With all the big companies that want to gather information about you, and all the bad actors who are equally eager to mine your personal details, you may feel that there’s no hope, that your privacy is irretrievable. Don’t give up! The first step to protecting your identity is to take a census of just what’s out there. Bitdefender Digital Identity Protection looks at both legal and illegal collections of data and pulls its findings together into an actionable report that gets smarter as you help fine-tune it.
There are many approaches to privacy and identity protection. Bitdefender doesn’t aim to take the place of LifeLock, a service that aims to detect and remediate identity theft. Rather, it focuses on protecting your online accounts, data, and reputation. Abine DeleteMe finds your data on legal websites and handles opting you out of data collection. Bitdefender, on the other hand, identifies the sites where it finds your private data, but leaves any opt-out action to you.
These different approaches result in different price points. DeleteMe must employ human agents to perform some of its opt-out activities, which explains its price of $129 per year. With LifeLock, you get help from human agents, replacement of stolen funds, and other guarantees, for anywhere from $11.99 to $34.99 per month. A yearly subscription for Bitdefender Digital Identity Protection lists at $79.99, currently discounted to $59.99.
Bitdefender’s features aren’t unique. LastPass, Keeper Password Manager & Digital Vault, and other password utilities report on breached passwords, so they can help you recover. Many antivirus utilities report when your personal data shows up in a data breach. However, Bitdefender does fine job of organizing and presenting its findings, along with actions you can take to improve your privacy and articles to help you understand what’s important.
Getting Started With Bitdefender Digital Identity Protection
This service lives online, as part of the Bitdefender Central website. There’s no local application. To get started, you log in to your Bitdefender Central account, or create an account. On the My Subscriptions page, you enter your activation code, then click Start Onboarding to set the process in motion.
You might expect the service would want you to enter reams of personal data, letting it know what to seek on the web. Nothing could be farther from the truth. It asks for your full name, your email address, and your phone number. It verifies the email and phone by sending a code that you must enter. This keeps malefactors from abusing the service to snoop on private data other than their own.
Once you’ve done that, Bitdefender goes to work searching the web, both legitimate sites and dark web sites. Before long, it comes back with a boatload of personal information that it found just using the minimal data you supplied.
The Digital Identity Monitor Dashboard is your overview of the services findings. There’s a lot to see here. Fortunately, you don’t have to master it all at once. The dashboard has three main sections: Digital Footprint, Data Breaches, and Impersonation Check.
At the top of the dashboard is a summary of your digital footprint, meaning the number of personal data items found and the number of websites involved. You can (and should) click to see the entire digital footprint list; I’ll detail that below.
Just as important is the Accuracy Checkup panel. Not everything found by the service is necessarily yours, especially if you have a common name. You’ll get questions like “Have you ever owned or been associated with this URL?” and “Did this email ever belong to you and do you have access to it?” For each item you can click Yes, No, or Skip. Yes marks the item as valid, No discards it, and Skip puts it aside for later. Just do a few each time you look at the page. You can also go down the items in the digital footprint list and verify them there.
A simple chart compares the amount of personal data found for you to the average amount among all users. As an author, I have a larger presence on the web than the average user, so it didn’t surprise me to find my exposure almost four times the average.
Another chart shows your digital footprint’s growth over the last 10 years. For each year, it counts the data items that were seen on or before that year. Quite a few data items don’t come associated with a particular year. The chart doesn’t include those, so the latest total probably won’t match what’s in the digital footprint summary.
I should note that most of the panels come with a link to explain why the data is important, or why you should take certain actions. A panel of quick reads offers articles that go a bit deeper. I appreciate this emphasis on helping users understand how digital exposure affects them, and what they can do about it.
The first part of the dashboard covered legal sites that happen to have information about you. The next set of panels relates to personal info’s appearance in data from breaches. Here, too, there’s a panel for breaches over time, and one comparing your numbers with those of the community.
You can click a button in the summary to view a full list of data breaches containing your info. More importantly, you can take action to deal with the fallout from those breaches. I’ll discuss what you can do below. As you deal with breaches, a meter in the dashboard displays your progress.
The last thing you want is some goon imitating you on Facebook or any other social media site. These fakers grab your photo and anything else available on your public profile and try to fool your friends into connecting. Bitdefender scans almost 30 social media sites, among them Facebook, Twitter, Pinterest, LinkedIn, and even Friendster for profiles with data similar to yours.
Why would you care about a breach at Friendster, or Google+, or TwitPic, or any defunct social media service? Well, the site may be gone, but the breached data still floats around the dark web. You may not be able to change your password anymore, but you can ponder whether you may have used that password somewhere else, somewhere more sensitive.
