data for RTB to a degree?
Disable Ad Personalisation:
You can disable personalised ads across major platforms like Google, Microsoft Bing, Apple, Facebook, Instagram, TikTok, Snapchat, Reddit, and others, you can follow general steps on each platform based on their Help Centres.
Keep in mind that this process may not completely remove ads, but it stops them from being tailored to your online activity: Upcoming blog on RTB and Personalised Ads (TBC still working on it)
If you want to go down additional level of not seeing ads:
Install a trusted ad blocker if need be on your browser and train it to only allow ads on sites that you need to function on and some sites won't show anything without allowing ads. Trusted multi-platform ad blocker is the original AdBlock. Purchasing the premium allows for multi-browser sync and settings which are much easier to handle for a very small yearly price.
Erase all viewing history across Google, Microsoft Bing, Apple (complicated), Facebook, Instagram, TikTok (somewhere in settings), Snapchat, Reddit (then hit Clear), and other social media sites and setup auto delete options on them (if they have any LOL).
Is Apple the bastion of Privacy?
While Apple emphasizes privacy, the reality is more nuanced. Apple's privacy measures are certainly strong compared to many tech companies, but true privacy is not absolute. Here are key considerations:
Personalised Ads: Apple’s personalized ads prioritize privacy by using first-party data from its ecosystem, such as the App Store and Apple News. They process much of the ad targeting on-device, limiting data sent to their servers. While Apple offers controls to opt-out of personalized ads (as mentioned above) and restricts third-party data sharing, they still collect user data to target ads within their services. Though more privacy-focused than competitors, Apple's advertising model relies on personalization, making it privacy-conscious but not entirely free from data collection.
On-Device Privacy: Apple processes sensitive data (like Face ID and Touch ID) on the device itself rather than sending it to the cloud. This is a strong privacy feature, as it minimizes the risk of exposure. However, not all data is treated this way.
iCloud Backups: Although iMessage and FaceTime are end-to-end encrypted, iCloud backups are not fully encrypted. This means that Apple, in certain circumstances (like complying with law enforcement), can access data stored in iCloud, such as messages, photos, and other sensitive information.
Third-Party Apps: Despite Apple’s efforts with App Tracking Transparency (ATT), where apps must ask for permission to track users, third-party apps can still gather data with user consent. Once shared, Apple doesn’t control how third parties handle it.
Law Enforcement and Compliance: Apple has a history of resisting government pressure to unlock phones, such as in high-profile criminal cases. However, they have complied with legal requests to access iCloud-stored data, which means some level of user data can be accessed. And intelligence agencies managed to get in sometimes without Apples permission using Zero Day Vulnerabilities.
Partnerships and Analytics: Apple still collects some user data for its own purposes, such as to improve Siri or for app recommendations. Even though they anonymize much of this data, it’s still not entirely private.
So always follow the advice of adjusting settings to maximise on security and privacy even on Apple devices and any other brand devices. And as they say in X Files: Trust no one. But there is a balance between functionality and privacy - so you need to get the right mix for you and with what you are comfortable with.
Additional app groups examples of info to hide
Online Reviews and Forums: Leaving personal information in public reviews of services or products, or sharing specific details in forums, can lead to exposure that attackers could use for targeted attacks.
Health & Fitness Apps: Personal data from health or fitness tracking apps (e.g., medical conditions, workout routines, or locations) can be used to impersonate individuals or for phishing scams.
Online Shopping Accounts: Storing too much personal information (e.g., credit card details, address, or phone number) on online shopping platforms makes these accounts prime targets for cyber theft.
Frequent Flyer Programs and Travel Bookings: Personal details like passport numbers, travel history, or frequent flyer accounts can be used for identity theft or social engineering by attackers.
Dating Apps: Sharing personal details such as name, location, and interests on dating platforms can lead to stalking, scams, or phishing attacks.
Online Gaming Platforms: Personal profiles in online games, including usernames, financial details, or locations, can be exploited for scams or phishing attacks.
