Delete Facebook - Social Media - Corporate Surveillance - Creepy

Finding, Sanitizing, and Closing Old Accounts

Intro

You probably have more accounts than you realize – perhaps dozens that you’ve opened over the years and forgotten about. Every account you have is a potential liability in terms of your privacy and security. An old account can be leaking sensitive, private information or may be breached by hackers. In the latter case:

  1. Your information may be made public or used to:
    1. Harass or blackmail you
    2. Breach your other accounts in a credential stuffing attack
  2. Your hacked account may be used to spam, scam, or distribute malware or other illegal content under your identity

In this episode, we detail:

  1. Techniques for finding accounts you’ve forgotten about
  2. Why and how you should sanitize accounts before closing them
  3. Why and how you should close old/unneeded accounts

We also discuss valuable insights that we’ve gained from our years of experience in decommissioning hundreds of accounts. Of course, anyone can simply delete an account, but there are many nuances to contemplate before doing so because closing an account can have irreversible side-effects.

Gain from our insights and clean up your digital footprint today!

Podcast

1
00:00:00,000 –> 00:00:14,120
Hey everybody, welcome back to the Bigger Insights Privacy & Security podcast, where

2
00:00:14,120 –> 00:00:17,280
we’ll help you live a more private and secure life.

3
00:00:17,280 –> 00:00:23,720
In this episode, we’re going to go into some detail about finding, sanitizing, and closing

4
00:00:23,720 –> 00:00:24,720
old accounts.

5
00:00:24,720 –> 00:00:30,520
If you haven’t yet listened to the previous episode, 12 Considerations for Opening Your

6
00:00:30,520 –> 00:00:35,840
Next Account, you should listen to that as well because that provides some context for

7
00:00:35,840 –> 00:00:37,720
this episode.

8
00:00:37,720 –> 00:00:43,520
But just as a quick caveat, some of the items discussed in this episode, especially regarding

9
00:00:43,520 –> 00:00:49,800
sanitizing accounts before you delete them, may not be appropriate or even lawful, depending

10
00:00:49,800 –> 00:00:53,280
on the type of account and your jurisdiction.

11
00:00:53,280 –> 00:00:57,400
Nothing in this episode is legal or other advice.

12
00:00:57,400 –> 00:01:03,400
If you’re like me in you’re old as dirt, you’ve probably accumulated many accounts over the

13
00:01:03,400 –> 00:01:04,600
years.

14
00:01:04,600 –> 00:01:10,640
If you’re not diligent about documenting these, you probably have more than you realize:

15
00:01:10,640 –> 00:01:18,120
Work accounts, school accounts, social media, email, forums, games, etc.

16
00:01:18,120 –> 00:01:23,600
Have you ever needed to order a t-shirt or a pair of shoes for someone on some obscure

17
00:01:23,600 –> 00:01:26,680
website and they make you open an account?

18
00:01:26,680 –> 00:01:33,480
Or what about to ask one question on a forum or register a product to get a warranty?

19
00:01:33,480 –> 00:01:37,560
It seems like almost every website wants you to make an account.

20
00:01:37,560 –> 00:01:42,600
Just as an example, we’ve been documenting different podcast directories and apps that

21
00:01:42,600 –> 00:01:45,520
we may want to submit our podcasts to.

22
00:01:45,520 –> 00:01:51,520
But annoyingly, a lot of them require an account in order to submit your podcast.

23
00:01:51,520 –> 00:01:56,160
If we wanted to submit to all of the ones we’ve found so far, we would have to create

24
00:01:56,160 –> 00:02:00,520
about 20 accounts just to distribute our podcasts.

25
00:02:00,520 –> 00:02:06,040
A number of years ago, I came to the conclusion that my digital footprint was getting out

26
00:02:06,040 –> 00:02:09,080
of hand. So I decided to clean it up.

27
00:02:09,080 –> 00:02:12,840
I literally deleted hundreds of accounts.

28
00:02:12,840 –> 00:02:18,360
This took more time than it should have, and more than I care to admit. But I’m glad that

29
00:02:18,360 –> 00:02:23,320
I did it and want to share some lessons from that experience.

30
00:02:23,320 –> 00:02:28,440
Let’s start by talking about why you should close old or unneeded accounts.

31
00:02:28,440 –> 00:02:32,240
Every account that you have is a potential liability.

32
00:02:32,240 –> 00:02:36,680
In addition to the threat that the app or service provider is doing something creepy

33
00:02:36,680 –> 00:02:42,520
with your data, like sharing it with Fecesbook or a data broker, there’s also the risk

34
00:02:42,520 –> 00:02:48,960
that that system will get breached and your data will be accessible to hackers or just

35
00:02:48,960 –> 00:02:53,640
made available to the public for anyone to see and exploit.

36
00:02:53,640 –> 00:02:59,480
The severity of this problem is compounded by poor privacy practices that many users

37
00:02:59,480 –> 00:03:05,760
engage in, such as using their real name, date of birth, or home address, providing

38
00:03:05,760 –> 00:03:12,800
a phone number, using the same email address over and over, reusing passwords, and so on.

39
00:03:12,800 –> 00:03:17,240
You might have several accounts that you just decided to forget about because they’re no

40
00:03:17,240 –> 00:03:22,160
longer relevant. But we would encourage you to clean these up because if one of them gets

41
00:03:22,160 –> 00:03:28,160
breached, the fallout from that could lead to your other accounts being compromised.

42
00:03:28,160 –> 00:03:35,080
I told this story in a prior episode, but many, many years ago, my first email address

43
00:03:35,080 –> 00:03:36,080
got hacked.

44
00:03:36,080 –> 00:03:43,000
I’m not 100% sure how that happened, but based on what I know, I’m pretty certain that an

45
00:03:43,000 –> 00:03:47,320
account that I made on some obscure website got hacked.

