Below is a list of tools and resources that may help with auditing and deletion. Though we do our best to keep this list updated, the data industry has strong incentives to break any tool promoting deletion. If you think something is outdated or missing from this list, please contribute here.
The next Deletion Day
is on April 4th
The following lists contain dozens of companies who make money by aggregating data about you. Be prepared: some of these companies know your address or phone number. Some opt-outs will be relatively frictionless, but many are difficult by design. We hope the following resources will help, especially with companies that try to obscure their legal obligation to fulfill deletion requests.
- The Big Ass Data Broker Opt-Out List
- Motherboard’s Long List of Data Broker Sites and How to Opt-Out of Them
Sadly, it doesn’t take much to uncover the identity or even whereabouts of an average Internet user. Stalkers, harassers, online vigilantes, and bored assholes could decide to target anyone. Innocent people are doxed and harassed frequently on the Internet.
Part of being safe online is knowing the risks. “Reconnaissance” tools exist with the express purpose of tracking down individuals. They are free, easy to use, and widely available. With this knowledge, there are steps you can take to protect yourself. We’ve listed some guides below:
- Slate Magazine: Why You Should Dox Yourself (Sort Of)
- The Online Harassment Field Manual’s Protecting Information from Doxing
Precious memories can exist within online spaces. Below are suggestions for how to reclaim your content from corporate ownership, but we recognize the importance and sentimentality of such data. All of these sites have export or backup features which let you download your data to a private hard drive before deleting them. You may wish to investigate these options before proceeding.
Great news: after enough public outcry and over a decade of legal pressure, Facebook now has an official help article titled “How do I permanently delete my Facebook account?”. This should be all you need if you want to completely delete your profile.
If you want to keep your Facebook account but remove content you’ve uploaded, it’s a more involved process. Facebook doesn’t offer official tools for bulk deletion. But it’s still possible – here are some links to get you started:
- The quickest way to delete photos you’ve uploaded is by deleting full albums. You’ll still need to delete your profile pictures and cover photos one-by-one.
- Facebook Mobile has a bulk-delete feature called Manage Activity. It’s a little confusing, so The Verge wrote a guide on how to use the feature.
- Friends’ birthdays can be bulk exported from Facebook and imported into your calendar of choice. This guide covers importing events into Google Calendar, and the process is similar for other calendar apps. Facebook frequently changes this process, so up-to-date instructions are best found via a search engine.
- If you or a friend knows how to program, several open-source projects exist to help delete (or “scrub”, “clear”, “wipe”) your post history. A quick search should find a project relevant to your skills and needs, but here’s a recently updated Python utility.
- You can view, audit, and remove apps and websites you’ve used Facebook to log into from the settings page. These can have privileged access to your data and are worth limiting.
- More bulk tools are detailed in “How to Quickly Delete Old Facebook Posts”. We have not performed a security audit on any third-party deletion tools, and thus cannot endorse them.
Similar to its parent company Facebook, Instagram provides clear instructions for fully deleting your account. However, if you want to delete the photos from your account but keep your username or followers, there is no official supported solution.
- Depending on how many photos you’ve posted, your quickest option might be manually deleting photos one-by-one.
- You can also rely on third-party apps, as detailed in this article. We have not performed a security audit on any third-party deletion tools, and thus cannot endorse them. Please make up your own mind about these tools.
If you’re in a bind, we suggest you restrict your privacy settings and explore another option before giving your login details to closed-source third-party tools.
To deactivate your account, here is an FAQ entry. Your comment and post history will remain, but your username will be replaced by the string
We recommend obscuring or deleting prior posting history before deleting your account. We have had success using the following:
The quickest way to permanently remove a Twitter account is to deactivate it.
If you want to delete your tweets or likes without deactivating your account, these options may help:
- Computer security engineer Micah Lee runs a service called Semiphemeral. The service enables flexible deletion of old tweets, likes, and direct messages.
- If you or a friend knows how to program, Twitter has an API that permits deletion. There are great libraries for accessing the API from many common programming languages. For example, here is a Ruby script to delete tweets beyond a certain age, and a matching script for Twitter likes.
- If you don’t want to program a solution, there are third-party options for timeline deletion. We have not performed a security audit on any third-party deletion tools, and thus cannot endorse them.
By default, Twitter stores and publishes location data alongside your tweets. You can turn it off here. There is an option to delete all location information you’ve uploaded in the past.
Major social media accounts are often linked to other apps. If you don’t fully delete an account, you can still audit which apps have permission to access and modify your data. Here’s an excerpt from Day 9 of Crypto Christmas:
Some products are built on top of larger services like Facebook, Gmail, or Dropbox. Whenever we add a new “integration” to an existing account, we give permission for the added service to read our information, track usage, or post on our behalf.
The problem with integrations like this is that it’s not always obvious what you’re handing over to companies when you authenticate.
Listed below are direct links to check third-party permissions: