Digital Presence Scorecard
Last updated:
How findable is someone online? Enter a name, username, and/or email to scan Gravatar, Wayback Machine archives, HIBP breach data, and 15+ platform footprints. Generates an exposure score for OSINT investigations and personal privacy audits. All checks run from your browser.
At least one field required. More fields = more comprehensive audit. Nothing is stored or transmitted to Max Intel servers.
Checked Wayback Machine for archived snapshots of profile URLs. Found = profile existed and was crawled at some point.
Direct links to search and verify across services that cannot be checked automatically.
Digital Presence Scorecard — Measuring Online Exposure
Every person leaves a digital trail. Profile pictures propagate through Gravatar to hundreds of sites. Usernames get archived by the Wayback Machine even after deletion. Email addresses appear in data breaches years after the account was abandoned. The Digital Presence Scorecard quantifies this exposure by querying multiple open-source intelligence databases and generating a findability score — a single number that represents how easily someone can be discovered and profiled using publicly available data.
What Gets Checked
The audit performs real API queries against three primary sources. Gravatar's API is checked using the MD5 hash of the email address — if a profile exists, an investigator can obtain the user's avatar, display name, and linked accounts without any authentication. The Wayback Machine's CDX API is queried for archived snapshots of the username across 15+ major platforms — even deleted profiles often persist in web archives. HIBP's Pwned Passwords API uses k-anonymity to check whether the email address or username has been used as a password in known breaches (a common OPSEC failure). Additional platform-specific URL patterns are generated for manual verification.
The Exposure Score
The 0–100 score is computed from weighted findings across four categories: Email Exposure (Gravatar profile, breach data, email-as-password), Username Footprint (archived profiles across platforms, Wayback snapshot counts), Name Searchability (search engine indexing potential), and Data Broker Presence (generated links to major people-search services). Each finding contributes points based on its OSINT significance — a Gravatar profile with linked social accounts scores higher than a single archived Wayback snapshot.
OSINT vs Privacy Audit
This tool serves two audiences. OSINT investigators use it as a rapid triage tool — enter a target's known identifiers and instantly see which digital footprints exist and where to dig deeper. Privacy-conscious individuals use it to audit their own exposure — discovering forgotten accounts, unexpected Gravatar profiles, or email addresses compromised in breaches they never knew about. Both use cases benefit from the same underlying data; the difference is whether you're trying to find information or eliminate it.
- Gravatar
- A globally recognized avatar service owned by Automattic. Any WordPress, GitHub, or Slack account may create a Gravatar profile. The profile is accessible via the MD5 hash of the email — no authentication required.
- Wayback Machine CDX API
- The Internet Archive's index of over 800 billion web pages. The CDX API allows programmatic lookup of archived URLs, revealing whether a profile page was ever crawled — even if it has since been deleted.
- HIBP k-Anonymity
- Have I Been Pwned's Pwned Passwords API uses a k-anonymity model: only the first 5 characters of the SHA-1 hash are sent to the server, which returns all matching hashes. The full comparison happens locally, ensuring the actual value is never transmitted.
- Exposure Score
- A 0–100 composite metric. 0–25 = Minimal (hard to find), 26–50 = Moderate (some footprints), 51–75 = Significant (easily findable), 76–100 = Critical (extensive digital footprint).
🔎 Digital Presence Scorecard — FAQ
Does this tool send my data to any server?
Your name is never transmitted anywhere. Your email's MD5 hash is sent to Gravatar's API (this is how Gravatar works by design — any site can query it). Your username is used to construct Wayback Machine CDX queries for public URL patterns. The HIBP check uses k-anonymity: only the first 5 characters of a SHA-1 hash are sent, making it mathematically impossible for the server to determine your actual input. No data is sent to Max Intel servers.
Why does my score seem high even though I'm careful about privacy?
The Wayback Machine archives pages independently of your actions — you cannot prevent it from crawling public profiles. Gravatar profiles persist until explicitly deleted. Old breaches from years ago still count. The score reflects your cumulative historical footprint, not just your current privacy practices. A high score is an invitation to clean up, not a judgment.
Can I use this to check other people?
Yes — this is a standard OSINT technique. All data sources queried are publicly available. The tool simply automates what an investigator would do manually: checking Gravatar, Wayback Machine, and HIBP. However, always ensure your use complies with applicable laws and your organization's policies regarding open-source intelligence gathering.
How is the HIBP k-anonymity check useful here?
The tool checks whether the email address or username has been used as a password in known data breaches. This is a surprisingly common OPSEC failure — many people use their email or a variation of their username as a password on some service. If found, it indicates the person may have weak password habits, and the associated breach data may contain additional PII that was exposed alongside it.
What should I do if my score is high?
The report includes specific recommendations based on findings. Common actions include: deleting your Gravatar profile if unused, requesting removal from the Wayback Machine via their exclusion policy, changing passwords found in breaches, deactivating unused accounts on platforms where your profile was archived, and submitting opt-out requests to data brokers listed in the manual verification links.