46
00:03:47,320 –> 00:03:53,880
Then the hacker got my email address and password from that compromised account and used that

47
00:03:53,880 –> 00:03:56,560
to log into my email account.

48
00:03:56,560 –> 00:04:02,400
Like everyone else in that era, I was obviously reusing passwords, which is why you should

49
00:04:02,400 –> 00:04:03,840
never do that.

50
00:04:03,840 –> 00:04:08,600
If someone breaches one of your accounts, they may use that information in a credential

51
00:04:08,600 –> 00:04:12,240
stuffing attack to break into your other accounts.

52
00:04:12,240 –> 00:04:17,480
If you haven’t listened to our episode, Why You Need a Password Manager, you should do

53
00:04:17,480 –> 00:04:24,360
that for more details. But the point is, had I been keeping up with my accounts and deleting

54
00:04:24,360 –> 00:04:29,720
old ones that I didn’t need anymore, that hack might not have happened.

55
00:04:29,720 –> 00:04:36,040
And credential stuffing aside, every breach is another piece of the puzzle that individuals

56
00:04:36,040 –> 00:04:42,960
and organizations can put together to analyze you, your behaviors, interests, connections,

57
00:04:42,960 –> 00:04:43,960
and so on.

58
00:04:43,960 –> 00:04:49,600
There are many websites out there where you can type in people’s names, email addresses,

59
00:04:49,600 –> 00:04:56,280
phone numbers, and usernames, and they will show you a list of these people’s home addresses,

60
00:04:56,280 –> 00:05:02,400
employers, resumes, what accounts they’ve used, what kind of people that they’re associated

61
00:05:02,400 –> 00:05:04,400
with, and so on.

62
00:05:04,400 –> 00:05:10,000
Some of that data is what you expose publicly, like on your social media accounts and whatnot,

63
00:05:10,000 –> 00:05:13,820
but a lot of this data also comes from data breaches.

64
00:05:13,820 –> 00:05:19,120
There are websites out there where you can look up people’s breached data, which can

65
00:05:19,120 –> 00:05:25,200
include things like their Social Security Number (SSN) and a lot of other highly sensitive information.

66
00:05:25,200 –> 00:05:29,840
So the fewer accounts that you have, the better off you’ll be.

67
00:05:29,840 –> 00:05:35,720
Also keep in mind that many data breaches go unreported, so this problem is probably

68
00:05:35,720 –> 00:05:38,640
much larger than you think it is.

69
00:05:38,640 –> 00:05:44,360
When our clients ask us to do some reconnaissance on their information, we sometimes find their

70
00:05:44,360 –> 00:05:50,600
information from dozens of data breaches that are listed in just one website.

71
00:05:50,600 –> 00:05:56,760
Another reason to close old accounts is that many apps, especially ones that are social

72
00:05:56,760 –> 00:06:03,440
in nature, or a lot of these travel apps do this as well, like those travel planners,

73
00:06:03,440 –> 00:06:08,040
they publicly expose your profile and data.

74
00:06:08,040 –> 00:06:09,920
This is not a joke.

75
00:06:09,920 –> 00:06:15,240
I was looking up someone’s information once and I found this travel app that they were

76
00:06:15,240 –> 00:06:19,160
using that exposed their travel information.

77
00:06:19,160 –> 00:06:24,760
I could see where they were traveling to, and this also appeared to trace right back

78
00:06:24,760 –> 00:06:26,240
to their home.

79
00:06:26,240 –> 00:06:29,960
This was also without having to sign into an account.

80
00:06:29,960 –> 00:06:36,600
So when I say “I”, you know, that could obviously be anybody. Are you really comfortable with

81
00:06:36,600 –> 00:06:41,520
anyone on the internet seeing where you travel to and where you live?

82
00:06:41,520 –> 00:06:45,640
It’s completely unethical, but this is what a lot of apps do.

83
00:06:45,640 –> 00:06:51,760
Not only that, but when they do that, they also usually allow search engines to crawl

84
00:06:51,760 –> 00:06:58,640
and index your profile, which makes it much easier for bad actors to look up your information.

85
00:06:58,640 –> 00:07:03,040
Just for kicks sometime, you should go to different search engines and search for the

86
00:07:03,040 –> 00:07:07,280
usernames and email addresses that you commonly use.

87
00:07:07,280 –> 00:07:11,680
Make sure to wrap those in double quotes so that you get better results.

88
00:07:11,680 –> 00:07:17,120
But you may be shocked to see that some of the apps that you’re using are spamming your

89
00:07:17,120 –> 00:07:20,480
profile and data for the whole world to see.

90
00:07:20,480 –> 00:07:25,560
I’m not going to say what they were, but I found two old apps that I used to use many

91
00:07:25,560 –> 00:07:27,680
years ago that did this.

92
00:07:27,680 –> 00:07:33,840
Needless to say, I’ve deleted those accounts, but you really should check this as well.

93
00:07:33,840 –> 00:07:38,760
And I’m sure there are others, but the final reason that we’re going to talk about for

94
00:07:38,760 –> 00:07:45,400
why you should close unneeded accounts is that your account may be valuable to a hacker

95
00:07:45,400 –> 00:07:51,000
because they can use it for nefarious deeds, but under your identity.

96
00:07:51,000 –> 00:07:56,000
Anyone that runs a website or business knows this issue well.

97
00:07:56,000 –> 00:08:02,200
If a bad actor can take over your website or your email account, they can use its reputation

98
00:08:02,200 –> 00:08:06,920
to spread spam and illegal content and scam people.

99
00:08:06,920 –> 00:08:10,560
Some of your accounts may present the same risk.