The dashboard lists the most prominent matching profiles, with a button to see everything it found. This process should find your actual profiles, naturally. You can mark any found item to say that it’s yours, that it’s an impersonator, or that it’s something else. A meter on the dashboard tracks the profiles you’ve checked.
Get Busy Verifying
Seeing the details captured by Bitdefender is interesting, but for real value you need to go through and verify them. You can do a few at a time, or sit down for a marathon session, whatever suits you best. Once you’ve swept away the items that aren’t actually yours, and verified those that are, Bitdefender can tune its search and find even more information.
You can certainly use the Accuracy Checker dashboard panel to plink away at data items, but if you plan to power through a big verification session, you’re better off viewing the full digital footprint report. In testing, I found that some of the items came pre-verified, with a clear list of where they were found. The majority, though, had the list of locations blurred, and a link to verify the item. The blurring makes sense: if the data item isn’t yours, it’s someone else’s, and blurring protects their privacy.
Some items are simple. Click to verify your gender, for example. Click an address where you live or once lived to approve it, or discard addresses that were never yours. Bitdefender found every address I’ve had since the internet began. It also found some clinkers that I discarded—I’ve never lived in Canada or Burkina Faso.
With email addresses it gets more complicated. The service asks a two-part question—have you ever used this email account, and do you have access to it? If you select Yes, you must log in to the account and collect a verification code. Bitdefender found an address of mine on an ISP that folded 20 years ago. Even though the address was totally mine, I had to choose No, because I had no way to collect the verification code.
Likewise, to verify a phone number you must enter a code texted to that number. I recently moved and canceled a phone line I had for 25 years, a number that would clearly be useful in identifying my personal info on the web. I had to reject that number, though, because it no longer exists. Even if that number still worked, I couldn’t have verified it, because you can’t verify a landline. My Bitdefender contacts tell me they are working on a voice-based system to speak the code, for landline verification.
I had one small problem when dealing with the many snail-mail addresses that Bitdefender found. When I clicked Verify and selected No, my mouse cursor was right on the three-dot menu for the item above. Apparently, I clicked twice, or the page received two clicks, which brought up a menu that just contained the word Remove. I clicked it, thinking this was part of the process. Doing so removed the valid address line above. My Bitdefender contacts tell me that while an undo feature is in the works, at present the only way to get back an item you removed in error is to work with tech support.
I found the next section, titled References, utterly mystifying. It contained seven entries, each a numeric code followed by @ and by the name of a social media page such as LinkedIn, Facebook, even Friendster. I recognized the Facebook one as the numeric ID for my account, but the rest were totally unfamiliar. I imagine the average user would be completely baffled. I marked those as not mine, figuring that’s what most users would do.
The final section, URLs, included some obvious connections and some that seemed irrelevant. My author bio page on various magazine sites was clearly valid, as were a seemingly random selection of PCMag articles. Others clearly had someone else’s name embedded, making them easy to reject. That left a collection of confusing items such as forum entries with no other identification and some apparently random websites. I verified everything I was sure of and rejected everything else.
There’s one more thing you can do to help Bitdefender monitor your personal data. Chances are good you use more than one phone number and email address. Clicking the plus icon at the top right of the dashboard lets you add those. As with your initial entry, you must verify each address or phone number by typing in the time-limited code sent by Bitdefender.
Once More Into the Breach
Getting Bitdefender clear on just what personal info is yours and what isn’t helps it in its ongoing search for your personal data on the legitimate web. When your details turn up in a data breach, that’s rather more serious. Bitdefender lists all the breaches that included your data and offers detailed advice.
Poring over the list, I found the items fell into four groups. First, there were accounts I totally recognized, with a link to the password-change page for that account. A similar group were accounts that I did not recognize, but that still had a password-change link. Another group advised changing the password but lacked that helpful link. Finally, it identified some as data breach collections, without the advice to change a specific password. All but the collections also advised turning on two-factor authentication. When you’ve updated the password you click a button to mark that task done, and likewise when you’ve enabled two-factor authentication.
Some of the items it found were ones I already knew about. The instant messaging aggregator Trillian had a breach five years ago. Since I wasn’t using it, I canceled my account, but my email remains present in the breached data. Bitdefender advised changing my password and enabling two-factor authentication. I marked both as done, given that the account no longer exists.
To continue, I dug into the individual reports. I already knew about the breaches at Malwarebytes and LinkedIn. I changed those passwords and enabled two-factor authentication ages ago, so I registered my actions with Bitdefender.
