Self-OSINTJune 30, 20268 min read

How to Check Your Digital Footprint: A Self-OSINT Walkthrough

By Scott Anderson, Clearfront maintainer

You can audit your own digital footprint in about an hour, for free, using the same techniques a security analyst would. This walkthrough covers the five passes that matter: your identifiers, where they show up, how they connect, what is verified, and what to clean up. I will show the manual way for each, then the shortcut.

How do you check your digital footprint?

Check your footprint by running the same searches an investigator would run on you: search your name and email, look up your usernames across platforms, check your email against breach databases, and see which data brokers list you. Do those four things and you will find most of what is public about you.

The trick is to do it in the right order, because each result feeds the next. This is what OSINT people call self-OSINT, and it is the single most useful hour you can spend on your own privacy.

Step 1: List your identifiers

Start with the anchors an investigation would start from. Write down your primary and old email addresses, the usernames you have reused, your phone number, your full name, and any personal domains. These are the seeds. Everything else grows from them.

Be honest about the old ones. The email you used in college and the gamer tag from 2010 are exactly what someone would pivot through, because you have probably forgotten what they are still connected to.

Step 2: Discover where you show up

Search each identifier and record every account and page that comes back. Google your name in quotes, then your email, then each username.

  • -Search your name in quotes, then again with your city
  • -Search your email address directly
  • -Run a username check with a tool like Sherlock or an equivalent
  • -Check GitHub, if you write code, for anything you committed by accident

Username tools are the eye-opener here. One handle can resolve to accounts on hundreds of sites, and most people find at least a few they forgot existed. I covered how that works in finding every account linked to a username.

Step 3: Check your breach and paste exposure

Look up every email address against a breach index to see which leaks include you. This is where the passwords live.

A breached password from a site you abandoned is the thread attackers pull hardest, because people reuse passwords. Check each email, note which breaches you appear in, and treat any reused password as compromised. If you want the free and open-source options for this, I compared them in open-source Have I Been Pwned alternatives.

Step 4: Find your data broker listings

Search the major people-search sites for your name and city. These are the listings that expose your home address, age, and relatives.

Spokeo, Whitepages, BeenVerified, Radaris and a dozen others compile public records into a profile anyone can buy. Find the ones that list you before you decide what to remove. The data broker removal guide walks through opting out.

Step 5: Correlate, verify, and clean up

Now connect the dots. The point of a footprint audit is not a pile of results, it is seeing how they link: this username ties to that email, which appears in this breach, which shares a password with that account. That chain is your real exposure, and fixing one link often breaks several.

  1. 1.Close accounts you no longer use
  2. 2.Reset breached passwords and enable two-factor authentication
  3. 3.Opt out of the brokers that list your address
  4. 4.Rename or separate reused usernames
  5. 5.Strip metadata from photos before posting

Verify as you go. A name-only match is not proof it is you; a URL you can open and confirm is. Investigators rate a verified account as high confidence and a name match as low, and you should too, or you will waste time chasing listings that are not yours.

Doing all five passes in one sweep

Done by hand this is an hour of tab-juggling, and you have to repeat it every few months because your footprint keeps growing. That repetition is why I built Clearfront.

You give it one identifier and it runs the discovery, breach, paste, and account passes for you, connects the results into an evidence graph, and an AI security analyst writes up what is exposed with a confidence rating on each finding. It runs on your own machine with your own API key, so your self-audit stays yours. The browser console even has a one-click self-check if you would rather not type anything. Here is how to install it and run the first scan.

Frequently asked questions

How often should I check my digital footprint?
Every three to six months, and right after any breach that includes a service you use. Your footprint is not static; new accounts, new breaches, and refreshed broker listings appear constantly.
Is it legal to OSINT yourself?
Yes. Every technique here uses public data about your own accounts. Self-OSINT is just looking at what anyone else could already see.
What is the difference between self-OSINT and a background check?
A background check is a formal report pulled by a company for hiring or lending. Self-OSINT is you running the same public-data searches informally, so you know what those reports and any stranger will find.

Scott Anderson believes your personal data is yours to own and protect. He built Clearfront, a free, open-source tool for scanning and scrubbing your own digital footprint from public data, and he writes about OSINT, breach exposure, and personal privacy.