100
00:08:10,560 –> 00:08:15,920
Imagine for a second that someone can get into an old email address, Google, Dropbox,

101
00:08:15,920 –> 00:08:18,080
or PhotoBucket account.

102
00:08:18,080 –> 00:08:22,280
What might they do with that, which could end up being a big problem for you even though

103
00:08:22,280 –> 00:08:24,880
you don’t care about the account?

104
00:08:24,880 –> 00:08:30,640
They could use those accounts to spam and scam people on your behalf.

105
00:08:30,640 –> 00:08:35,560
You know, if Aunt Karen gets an email from an old email address of yours that says that

106
00:08:35,560 –> 00:08:41,480
you’re stuck in some foreign country and you need her to send some money via MoneyGram,

107
00:08:41,480 –> 00:08:43,840
she’s probably going to fall for that.

108
00:08:43,840 –> 00:08:47,520
What about those accounts that can host and share data?

109
00:08:47,520 –> 00:08:49,800
What could a hacker do with that?

110
00:08:49,800 –> 00:08:56,280
Well, they could use it to spread malware, illegal pornography, and other naughty things,

111
00:08:56,280 –> 00:09:01,320
which again is under your account and your identity.

112
00:09:01,320 –> 00:09:04,360
You know, that’s a problem that you don’t need.

113
00:09:04,360 –> 00:09:09,520
Let’s switch gears now and talk about why you should sanitize your accounts before you

114
00:09:09,520 –> 00:09:10,520
delete them.

115
00:09:10,520 –> 00:09:17,160
First of all, many entities will retain your information, potentially indefinitely, which

116
00:09:17,160 –> 00:09:21,840
means that even if you close your account, there is still the risk that your information

117
00:09:21,840 –> 00:09:24,680
will get breached at some point in the future.

118
00:09:24,680 –> 00:09:30,320
Of course, there is always the risk that even if you change your information, the old data

119
00:09:30,320 –> 00:09:35,920
will still exist, but we still think that sanitizing is worthwhile because many of the

120
00:09:35,920 –> 00:09:40,880
breaches that we see only expose your latest information.

121
00:09:40,880 –> 00:09:46,080
So if you change your name from Beth to Bob, there’s a good chance that when that account

122
00:09:46,080 –> 00:09:51,560
gets breached, the leaked data will show that your name is Bob.

123
00:09:51,560 –> 00:09:57,000
For example, I told this story in the last episode, but when I deleted an old Photobucket

124
00:09:57,000 –> 00:10:02,120
account, I went back into their system and did a password reset.

125
00:10:02,120 –> 00:10:07,760
If they had truly deleted my information like they said they would, the appropriate response

126
00:10:07,760 –> 00:10:13,200
would have been an email that said something like, “Hello, we received your password reset

127
00:10:13,200 –> 00:10:17,080
request, but you do not have an account in our system.”

128
00:10:17,080 –> 00:10:22,800
What I received instead was an email that said something like, “Hello, Bob, please click

129
00:10:22,800 –> 00:10:25,200
this link to reset your password.”

130
00:10:25,200 –> 00:10:30,360
Now, my name is not Bob, but they did call me by the name that I had on the account when

131
00:10:30,360 –> 00:10:31,360
I closed it.

132
00:10:31,360 –> 00:10:36,000
This just goes to show you that some systems don’t really delete your data when they claim

133
00:10:36,000 –> 00:10:37,160
that they will.

134
00:10:37,160 –> 00:10:42,240
So it’s helpful to obfuscate your data before you close your account.

135
00:10:42,240 –> 00:10:48,440
In other words, in many systems, when you close your account, you’re really just removing

136
00:10:48,440 –> 00:10:54,720
your own access to that information, but the information remains.

137
00:10:54,720 –> 00:11:00,600
Therefore, you want to make sure that that information is garbage so that no one can exploit it in

138
00:11:00,600 –> 00:11:01,600
the future.

139
00:11:01,600 –> 00:11:05,160
All right, we talked about why this stuff matters.

140
00:11:05,160 –> 00:11:08,600
Now let’s talk about how you actually do this.

141
00:11:08,600 –> 00:11:13,400
We offer one-on-one consulting to help people with these things, by the way.

142
00:11:13,400 –> 00:11:15,360
This can get pretty complicated.

143
00:11:15,360 –> 00:11:19,680
So if you need some help with this, go to BiggerInsights.com and fill out the short

144
00:11:19,680 –> 00:11:24,600
form at the bottom of the page so we can schedule your initial consultation.

145
00:11:24,600 –> 00:11:30,640
The first step is finding your old accounts, which this can actually be a little bit more

146
00:11:30,640 –> 00:11:33,160
complicated than you think it is.

147
00:11:33,160 –> 00:11:38,440
If you haven’t been documenting your accounts over the years, you probably have some accounts

148
00:11:38,440 –> 00:11:40,320
that you’ve forgotten about.

149
00:11:40,320 –> 00:11:44,760
We’re going to help you find your accounts with this one weird trick.

150
00:11:44,760 –> 00:11:48,120
Just kidding, more like five weird tricks.

151
00:11:48,120 –> 00:11:52,760
But the first thing that you’re going to want to do is sit down and document all the accounts

152
00:11:52,760 –> 00:11:58,520
that you know about, to help you decide if you want to keep them, and have a system in

153
00:11:58,520 –> 00:12:02,560
place for documenting old accounts when you find them.

154
00:12:02,560 –> 00:12:08,000
Like I said, I’m not just blowing smoke when I say that this can get very complicated.

155
00:12:08,000 –> 00:12:13,920
I’ve actually developed a system that tracks dozens of data points, like what the account

156
00:12:13,920 –> 00:12:21,240
is, when it was opened, why it was opened, what its status is, what information I’ve exposed

157
00:12:21,240 –> 00:12:23,160
to it, and so on.

