Digital Privacy

Social Media Privacy: What You're Sharing That You Don't Realize

The problem isn't social media itself — it's that most people don't know what information they're broadcasting to strangers, data brokers, scammers, and anyone else who's paying attention. A 20-minute audit changes what you share forever.

Updated: March 2026 Silent Security Research Team
Silent Security Research Team
Last reviewed March 2026  ·  Our methodology  ·  Affiliate disclosure
Independent Review
📡
What's actually dangerous: Not the existence of your profiles, but the combination of details. Your name + employer + neighborhood + daily schedule + home exterior photo is a data package that enables stalking, targeted scams, social engineering attacks, and burglary while you're visibly away.

What Oversharing Actually Looks Like

None of these seem problematic alone. Together, they build a profile anyone with time and a browser can assemble:

Information that combines dangerously

  • Your full name + employer from LinkedIn, visible on your Instagram bio
  • Vacation photos with geotags while your home is empty
  • "Back at the office after a week away!" — announces empty house retroactively
  • Photos from your driveway or front door that show your house number or street sign
  • Your daily running route posted publicly on Strava or Instagram
  • Your children's school name, after-school activities, and schedule
  • Photos of your car showing the license plate clearly
  • Complaining about a neighbor, landlord, or coworker by name + location

Who is reading this

  • Data brokers who compile and sell your information to anyone who pays
  • Scammers who build custom "spear phishing" attacks using your details
  • Stalkers or abusive ex-partners who are monitoring your activity
  • Burglars who know you're out of town and when you'll return
  • Social engineers targeting your employer using your personal details
  • Anyone who follows you — not all followers are people you know

Platform-by-Platform Privacy Audit

Instagram

1

Set your account to private

Settings → Account Privacy → Private Account. A private account means only approved followers see your posts, stories, and reels. If you're a public figure or business, this may not apply — but for personal accounts, private is the default that makes sense.

2

Audit your followers list

Go through who follows you. Remove accounts you don't recognize. Remove accounts with no posts and few followers (likely bots or fake accounts monitoring you). An account that looks like it was created to follow you specifically deserves a block. This is worth doing once — then stay on top of new follow requests.

3

Turn off location tagging on posts

Settings → Privacy → Location → turn off. When you add a location tag to a post, it stays in the post metadata forever — and it reveals your regular locations, your home area, your gym, your kids' school, and your vacation timing. You can share "I'm in Paris" without a precise location pin.

Facebook

1

Run the Privacy Checkup tool

Facebook → Settings → Privacy Checkup. This walks you through: who can see your future posts, who can see your personal information (email, phone, birthday), who can look you up by email/phone, and whether your profile is searchable by name. Set most audience controls to "Friends" rather than "Public."

2

Remove your phone number from public view

Settings → Privacy → How people find and contact you → Who can look you up using the phone number you provided → set to "Only Me." Your phone number should not be visible to "Friends of Friends" or "Everyone" — that feeds data broker databases and enables scam targeting.

3

Review third-party app access

Settings → Apps and Websites. Remove every app that still has Facebook access that you don't actively use. Old games, quizzes, and login-with-Facebook connections linger forever and often still collect data. Remove anything you don't recognize or haven't used in the past year.

LinkedIn

LinkedIn is necessarily more public — professional networking is the point. But a few settings matter:

  • Settings → Visibility → Profile visibility → turn off "Viewers of this profile also viewed" (stops competitive tracking)
  • Don't post your exact home city — your metro area is enough
  • Don't post your personal cell phone — use a professional contact method
  • Be aware: your employer + job title + industry + city on LinkedIn feeds social engineering attacks against your company

Strava and Fitness Apps: A Hidden Risk

🏃
Strava heatmaps have revealed military base locations, stalker routes, and home addresses of athletes. Your public running route shows where you leave from (home), when you run (schedule), and where you reliably are at predictable times. Set Strava to private, and use "Hide Start/End" on any run that starts or ends at your home. Settings → Privacy Controls.

Remove Yourself from Data Broker Sites

Data brokers (Spokeo, BeenVerified, Whitepages, Intelius, and dozens more) buy, compile, and sell your personal data — name, address, phone, family members, employer, property records. Anyone can search for you. Removing yourself is time-consuming but effective:

1

Google your own name and address first

Search: "[Your Name] [Your City]" and "[Your Address]". See what comes up. This shows you which brokers have your data and what's publicly visible right now. Also try your name + phone number, and your name + employer.

2

Opt out manually from each major broker

Each broker has an opt-out page — usually deeply buried. Major ones with opt-out links: Spokeo (spokeo.com/optout), BeenVerified (beenverified.com/opt-out), Whitepages (whitepages.com/suppression-requests), Intelius (intelius.com/opt-out). It's tedious — plan for 1–2 hours to work through the major ones. Some require email verification; others require a form and a wait.

3

Use a removal service for ongoing protection

New data broker listings are created constantly. Services like DeleteMe ($129/year), Kanary, or Aura (which includes broker removal) handle ongoing opt-outs automatically. If you have elevated privacy concerns — public figure, domestic violence situation, high-profile job — this is worth the cost. For average users, the manual opt-out of the 10 major brokers covers most of the risk.

Aura removes you from 40+ data broker sites automatically

Plus identity theft monitoring, antivirus, VPN, and credit monitoring — all in one subscription.

Get Aura Read Review →

Frequently Asked Questions

My Instagram is set to public for my business. How do I reduce risk?

Separate your personal and business presence. Business account: public, professional content only, no location tags on posts that reveal your home or routine. Personal account: private, real-name optional, separate from your business. Don't cross-post between them in ways that link your home location or personal schedule to your public business identity.

Is it safe to post photos of my kids on social media?

The specific risks: photos with school uniforms or visible school names, location tags that identify your neighborhood, predictable posting patterns that reveal schedules, and tagged family member names that make children searchable. These can be mitigated with a private account, no location tags, and avoiding identifiable details. Many parents use a private account visible only to family and close friends for child photos.

Does deleting old posts help?

Yes — old posts can contain location data, life details, and context that data brokers and malicious actors can use. Bulk-deleting old posts is worth doing. Facebook and Twitter have settings for archiving/deleting; third-party tools like Semiphemeral (Twitter) or Social Book Post Manager (Facebook) can bulk-delete posts meeting criteria like age or engagement.

Related Guides

🛡️ Doxxing Response 🔐 Account Hacked ❤️ Dating Safety