
Ask HN: Is there a DNA/genealogy site you trust? - CoreSet
I’m really interested in 23 and me and the general building-a-family-tree-via-DNA service, but, like a lot of people, are concerned about my genetic info being later resold.<p>Is there a service HNers could recommend for the privacy conscious?
======
bjourne
No, stay away. Even if a company is trustworthy today, it doesn't mean that it
won't update its Terms of Service tomorrow/be bought.

~~~
sli
Really the only answer this thread needs. Companies can be bought and sold and
the information they have can change hands and change retention and privacy
policies. There's no trustable verification method for knowing, for absolute
certain, that none of your data has been retained at your request. There
simply is no reasonable way to trust these services.

~~~
jimkleiber
Makes me wonder if there could be a business model, type (maybe nonprofit?),
or license that user data would be destroyed in case of a change of ownership.
Or maybe even a time-limit on data, like how messengers have self-destruct
options.

------
ig1
If you want to use it for family tree research you basically have to go to the
companies that have the largest databases, because that's where you'll find
familial matches (e.g. 23andme and AncestryDNA).

23andme has a better track record of refusing governmental requests than
AncestryDNA.

In terms of genetic information sharing, none of the providers shares non-
anonymized data. 23andme allows an opt-out for sharing anonymized data.

You can also do the tests pseudo-anonymously, while they ask you to provide
your real name, etc. you don't actually have to do so. You can purchase a test
kit at a retail store for cash and register online with a fake name if you
wish to do so.

------
xmodem
I did 23andme earlier this year for the health information. After much
deliberation about the privacy risks, I decided the tradeoff was worth it.

I looked at the family tree/genealogy data as well, and I was stunned how many
of my close relatives were in there.

It does depends on exactly what your fears are about how the data will be
used, but to some extent the ubiquity of these services means the privacy of
your genetic information has already been violated regardless of wether you
choose to use them yourself.

------
sneak
My approach was to buy a temporary domain with a cash prepaid gift card,
register it with a fake name from a VPN, set up email (also via VPN), do the
DNA thing (via VPN) with a fake name and an email address at the new domain,
download my data (VPN), then delete the account.

The only thing linking it to my existing identity is the actual DNA data
itself, which is probably insufficient for insurance companies or data brokers
to relate it to my existing records for discrimination purposes.

~~~
djmips
But if other members of your family submit their DNA with their real
identities, then possibly you can then be identified like how they caught the
Golden State Killer.

~~~
sneak
You’re right. I should probably make a point not to go on a multidecade
killing spree, given the circumstances.

~~~
djmips
You go to all the trouble to be anonymous and then have a flippant response to
a real way your efforts could be undone. I mean, you shouldn't go on the
killing spree regardless.

~~~
sneak
It’s an attack that can’t be mitigated; having controlled for all of the
variables in my control, the only thing to do about those that are not is make
jokes.

It also presumes they lied and didn’t delete my data on request.

------
giantg2
I'm not sure. Supposedly 23andMe will delete your data completely upon your
request. So you could sign up, print your reports, then request deletion.

~~~
hereme888
Would they have shared your non-anonimized data with anyone by the time you
request a delete? Perhaps through some unspecified 3rd party whose privacy
policy you don't know?

~~~
giantg2
This was a few years ago, so it could have changed. Supposedly they only
shared 'anonymized' data for research purposes. You could opt-in (or maybe
out) of genealogy connections. Of course, with enough attributes and cross
references even anonymized data is seeming less and less safe.