158
00:12:23,160 –> 00:12:28,480
That might sound pretty Rain Man, but not having that information can really cause you

159
00:12:28,480 –> 00:12:30,480
headaches down the line.

160
00:12:30,480 –> 00:12:36,040
For example, some systems like Google will ask you questions like, “When did you open

161
00:12:36,040 –> 00:12:40,000
your account?” to help you recover them if you can’t get in.

162
00:12:40,000 –> 00:12:45,560
Well, if you’re like most people and you’re not documenting that stuff, that can be a problem

163
00:12:45,560 –> 00:12:46,560
for you.

164
00:12:46,560 –> 00:12:51,920
Another thing that I’d like to track is the URL that I used to log into an account.

165
00:12:51,920 –> 00:12:56,680
If we’re talking about something like Fecesbook, that doesn’t matter as much.

166
00:12:56,680 –> 00:13:02,520
But I did run into about six old accounts that I had where I couldn’t even figure out

167
00:13:02,520 –> 00:13:06,880
where to log in so that I could close my account.

168
00:13:06,880 –> 00:13:12,400
These tend to be things that are a little bit more obscure, like an account at some vet

169
00:13:12,400 –> 00:13:17,040
or a medical clinic or something like that where they give you a special link to log

170
00:13:17,040 –> 00:13:18,240
in.

171
00:13:18,240 –> 00:13:21,880
These systems tend to change quite a bit over time.

172
00:13:21,880 –> 00:13:26,560
So this explains why you can run into this problem as well if you’re not documenting

173
00:13:26,560 –> 00:13:28,520
this information.

174
00:13:28,520 –> 00:13:34,000
Another reason why you need to have a good system in place is so that you can track which

175
00:13:34,000 –> 00:13:36,120
accounts you’ve closed.

176
00:13:36,120 –> 00:13:41,960
If we’re talking about dozens or hundreds of accounts, that can literally take years

177
00:13:41,960 –> 00:13:45,960
of off and on work, depending on your pace.

178
00:13:45,960 –> 00:13:50,640
In that case, it’s easier than you might think to forget about which accounts you’ve

179
00:13:50,640 –> 00:13:52,480
actually closed.

180
00:13:52,480 –> 00:13:56,880
You might find yourself going in circles, because at some point, you’re probably going

181
00:13:56,880 –> 00:14:01,720
to think to yourself, “Wait, what about that old Photobucket account?”

182
00:14:01,720 –> 00:14:05,760
Not realizing that you actually closed that 10 months ago.

183
00:14:05,760 –> 00:14:09,200
All right, weird trick number one.

184
00:14:09,200 –> 00:14:15,400
Think about activities that you used to do in the past, like ordering random things or

185
00:14:15,400 –> 00:14:21,880
different dating activities, traveling, school projects and so on, that may have resulted

186
00:14:21,880 –> 00:14:24,080
in account creation.

187
00:14:24,080 –> 00:14:30,960
You might realize like, “Oh, yeah, I had to make a WordPress site in some English class

188
00:14:30,960 –> 00:14:36,440
and forgotten about it.” Or you might remember some game or chat service or something like

189
00:14:36,440 –> 00:14:39,520
that that you and an ex used to use.

190
00:14:39,520 –> 00:14:45,600
I have actually uncovered a number of old accounts using this one weird trick.

191
00:14:45,600 –> 00:14:52,200
The second trick is going through the Google Play Store or the Apple App Store and looking

192
00:14:52,200 –> 00:14:57,000
through your download history to see which apps that you’ve used in the past that may

193
00:14:57,000 –> 00:15:00,200
have required opening an account.

194
00:15:00,200 –> 00:15:05,960
The third trick is going through old bank and credit card statements to find transactions

195
00:15:05,960 –> 00:15:08,600
that may have come from an account.

196
00:15:08,600 –> 00:15:13,600
For example, someone asked me to buy a pair of shoes for someone once.

197
00:15:13,600 –> 00:15:21,000
That was the only purchase I ever made on that account and it sat there idle for over 10 years until

198
00:15:21,000 –> 00:15:22,800
I went in there and closed it.

199
00:15:22,800 –> 00:15:28,280
But what caused me to remember that account was seeing that transaction on an old credit

200
00:15:28,280 –> 00:15:29,280
card statement.

201
00:15:29,280 –> 00:15:33,200
All right, it’s actually raining pretty hard out right now.

202
00:15:33,200 –> 00:15:38,480
So I do apologize if you can pick up on that. We’ve actually been toying with the idea of

203
00:15:38,480 –> 00:15:43,880
inserting quiet rain and thunderstorm sounds into the background of our episodes.

204
00:15:43,880 –> 00:15:46,120
So let us know if you’d be interested in that.

205
00:15:46,120 –> 00:15:51,160
But the fourth trick is to do what I said earlier and do web searches on your email

206
00:15:51,160 –> 00:15:53,560
addresses and usernames.

207
00:15:53,560 –> 00:15:58,800
Make sure that includes old ones because you probably have accounts lingering around out

208
00:15:58,800 –> 00:16:01,960
there with your old information.

209
00:16:01,960 –> 00:16:08,440
Some systems will keep your accounts open for decades, even if you never log into them.

210
00:16:08,440 –> 00:16:14,320
I came across probably about eight different accounts that I hadn’t logged into since the

211
00:16:14,320 –> 00:16:19,520
early 2000s that were still sitting there open. Which really surprised me,

212
00:16:19,520 –> 00:16:25,800
I mean, my assumption was that for our sake and their sake that they would see that and

213
00:16:25,800 –> 00:16:31,160
be like, “Okay, this user hadn’t logged in and over 15 years, maybe we should just go

214
00:16:31,160 –> 00:16:32,720
ahead and close their account.”

