FaceSift

Online Privacy Audit: What Can Strangers Find About You?

·11 min read

Most people assume their online presence is roughly under control. They set their Instagram to private, they use a different name on forums, they are "careful" about what they share. Then they actually search for themselves — and find their home address on a data broker site, their face on a fake dating profile, a decade of forum posts linked to their real name, and their daily commute route reconstructed from location check-ins.

This guide walks through a complete online privacy audit you can run in about 15 minutes. No technical skills required. Just a browser and the willingness to see what is actually out there.

What a motivated stranger can learn about you in 10 minutes — using only free, public tools:

Your face and where it appears online
Your home neighbourhood from location tags
Your employer from LinkedIn or bio
Your daily routine from post timestamps
Your phone number from old forum posts
Your relationships from tagged photos
Your email address from data breaches
Whether your passwords have been leaked
01

Face Search Audit

~3 min

Threat: Fake profiles, impersonation, commercial misuse

Upload your photo to a reverse face search engine to see every public page where your face appears. Most people are surprised — photos they posted years ago on platforms they no longer use, appearances in news articles, backgrounds of other people's photos, or active fake profiles using their face.

How to run this check:

  1. Choose 2–3 photos you commonly use as profile pictures
  2. Upload each one to FaceSift and wait for results
  3. Review matches above 75% similarity — check the source pages
  4. Also run each photo through Google Images to catch exact file copies

Red flags to look for:

  • Your face appearing under a different name on a dating platform
  • Your photo on a site you have never visited or given permission to
  • Commercial use — advertising, product pages, stock photo sites

Run your face audit now: FaceSift scans the public web for your face across different photos — not just exact image copies. Upload your most common profile photo to start. Also check our full guide on finding photo misuse.

02

Username & Email Exposure

~2 min

Threat: Account enumeration, credential stuffing, targeted phishing

Your username and email address are more revealing than they look. A single username used across multiple platforms creates a trail that links your gaming identity to your professional profile to your forum posts — potentially exposing years of activity you thought was anonymous.

How to run this check:

  1. Go to sherlock-project.com and enter your most-used username
  2. Review every platform where that username is registered
  3. Search your email address on haveibeenpwned.com to check for data breaches
  4. Google your username in quotes — check what content surfaces

Red flags to look for:

  • Your username appearing on platforms you don't remember registering on
  • Your email in a data breach — especially one that included passwords
  • Forum posts or comments from years ago surfacing with personal details
03

Social Media Leaks

~3 min

Threat: Location tracking, routine exposure, relationship mapping

Social media profiles leak far more than most people realise — not through a single post, but through the accumulation of small details across many posts. A determined stranger can piece together your home neighbourhood, daily routine, workplace, relationship network, and income level from a public profile in minutes.

How to run this check:

  1. View your own profile as a logged-out stranger (open in private browser)
  2. Check tagged photos — others may have tagged your location or workplace
  3. Review your oldest posts and photos — what did you share years ago?
  4. Check what appears when you Google your full name + social platform names

Red flags to look for:

  • Location check-ins, tagged locations, or backgrounds that reveal your home area
  • Routine patterns visible in post timestamps (same time every day = predictable schedule)
  • Phone number, email, or workplace visible in bio or old posts
  • Photos that show your car, home exterior, or street address
05

App & Device Permissions

~3 min

Threat: Location harvesting, microphone/camera access, contact scraping

The data collected by apps on your phone is often more sensitive than anything you post online — continuous location tracking, contacts, microphone access, photo library. Most people grant permissions without reviewing them and never check again.

How to run this check:

  1. Open Settings → Privacy on your phone and review Location permissions
  2. Check which apps have access to Camera, Microphone, and Contacts
  3. Review apps with 'Always On' location access — reduce to 'While Using'
  4. Check which apps can access your photo library and whether 'All Photos' is necessary

Red flags to look for:

  • Apps with 'Always' location access that don't need it (games, utilities)
  • Apps with microphone access that serve no audio purpose
  • Old apps you no longer use but that still hold permissions

How to Reduce Your Footprint

Once you know what is out there, here is how to pull it back. Start with the highest-impact steps.

High impact — do these first

  • Set social profiles to private. Instagram, Facebook, and TikTok all allow you to restrict who sees your posts and profile. Do this for any platform where you share personal content.
  • Opt out of data broker sites. Sites like Spokeo, BeenVerified, Whitepages, and Radaris aggregate and sell your personal data. Each has an opt-out form. It is tedious but effective — or use a service like DeleteMe (~$100/year) to automate it.
  • Remove your phone number from public profiles. Phone numbers are one of the most useful pieces of data for targeted attacks. Remove them from all public-facing profiles unless strictly necessary.
  • Request Google to remove personal data from search results. Google's 'Results about you' tool (myaccount.google.com) lets you request removal of results showing your address, phone number, or other personal information.

Medium impact — do these next

  • Audit old posts and photos. Set a few hours aside to review your oldest content. Delete or restrict posts that reveal your address, routine, workplace, or relationships in ways you would not want a stranger to see.
  • Use different usernames across platforms. A single username linking your professional, gaming, and personal identities creates a data aggregation risk. Use distinct usernames for contexts you want to keep separate.
  • Enable 2FA on all accounts. Leaked passwords are only dangerous if the attacker can actually log in. Two-factor authentication stops most credential stuffing attacks even after a breach.
  • Review app permissions every 6 months. Apps accumulate permissions over time. A periodic review revokes access from apps you no longer use and limits ongoing data collection.

Ongoing — run these periodically

  • Re-run this audit every 6 months. Your digital footprint changes as you post new content, appear in others' photos, or have your data included in new breaches. A periodic audit catches new exposure before it becomes a problem.
  • Set a Google Alert for your name. Go to google.com/alerts → enter your full name in quotes → set to 'As it happens'. You will be notified any time your name appears in newly indexed content.
  • Monitor for new data breaches. Have I Been Pwned (haveibeenpwned.com) offers free breach monitoring — enter your email address and you will receive an alert any time it appears in a newly disclosed breach.

Your privacy audit checklist

  • 01Run reverse face search on your 2–3 main profile photos
  • 02Check your photos on Google Images
  • 03Run your username through Sherlock
  • 04Check your email on Have I Been Pwned
  • 05View your social profiles logged out
  • 06Google your full name + city + employer
  • 07Check data broker sites for your address
  • 08Review app location permissions
  • 09Set a Google Alert for your name
  • 10Enable 2FA on critical accounts

Start with your face audit

The fastest way to see where your face appears online. Upload a photo — results in under a minute.

Run My Face Audit →