For some time now I have been trying to clean up my digital footprint by requesting deletion of accounts and associated data for unused accounts, and being critical about which accounts I actually benefit from keeping. This turned out to be far more time consuming than I imagined beforehand.

I’ve been using a password manager for about a decade, so I have a fairly good overview of a lot of the accounts I’ve opened over the years. However, while privacy has always been important to me, I was more concerned with increasing governmental surveillance rather than corporate surveillance for many years. So over the years I’ve signed up uncritically to a large number of services. Most of these do not have much data about me, but my username has generally been reused, along with e-mail and sometimes phone number and other more sensitive data. This of course doesn’t take into account all those minor services I’ve signed up for with e-mail + reused password. I have no control over those…

Now GDPR thankfully makes the job of cleaning up the accounts I do have control over a lot easier, because I doubt many of these services would even let me delete my account if not for it. However, it does not regulate enough how easy this process should be, and there are so many different ways companies implement this. From extremely convenient and easy ways of exporting all data and deleting the account, such as implemented by Strava (kudos to these companies!), to the worst offender of them all: British Airways… Until recently you would have to send an actual letter to their data protection offer with a copy of your passport (yeah right…). Sometime this year they’ve changed this, so now you just have to upload a picture of a letter to their document’s portal, but since that is borked, I can’t even access it to complete the deletion request. Apple also rejected my deletion request for an unknown reason, and I had to spend 45 minutes on the phone with them to understand that a cancelled, but still active subscription (a 1-year subscription that had not expired yet) from the app store, was blocking the deletion. Most are in between these two extremes, and either require that I actively follow up that I get a reply when I send an e-mail to their data protection officer with my request, or have processes that take up to a month to complete.

Of course, cleaning up 10-15 years of uncritical online presence would take a long time anyway, but companies making it hard on purpose to delete your account and data is infuriating, and a testament to a status quo that should burn in hell.

On the plus side: I no longer have accounts with Microsoft and Twitter, accounts with Apple and Amazon should soon be closed. My goal is to have completely phased out Meta and Google by the end of this year, although the communication lock-in of Meta and the fact that my primary e-mail was Gmail for 15 years (I’ve switched two years ago to Proton), makes these transitions a bit more difficult.

If nothing else, this process has made me very conscious about platform lock-in and the “joys” of ecosystems…

Not an answer but more of a mitigation strategy.

Duck mail proxy and a password manager that uses its API solves a few of the issues.

Phone number is linked to Google voice so I can change it on the whim.

I think the best answer is to stop creating the data and accounts. Everything can come later

@trace8191@feddit.nl
link
fedilink
5
edit-2
1Y

I just started this process now. It definitely is a marathon. The plus side is that you get a warm, fuzzy feeling after each piece of data you remove/fuzz!

Agreed with the others that you need to prevent that data getting in the cloud in the first place. This is essential from having to do the clean up again the future.

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
0
edit-2
4M

removed by mod

@cyberwolfie@lemmy.ml
creator
link
fedilink
11Y

Yeah, it’s about finding the right balance for oneself. I know WhatsApp is very much needed many places, in the same way Facebook Messenger still is here (but to a much lesser degree than before, so there’s hope!). Discord I also have, and will keep, but if I find communities I’m looking for on Matrix instead, I rather go there first. Amazon does not really work well in my country, so that is not a big deal to delete.

Regarding e-mails: to prevent lock-in, I set up custom domains that I use with Proton, that I can easily migrate to another service provider if needed in the future. I have one for personal communications, and use a mixture of catch-all aliases and SimpleLogin for new signups and accounts I want to keep. I also have one domain for semi-anonymous accounts more associated with my “online personas” than my real identity. This fits my threat level nicely.

I have also rid myself of streaming accounts now (last one is heading towards expiration within a couple of weeks). But instead of not consuming any media, I must admit I have taken to piracy again. The goal is to be a lot more conscious about the content I consume - too much time has been spent on mindless browsing for something to watch on Netflix and garbage movies / shows. Now I host Jellyfin locally, and I control exactly what content is there in the first place.

As to your last paragraph, I did not really understand what you are asking about?

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
-2
edit-2
4M

removed by mod

I feel you man. Here un Latin America we don’t even have the regulations. My experience here is we are getting blasted with by corporate abuse and our little protection (SERNAC in Chile) we had has stripped apart by some stupid law.

The problem is twofold. The first part is that companies cannot be trusted to act in good faith when it comes to complying with the intent of laws they disagree with. This doesn’t apply to every company, but it applies to enough of them to make life difficult. I think it was Enron who, when ordered to supply prosecutors with emails, opted to print them out and hand over reams of paper that then had to be re-scanned. This is the same approach as companies that require physical mail to delete a record and who only do so for locations where it’s required by law. There’s no reason that it cannot be done more easily with a login and password. When I was deleting my reddit accounts, I had to use a script to delete all of my posts and comments because reddit did not support that functionality.

The second, related problem is that the legislators writing the laws aren’t skilled technologists, and that technology keeps evolving. It’s like having people with no background in finance writing laws to regulate wall street (which also happens). Cynical people might think this is seen as a feature not a bug.

@cyberwolfie@lemmy.ml
creator
link
fedilink
41Y

Yes, proper regulation is difficult. My (limited) impression of EU regulation is that they often do have enough technology know-how to make regulations that to a large degree make sense, but not enough for them to be fool-proof. This is at least the case in the industry that I work in, which is also heavily regulated by EU. I don’t know anything about the processes of making these regulations, and whether those shortcomings generally are the result of sneaky lobbying (most certainly this must be the case at least sometimes) or lack of know-how.

BoofStroke
link
fedilink
-131Y

As with all things infosec (and life in general), best practice is to not get yourself into the mess in the first place vs. trying to clean up the mess later. You should have already not had personal data “in the cloud” and should have been using unique identifiers and authentication for every service that you use.

That’s common knowledge now but some of us have been around since the beginning of the modern internet when corporate data collection wasn’t even a thing. The privacy invasion was a slow creep that some of didn’t notice until it was too late. The 198 accounts in my password manager are only the last ten years or so of accounts. I’ve been online since the early 90s and can’t begin to remember what services/sites I was using back then that might have survived or been breached.

@cyberwolfie@lemmy.ml
creator
link
fedilink
71Y

I agree that the it would’ve been best to never have gotten into the mess in the first place, but these are sins of the past that are not undone now. I, like many others, was for a long time ignorant of the extent of data collection, and did not have the knowledge to fully reflect on the potential consequences (I signed up for Facebook as a teenager). And it’s not like all these companies have been very transparent about how much they collect and where the data goes and is used for. The vast majority of netizens still do not fully understand the scope of this, and are also not in a place to be able to apply best practice infosec principles.

My rant is about how unnecessarily time consuming and difficult the process of cleanup is, when you already find yourself in this situation, despite regulations that gives you the right to have your data deleted. Most people would not want to spend this amount of time on this, and as such, the tactics applied by these corporations work.

I feel your pain. I’ve been trying to clean my digital life up and it is almost overwhelming. I’ve only been working on it for a month or so in my spare time but it’s a collosal PIA. I wish every site that had a create account button had an equally obvious and easy to click delete account button.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.96K Posts
  • 74.6K Comments
  • Modlog