215
00:16:32,720 –> 00:16:35,400
But no, some places don’t do that.

216
00:16:35,400 –> 00:16:42,200
The fifth and final weird trick is to search through your email inboxes for keywords like

217
00:16:42,200 –> 00:16:45,240
“welcome” or “new account”.

218
00:16:45,240 –> 00:16:50,120
This can be very helpful because when you open an account of most services, they’ll send

219
00:16:50,120 –> 00:16:55,440
you an email that says something like, “Welcome to Bigger Insights!” or something like that.

220
00:16:55,440 –> 00:16:59,800
And that’s helpful because that’ll show you that you open an account and it’ll show you

221
00:16:59,800 –> 00:17:05,080
the date that you open your account, which is good data to record for your records.

222
00:17:05,080 –> 00:17:08,400
Now let’s talk about sanitizing your accounts.

223
00:17:08,400 –> 00:17:12,720
This is a very important step because once you close your account, you might not have

224
00:17:12,720 –> 00:17:16,600
the opportunity to go back in and change things later.

225
00:17:16,600 –> 00:17:21,960
The first thing you’re going to want to do is set a strong unique password and store

226
00:17:21,960 –> 00:17:27,240
in a good password manager. That might seem like a waste of time because you’re about

227
00:17:27,240 –> 00:17:32,360
to close your account. But again, they might not actually delete your data.

228
00:17:32,360 –> 00:17:38,440
So if your account does get breached after you close it, that might include your password,

229
00:17:38,440 –> 00:17:43,000
in which case you don’t want that password to be used to get into one of your other

230
00:17:43,000 –> 00:17:44,520
accounts.

231
00:17:44,520 –> 00:17:50,160
The next thing to do is gather all of the data from the account that you can. That might

232
00:17:50,160 –> 00:17:54,520
include taking screenshots or printing PDFs.

233
00:17:54,520 –> 00:18:01,720
Fortunately, some systems these days like Apple, Fecesbook, Amazon, Microsoft, and

234
00:18:01,720 –> 00:18:06,440
many others have a feature that allow you to download your data.

235
00:18:06,440 –> 00:18:13,520
This might include things like purchase history, photos, videos, emails, contacts, logging

236
00:18:13,520 –> 00:18:19,200
data like when you sign in and from what IP address. Go ahead and download everything

237
00:18:19,200 –> 00:18:24,320
that you can because you may want to reference that data in the future.

238
00:18:24,320 –> 00:18:29,920
For example, if you close an account somewhere and then that system gets breached, you might

239
00:18:29,920 –> 00:18:35,920
want to review the information that you’ve given them to assess the potential damage.

240
00:18:35,920 –> 00:18:41,280
This is a good practice to do every once in a while anyway, even if you’re not intending

241
00:18:41,280 –> 00:18:47,520
to close an account, because like we explained in the previous episode 12 Considerations

242
00:18:47,520 –> 00:18:54,120
for Opening Your Next Account, your accounts can be banned, closed or deleted at any time

243
00:18:54,120 –> 00:18:57,440
for any reason and without notice.

244
00:18:57,440 –> 00:19:02,800
This does happen to people sometimes and if they weren’t making backups, they lose all

245
00:19:02,800 –> 00:19:04,600
of their data.

246
00:19:04,600 –> 00:19:09,960
The next thing to do is to think about whether you may want to reopen your account in the

247
00:19:09,960 –> 00:19:10,960
future.

248
00:19:10,960 –> 00:19:16,720
We’ve seen a few systems over the years that have special policies for either having multiple

249
00:19:16,720 –> 00:19:19,520
accounts or reopening them.

250
00:19:19,520 –> 00:19:25,200
Fecesbook is one such example. As far as we know, if you close a Fecesbook account

251
00:19:25,200 –> 00:19:31,600
and want to reopen it someday, they will demand to see a photo ID, which you may not be comfortable

252
00:19:31,600 –> 00:19:34,560
with sharing for obvious reasons.

253
00:19:34,560 –> 00:19:41,000
Side tangent: We really need to avoid normalizing the sharing of our photo IDs.

254
00:19:41,000 –> 00:19:45,400
One of the key features of a photo ID is that only you have it.

255
00:19:45,400 –> 00:19:50,040
Well, as soon as you scan it and start passing it around the internet, that kind of goes

256
00:19:50,040 –> 00:19:51,800
out the window.

257
00:19:51,800 –> 00:19:56,520
We also encountered a system that claimed that if you closed your account, you would

258
00:19:56,520 –> 00:20:00,960
never be able to open another one again, which is pretty extreme.

259
00:20:00,960 –> 00:20:05,960
So the point is, make sure you understand what you’re getting into before you close

260
00:20:05,960 –> 00:20:10,520
your account, because there might be irreversible side effects.

261
00:20:10,520 –> 00:20:15,920
The next thing to consider is whether you’re going to do a CCPA request.

262
00:20:15,920 –> 00:20:22,720
This is for “California residents only”, but we’ve heard that some people will just

263
00:20:22,720 –> 00:20:27,000
claim to be from California, so they can do this.

264
00:20:27,000 –> 00:20:29,040
What kind of a person would lie like that?

265
00:20:29,040 –> 00:20:30,040
That’s ridiculous.

266
00:20:30,040 –> 00:20:32,720
Well, anyway, this is really screwed up.

267
00:20:32,720 –> 00:20:39,080
But basically, some companies are so desperate to hold onto your account and data that they

268
00:20:39,080 –> 00:20:43,440
won’t even let you delete it unless the government forces them to.

269
00:20:43,440 –> 00:20:47,120
California has the CCPA for this reason.

