Realtor Privacy in the Digital Age

By Ryan Huggins, CISA, CICP, C-RISC, Broker

Privacy.  In the aftermath of large publicized data breaches such as TJ Maxx, Office of Personnel Management and the California Association of Realtors as well as the Edward Snowden revelations, Facebook's Cambridge Analytical scandal and privacy legislation such as the European Union's GDPR, privacy is more and more in the forefront of people's minds.  But what is privacy?  Merriam-Webster's dictionary defines privacy as "freedom from unauthorized intrusion."  What does that mean?  Well going back to my computer security days, privacy is considered one of the four basic pillars of computer security.  Simply put, privacy is "being able to do something without an unauthorized third party knowing about it or it's details."  You could also define it as a "lack of eavesdropping."

One classic example of this is being on a coffee shop wifi and not worrying about the person at the other end of the cafe watching the internet traffic and seeing your login and password for your bank.

Recently in one of the Realtor networking groups I actively participate in, Active Rain, there was a question posed which sparked a very interesting discussion.  The Realtor had recently performed a Google search on herself and found that there was an uncomfortable amount of personal information about her out there on one of those "My Life" people search engine sites.  This information included possible passwords, phone numbers, email addresses and past physical addresses.  The question, which I answered at length, was about how to remove that information from the web.  After having a few conversations with various members, I decided to write this blog post to help educate my fellow real estate agents, Realtors and Brokers.

How much is too much?

While this is a personal decision for each and every person, it is an especially interesting for those of us in professions which require an internet presence.  For me, I don't mind if certain "newsworthy" items are posted about me or if my phone number and email are readily available... heck, that's a must in my book if I want to stay in business!  But where I draw the line is personal data.  Physical addresses, banking, health, licensing and government related items.

How do you remove information?

XKCD.com comic regarding the true value of customer rewards cards

Before we can discuss removal, we have to first understand how these sites get their information in the first place.  Most of these sites get their information from companies known as "Data Brokers".  These companies gather all the information they can on you from "open source" public information that is 100% legal to access.  Some of these sources include county assessors offices, tax filings and even the phone company.  Then there are the more interesting sites, such as LinkedIn, Facebook, MySpace and then services like your frequent shopper cards (you didn't think that two for one deal was out of the goodness of the company's heart, right?) and even sites like Pastebin, that publish information found in data breaches.

So how do we stop this information from ending up on these data brokers' servers?  Well, the first thing is to stop publishing what you don't want them to know about!  You must assume that anything you post in a social network or anywhere on the internet may be seen by someone you didn't intend and didn't want to see it.  Classic cases involve people who called in sick to work and then posted about being at the Dodger game or down at the beach.  I've even helped a Human Resources Department or two investigate these.  Those posts, while supposedly private, ended up catching the wrong person's attention and ended up with the employee being reprimanded or worse.  My recommendation: either abandon social media all together or severely limit what you post on it.  Are you worried about some of the things you may have posted in the past?  There are ways to automate the deletion of your Facebook history.

Some of you may recall a few Presidential elections back when Sarah Palin ran for Vice President.  During this election her personal email was hacked exposing some private information.  How was this hack done?  They didn't crack any passwords, they simply looked at her social media and found out her wedding date, her high school and her kids names.  They then used this information to answer the "Forgot Your Password" security questions and them reset her password and locked her out.  I recommend against publishing this information on social media, that includes liking a Facebook group for your graduating class.  It's not enough to put the "School of Hard Knocks" or "Starfleet Academy" as your school.

Other steps you can take are to clear and disable your search histories on sites like Google.com and Amazon.com  Additionally, you can even use search engines like DuckDuckGo and StartPage to search anonymously.

The next step would be contact the sites and ask them to remove your information.  There are dozens, if not hundreds, of these sites out there so this can be a daunting task.  Luckily for us, there are three main data brokers which provide most of these sites with the data they sell.  There are Intelius, Acxiom and Innovis.  Getting your information removed from these sites is a good start.

In addition, going through the three main credit bureaus and the three smaller bureaus (yes, there really are six credit bureaus) to freeze your credit is another way to not only help protect your privacy, but to help guard against identity theft.

There are several resources on the web to help you with removing your data from data broker's sites.  Some companies are available and charge for their services, but this is something you can do for free.  By far my favorite resource for this is the workbook from Michael Bazzell's book "Hiding From The Internet" which you can find on Amazon here.  There are also other data broker lists online here and here, which I found while researching further for this blog.

What else can I do to protect my privacy?

Is this all I need to do?  Is there anything else I can do?  Yes, there is!  The totality of what you can do is too large to cover in just this blog post, but I will give you what I consider to be some of the most important things you can do.

