[dekhn]

https://www.23andme.com/about/individual-data-consent

Basically, if you imagine this as a table of "user's name, date of birth, and address" keys mapping to genomic and other data, the key was replaced with a random identifier that could not be trivially joined to recover the user name, date of birth, and address.

These systems are not robust against motivated and capitalized adversaries.

[dahinds]

I can go to a data broker and purchase access to de-identified EMR data for most of the U.S. population. There are much more useful de-identified datasets around than ours, if someone is motivated to try to re-identify those datasets. That data is all bought and sold without anyone's consent and this is all fine under HIPAA.

[dekhn]

I wasn't trying to convince anybody otherwise. I think the noise about 23&Me's data to be pretty uninteresting. I published my own genome (through PGP) for anybody to download, and I know that people have identified me from my post https://news.ycombinator.com/item?id=7641201 and other comments.

[EA-3167]

That's more or less what I expected. Ah well, the odds that this becomes something of significance to most people seems remote, but either way you can't unring the bell.