270
00:20:47,120 –> 00:20:52,440
So a lot of these garbage companies will basically tell residents in all of the other states

271
00:20:52,440 –> 00:20:56,840
to go pound salt when they ask them to delete their data.

272
00:20:56,840 –> 00:21:02,360
But the point is that if you are going to do a CCPA, you need to be thinking about that

273
00:21:02,360 –> 00:21:07,480
because in the next steps, we’re going to be talking about sanitizing your data, which

274
00:21:07,480 –> 00:21:14,360
is important because the CCPA request forms usually ask for things like your email address,

275
00:21:14,360 –> 00:21:19,640
your name, maybe even your home address, and other things that you might want to change

276
00:21:19,640 –> 00:21:22,080
before you delete your account.

277
00:21:22,080 –> 00:21:27,800
The next step is to change your email address to an alias from a service like SimpleLogin

278
00:21:27,800 –> 00:21:29,720
or AnonAddy.

279
00:21:29,720 –> 00:21:35,240
In addition to helping protect you from a data breach, this also makes it easy to delete

280
00:21:35,240 –> 00:21:41,440
that alias later if that company decides to continue spamming you or gives your email

281
00:21:41,440 –> 00:21:44,200
address to other companies.

282
00:21:44,200 –> 00:21:48,200
Now it’s time to delete whatever information you can.

283
00:21:48,200 –> 00:21:50,760
If you can delete it, do delete it.

284
00:21:50,760 –> 00:21:58,040
That might be old posts, contacts, emails, billing and shipping addresses, phone numbers,

285
00:21:58,040 –> 00:22:00,600
credit card information, and so on.

286
00:22:00,600 –> 00:22:06,720
For all of the information that can’t be deleted, try replacing it with fake information.

287
00:22:06,720 –> 00:22:09,840
You were Jerry Smith and now you’re Rick Sanchez.

288
00:22:09,840 –> 00:22:16,000
We’re not condoning this, but if you’re changing a home address, it has been suggested in some

289
00:22:16,000 –> 00:22:21,840
circles that the address should be changed to somewhere in California to increase the

290
00:22:21,840 –> 00:22:27,040
chance that that company actually respects your request to delete your data.

291
00:22:27,040 –> 00:22:33,080
They may also check that if you do decide to make a CCPA request, but again, we don’t

292
00:22:33,080 –> 00:22:38,760
condone this if you don’t really live in California because we’re not attorneys and we have no

293
00:22:38,760 –> 00:22:43,880
idea if this breaks one of the millions of laws that we have here in the land of the

294
00:22:43,880 –> 00:22:44,880
free.

295
00:22:44,880 –> 00:22:50,040
All right, so once you’ve got everything downloaded, backed up and sanitized, you’re

296
00:22:50,040 –> 00:22:52,680
not ready to close your account.

297
00:22:52,680 –> 00:22:58,520
If you make a CCPA request, they should handle that for you, but otherwise you need to figure

298
00:22:58,520 –> 00:23:02,000
out what the closure procedure is.

299
00:23:02,000 –> 00:23:07,480
Many systems have a page hidden away somewhere where you can fill out a few forms and click

300
00:23:07,480 –> 00:23:09,640
a button to delete your account.

301
00:23:09,640 –> 00:23:14,680
They may require that you verify with an email or text message just to make sure that some

302
00:23:14,680 –> 00:23:20,000
jabroni didn’t just get into your account and try to go Hillary Clinton on it. But for

303
00:23:20,000 –> 00:23:25,240
about half of all systems out there, this is relatively straightforward.

304
00:23:25,240 –> 00:23:30,280
Some services will straight up tell you that they won’t let you close your account. But

305
00:23:30,280 –> 00:23:36,440
for others, we’ve had to contact their customer support to get them to delete those accounts.

306
00:23:36,440 –> 00:23:41,160
That can be annoying, but sometimes that’s just an email, so that’s not too bad.

307
00:23:41,160 –> 00:23:47,240
If a service either refuses to close your account or it’s going to be too much of a headache,

308
00:23:47,240 –> 00:23:49,080
consider just abandoning it.

309
00:23:49,080 –> 00:23:54,400
We’ve had to do that for some systems. But if you are going to do that, please follow

310
00:23:54,400 –> 00:23:59,760
the prior steps to mitigate the risk that a future data breach will cause you any significant

311
00:23:59,760 –> 00:24:00,760
problems.

312
00:24:00,760 –> 00:24:06,280
I think we mentioned this in an earlier episode. Well that might have actually just been in

313
00:24:06,280 –> 00:24:12,680
the blog post. But anyway, we mentioned that we had an old NordVPN account that we used

314
00:24:12,680 –> 00:24:19,320
for testing and we wanted to close it, but they make you fill out some customer service

315
00:24:19,320 –> 00:24:24,920
request form with like eight or more pieces of information on it, including credit card

316
00:24:24,920 –> 00:24:28,560
information, just to ask them to delete your account.

317
00:24:28,560 –> 00:24:32,000
And that’s not how we roll, so we just abandoned it.

318
00:24:32,000 –> 00:24:37,280
When you do delete your account, pay attention to any instructions that they give you.

319
00:24:37,280 –> 00:24:43,340
Some systems will give you very specific information that you’ll want to keep in mind, like after

320
00:24:43,340 –> 00:24:49,720
how many days will they actually delete your data, for example. If a service goes this route,

321
00:24:49,720 –> 00:24:55,800
as opposed to deleting your information immediately, what they normally do is stop the deletion

322
00:24:55,800 –> 00:25:01,200
process if you log back in before that time period is up.

323
00:25:01,200 –> 00:25:05,840
This might really trip you up if you aren’t paying attention because you’ll try to log

324
00:25:05,840 –> 00:25:12,000
back in or do a password reset or something to see if they actually deleted your account,

325
00:25:12,000 –> 00:25:17,680
not realizing that in doing so, they’re just stopping the deletion process.