Next, I went through the sites that offered a password-change link but that I didn’t recognize. Among these were Adapt, Apollo, and ShareThis. In each case I clicked the link and used the Forgot Password option to see if I could access the account. And in each case, the site reported no active account found. At this point I wished for the ability to record something other than Done or Not Done. It’s hard to change the password or enable two-factor authentication for an account that doesn’t exist.
The situation was effectively the same for sites like Evite and RiverCityMedia, where Bitdefender advised changing the password but didn’t offer a link. In each case I found there was no account associated with the email account reported as breached.
Finally, I examined the collections, things with names like You’ve Been Scraped, Anti Public Combo List, and Exploit.in. There’s no single password to change for these, and no two-factor authentication. Bitdefender advises “changing the logins to all your online accounts associated with your breached data,” which means all of them. Not surprisingly, I didn’t do this. I don’t think any user will do it, even with the help of a password manager. And I worry that this impractical advice could discourage users from dealing with the actual, actionable breaches.
Make no mistake, this breach report is a useful security service. I recommend that you check all the breaches reported on specific sites, and change passwords for those where you have an account. Add two-factor authentication for enhanced security. But don’t worry about the collections.
Bitdefender never asks you to fill in your social media details. Rather, it scans almost 30 social media sites looking for profiles that might be yours. It’s essential to check these and claim the ones that really are you. That makes any impersonators stand out. My experience dealing with the five profiles found by the monitoring system was a mixed bag.
I post a link to every article I write on Twitter. My Twitter account is easy to find, and Bitdefender easily found it. The only oddity was that it appended a component to the URL that caused Twitter to use Catalan as the display language. Seriously?
As for LinkedIn, when I clicked the link to check what Bitdefender found, LinkedIn suspected I might be a robot. It gave me a couple of odd tasks to prove myself human, like clicking on arrows to turn a picture right-side-up. After that, it correctly showed the public page of my LinkedIn profile.
I made sure I was logged out of Facebook before trying the link to the profile Bitdefender found. In every browser I tried, I got an error message. It turns out the mistake was mine. To view the public profile for any page, even your own, you must be logged in. And yes, it was my own profile.
The last two found profiles were a bit odd. Google+ shut down in 2019, and Twitpic has been dead since 2017. But Bitdefender found enough traces to determine that a profile had existed for each. When I logged into my Google account, it explained that no access to Google+ is possible. As for TwitPic, clicking the supplied link displayed a rather nice photo of a red-leaf lettuce, nothing more.
It appears that I do not have any social media impersonators; I’m grateful for that. In the app, I claimed the Twitter, LinkedIn, and Facebook profiles as my own. As for Google+ and TwitPic, I appreciated the option to check “It is something else.”
There are many approaches to protecting your privacy and your personal data. As mentioned above, instead of just reporting on which legitimate data collectors have your personal info, Abine DeleteMe actively opts you out of being collected. LifeLock watches for signs of identity theft and helps you recover, including paying back cash stolen by identity thieves.
You’ll note that a lot of the data found by Bitdefender involves email addresses, whether in legitimate data collections or in dark web data breaches. One approach, taken by such tools as ManyMe and Burner Mail, involves protecting your actual email address by managing Disposable Email Addresses (DEAs). With this system you never give out your actual email. Each contact gets a different DEA, but the messages all come to your regular inbox. And if you start getting spam or problems on a given DEA, you just cancel it.
Abine Blur takes the concept even farther. Using Blur, you can interact and shop online without giving out your actual email address, credit card number, or phone number. Blur also includes a password manager and other privacy features.
Expensive But Effective
Bitdefender Digital Identity Protection scans the web and the dark web and reports where it found your personal data. You can improve its accuracy by verifying (or discarding) the data items it found, and you really should deal with any instances of breached accounts. If somebody is impersonating you on social media, you’ll thank Bitdefender for fingering the perp.
This service doesn’t aim to detect and mitigate identity theft, nor does it help you get your data removed from legitimate aggregator sites. Once you’ve gone through the steps of validating found data, dealing with breaches, and claiming your social media accounts, nothing happens unless the monitor detects a new instance of exposed personal data. I don’t think I’d pay $79.99 per year for that, or even the discounted $59.99 price. But if you have the cash to spare, the service is worthwhile.
There are a huge number of different ways to protect your identity and privacy online. Picking out what’s best is tough, since their aims are different. We’ve identified Abine Blur as an Editors’ Choice because it offers a wide variety of privacy features that are quite useful. Our other privacy Editors’ Choice, PreVeil, takes a completely different tack, offering high-tech encrypted email that’s both easy to use and free.