this post was submitted on 20 Apr 2024
50 points (98.1% liked)

Privacy

31975 readers
239 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So, this is probably naive of me, but so far I haven’t really been able to find the answer on the web.

Recently I subscribed to a personal info removal company called Incogni, only to find out that they sent a staggering 123 removal requests on my behalf. I never imagined there were that many companies in that business. So far in 20 days, 70 requests have been fulfilled, but 53 are still pending.

Which made me wonder… given my personal data seems to be sold, re-sold and re-re-sold without my express consent, or ability to opt out… if I knew I’ve informed my legit service providers, plus those I have legit obligations to (employer, state, etc.)… how easy would it be to obfuscate it on a regular basis, by simply providing a new, creative address, to entities I don’t get mail communication, or deliveries, from?

So, has anyone tried to trace the map by which a new address, cell phone number, etc. makes its way through the 123 or so data brokers? What are the ‘input nodes’ to that graph?

all 17 comments
sorted by: hot top controversial new old
[–] [email protected] 11 points 6 months ago (2 children)

You can go to inteltechniques and peruse their data removal guide. That is basically a massive list of brokers / sites that may have your data.

https://inteltechniques.com/workbook.html

[–] [email protected] 4 points 6 months ago* (last edited 6 months ago) (1 children)

Yeah, I have considered doing this and I just don't have the time and patience for it. I currently pay $20/year for easyoptouts and it's been one of the best decisions I've ever made. I believe they check back and scrape periodically throughout the year and it's very effective.

https://easyoptouts.com/

[–] [email protected] 5 points 6 months ago (1 children)

The only concern with easyoptouts is they will send requests to brokers they are not sure of, which can lead to data brokers who had no data on you now being sent it. This is not a specific problem for them, as other services do this as well.

[–] [email protected] 0 points 6 months ago (1 children)

I've searched the web for my name, home, and phone number. Haven't found anything on myself yet.

Your information is already out there, they could've easily have found the information by indexing the other sites as well, they didn't have to wait for you to submit a request with info they could've found online.

Same thing with Easyoptouts, these guys don't ask for anything other than the information you want removed already public online, they don't ask for ssn or any other private info.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

"I've searched the web for my name, home, and phone number. Haven't found anything on myself yet."

All this means is your not very good at finding that info. You even stated there are 53 pending brokers, meaning that info is available online.

"Your information is already out there"

This is kind of an odd line of reasoning to hide behind. One one hand you are willing to pay to have your data removed, on the other hand you don't mind a service actively handing over data because its "already out there"

Again this isnt specific to easyoptouts. Other data removal services do this as well. It would be less of an issue if once your data is removed its permanent but there is nothing stopping brokers from re-adding you, and now your on the radar of new brokers.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

They checked over 160 brokers and my info was only on 71 of them, which they opted out of. There are probably more data broker sites who use the data on one of these so the rest of my info got scrubbed that way.

You said I'm not good with searching myself, how do you suggest I look for myself then?

This is kind of an odd line of reasoning to hide behind. One one hand you are willing to pay to have your data removed, on the other hand you don't mind a service actively handing over data because its "already out there"

I'm just saying that worst case scenario, I will repeat to them information they could've easily found online already, so there's not much damage they can do that hasn't already been done.

It would be less of an issue if once your data is removed its permanent but there is nothing stopping brokers from re-adding you, and now your on the radar of new brokers.

Yes, some of these brokers might re-add, this is why I pay for the service, it will check again throughout the year, every 4 months iirc. If you were to do this manually, I don't think you would have the time or patience to opt out of over 160 sites every 4 months.

[–] [email protected] 0 points 6 months ago

I'd like to reverse engineer, where they get the data from, in the first place. But thanks for the great resource!!

[–] [email protected] 6 points 6 months ago* (last edited 6 months ago) (1 children)

I used to work for a data broker. The main problem here is that profiles are created and compiled from public data. There aren't any P.I.s at work here... Just massive amounts of data dumps that anyone could access. If you include PII data like socials, then there are limitations on who can view it.... But not really that hard to circumvent. A human could not possibly compile profiles from terrabytes of public data, but our programmers could.... And this is the real problem. much of this data was public before current computer logic existed and no one foresaw the huge privacy implications.

For my company, only requests that come from persons living in California were honored....and only the person could request removal, not a 3rd party on behalf of the person. Sux.

And FYI, any searches for certain people would be reported to the authorities.... Like if you searched Donald Trump with SSN Inclusion, we had to report it to secret service.

[–] [email protected] 1 points 6 months ago

100% agree when you say "there aren't any PIs at work here", since we're talking about data aggregation from multiple sources. My thought is: given data aggregation of PII is largely legal, then equally, publishing of creative PII is also legal.

So, regularly feeding creative PII for obfuscation, for protection from unknown 3rd-parties, requires knowing the sources communicating your data. At least, the main sources.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago)

I'm not sure but it is a good question and a good project if none already exists.

Looking at work history from employees of these companies on linkedin we might discover more.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago) (1 children)

What makes you think your data has even been sold at all? Most likely a majority of those companies are just resellers of TransUnion, Equifax, or Experian. The 3 big credit bureaus. So while incogni sent then requests the smaller companies may host no data of yours, just the other 3.

[–] [email protected] 1 points 6 months ago (1 children)

Money is clearly being made using our personal aggregated data. Search for "data brokerage market", and you'll stumble upon articles and PR along the lines of "Data Brokers Market Estimated to Reach US$ 462.4 billion by 2031", for example: https://www.globenewswire.com/news-release/2022/08/01/2489563/0/en/Data-Brokers-Market-Estimated-to-Reach-US-462-4-billion-by-2031-TMR-Report.html

[–] [email protected] 2 points 6 months ago

I'm aware that money is made. Most of the time companies are buying API feeds of data from the big 3. So unless someone specifically looked you up, then I am saying your data is probably just sitting in their databases.

[–] [email protected] 2 points 6 months ago

Let me take a real life example here. Let's say I'm worried about SIM-swapping schemes, and I go and get a phone number for my banking, and my banking only. If THAT number suddenly shows up in the midst of the 123+ so data brokers, then clearly, me getting a phone number dedicated to avoiding SIM-swapping, is useless. That's one of the use cases. Makes sense?

[–] [email protected] 2 points 6 months ago (1 children)

Anyone know if incogni is legit?