About 4% of Americans have been doxxed—11 million people. 93% worry it could happen to them. But only 25% believe they could successfully remove their personal information from the internet, and just 22% know what steps to take if they were targeted. [1]
The same tools investigators use to find people can help you find yourself. Before a stalker, scammer, or data broker builds a profile on you, build one yourself. This guide shows you exactly how—using the same OSINT (Open Source Intelligence) techniques they'd use against you.
The Scale of Your Exposure
5.24 Billion
Active social media users globally [2]
6.83
Average social platforms per person [2]
90%+
Of doxxing files include victim's address [1]
304+ Hours
Time to manually opt out of data brokers once [3]
52% of doxxing attacks start with an online chat with a stranger. Social networking sites are the chosen platform for 86.7% of doxxing incidents. [1]
Women face more attacks: 21% have experienced doxxing, compared to 13% of men. [1]
What OSINT Tools Can Find
Here's what someone can discover about you using freely available tools:
From Your Email Address
- Connected accounts (Instagram, Telegram, Airbnb, CashApp)
- Data breach history
- Associated usernames
- Linked social media profiles
- Registration dates and activity patterns
From Your Username
- Accounts on 600+ websites (via tools like Sherlock and WhatsMyName)
- Gaming profiles, forums, dating sites
- Cross-platform identity connections
- Old accounts you forgot existed
From Your Phone Number
- Carrier and location data
- Associated accounts
- Reverse lookup revealing name and address
- Messaging app profiles (WhatsApp, Telegram, Signal)
From Your Face
- Where your photos appear online
- Social media accounts with your face
- Dating profiles
- News articles, event photos
From Data Brokers
- Current and past addresses
- Phone numbers
- Family members and associates
- Property records
- Court records
- Estimated income
The Self-Audit: Step by Step
Set aside 2-3 hours for your first audit. This isn't a one-time task—quarterly reviews are recommended. [4]
Step 1: Google Yourself
Start basic. Search for:
- Your full name (in quotes: "John Smith")
- Your name + city
- Your name + employer
- All email addresses you've used
- All phone numbers
- All usernames
- Your address
Advanced Google Operators
Use these to narrow results:
"full name" site:linkedin.com— Search specific sites"full name" filetype:pdf— Find PDFs containing your nameinurl:username— Find URLs containing your username"[email protected]"— Find where your email appears
Don't stop at page 1. Check at least the first 5 pages of results.
Important
Use an incognito/private browser window. Google personalizes results—you want to see what a stranger would see.
Step 2: Search Your Usernames
Your username is often the thread connecting your accounts. Tools to check:
WhatsMyName.io
Free web tool searching 1,500+ platforms including social media, forums, gaming sites, and professional networks. [5]
URL: whatsmyname.io
Sherlock
Command-line tool checking 400+ websites. If you're comfortable with terminal commands: [6]
pip install sherlock-project
sherlock username Or use the web version at sherlockosint.com
What You're Looking For
- Old accounts you forgot about
- Accounts that aren't yours but use your username
- Connections between personal and professional identities
- Gaming accounts, forums, dating profiles
Search every username you've ever used. That embarrassing handle from 2009? It's still out there.
Step 3: Check Data Breaches
Your credentials may already be compromised. Check:
Have I Been Pwned
URL: haveibeenpwned.com
Enter every email address you've used. The site will show which breaches included your email and what data was exposed (passwords, addresses, phone numbers, etc.).
What to Do with Results
- Change passwords on any breached accounts immediately
- If you reused that password elsewhere, change it everywhere
- Enable two-factor authentication
- Consider whether breached accounts are worth keeping
Step 4: Audit Data Brokers
Data brokers compile and sell your personal information. The industry is enormous, and your data is almost certainly in it.
People Search Sites to Check
Search your name on these sites to see what they have:
- Whitepages: whitepages.com
- Spokeo: spokeo.com
- BeenVerified: beenverified.com
- Intelius: intelius.com
- TruePeopleSearch: truepeoplesearch.com
- FastPeopleSearch: fastpeoplesearch.com
Expect to find: current and past addresses, phone numbers, email addresses, relatives' names, property records, and more.
The Big-Ass Data Broker Opt-Out List
Journalist Yael Grauer maintains a comprehensive opt-out guide: [3]
URL: github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
The list prioritizes which sites to tackle first:
- 💐 High priority (13 sites): Start here if you have limited time
- ☠ Critical (6 more sites): Do these next
- Full list: 100+ data brokers with opt-out instructions
Key Opt-Out Notes
- Spokeo: Removal takes 72 hours. However, data may persist for paid accounts even after you opt out. [7]
- BeenVerified: Also owns PeopleLooker and PeopleSmart. Only allows one opt-out per email address. [3]
- Whitepages: Sometimes data remains on Whitepages Premium after removal from the main site. Phone verification required. [3]
Paid Services
Manual opt-out takes 304+ hours. If you can't invest that time:
- DeleteMe: $129/year, handles opt-outs automatically [3]
- Incogni: Automated removal from 180+ brokers
- DuckDuckGo Subscription: Includes Personal Information Removal for US users
These services don't cover every broker. Use them to handle the bulk, then manually opt out of sites they miss.