Educational Platforms: Personal information shared in virtual classrooms, e-learning platforms, or academic forums can be stolen and used for identity theft.
Subscription Services: Personal data stored with streaming services or other subscriptions could be vulnerable to theft or account hijacking.
Charitable Donations: Donating to charities without securing personal data can result in your financial and personal information being exposed to attackers.
Government Documents & Portals: Information used for online tax filing, voting registration, or applying for government benefits can be stolen if these systems are not secure, leading to identity theft or fraud.
Many more areas.
Now let's cover the vehicle info dangers and other areas.
Hide info in your car
In America, some of the enforcement agencies have recently been advising people not to put personal details on cars such as stickers and custom number plates with your details on it because that can be used by physical and cyber criminals to hone in on your details and find out where you live and use those details. For example, to narrow down which accounts online are yours in order to attack them. Here's some useful tips on what to do to mitigate that risk:
Remove any stickers on the outside or inside of cars as these could be used to work out your parents both for thieves. Trying to get into your place but also hackers. Trying to find out more information about your family in order to hack you.
Don't leave personal details or documents visible inside or outside the car as these details could be used to further narrow down your personal details in order to hack you or find your address to visit you in person and steal or do violence.
Vehicle GPS Systems: Modern vehicles with integrated GPS or infotainment systems store routes, destinations, and personal data, which could be accessed in the event of a hack. Make sure any security that entertainment systems in cars have is turned on including any information sharing settings with the manufacturers are locked down or turned off.
Entertainment systems: If they have bluetooth or wifi then make sure it's secure as best as possible.
Smart cars: check all the settings to make sure no personal information is being advertised eg: displaying your name when you switch the smart car on.
Hide info on clothes
Custom t-shirts and clothing (and just generic but branded clothing as well) can be a personal way of expressing yourself and sharing your personal information or interests to the wider public and your friends. But if you have a lot of use of the online cyber space then you may need to think twice about putting clothes on that. Have personal details or interests on it. Especially if those details are then used for security questions or to help hackers hone in on you and tailor social engineering attacks towards you.
Get rid of any t-shirts or clothes that reveal your or your kids interests or personal details or personal interests. I know this is controversial because we are all about showing what we like to people. But we live in a more dangerous world so consider doing that for the sake of increased safety. So reconsider wearing branded clothes that might reveal to others what your preferences, interests and likes are. Privacy is no longer inside your home, it's also what you walk around with.
Don't show your expensive stuff in public: Showing to the public how much money you have by flaunting very expensive clothes or accessories is a digital and physical risk as it can be a motivator for hackers or thiefs to target you. I'll tell you a little secret: Smart rich people wear everyday clothes and drive everyday cars eg: Warren Buffett has billions of dollars but drives a basic car and wears everyday clothes (Google: Warren Buffett lives a simple life)
Don't put on any stickers or badges or pins with your name on it or other details on your clothes, especially in public spaces if you can avoid it so that people can't jot down your name and look you up and do a doxing.
Hide info in your home
As cyberspace gets more secure over time, hackers may start visiting your home and looking through the window to get some personal details so that they can hack your accounts more effectively or use social engineering by using those personal details displayed outside of your home or inside your home. Here's some suggestions on how to reduce the chances of these risks:
As much as possible, remove any of such personal details or stickers from our homes especially if they are outside.
Avoid having all your windows open without at least lace curtains or curtains or blinds or some measure of difficulty in seeing what's inside the home, this may be an option for hackers to get someone to fish for information visually.
Remove any personal details such as names, kids names, pets, names, and all sorts of things in the backyard or front yard: This includes any memorials and details of dead family members, names and birthdays and all sorts of things. Why? Think about Google Street view from the top and from the street level. Could be used to look at those details and work out those personal details as possibly part of login, security questions or social engineering attempts.
Shred info before throwing into Trash/Discarded Items: Documents or personal details thrown away without proper shredding or disposal can be retrieved by attackers for identity theft.
