On social media, it is easy to forget who can see our posts. A pseudonym can protect us from revealing too much, but there are still plenty of ways we can accidentally dox ourselves.
1. There’s lots of metadata in images
Many cameras and smartphones collect metadata along with the picture. This data might include the time you took the photo, information about your camera, and highly sensitive information such as GPS coordinates or usernames.
Some social media sites will remove this metadata from the image before making it publicly available, but they will still collect and store the information for themselves. Other sites will not remove your metadata at all.
It’s best always to remove metadata yourself to prevent unwanted followers to show up at your doorstep.
Some metadata is pretty hard to remove. A picture of you in front of the Eiffel Tower will always reveal that you are currently in Paris, for example. So maybe it’s best to wait until you are back home to post it so as not give potential robbers any ideas.
Look carefully at pictures before you post them. Maybe a street sign or passing public bus reveals your location?
2. QR Codes are embedded with lots of information
We know it’s tempting to show your followers that you are on your way to a vacation, or just saw a cool new blockbuster, but this is not without risk. Be careful of everything that has a QR code in it, such as movie tickets or flight tickets. The QR code might include your loyalty card number or even your name.
With this information, a criminal, personal enemy, or even just a prankster might be able to successfully change your flight, get themselves movie tickets on your expense, or empty your loyalty card.
3. Your language and writing style is a dead giveaway
Blogging anonymously is hard. You will have to change your language and style and avoid slang carefully. Everybody has some words they use far more than others, and the science of stylometry helps people find out who wrote what.
The more casual the writing style, the easier it is to find out who is the author of an anonymous piece, such as a song.
It is possible to use computers to automatically analyze essays, work emails, or blog posts and correlate them with the style of the social media account.
Your IP address will betray you
Every site you visit can see your IP address. Somebody who wants to find out your IP address and approximate location needs only to trick you into visiting a site they own, for example by commenting on your recent social media post, and then routing the request.
It’s straightforward to reroute traffic unnoticeably, for example by using a link shortener service. A shortened link can direct to a third-party before forwarding on to the site you expect to see, and there is no visible trace your information was caught in the middle.
In some countries, such as the United States, it’s even easier to get internet usage data. ISPs will happily sell your information to anyone who asks, so any site you have visited can cheaply find out our name and address.
Think twice before you post anything
You already know you have to be careful with what you post on your social media accounts. But be especially careful with metadata, information in the background of pictures and videos, and QR and barcodes.
And don’t forget to use Tor or a VPN!