• Google Maps Street View - We all love using Street View when checking out a new restaurant or looking for the best parking lots around the Staples Center, but does your house need to be visible?  While that's your decision to make, for me I decided "no" on that.  Google has the option for you to request they blur out your house from Street View.  Back when I did it several years ago, it was at Google's discretion.  This will not impact the satellite map or any other street view type service from Bing, Apple or any of the other providers out there.  You'll need to see if they have the same removal options on their sites.
• Google Maps, Apple Maps, Waze and other mapping apps - While these apps are great at planning out how to get to your showings or listing appointments, they also track and store where you've been and where you're going.  There was a good article published recently about how to clear your history, you can find it here.
• Getting a P.O. Box - This is probably one of the most important steps out there.  Get a P.O. Box at a "Mail it Quick" or "UPS Store" type provider, where you can get a physical address like "123 Main Street, Unit 135".  These do not show as a "PO Box" and since someone is there to accept deliveries, you can even have packages sent there.  I recommend having all of your important mail sent to this address.  That includes bills, statements, DMV notices, etc.  This will start to move the public records of your physical address to the PO Box instead of your actual home.  Plus, these boxes are usually more secure than the one outside your home so you are less likely to get your mail stolen.
• Opting out of pre-screened offers - There are sites out there where you can opt-out of getting all those special offers, like credit cards, in your mailbox... plus it reduces the amount of junk mail you receive.  This helps to remove your information from additional databases.  Some of these sites may require you to opt-out every six months though, so make sure you read the site carefully.
• Putting your home into a trust/LLC/etc. - Before I go into the benefits of this, I must state that I am not a lawyer and you should speak with your counsel and tax specialists before making any changes, as there could be tax and other consequences to any action you take.  Putting the title to your home in a trust or LLC is one step you can take to make it that much harder for someone to do a public records search and find your home address.  In addition you can have your mailing address for the county assessor's office set to your PO Box, creating an additional layer of protection.  Using a trust or LLC is common, with the Living Trust being the most common for caring for your loved ones after you die.  If the state you live in will allow it, having a trust name that does not have your name in it will give you the most privacy protection.  If your state does require it, try to put it at the end of the trust name.  That way there is a chance it may not display on the public record search, if the name field has a set display length.   The Hiding From The Internet Book goes into a greater level of detail on this and is a must read, in my opinion.
• Professional licenses - Many people put their home address on various professional licenses.  Real estate agents are no exception.  Where legally allowed, you should consider putting your PO Box as the address of record for any professional license or license for any hobbies.  This is especially important if there is an online method the public can use to research your license, such as the FCC's database or the California Department of Real Estate's "License Lookup Tool".

Additional Resources

This blog only scratches the surface of what is out there to protect your privacy.  There are many, many additional resources for those that are interested in diving deeper into this field of study.  Some of my favorites include:

• The previously mentioned Hiding From The Internet by Michael Bazzell
• COMSEC by Justin Carroll and Drew M. Off-The-Grid Communication Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe
• Michael Bazzell's "Privacy Security & OSINT Show" podcast
• Proton VPN to encrypt your traffic
• Silent Pocket Faraday bags for your phone, wallet, passport, car keys, etc. to protect from electronic eavesdropping.  Regular, Leather, Extra Large
• Password managers to create strong passwords and securely store them, such as Last Pass.
• "Have I Been Pwned" is a great site to see if your emails have been seen in any data breaches.  It can also monitor and alert you if it finds anything in the future. A similar service is "DeHashed"
• Proton Mail to send encrypted emails
• Puri.sm makers of a privacy focused operating system, chat and email clients, phones and computers
• System76 makers of a privacy focused operating system and computers
• The Electronic Frontier Foundation The leading nonprofit organization defending civil liberties in the digital world
• OpenOffice or LibreOffice - computer based office programs without the bloat and online concerns of Microsoft and Google's offerings
• EPIC - The Electronic Privacy Information Center
• Schneier on Security - A highly regarded security blog from Bruce Schneier, a well respected cryptographer and security expert.  While focused on data security, it also covers privacy issues
• Stop Think Connect - DHS sponsored privacy and security educational site
• How to wipe location data from mapping apps
• Create temporary virtual credit cards for online shopping at Privacy.com and Blur
• https://www.privacytools.io/ - Website listing privacy minded alternatives to name brand tools like Google, Outlook, etc.

I hope you have enjoyed this blog and have learned something you can implement to better protect your privacy, now go out there and implement it!

Please email me if you have any questions at Ryan@HugginsHomes.com  I'd be happy to discuss them with you.

DHS's "Stop Think Connect" Cyber Security Program

Huggins Homes is a proud partner of the Stop Think Connect campaign.

Disclosures: Please consult with the appropriate specialists before implementing anything from this blog, especially with regards to title and LLCs.  There may be tax or other legal consequences that only an expert in those areas can advise you on.  Ryan Huggins and Huggins Homes will not be held accountable for any loss, damage or other negative issues arising from your use of the information provided here.  Additionally, some links contain affiliate program links and the author of this blog may earn a commission.