Smart Home Devices: Devices like security cameras, thermostats, or smart locks connected to your network can expose sensitive information (e.g., when you’re away) if not properly secured.
Tech gifts for kids or family: Be smart and secure with tech gifts. Parents can check the safety of popular gifts that can be connected to the internet, like smart toys, smartphones, tablets, drones and even wearables for pets. Do things like set strong passwords, turn off location settings and limit the amount of personal information young people share. For example some of these devices can have cameras or microphones.
Hide info from Email Signatures & Email Auto-responses:
Avoid overly detailed email signatures (including job titles, direct numbers, and location) can provide valuable information to attackers for impersonation or social engineering schemes. Remove any details that you don’t want malicious hackers from readily getting hold of such as phone numbers, addresses, and other details.
Be Cautious with Auto-Responses: Avoid disclosing too much information, such as your vacation dates or location, in automated replies. This can tip off potential burglars or hackers. For example, in your autoresponder settings of any kind, avoid revealing when you'll be away. A simple 'I'm currently unavailable, I'll get back to you as soon as possible' without specifics helps protect your privacy.
Hide info when answering voice calls & voicemail greetings:
Answering calls: To avoid helping spammers and hackers hone in on your name and additional details when answering calls simply say "Hello". When they ask are "Michael Plis" ask the question "Sorry, who is speaking?".
Voicemail Greetings: When creating voicemail greetings for home or work phone just use your first name, don't include your surname and don't include any other personal information. This is not to give out information but at the same tie help friends, colleagues and clients know they calling the right person.
Hide info from publicly shared files
One of the biggest problems today is personal information lying around in publicly shared files in cloud storage accounts. These days hackers scan the entire cloud storage domains for any shared links and they often can find treasure troves gathered by random variations of the links and other sources of those publicly shared links. Here is some suggestions to deal with this:
When you share files on OneDrive, Google Drive, iCloud or Dropbox or other file storage services and select to share with anyone (eg usually creates a unique web link and those that have that web link can access folder(s) or file(s) that you shared) these publicly shared files often stay exposed until the share is turned off. Also files or backups stored in cloud services without proper encryption can be accessed by attackers who might gain control of account credentials. Here are the major storage providers and useful tips on reducing private information visibility.
File naming tip: I usually put in the file names or folder names some indication that I am sharing this file or folder publicly eg: “(Share Anyone)”. That way when I search all publicly shared files it’s easier to find.
Inside publicly shared files: Remove all personal identifiable information that you don’t want to share so that when digital strangers go in they will not get anything juicy out of it.
Google Drive: Check all publicly shared files and folders on Google Drive - its a search string because Google doesn't have a “Shared with others” section in the Drive - blog article I made documenting what is the strings to find files and folders publically shared via Google Drive
OneDrive: See files you shared in OneDrive article (select Shared > By You tab)
iCloud: There isn't a built-in feature in iCloud to directly view all publicly shared files and folders. But you can either go to icloud.com or via the Files app on devices and select “iCloud Drive” and use search bar to search for “shared” or “public”
Dropbox: login to dropbox.com and click on Shared > all publicly shared files and folders will appear there. You can also try to use search but it’s limited
When you make feedback or submission to governments about issues your personal data may be included on those submissions and they may be searchable and displayable online. Especially If you submit your own document to some government inquiry and provide details about yourself inside that submitted document. Those details may stay online for a long time.
Hide info from workplaces
Workplaces can be extensions of our home when we display or bring all sorts of nick nacks and personal items. These can be visible on video conferencing or photos taken in workplaces and shared publicly and in person at the office or viewed from windows outside the workplace if the items are visible.
Personal items on desks could be visible to fake clients that may physically go past your desk and use that in social engineering attacks or impersonation attacks.
Personal details or items in the background images or your live actual office as your background of video calls or photos shared publicly (e.g., family photos, awards, or documents) can reveal sensitive information that could be exploited in spear-phishing attacks. Also device lock screens should not show any personal information.
