"Just fill out this form with the very information you're trying to take down and submit it to our servers! It's not like we run a quasi-legal service based around monetizing this exact type of data!"
What reason is there to trust that the more shady brokers aren't just updating your record with IP address + 'sent an opt-out request' flag, making the data even more valuable?
I remember Twitter asking me to send them my photo ID to remove a tweet with my personal details (someone doxxed me). It's not like it wasn't obviously doxxing.
Which is extra annoying, because they shouldn't, but it's somewhat vague.
CCPA says: "Businesses also should not require you to verify your identity, though they can ask you basic questions to identify which personal information is associated with you."[0]
The worst is that some of the bigger services (intelius, who provides data for many of these sites) have begun to require opt-outs come from an email address that they already have on file for you. Really need to legislate these companies out of existence.
For those I usually just upload a picture generated by thispersondoesntexist, they don't actually check them. It's just friction to discourage users from completing the flow.
Optery founder here, we're a YC company (W22) that automatically scans and removes people from hundreds of these sites. (for U.S. residents only)
There's a catch 22 where you have to be comfortable enough to submit your information to these sites' opt out pages in order for them to take it down. But if you do nothing, it continues to proliferate unchecked.
Most people don't have the time or inclination to submit opt out requests to data brokers directly, let alone stay on top of when information inevitably pops back up. This is where data removal services like Optery come in, but there's also a similar catch 22 where you have to trust the company you're using. Most companies in the data removal space are trustworthy, but some are not. Along the lines of trustworthiness, one of the most underrated attributes of a data removal service is its security credentials. Optery has its SOC 2, Type II security certification, whereas most other services do not.
If you already use a different service such as DeleteMe, Kanary, or Incogni, you can run a free Optery scan to see what they've missed. The free Optery scan typically produces 50 - 100 screenshots of places your info is published online.
Optery was launched to the public on HackerNews as a Show HN before we got into YC, and again as a Launch HN after we got into YC. Lots of great insights on the topic of removing info from data brokers in those threads:
Out of curiosity I tried a few of the services on this list. They all follow the same textbook dark pattern, with fake progress bars, making the process of looking up someone artificially take several minutes, then only at the end do they ask for your email and payment information.
There's a few actually free sites that give you most of the info that the others charge you for. All the good ones I'm aware of are listed here. Free, no signup, instant search results.
The truly free ones tend to have a tab to search by just a phone number, and you'll never get a fake loading bar.
At one point they accurately listed every address I've ever lived at, relations, phone numbers, email addresses, and even some usernames I can only assume were linked to me as part of some database breach. A few years ago I went through and "opted out" of a bunch of these services for myself and a few of my family members. Looks like I'm still unlisted/removed 2-3 years later.
Important to note that not all data brokers are equal. Some are merely resellers or essentially proxies of others. So you can opt out of a smaller number and see results trickle down over time in some cases.
> The “MOST BANG FOR YOUR BUCK” removals: Spokeo, Mylife, Radaris, Whitepages, Intelius, BeenVerified, Acxiom, Infotracer, Lexis Nexis, TruePeopleSearch
Afaict, these are all recurring subscriptions. Is there any reason not to signup for a month or two and then cancel, maybe repeat every couple years? The sub is more of a continuous monitoring thing?
I assume they wouldn't just "undo" their opt-outs?
I'd prefer a one-time payment over that darn subscription-recurring-revenue-model.
The month or two thing will work for some exposures, but the bummer reality is that these sites are terrible and the worst of them take persistence and escalation to remove, which can take some time.
(I've been working for one of the aforementioned—Kanary—for about a year now on this sort of thing.)
Re: undoing opt-outs, we do not do that, but data brokers will re-surface your information again if they find it elsewhere.
Adding my own personal experience with Incogni (owned by SurfShark); I feel like I’m getting my money’s worth as far as data brokers contacted automatically on my behalf (100+).
Any idea on how to remove records on Intelius where the email is not yours but the rest of the data is accurate? I just subscribed to Kanary few days ago, great service!
Thanks! Their removal process is awful and requires 'email verification' even though half their info on you is often incorrect. Who have them the right to 'verify' us... anyway...
To get past this, create a burner email (gmail or duckduckgo or mozilla or hey or icloud) that looks at least a little bit human, send a very angry sounding email to privacy@intelius.com and cc privacy@peopleconnect.us (the company that owns intelius, zabasearch, uspeoplesearch... and a few other spam sites).
Tell them you tried to use their form and it's broken and not showing correct info. You may need to verify your bday or past addresses in an email exchange, but once you do this with 2 or 3 emails, they'll suppress your info from public search. DO NOT send them government ID, even if they ask for it, insist you've already provided enough verification.
Include if you're a Californian / Colorado / EU / Iowa / Utah / Connecticut resident, or if you've had any harassment / stalking issues in the past. (this context provides you with legal leverage if they don't comply with your request - so including it helps you get a faster response)
If they give you anymore trouble beyond that, reach out to our team hello [at] kanary.com. We'll help you escalate the issue.
amazing that a random website making money from publishing your personal details is something you have to opt OUT of and this is totally okay and legal
Yael does incredible work on this repo & we have contributed in the past (we'd like to more in the future too!).
Doing this work is tough/timeconsuming but can be done DIY.
We're working on automating it at scale. YC gave us a grant in 2018 for this work.
Automating this sounds simple but gets extremely complex to scale.
- evading cloudflare
- solving captchas
- managing site footprint (think about google's algo to crawl the web)
- ux / product design (how should we communicate to members if a site is an a$$?)
- identity matching...
At the end of the day, we need better regulations in the US to help us wrangle the data broker industry. Hand in hand with more advanced technology for monitoring and holding this industry accountable... that seems the best path fwd.
I would not trust any of these "opt out forms" with any of my data. All that does is confirm you're an actual person, and if you give them an email address or phone number they'll just confirm that relationship as well.
Tried doing a few when something similar was posted 5 years back and a couple of months later my data was still showing up, but now with a green check-mark next to it. So learn from my mistakes and try to avoid interacting with these at all; maybe instead shoot a message to your representative asking for more legal privacy protections.
It reduces the number of law-abiding parties trafficking in your personal data. Unfortunately, whoever publishes the monthly dark web data leak rollup still doesn't take opt-outs.
Yikes, yep, most of these brokers have strict cloudflare settings that block you if you use Tor or a VPN, are outside the US, or disable js.
We'd like Cloudflare to be a little more helpful, but they just let harmful sites block people who don't want to share their info / location / browser fingerprint under the guise of 'stopping bots'.
What reason is there to trust that the more shady brokers aren't just updating your record with IP address + 'sent an opt-out request' flag, making the data even more valuable?