Step 5: Reverse Image Search
Your photos may be scattered across the internet in places you don't expect.
Tools to Use
- Google Images: Upload your profile photo to see where it appears
- TinEye: tineye.com — Finds image copies and modifications
- Yandex Images: Often better than Google for facial matching
- PimEyes: Facial recognition search engine (freemium)
What You're Looking For
- Dating profiles (including ones you deleted)
- Photos from events you attended
- News articles featuring you
- Stolen photos on fake accounts
- Professional headshots on company sites
Search every profile photo you've used. That LinkedIn headshot might be on sites you never heard of.
Step 6: Audit Social Media
Go through each platform you use and review your settings.
- Who can see your email address?
- Who can see your phone number?
- Is your connection list public?
- Review your post history—what's public?
- Check "Visibility" settings in Privacy menu
- Use Facebook's Privacy Checkup tool
- Review who can see your posts (Friends? Public?)
- Check tagged photos—who tagged you where?
- Review location history and check-ins
- Check your friend list visibility
- Is your account public or private?
- What location tags have you used?
- What's in your story highlights?
- Who's tagged in your photos?
All Platforms
- Download your data export (most platforms offer this)
- Review third-party app connections
- Check which apps have access to your account
- Review login history for unknown devices
Step 7: Create an Action Plan
Prioritize what you found. Address these immediately:
Red Flags Requiring Immediate Action
- Current home address appearing on multiple sites
- Phone number widely distributed online
- Family members' names publicly linked to you
- Photos showing your home interior, vehicle, or identifying markers
- Travel patterns and vacation announcements
- Credentials in data breaches (especially if you reuse passwords)
Your Action Checklist
Immediate (This Week)
- Change passwords for any breached accounts
- Enable 2FA on all important accounts
- Submit opt-out requests to high-priority data brokers
- Adjust social media privacy settings
- Remove or restrict access to current home address
Short-Term (This Month)
- Delete or deactivate unused accounts
- Continue data broker opt-outs
- Set up Google Alerts for your name and email
- Request removal of outdated content (if possible)
Ongoing (Quarterly)
- Re-audit your digital footprint
- Verify data broker removals held
- Check for new breaches on HaveIBeenPwned
- Review social media settings (platforms change defaults)
Defensive Best Practices
Username Hygiene
- Use different usernames for different contexts
- Don't connect personal usernames to professional accounts
- Avoid usernames that reveal personal info (birthyear, location)
Email Compartmentalization
- Use different emails for different purposes
- Primary email for important accounts only
- Burner/alias emails for newsletters, signups
- Consider email masking services (SimpleLogin, Firefox Relay)
Phone Number Protection
- Get a VoIP number (Google Voice, MySudo) for public use
- Keep your real number private
- Be selective about which services get your real number
Photo Awareness
- Use different profile photos for different purposes
- Remove EXIF data before uploading (location, camera info)
- Be mindful of what's visible in photo backgrounds
If You're Already a Target
If you've been doxxed or are facing harassment:
Immediate Steps
- Document everything (screenshots with timestamps)
- Report to platforms where content is posted
- Lock down all social media accounts
- Alert family members who may be contacted
- Consider changing phone number
- File police report if threats are involved
Resources
- PEN America's Online Harassment Field Manual: Practical tips for before, during, and after doxxing
- Coalition Against Stalkerware: Resources for potential spying or stalking
- Crash Override Network: Crisis support for online abuse
The Bottom Line
Your Data is Already Out There
The average person has 6.83 social media accounts. Each one leaks data. Data brokers compile it. People search sites sell it. And 93% of Americans worry about doxxing but only 22% know what to do about it.
The same tools that investigators, stalkers, and data brokers use are available to you. Use them on yourself first. Find what's exposed. Remove what you can. Minimize what you create going forward.
This isn't paranoia—it's digital hygiene. The question isn't whether your information is out there. It's whether you know what it is.
References
- SafeHome.org - Doxxing Statistics in 2024
- Digital Footprint Check - How to Find a Person on Social Media
- GitHub - Big-Ass Data Broker Opt-Out List
- OSINT Guide - How to Protect Yourself from OSINT (2025)
- WhatsMyName.io - Free OSINT Username Search Tool
- GitHub - Sherlock Project: Hunt down social media accounts by username
- DeleteMe - How to Remove Yourself from Spokeo (2025)
- EFF Surveillance Self-Defense - How to Manage Your Digital Footprint