Hide info from Email Signatures & Email Auto-responses:
Avoid overly detailed email signatures (including job titles, direct numbers, and location) can provide valuable information to attackers for impersonation or social engineering schemes. Remove any details that you don’t want malicious hackers from readily getting hold of such as phone numbers, ABNs (business ID’s), addresses, and other details.
Be Cautious with Auto-Responses: Avoid disclosing too much information, such as your vacation dates or location, in automated replies. This can tip off potential burglars or hackers. For example, in your autoresponder settings of any kind, avoid revealing when you'll be away. A simple 'I'm currently unavailable, I'll get back to you as soon as possible'' without specifics helps protect your privacy.
Hide info when answering voice calls & voicemail greetings:
Answering calls: To avoid helping spammers and hackers hone in on your name and additional details when answering calls simply say "Hello". When they ask are "Michael Plis" ask the question "Sorry, who is speaking?".
Voicemail Greetings: When creating voicemail greetings for home or work phone just use your first name, don't include your surname and don't include any other personal information. This is not to give out information but at the same tie help friends, colleagues and clients know they calling the right person.
Hide info on Business Websites: Employee profiles with detailed biographies or images, office locations, and organisational structures can provide attackers with the means to craft convincing social engineering attacks. Also remove all email and phone number contacts that you don’t want revealed to the public. Email addresses that are for public use might still be good to hide and replace with contact forms that use Google Recaptcha human verifier (although these are getting less useful with AI).
Hide info from Job Applications or Resumes Posted Publicly: Posting resumes with personal details like phone numbers, addresses, or email addresses on job sites could be used by scammers or hackers to impersonate individuals.
Hide info from Conferences and Networking Events: Sharing personal information on business cards or in conversations in public settings, especially about sensitive work projects or company details, can be a vulnerability.
Shred info before throwing into Trash/Discarded Items: Documents or personal details thrown away without proper shredding or disposal can be retrieved by attackers for identity theft.
Sharing info with Business Partners or Suppliers: Sharing sensitive business data with third-party vendors or partners without proper security protocols can lead to exposure through weak links in the supply chain.
When leaving your desk: When leaving your desk at work lock your computer screen to prevent unauthorised snooping. See below instructions on how to do that:
How to lock your device screen?
Windows:
Using Keyboard Shortcut: Press Windows + L.
Using Start Menu: Click on the Start button, select your profile picture or account icon, and choose Lock.
Chrome OS:
Using Keyboard Shortcut: Press Search + L or Ctrl + Shift + L.
Using Status Area: Click on the time in the bottom-right corner, then click on your account icon, and select Lock screen.
Mac OS:
Using Keyboard Shortcut: Press Control + Command + Q (or Command + Option + Power button).
Using Apple Menu: Click on the Apple menu in the top left, and select Lock Screen.
Android mobile devices:
Using Power Button: Press the Power button to lock the screen.
Using Settings: Open Settings > Security > Screen lock, and choose a locking method (PIN, pattern, password).
iOS mobile devices:
Using Power Button: Press the Side button (or Top button on older models) to lock the screen.
Using Settings: Open Settings > Face ID & Passcode or Touch ID & Passcode, and set up a locking method.
Hide info when travelling
Hiding information that is sensitive when travelling is important as you and your family cn become an easy target for cyber attacks.
Hide info on Luggage Tags: Displaying personal details like name, address, or phone number on luggage tags while travelling can also be exploited by malicious individuals.
Lock your laptop or tablet or phone screen when not using: When not in use those devices should be with you and not unsupervised. Never trust anyone when travelling. Also consider purchasing a privacy filter screen protector on laptops and tablets.
When expensive devices are not in use: Even check with the hotel if they have a safety deposit box or safe but I have to warn you: some hotels or motels do the dodgy and allow malicious people to access those safety deposit boxes without ID verification - so that's a tip to them - stop doing it if you want a good travel review. If you go to some countries that have a high theft I would only bring very cheap tech - don't bring your jewelry or expensive tech - blend in as it were.