326
00:25:17,680 –> 00:25:24,200
This time period is usually about 30 to 90 days, and unfortunately, many systems won’t

327
00:25:24,200 –> 00:25:26,160
tell you this information.

328
00:25:26,160 –> 00:25:32,720
So we suggest that you wait at least 91 days before trying to log back in to verify that

329
00:25:32,720 –> 00:25:34,680
they actually closed your account.

330
00:25:34,680 –> 00:25:39,200
And that sounds pretty tedious, but you know, you can just make a calendar event or something

331
00:25:39,200 –> 00:25:40,200
like that.

332
00:25:40,200 –> 00:25:42,160
It’s not that big of a deal.

333
00:25:42,160 –> 00:25:46,960
But we do recommend that when you delete an account, that you go back at some point to

334
00:25:46,960 –> 00:25:49,880
verify that it has been deleted.

335
00:25:49,880 –> 00:25:56,320
If logging in and trying a password reset fails, that’s a decent indication that the account

336
00:25:56,320 –> 00:26:02,400
is deleted or at least put in a state where the average person can’t get into it.

337
00:26:02,400 –> 00:26:08,840
But just keep in mind that doing a password reset does reopen an account in some systems.

338
00:26:08,840 –> 00:26:14,320
If this happens to you, just repeat the deletion process and let it go from there.

339
00:26:14,320 –> 00:26:17,920
And again, make sure you’re keeping good records.

340
00:26:17,920 –> 00:26:22,120
When you delete an account and verify that you can’t get back into it, make a note of

341
00:26:22,120 –> 00:26:26,800
this for future reference because you might forget that you did this in the future.

342
00:26:26,800 –> 00:26:34,160
All right, those are our tips for finding sanitizing and deleting old and unneeded accounts.

343
00:26:34,160 –> 00:26:39,640
Now let’s go over some lessons from our experiences going through this process.

344
00:26:39,640 –> 00:26:45,880
If you haven’t picked up on it already between this episode and the last one, be very, very

345
00:26:45,880 –> 00:26:49,520
stingy about opening new accounts.

346
00:26:49,520 –> 00:26:54,800
Every account presents some level of risk, and you’ll probably find out someday if you

347
00:26:54,800 –> 00:27:00,080
haven’t already that maintaining many accounts is a lot of work.

348
00:27:00,080 –> 00:27:06,480
The second lesson is to close old and unnecessary accounts on a regular basis.

349
00:27:06,480 –> 00:27:12,320
You might want to sit down every year or so to review what you have and close what’s no

350
00:27:12,320 –> 00:27:14,480
longer relevant to you.

351
00:27:14,480 –> 00:27:18,920
The longer that you let these things fester, the greater the risk is that you’re going

352
00:27:18,920 –> 00:27:24,720
to experience an issue like a data breach, the company going out of business, or being

353
00:27:24,720 –> 00:27:31,440
acquired and you don’t know what happened to your data or who has access to it, or you

354
00:27:31,440 –> 00:27:35,520
can no longer figure out how or where to log in.

355
00:27:35,520 –> 00:27:38,400
I’ve experienced all three of these.

356
00:27:38,400 –> 00:27:46,120
So for example, I saw in an old bank statement that I made a purchase at ThinkGeek many years

357
00:27:46,120 –> 00:27:47,120
ago.

358
00:27:47,120 –> 00:27:52,640
This was online only at the time, so I’m assuming that I had to have made an account to make

359
00:27:52,640 –> 00:27:53,640
the purchase.

360
00:27:53,640 –> 00:27:58,920
But when I searched around online, I could not find anywhere to log in so that I could

361
00:27:58,920 –> 00:28:04,560
close my account if I had one, and I couldn’t find any information about what happened to

362
00:28:04,560 –> 00:28:06,200
all of that data.

363
00:28:06,200 –> 00:28:11,040
I’m pretty sure they were acquired by GameStop, but I still couldn’t figure out what happened

364
00:28:11,040 –> 00:28:13,920
to my account if there was one.

365
00:28:13,920 –> 00:28:19,680
I don’t think that this particular case was a big deal, but just keep that in mind.

366
00:28:19,680 –> 00:28:26,000
If you hand over sensitive information to a third-party and just let it go for years,

367
00:28:26,000 –> 00:28:31,120
you might lose complete control over that data at some point in the future if they get

368
00:28:31,120 –> 00:28:38,320
acquired, or if they go out of business and end up transferring your data to another business.

369
00:28:38,320 –> 00:28:44,800
The third and final lesson is to keep good records of current and past accounts.

370
00:28:44,800 –> 00:28:49,640
There’s no way that you can keep all this information in memory, so it behooves you to

371
00:28:49,640 –> 00:28:55,000
have a system for recording this information in a private and secure manner.

372
00:28:55,000 –> 00:29:01,040
We like NAS systems for this reason, which we talked about in our Bigger Insights Technology

373
00:29:01,040 –> 00:29:05,080
podcast episode titled, Why You Need a NAS (Network Attached Storage).

374
00:29:05,080 –> 00:29:10,440
If you do this, decommissioning old accounts is much easier, and this will allow you to

375
00:29:10,440 –> 00:29:13,480
respond to threats much quicker.

376
00:29:13,480 –> 00:29:19,800
For example, next time there’s another major event which may threaten several of your accounts

377
00:29:19,800 –> 00:29:28,400
like Heartbleed, SolarWinds, Log4Shell, Kaseya, Accellion, LastPass, and so on, you might

378
00:29:28,400 –> 00:29:31,600
find yourself scrambling to respond.

