Why Google Knows More About You Than You Think, And How to Fix It

We all know that what happens on the internet stays on the internet forever. More and more, we’re realising that’s a problem.

Today’s cyber criminals don’t fight fair, and they don’t think small. Nothing is off limits. Everything from where you worked ten years ago to where you were ten minutes ago can be scraped, sold, and somehow used against you. 

Cybersecurity professionals need to understand what information people can access about them in a simple Google search, and how to keep those revealing details to a minimum. 

That’s because personal data exposure online is more than a “necessary nuisance” these days; it’s a foothold for attackers to gain leverage over our finances, our families, and even our places of employment. 

How Google Collects, Categorizes, and Displays Personal Data

Google’s notorious crawlers index everything from public profiles to social media posts to online purchases. They’ll go after your Yelp reviews and even pry into cached versions of content you thought you deleted (and did). 

Here’s how Google profiles your digital life. Often, they can crawl the (un-paywalled) pages of data brokers or access data from third-party leaks if it is in a publicly accessible place, such as:

• A paste site (Pastebin)
• A public GitHub repository
• A misconfigured cloud bucket (open AWS S3 bucket)
• A public forum
• A file-sharing site

This re-hashing of unintentionally exposed private data only creates a feedback loop of exposed information that nobody wanted Googled in the first place—at least nobody the data belongs to. 

Google uses this data for more than a high school friend finder; things like personalised ads, autocomplete suggestions, and knowledge panels reflect Google’s understanding of human behaviour based on the profiles it keeps about each user. This is valuable information for the company, as well as other businesses looking to boost sales. 

The Business of Data Brokers

While Google does not directly sell any personal data, data brokers do. Data brokers accumulate massive amounts of personal information gleaned from:

• Public records (census data, voter registration databases)
  
  
• Commercial data (rewards programs, warranty registrations)
  
  
• Online tracking (location data, in-app behaviours, social media likes)
  
  
• Third-party partnerships (airlines, banks, and retailers often sell customer data— check the fine print)
  
  
• Publicly available data (real estate listings, obituaries, review sites, and anything you can pull up online)

Unfortunately, that isn’t all. This data is only so valuable in the aggregate; where data brokers really earn their keep is by deriving conclusions about you to be sold to those interested. Those conclusions include:

• Your buying habits: Down to the time of day you shop and how much you spend when.
  
  
• Your interests: Used for targeted ads and sales contacts.
  
  
• Your mental health: Dubious companies will target those with mental health issues in the hopes that their conditions will lead to unwise purchases.

The obvious connection between the massive search engine and professional data broker sites is that brokers have to get their data from somewhere, and Google is a prime supplier. Put it in the public-facing pond, and it is bound to get fished, packaged, and sold by someone looking to make a profit off your personal life. 

Which drives the next point: personal online data removal. 

The Danger of Not Removing Your Personal Data from the Internet

It may be tempting to say, “Bring on the targeted ads, I’ve got willpower.” However, being asked to buy a few custom products isn’t the issue. The main concern arises when personal data gets used for purposes they don’t list on a broker’s site. 

Those purposes can include:

• Physical harm: Appearing in a “harmless” Google search could expose private details such as location or job history. In the cases of public officials and judges, many face retaliation for decisions made on the job, and having data like their home address or daily commute exposed could mean physical harm. 
  
  
• Doxxing: Journalists and other public figures face the very real threat of doxxing when their personal data is exposed. As noted by the NYCLU, “Journalists have been doxxed for their reporting. Women have been doxxed and attacked online for speaking out against sexual assault. And trans people and their allies have been doxxed for exposing anti-trans activities and advocating for their rights.”
  
  
• Identity Theft and Reputational Damage: Even simple social media sharing can have unintended consequences. Executives risk reputational damage when personal posts become public, and identity theft can occur when cyber criminals put together too many overshared pieces. 

The point in highlighting these issues is not to engender fear, uncertainty, and doubt. It is to raise awareness that the things we post online can and may be used against us, our families, and even the companies we work for. 

Therefore, maintaining as much control as we can over our digital data is a must. 

Limiting What Search Engines Know About You

Removing personal data from the internet needs to be a skill or a service that every cybersecurity professional knows how to employ. 

Knowledge is power, and when that data is yours, you want to do everything you can to keep the control it offers. You may want to start out by limiting visibility in search results and going from there. 

Practical steps for curbing your data spread include: 

• Requesting content removal: Leveraging company opt-out options or subscribing to services that will opt you out.

• Adjusting your privacy settings: Stop apps from collecting data and limit (or block) tracking, ad IDs, and cookies across apps, browsers, and devices. 

• Switching to privacy-conscious browsers: Browsers like DuckDuckGo, Mozilla Firefox (with privacy enhancements), and Brave automatically limit what third parties can collect about you. 

This can be a time-intensive process: this blog lists what it takes to erase your digital footprint from Google step by step. 

Looking for Scalable Data Removal Solutions

For executives, busy practitioners, and even companies wanting to protect the personal privacy of their entire employee base, there is the option of investing in a professional service to have personal online data removed. 

The advantage of this approach is that personal data pops up on the internet like mushrooms; over and over again. Removing your personal impact, therefore, is not a “one and done” approach. 

The best personal data removal services will:

• Request removals from hundreds of data brokers at a time
• Automate removals on autopilot
• Repeat the process regularly, as many brokers will simply put the data back up

Keeping ahead of personal digital data sprawl is like weeding a garden. Your garden (your online image) is what you want to safely present to the world, but your online data habits and the information collected about you are the weeds. 

Those “weeds” need to be pulled regularly, so invest in regular data audits, de-indexing requests, or professional data removal services to maintain long-term control. 

What happens on the internet may stay there, but only as long as you let it. 

About the author:

An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.