I’ve noticed an extremely concerning trend over the last few years of people just giving away their personal information online. You’d imagine this is mostly an issue with kids, and while it is, you find adults who treat Threads, Twitter, and Facebook like a private chatroom just for them and their friends, all while broadcasting inordinate amounts of sensitive information to the entire planet.

Data points, data points, everything’s a data point

Literally every single thing you publicly post or say on the Internet is a potential clue for bad actors to triangulate who you are. Every holiday selfie, every rant about the local pub, everything can be used and misused. I don’t say this to fearmonger, it’s entirely okay to post these things as long as you know what you’re doing.

Before you post, you need to think: “does this say something about me that isn’t already available?” and “if so, do I want the world to know it?”. A lot of innocent things can very quickly add up: a photo of your kids in school uniform, your full name, your car, where you got your nails done, where you got your tires changed. Everything narrows down where you live, what you do, and who you are.

Example 1: the ID shot

I often scroll Threads (and I’ve noticed this is more an issue on Threads than elsewhere, possibly because the demographic skews older and less tech-literate) and see people posting half-redacted photos of their legal ID just there for the entire world. While technically a fully redacted ID photo shouldn’t cause any issues, it doesn’t take much of a mistake for the dots to start connecting, and if there’s one thing the internet can do, it’s connect dots.

Today (the reason I’m writing this post), I saw a gentleman post a picture of his ID with attempted redaction, but small parts of his postcode were still showing. I managed to guess the last 3 characters of his postcode because they were quite distinctive characters, and finding the first half wasn’t much harder. I saw that this gentleman was a fan of a small League 2 football club, which instantly narrowed down where he lived to within half of a county. The town he lives in has multiple outcodes (the first half of a postcode), but the details I could see matched and it was easy enough to then work out his full postcode by looking at the tiny bits of the second number that were visible. Very quickly indeed, “anywhere in the UK” became “anywhere in this medium-sized town of his” to “this street”. I was only doing this to prove a point, but someone with less-than-pure intentions could easily abuse this information to cause real harm.

Example 2: the boarding pass

Most people don’t know this, but the barcode of a boarding pass contains a scary amount of information: your full name, destination, the flight number, and sometimes even your passport number and nationality. It doesn’t take any fancy tools to decode, just one of many apps you can download for free.

This information is typically enough to change seat reservations, cancel flights, and in some cases even cancel your passport. The Internet is an incredible tool for getting people who want to cause chaos directly to your door, so maybe don’t post unredacted information about your flight on the largest platforms on the planet (or anywhere, really).

Example 3: the parcel photo

People often think they’re being thorough about data redaction, but they really aren’t. I’ve seen people post their entire address to the Internet through the power of “Sharpie not dark enough”. Boost the image contrast in any photo editing app (your phone comes with one) and there’s the full address, clear as day.

Even if you cover the address digitally, you can still fall into the boarding pass trap – some companies’ tracking barcodes contain postcode, full name, and a lot more! Don’t let the computers rat you out.

Wow, Ash, thank you so much! You’ve opened my eyes and my mind! Whatever do I do now?

Why thank you, kind stranger I made up to make myself feel better! To stop this from happening to you, so you don’t become Darryl Smith, 56, living at 6 Beaufort Place, Enfield (not a real person, I checked), you can do a few simple things:

1. Be thorough with your redactions. If someone can read part of what you’re trying to hide, they can most likely work out the rest – it’s all a numbers game.
2. Scrub anything machine-readable. The barcodes are not your friends. They’ll reveal your name, address, and favourite ice-cream flavour.
3. Be careful with what you share. If you haven’t shared your full name before, maybe don’t. If you haven’t posted about your hometown before, you don’t have to start now! A little bit of digital prudence will go a long way to keeping you safe.

Stay safe out there. <3