379
00:29:31,600 –> 00:29:38,080
So let’s say for example that you need to update the password on every significant account

380
00:29:38,080 –> 00:29:42,480
that hasn’t been changed since May 13th, 2021.

381
00:29:42,480 –> 00:29:47,680
Are you going to know what to do, or are you going to have to change all of them because

382
00:29:47,680 –> 00:29:50,120
you aren’t keeping good records?

383
00:29:50,120 –> 00:29:55,000
If you need help recovering an account and they ask you a question like, “On what date

384
00:29:55,000 –> 00:29:58,920
was your account created?”, are you going to be able to answer that?

385
00:29:58,920 –> 00:30:03,880
For most people probably not, which is why we stress that you keep good records of your

386
00:30:03,880 –> 00:30:05,380
accounts.

387
00:30:05,380 –> 00:30:08,800
And what if you simply want to change your information?

388
00:30:08,800 –> 00:30:14,440
If you move, change phone numbers, or change email addresses, are you going to know every

389
00:30:14,440 –> 00:30:18,580
system that has this information so you can update them?

390
00:30:18,580 –> 00:30:25,080
This is a problem that I ran into years ago when I wanted to delete an old email address.

391
00:30:25,080 –> 00:30:31,560
I hadn’t used it for actual emailing for many years, but I quickly came to the realization

392
00:30:31,560 –> 00:30:35,840
that I did use it to log into many accounts in the past.

393
00:30:35,840 –> 00:30:41,280
So if I deleted the email account without updating all of those other accounts, I wouldn’t

394
00:30:41,280 –> 00:30:43,240
be able to log into them.

395
00:30:43,240 –> 00:30:48,680
This is why we recommend that you also keep track of which systems have which data of

396
00:30:48,680 –> 00:30:49,680
yours.

397
00:30:49,680 –> 00:30:52,440
All right, that’s everything for this episode.

398
00:30:52,440 –> 00:30:56,560
Not the most exciting stuff we know, but this is very important.

399
00:30:56,560 –> 00:31:01,840
So make sure you subscribe so you can see our other helpful content in the future.

400
00:31:01,840 –> 00:31:06,960
Also share this podcast with others so they can take advantage of these insights as well.

401
00:31:06,960 –> 00:31:12,120
And like I said earlier, if you’re interested in our one-on-one consulting services, go

402
00:31:12,120 –> 00:31:16,080
to BiggerInsights.com and fill out the form at the bottom of the page.

403
00:31:16,080 –> 00:31:17,960
Thanks for staying until the end.

404
00:31:17,960 –> 00:31:41,440
Go close some old accounts and have a great rest of your day.

Disclaimer

We are not attorneys or other legal professionals and nothing in this episode should be construed as legal or other advice. See our full Disclaimer for more details.

Support Us

We’re an ethical company that puts our community first. You won’t find us injecting targeted ads or trackers into our website, peddling sketchy products/services, or selling our visitors’ data to 3rd-parties. As a result, our visibility and resources are rather limited.

Please consider supporting us to help keep our mission going. There are several ways to make a difference – from cryptocurrency contributions to simply sharing our content. Every bit of support is greatly appreciated and helps us make the world a more private, secure, and prosperous place.

More Great Content

  • All
  • Finance
  • Privacy & Security
  • Technology
Finance - Budgeting - Financial Planning - Accounting - Asset Allocation - Taxable and Tax-favored Accounts - Cash Finance

Asset Location: Taxable vs. Tax-favored Accounts (401k, IRA, HSA)

Asset Location (AKA Asset Placement) is a strategy for organizing your assets in an optimal way that helps you meet your financial goals. In the previous episode, we focused on asset location strategies for reducing taxes and simplifying your tax return. In this episode, we focus on asset location considerations ...
Continue →
Security - Software - Email - Computer Screen Privacy & Security

Email is Insecure – Here’s How to Improve Email Security

Email was never designed to be private or secure, so not surprisingly, it is neither private, nor secure. In the previous episode, we explained the reasons why as well as the risks inherent to email. However, email is so prevalent that it is unfortunately a necessary evil. In this episode, ...
Continue →
Planning - Concepting - Whiteboard - Tax Planning Tips - Asset Location - Asset Placement Finance

Asset Location: Reducing Taxes & Simplifying Your Tax Return

Asset Location (AKA Asset Placement) is a strategy for organizing your assets in such a way as to reduce tax burden, simplify your tax return, and manage risk. We discuss our Asset Location strategies, which includes specifics about tax treatment for growth stocks, dividend stocks, taxable bonds, real estate investment ...
Continue →
Drake - Bad Choice-Good Choice - Linux vs Windows macOS ChromeOS Technology

Linux Doesn’t Suck – Here’s Why Even Normies Should Use It

Linux has long been viewed as a science fair project for nerds. We explain why Linux doesn’t suck and why it's now usable even for normies. Some of the items discussed: Issues with Windows, ease of use, performance (efficient use of resources), hardware support, application support, OS licensing, concerns about ...
Continue →
Email - Mobile Phone - Privacy and Security - Technology - Hands Privacy & Security

Email is Insecure – Stop Using it for Sensitive Communications

Email is the primary means of sending messages and documents for many people. Unfortunately, email was never designed to be private or secure. Over time, we’ve developed several tools and techniques to help make it more secure. But at the end of the day, no matter how uncomfortable it makes ...
Continue →
Woman Shopping - Holding Shopping Bags - Retail - Spending Money Finance

What Does it Mean to be Able to Afford Something?

Most everyone will agree that you shouldn’t buy things that you can’t afford, yet so many do. Why is that? It seems to us that one of the reasons for this is because many don’t know what it means to be able to afford something. Spoiler alert – it doesn’t ...
Continue →
Scroll to Top