Nav Toor Profile picture
Helping you master AI daily with step-by-step AI guides, latest news, & practical tools • DM for Collabs

Jun 27, 13 tweets

My friend in London opened a free website last week.

He typed my full name.

14 seconds later, it showed my old address, my old email, and a password I used in 2019.

I haven't lived at that address in 4 years.

He said one sentence I'll never forget:

"Everyone you know is on this site. Most don't know it."

Here's exactly how to find what's exposed and start erasing it 👇

Step 1: Go to

Type your email. That's it.

The site shows you every data breach your email has been caught in. Every leaked password. Every compromised account.

It currently tracks over 15 billion compromised accounts across 1,000+ known breaches.

Free. Anonymous. No signup.haveibeenpwned.com

If your email shows up in a breach, do 3 things in this order:

1. Change the password on the breached account immediately.
2. Change the password anywhere else you used the same one.
3. Turn on 2-factor authentication (2FA) on that account.

The biggest danger isn't the original breach. It's that hackers test your old password on every other site you use.

Step 2: Install a free password manager.

Bitwarden is the most recommended. Open source. Free forever for personal use. Works on every device.

It generates a unique random password for every account. Auto-fills them. You only remember one master password.

Wirecutter (New York Times) named Bitwarden one of the 2 best password managers of 2026.

bitwarden.com

Step 3: Turn on 2-factor authentication on these 5 accounts today:

Email (the keys to your kingdom).
Bank or financial app.
Apple ID or Google account.
Main social media account.
Cloud storage (iCloud, Drive, Dropbox).

Use an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator). Not SMS, if you can avoid it.

SMS codes can be intercepted with a SIM swap.

Step 4: Use Google's "Results About You" tool.

This is a free Google tool that lets you request removal of search results containing your personal info (phone number, home address, email address).

You report the result. Google reviews it. Often removes it in a few days.

Most people have never opened it.

Search: "Results about you tool" on google.com

Step 5: For US residents, the biggest people-search sites are:

Spokeo, Whitepages, BeenVerified, MyLife, Intelius, Radaris, TruePeopleSearch, FastPeopleSearch.

Each has a free opt-out page (e.g., ). You submit your info, they remove your profile.

The catch: data reappears every few months. You have to repeat the process.spokeo.com/optout

Step 5 for UK and EU readers:

Under GDPR Article 17, you have a legally enforceable "right to be forgotten."

UK people-search sites: 192.com, Whitepages.co.uk, ThatsThem, Pipl.

Send a GDPR removal request email to their data protection officer. They must respond within 30 days.

For India and other regions, contact the site's data protection contact directly.

Step 6: Use a privacy-respecting email for sensitive signups.

ProtonMail offers a free tier with end-to-end encryption. 1 GB storage. 150 emails per day. Free forever.

Use it for banking, medical sites, anything sensitive.

Keep your normal Gmail for daily junk.

proton.me/mail

Step 7: Remove EXIF metadata from photos before posting online.

Every photo your phone takes contains hidden metadata: GPS location, time, device model.

iPhone: Share photo, tap Options at top, turn off "Location."
Android: Use the Files app to remove EXIF, or post via Telegram which strips it.

A single Instagram photo of your home can reveal your exact address.

Step 8: Use virtual cards for online purchases.

When you give a website your real card, you're trusting them with it forever. Most don't deserve that trust.

Apps that give you a virtual card number (different every time):

Revolut. Wise. Privacy.com (US only). Many banks now offer this built-in.

Limits per-card, freezes anytime, no impact on your real card if a site leaks.

One honest note before you continue:

Full privacy is impossible. Data brokers will keep collecting. Old leaks won't disappear from the dark web.

But these 8 steps cover roughly 80% of the exposure most people have.

A weekend of work. Free tools. Permanent peace of mind.

The reason most people don't do this isn't that the tools are hidden.

It's that we've been trained to think privacy is the cost of using the internet.

It isn't. The tools are free. The process takes one weekend.

Your name on a random people-search site shouldn't reveal your home address.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling