The internet is a powerful tool to use for research. You can find a ton of information on just about any subject, from the economy of Sudan to the chemical reactions behind digestion to the biographical history of a famous actor. Unfortunately, it’s equally powerful for researching an individual person.
If you haven’t before, try this: Go to Google and type in your full name, first and last. What do you see?
- Major social media profiles, including prominent Facebook, Twitter, and LinkedIn links.
- Your presence on company websites.
- Your profiles on freelance or side gig hubs.
- Your comments on blogs.
- Your mentions on Wikipedia.
- Your listing on White Pages.
- Your entry on regional resident databases.
- Your court records or participation in legal battles.
And much more! As powerful as the internet is for researching science and literature, it’s equally powerful for researching people. Some people live lives that are a matter of public record, like prime ministers or Hollywood actors. Others, you and me, live much more nondescript lives. We should be able to live without fear of being tracked down by nefarious actors.
What Data is Public Record?
The entries you see above are just some of what can be found out about a person when you search for them online. Some of this information is a matter of public record. Getting your name itself scrubbed from the internet is virtually impossible. Some records, like court documents, are available legally as a matter of public record unless a court seals the documents.
Other information is more privileged. It may be out there on the internet because you, or someone else who has the information, posted it. Personal information may or may not be part of the public record, depending on what information it is, but you may not want it out there regardless.
Public records are nothing new. Most of this kind of information is available in city archives and court records stretching back hundreds of years. It’s how genealogists are able to do their research and trace family trees. Most of that information isn’t digital, though; it’s stored in books and records and requires a lot of legwork to get. Only recent generations find their information at the fingertips of anyone with an internet connection.
Public records like this can, sometimes, be removed from the internet. The process for doing so may be tedious, however, and it might take a long time before the changes have fully propagated throughout the internet. During that time, malicious actors can archive that data.
What we mean to say is that removing public records is a long-term, ongoing problem, and it’s one that needs to be done proactively to protect yourself. If you’re actively being doxed or stalked, that information is likely already in the hands of a malicious actor, and while you can remove it to minimize the damage, it might be too little, too late.
There are also a ton of websites out there that make a profit from selling, or purporting to sell, this public information. It’s important to know two things about these sites.
- First, they may not respond to anything less than a legal cease and desist or threat letter. They know most people sending threatening emails cannot follow up and will ignore them.
- Second, they may not actually have an archive of your personal information. They show up in web search and will give very basic information, like name and birth date, but will ask the user to pay to get a full report. That full report is aggregated from other sources only once it has been paid for. These sites don’t have nearly the resources necessary to store dozens or hundreds of records for billions of people.
Thus, the job of removing public records from the internet requires several things.
First, it requires identifying which sites need to be targeted. Generally, you’re looking for sites that are first-hand hosts of information (like company about pages, legal records pages, social media profiles, and posts you or a harasser have made on web forums and blogs). Secondary sites that aggregate that information may be targeted, but if they don’t actually have the information on hand, they don’t need to be.
Second, it requires knowing the process for taking down information. Some sites will respond to emails. Some will require strongly-worded legal letters. Some won’t respond to anything less than a court summons. It all depends on the source.
Third, it requires understanding what information can be removed, and what can’t. Your name likely cannot be scrubbed from the internet. Your birthday, your address, and your phone number might not be removable. Your court records might be but may need a court order first. Other records can be, but it might depend on jurisdiction.
For example, in the European Union, the GDPR includes the “Right to be Forgotten.” This is a privacy right that any website that serves in the EU has to abide by; if a request is made to remove personal information, it must be followed, within certain boundaries. The U.S. has virtually no protections for personal information. Canada has a few precedents, but no sweeping legislation like the GDPR.
Removal of Information vs Removal of Access
Another item to note is the difference between the removal of information and the removal of access to information. 90% of doxing and other stalking uses Google to find information, so Google is the primary target for a lot of information removal requests. However, Google does not host this personal information itself, outside of specific cases like Google My Business listings and so on. Google can remove specific kinds of information (explicit images, exploitative information, financial and medical information, doxing content) but cannot remove all of it.
Moreover, Google does not remove the original source of the information. All they do is deindex the pages you request. Part of the issue with this process, in fact, is that there are likely thousands of mirror sites hosting this kind of information, and it may take many rounds of back-and-forth requests with Google to get them all.
Additionally, all of this information is still there on those sites. By removing the information from Google, you’re removing access to it, but anyone can still visit those sites directly and find it there. You have to reach out to those site owners or web hosts to get the information removed at the source.
The Information Removal Process
If you’re intent on getting personal information removed from the web, here’s how you can try to go about it.
Step 0: Consider hiring a reputation manager. The process below is mostly a skeleton of the legwork you’ll really have to do. We might be making it sound easier than it actually is. In reality, the process can take months and may have a low success rate, especially if you’re doing it on your own. Hiring a firm like ours can expedite the process because we know what we’re doing already.
Step 1: Change your personal information. You don’t have to move houses, but you should take steps to change information that could be used against you. Registering a P.O. box gives you an address that can replace your personal address online. The same goes for a dedicated VoIP number for a phone number. Since it’s difficult or impossible to remove this information completely, it’s better to give the aggregators something easier to find that can’t be used against you.
Step 2: Search for yourself on Google and other search engines. You’ll want to go 10+ pages back in the search results. Start a spreadsheet, and record the domain, the specific URL, and the personal information on each site that you want to be removed. This helps you review what needs to be removed, and gives you a checklist to use to verify removals after the fact. We recommend categorizing each site into one of three categories:
- Owned properties. These are profiles you own and control, such as your own website, your blog comments, and your social media profiles; anything you can edit yourself.
- Friendly properties. These are sites like charities, your job’s website, and other websites that may be amenable to a removal request when you approach them.
- Hostile properties. These are information aggregators that have “pay us for removal” processes or that are unlikely to listen to a request.
Each of these can be dealt with, in its own ways.
Step 3: Decide what you want to get removed. Some information is impossible to remove without vanishing as a person, like your full name, city of residence, or birth date. Other information is more easily removable, like government ID numbers, personal phone numbers, and work history. Yet other information may be removable at a court order, like business records, court and arrest records, and other personal information.
Step 4: Visit local and governmental offices. County clerk offices, law offices, public facilities, the DMV; any authority that may have information on you in their records can be visited to ask about redacting that information. Be prepared to ask what can be done. They likely have a process for redacting some but not all of your identifiable information and may be able to remove it from the web more easily than on paper.
Step 5: Edit anything you can control. Go through all of the sites on your list that you can control, and edit out any of your personal information. Either replace it with the alternate information you registered or remove it entirely. You may want to take your social profiles private as well and delete old sites that you don’t use anymore.
Step 6: Consult with a lawyer. A lawyer can help you in two ways. First, they can help temper your expectations for what can and can’t be removed. Second, they can help draft you a letter to send to malicious sites and hostile actors and can pursue legal action if a threat letter doesn’t work. Look for a lawyer who specializes in privacy.
Step 7: Reach out to non-malicious sites. The websites in your “friendly properties” list are generally more amenable to removal requests. Call, visit, or email the owners of those sites and talk to them about the removal of sensitive personal information. Give them the link to the page and the information you want to be removed. Ideally, they will be able to remove the information for you, and you can cross them off the list.
Step 8: File requests with personal record aggregators. Some sites aggregate personal information but have a defined process to have it removed. As long as they aren’t trying to force you to pay, you may be able to go through the removals process to get the information removed. If they demand a fee or otherwise try to extort you, file them under hostile actors and move on.
Step 9: File removal requests with Google. Any site that refuses to edit or remove your information, or demands money for it, could possibly be removable via Google (and a similar process through Bing and other search engines.) This is the process for Google. The process for Bing is more complicated and requires contacting Microsoft Support. Be aware that you may have to file a new request for every site you want to be removed.
Step 10: Build a personal brand to suppress information. Often, you can’t remove your web presence entirely. In these cases, it may be best to build your own personal brand to suppress the information you want hidden.
For example, if you create a personal website that highly promotes your own information – but uses your P.O. box address and VoIP phone rather than your own – aggregators will pick up that information instead. Rarely does an automated system dig that deep. You can also use this process to build a positive reputation, and suppress negative news stories or mentions.
At the end of the day, it’s an unfortunate truth that until governmental legislation takes action to protect the privacy of the average citizen, there’s not a lot you can do to suppress your personal information without a lot of manual labor. That’s why so many people turn to reputation management companies to handle it for them. We at least know all of the avenues for suppressing, removing, or replacing personal information, and can go through the process using pre-existing systems, template letters, and legwork. The cost is often well worth it.