Don't provide unnecessary information to hotels and tourist places: If you provide unnecessary information that is not required if those businesses are breached your data will be exposed. Also don’t sign up to any subscriptions or fill out any advertisements or click on any links.
Don't scan QR codes of any kind: Don’t scan any QR codes in restaurants to order food and fill out their ordering forms through it. Sometimes hackers put fake QR Code stickers over the top to infect your devices or steal your information. Any other QR codes please don’t use. Just use traditional forms of buying like a credit card, cash or use a local ATM usually possible to withdraw with your credit or debit card with the VISA symbol from most ATM’s in the world. But make sure nobody sees you type the pin.
Don’t connect to Public Wi-Fi, instead buy a local SIM card and add data to it: Logging into personal accounts over unsecured public Wi-Fi networks during travel without encryption leaves personal data vulnerable to interception.
Conclusion
In today's world, the risk of exposing personal information has never been greater. As we've explored throughout this article, even seemingly harmless details—whether shared online, displayed on your vehicle, or subtly embedded in your clothing—can be used by malicious actors to launch both cyber and physical attacks. From social media to cars, homes, and even personal apparel, it's essential to assess what we reveal and how it can compromise our security.
By taking simple steps to hide or obscure personal information, we can protect ourselves, our families, and our businesses from a range of threats. Remember, vigilance is key in this digital age. Staying mindful of the information we share is one of the best defences we have against those seeking to exploit our data for harmful purposes.
Safe public access everyone
Michael Plis
References
Due to the complexity of this article and my lifelong neurodivergent disability I used a combination of my own IT & cybersecurity background experience, ChatGPT and Google Gemini to do the research, writing and also assisting me in editing. So if there are errors or something could be referenced that should be please DM me on all major social media profiles either via the social media channels listed at the top of the article or at the bottom. Thanks.
ReachOut: Disclosing personal information
Australian Office of Aus Information Commissioner (OAIC):
Australian Office of the Victorian Information Commissioner (OVIC): Information Sharing and Privacy – Guidance for Sharing Personal Information
Australian NSW State Government: Protecting your privacy online
University of Pennsylvania - Penn Today article: The dangers of sharing personal information on social media
University of Kentucky article: How oversharing on social media could put your personal information at risk
New Zealand Governments Protective Security Requirements (PSR) article: Risks of making personal information public through social media
Microsoft support article: The dangers of oversharing
Government of Canada article: How to avoid sharing too much information online
Pew Research Center article: Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information
ABC Article: The sensitive data of Australia's security personnel is at risk of being on-sold to foreign actors
Techzine article: Five billion people being tracked by Patternz surveillance tool
Ad Disclaimer
You might be wondering why I have ads on my articles. I use Google AdSense to place ads here and on other articles. I write these pieces free of charge for you and don't receive compensation for the hours of research and preparation involved. Google AdSense is one way for me to recoup a small portion of that effort. In my opinion, Google AdSense itself isn't the problem—it's simply a tool that places ads. The real issue lies with the advertisers and advertising marketplaces, including Google, who collect and sell personal information. They track what sites you visit via your web history on your Google or Facebook or other platform account—and they then use that data to target you with more effective ads that are placed on websites like ours. Everyone does that to earn something and as I'm a tiny blogger I get almost nothing. The real question is: who are they selling this data to, and are they ensuring it’s truly anonymized?
When it comes to privacy, the real criminals in my opinion, aren't the websites (like mine) that show the ads in exchange for free content (and yes who wants to pay for anything anymore or can pay for anything anymore?), but the corporations and marketplaces like Google that profit from exploiting personal information collected from your viewing history on your own Google account and who correlate that with viewed ads on websites. Their lack of transparency and proper verification of RTB (Real Time Bidding) marketplace raises serious concerns about who gets access to your data and how it’s being used. If the data isn't being properly anonymized and can be correlated with enough data, then it could be misused in ways that go beyond simple ad targeting—affecting your privacy on a deeper level.
