Can You be Cyber-Stalked? The 30-Minute Google Challenge

What traces do you leave on the Web? Two PCWorld editors try to dig up dirt on their coworkers in under 30 minutes.

A blog here, a screen name there, an old social-networking profile or two--the more you use the Web for work and play, the easier it is for others to dig up dirt on you. And while you may not worry much about a few errant comments or tags, you'd surprised at how complete a portrait someone can paint of you with a few quick Google queries.

To see what this means in real life, we subjected two brave colleagues to the 30-Minute Google Challenge. Armed with our targets' full names and personal email addresses, we set out to dig up as much information as we could: real-world addresses, phone numbers, pictures of them in compromising situations...all that good stuff.

What we uncovered might scare you a bit. Even if you're a complete goody two-shoes, it's hard for you to avoid leaving any tracks whatsoever on the Web. That said, we did identify a few precautions that can help you avoid the scrutinizing eyes of a snoop.

Patrick and Editor No. 1

As soon as I got Editor No. 1's name and email address, I began racing through Google listings, using one tab for her name's search results and another tab for her email results, so that I could toggle between them. Problem was, her email address was a standard first-name/last-name combo, so I didn't have a juicy alternate handle or screen name to work with.

The first few findings were pretty simple: Her Twitter, a few old social-networking profiles, and her Facebook and LinkedIn accounts. The older social networking profiles were set to private, so I couldn't collect any data from those, but her Facebook and LinkedIn accounts revealed her current city, employer, and alma mater. Also, I found a photo album of her hanging out on some beaches in Hawaii. (That's not creepy at all.)

After scanning the Google results a bit longer, I found a few older non-tech-related articles that she had written, but that was about it. So I headed off to various people-finding services to dig up dirt ( and CriminalSearches came to mind after reading our "Free Online Background Check" how-to). Alas, she didn't have a criminal record, and neither Pipl nor Spokeo were able to locate her any more precisely than by her current city of residence, which I already knew.

With 10 minutes left on the clock, I began scanning through her public Twitter feed in one window and running Google search queries in the other, to no avail. By then, I was pretty sure that Ginny's Google-Fu would beat mine, so I started throwing some Hail Mary search queries out there--[Editor No. 1's name] + scandal, jail, and so on. No bites. Whatever she's done to secure her online privacy seems to be working fairly well, as any would-be stalker (like me) would be hard-pressed to find much without getting her to add me on Facebook or phishing her password.

Editor No. 1's reaction: I have a fairly unique first name and a sort-of-common last name, so I thought Patrick would be able to dig up more dirt on me. I've been a ruthless social-networker since Mark Zuckerberg was still in elementary school: I was on Friendster the first week it went live, I kept a Livejournal in high school, and I've posted on a clutch of music messageboards throughout the years. I've used quite a few online handles and usernames in my life, however. Though they are more or less the same, each one has slight variations in its spelling. For example, my Twitter name is slightly different from my Tumblr name. I also tend not to use my full name on many social networks, and I keep a lot of my profiles locked down.

Ginny and Editor No. 2

This editor has a fairly common first name and last name, so I thought I'd have a hard time digging up some dirt on him. Sure, I could probably find some incriminating evidence on a different guy with the same name, but that wasn't the point of this exercise (and it isn't any fun). Luckily, he has a unique email address, and I had a sneaking suspicion that he used that handle in multiple places. A quick Google search proved me correct: I immediately found this editor's Twitter account as well as his page. The page led me to his YouTube account, as well as a personal blog. From my original search, I also found his Reddit profile. Did this editor know that every single one of his comments is visible to the public?

After digging up some serious TMI from Reddit, I moved on to Facebook. I found both a professional and personal Facebook profile for him. His personal Facebook profile provided me with both his phone number and his AIM name. This AIM name was completely different than his e-mail handle, so naturally I Googled that to see if he used it more than once. I found an old, hardly used Livejournal account. I was about to move on with my search, but then I struck gold: One of the entries had a link to his very old Xanga account. I barely even remember Xanga!

I was running out of time, so I turned to a search engine built specifically to find dirt on people: ZabaSearch. If you've never heard of ZabaSearch, you should familiarize yourself with it immediately. Basically, it cross-checks various online databases, such as Intelius, Yellow Pages, and Spokeo. From there, it supplies old addresses, phone numbers, names of family members, and other extremely personal information. A search for this editor on led me to the address of the house he grew up in, a view of that house on Google Streetview, his family's estimated income, and his father's name. Yikes.

Editor #2's reaction: Honestly, I knew that I had left some pretty revealing stuff attached to my name and handle, but I didn't think Ginny would be able to find so much so quickly. There's plenty of stuff out there I'm not worried about people having access to (I tend to be a rather vocal person on the Internet, and that's fine), but the fact that my home phone number and Google Street View pics of my parents' house and address are so easily available is rather creepy, to say the least. I was also surprised that my name and go-to Internet handle are an entry point to finding my older blogs, handles, comments, and other pages. I used to use completely different handles and names for my Web work and play, so I figured those would be harder to find.

Can You Prevent Any of This?

The best way to stay out of Google search results, of course, is to stay off the Internet--shut down your Facebook, keep your blogging to pen and paper, and stick to talking on your cell phone with friends. But if you'd rather not go to the extreme of ditching your Web-based social life entirely, you can take steps to stalker-proof your Google records by using different names and handles, keeping your accounts private, and vigilantly deleting accounts you don't actively use. Also, before anyone else tries it, it's a good idea to run a 30-Minute Google Challenge on yourself every now and then to keep yourself honest.

Join the CSO newsletter!

Error: Please check your email address.

Tags GooglesecurityConsumer Advice

More about FacebookGoogleTMIYellow Pages

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Patrick Miller and Ginny Mies

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts