Leak Check Me
Sign inRun Leak Check
All privacy guides
reduce digital footprintMay 28, 2026Leak Check Me

6 Things You Can Do This Weekend to Shrink Your Digital Footprint

Six concrete privacy moves you can finish in a weekend — password cleanup, social lockdown, opt-outs, email aliases, port-out PINs, and dead-account pruning.

Most privacy advice reads like a 47-step regimen requiring two weekends, a degree in cryptography, and the patience of a saint. That's why most people do none of it.

This isn't that. Six things, doable over a Saturday and Sunday, each under an hour. None of them turn you into a ghost. Together they shrink your digital footprint enough to break the easiest paths an attacker, recruiter, stalker, or curious ex would use to build a profile on you.

The short answer: the six highest-leverage moves are: clean up reused passwords, lock down social profiles, file the top five broker opt-outs, set up email aliasing for new signups, add a port-out PIN with your phone carrier, and delete accounts you stopped using years ago. Total time: about 5 hours.

TL;DR

  • Reused passwords are the single largest preventable risk. Fix that first.
  • Five high-traffic broker sites account for the majority of your public exposure: Whitepages, Spokeo, BeenVerified, MyLife, Radaris.
  • Email aliasing (SimpleLogin or Apple Hide My Email) breaks the chain that lets one breach leak into your whole identity.
  • Port-out PINs are the single best defense against SIM swaps, and every major carrier supports them.
  • "I don't use that account anymore" doesn't mean it's deleted. It just means it's sitting there waiting to be breached.

1. Audit your password manager (and change reused passwords)

Time: 30–60 minutes

Open whatever password manager you use — 1Password, Bitwarden, Apple Passwords, Google Password Manager, anything. They all have a "security audit" or "watchtower" or "password health" view. Run it. The two things to fix, in order:

  1. Reused passwords. Anywhere the same password is used across two or more sites. Change the reused ones, especially anywhere financially significant (banks, primary email, password manager itself).
  2. Passwords found in known breaches. Most managers cross-reference against the Have I Been Pwned corpus. If a password of yours is in there, it's already on lists circulating among credential-stuffing bots. Change it everywhere it's used.

If you don't have a password manager: install one this weekend. Bitwarden is free and open-source. 1Password is the paid pick. Apple Passwords ships with every iPhone and Mac. Pick one and move on.

The math here is blunt: most "they hacked my email" cases actually started with a reused password from an unrelated breached site. Reused passwords are the connective tissue. Cut them.

2. Lock down social privacy settings

Time: 45 minutes across all platforms

Five minutes per platform. Specific toggles, not vibes.

  • Instagram: Settings → Account privacy → Private. Tags → Manually approve. Mentions → People you follow (or No One).
  • Facebook: Privacy → "Who can see your future posts?" → Friends. Profile and Tagging → "Review posts you're tagged in" → ON. Privacy → search-engine link to profile → OFF. Friends list → Only me.
  • LinkedIn: Visibility → Edit your public profile → strip phone, email, address, and "Open to" badges from the public version. Keep the recruiter-facing data inside the authenticated profile.
  • X (Twitter): Privacy → "Protect your posts" for a fully private account. Otherwise turn off Photo tagging and "Let others find you by email/phone."
  • TikTok: Privacy → Private account ON. "Suggest your account to others" → off all four toggles.

Determined OSINT will still find a lot. But this removes you from passive scraping by aggregators that rely on public profile data.

3. File 5 high-priority data broker opt-outs

Time: 45 minutes

You don't have to opt out of 200 brokers this weekend. The top five account for most of your public exposure: Whitepages, Spokeo, BeenVerified, MyLife, and Radaris.

Each opt-out follows roughly the same pattern: search yourself on the site, find your profile URL, submit a removal request through the site's opt-out page. Average time per site: 5–10 minutes. Verification (usually via email) takes a few minutes more.

The direct opt-out URLs:

A few realities to set expectations:

  • Removals typically take 7–30 days to process.
  • Most brokers buy fresh data continuously, so your record will likely come back in 2–6 months. Set a calendar reminder to recheck.
  • If you want the full 50+ broker opt-out list (every site, every link, every form quirk), see our comprehensive 50-site opt-out guide.

4. Set up a forwarding email for signups

Time: 30 minutes

Your primary email address is, as we cover elsewhere, the skeleton key to your whole identity. Every breach involving that email gets joined to every other breach involving that email. The fix: stop using your primary email for things that don't need it.

