Map your exposure in a weekend
Before you change a single setting, spend two unhurried hours seeing what the internet already knows about you. Here is the self-audit we run at the start of every engagement.
Most people start privacy backwards. They buy a VPN, install five extensions, and feel productive while their home address still sits on forty websites. Tools are step three. Step one is seeing clearly: what is actually exposed, and what it would cost you if the wrong person found it.
You cannot reduce what you cannot see. So before changing anything, build an honest picture of your footprint. Search yourself the way someone targeting you would, then write down what they would find.
One ground rule: audit your own information only. This is reconnaissance on yourself, looking up what is already public about you. It is not surveillance of anyone else.
Step 1. Set up a clean room
Do your searching signed out. Use a private window, or better, a browser you do not normally use, with no accounts logged in. You want to see what a stranger sees, not what Google personalizes for you.
Step 2. Search engines, like an adversary
Search your full name in quotes, then layer on what narrows it: your city, your current employer, your old employers, your university. Then search each of these on its own: your phone number, every email address, and every username you have reused. Check past the first page, and try more than one engine. Google, Bing, and a metasearch engine surface different results.
Step 3. People-search and data-broker sites
These are the sites that aggregate your address, age, relatives, and phone number into a single profile. Look yourself up on the large ones, such as Whitepages, Spokeo, BeenVerified, Radaris, and TruePeopleSearch, and note exactly what each one shows. You are not removing anything yet. You are taking inventory. Record what is exposed and where.
Step 4. Breach exposure
Go to haveibeenpwned.com and check every email address you use. It tells you which breaches included your data and what was leaked. Assume any password tied to a breached account is burned and must be changed, and never reused.
Step 5. Images and faces
Run a reverse image search on the profile photos you use publicly. The same headshot across a work profile, a dating profile, and a forum links those identities together for anyone looking. Note where your face appears.
Step 6. Public records
Much of this is genuinely public: county assessor and recorder sites carry property ownership and your home address, along with court records, business filings, and in some states voter registration. Search your county's official sites to see what is tied to your name.
Step 7. Your own accounts, and the people around you
Review your social profiles as a logged-out stranger would. Then check what others expose about you: tagged photos, a family member's public friends list, a partner's location check-ins. Your privacy is only as tight as the most public person who knows where you live.
The output: an exposure inventory
Put what you found in a simple table, one row per exposed item. Rank each by harm if misused and how easily it was found. The top of that list, usually your home address, phone number, and reused passwords, is your work for the next few weeks, in that order.
That ranked list is the difference between privacy as anxiety and privacy as a plan. It tells you what to do first and what you can safely ignore for now.
If you would rather not do this by hand, the free Exposure Self-Check walks you through the same steps with a printable copy, and a full exposure audit is where our practice begins.