Two options:

  • Apple Hide My Email (free with iCloud). Generates a random @icloud.com alias per service that forwards to your real address. Built into iOS, Safari, and Mail. Easiest path on Apple.
  • SimpleLogin (free tier, $30/yr premium). Open-source, audited, works on Android, iOS, web, anywhere. Unlimited aliases. Disable any alias that starts attracting spam — a useful tell that a service leaked or sold your address.

Set one up. Then, for every new signup this year — newsletters, store accounts, trials — use an alias. Don't migrate existing accounts in a panic; just stop adding new ones to the pile.

5. Set a port-out PIN with your phone carrier

Time: 15 minutes

Your phone number is the second key to your identity (after your email). Anyone who controls your number can intercept SMS 2FA for your bank, email, and password manager. The attack is called a SIM swap; the defense is a carrier-side port-out PIN that blocks number transfers without authorization.

Each major U.S. carrier supports it; you have to enable it manually.

  • Verizon: My Verizon app → Account → Profile and settings → Security settings → enable Number Lock and SIM Protection for each line.
  • AT&T: myAT&T app → Wireless Account Lock → on. Requires a separate Transfer PIN to move your number.
  • T-Mobile: Account → Privacy & Notifications → set an Account-level PIN (6–15 digits). Required for any port.

While you're in there, move SMS-based 2FA on critical accounts to an authenticator app (Aegis, 1Password TOTP, Authy) or a hardware key (YubiKey). SMS is the layer SIM swaps defeat.

6. De-link accounts you don't use

Time: 60 minutes

The unused accounts pile up. The 2014 forum you posted on three times. The 2018 fitness app you used for two weeks. The store account you made to buy one shirt. Each is a row in someone's database, waiting for the next breach announcement.

You don't have to find every one. Start with:

  1. Your password manager's vault. For each saved login you haven't used in over a year and don't plan to: log in once more and delete the account.
  2. Old social accounts. Tumblr, MySpace, Snapchat, that 2015 forum. If "delete" is gated behind a 30-day grace period, just start the clock.
  3. Free trials and store accounts you forgot. Search your shopping email for "welcome to" or "your account is ready." Each hit is a service that still has your data.

JustDeleteMe.xyz catalogs how to delete accounts on hundreds of services, with difficulty ratings. Worth checking for the stubborn ones.

This is the most boring step and the most underrated. Every account you delete is a row that can't leak.

What you can do today (a 5-hour weekend plan)

A concrete schedule:

  1. Saturday morning (60 min): Password manager audit. Fix reused and breached passwords.
  2. Saturday afternoon (60 min): Social settings lockdown across the 4–5 platforms you actually use.
  3. Saturday evening (45 min): File the 5 priority broker opt-outs.
  4. Sunday morning (30 min): Set up SimpleLogin or Apple Hide My Email.
  5. Sunday afternoon (15 min): Enable port-out PIN with your carrier. Move SMS 2FA on critical accounts to an authenticator app.
  6. Sunday evening (60 min): Delete the 10 oldest unused accounts in your password manager.

You'll finish with a meaningfully smaller surface area. Not invisible — just less of you in the wrong databases, with fewer ways for one leak to chain into the next.

Run a free leak check Saturday morning. Run it again in 30 days. The before/after picture is the most motivating chart in privacy.

If you want the rest of the broker opt-outs handled with help in the background, that's what we do. Leak Check Me's privacy agent scans broker sites, prepares eligible opt-out actions after authorization, and patrols for relistings — one $20 scrub mission, no subscription lock-in. Start at leakcheckme.com, or run a free scan first to see what's actually out there.

Sources

Keep going

Related privacy guides

data leak protection

Leaks Happen. The Real Risk Is the Link Between Them. (Our Manifesto)

Leaked passwords are recoverable. Joined profiles are not. Why data leak protection has to break the link, not just chase the breach.

Read guide
data broker opt out list

The 50-Site Opt-Out List Every American Should File This Year

Real opt-out URLs for 50 data brokers, people-search sites, and ad networks — plus what each one knows and how long removal takes.

Read guide
check if my data is online free

10 Free Tools to See How Much of Your Data Is Online (2026 Edition)

Ten free tools that show you what's exposed about you online — breach checkers, people-search lookups, and broker scans. Honest walkthroughs of what each one can and can't tell you.

Read guide
Leak Link Check

See what is exposed before it gets joined.

Run a verified check for known breach exposure and public identity links, then authorize eligible scrub actions from the dashboard.

Run Leak Check