
Data Broker Opt-Out List - JoshTriplett
https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
======
axaxs
If anyone cares, there are a nontrivial amount of companies who have your
'private' LinkedIn info. I don't know if they make fake accounts to friend
you, recruiter profiles, or buy it from LinkedIn. I asked one to please remove
my info, and they sent me a CCPA form. I told them I didn't live in
California, and an agent acted confused and told me to just fill it out, it's
the only way to remove it. In short, don't trust LinkedIn.

~~~
DyslexicAtheist
crunchbase is one such place. they harvested everything from my LinkedIn, I
asked them to remove my profile they say it's not possible unless I also send
them additional data (scan of my passport). they say it's impossible to remove
my info because it is "crowd sourced" which may be the case today but from the
data they have on me it is from when they had no users yet and when they
scraped sh!t from linkedin:

*

Hello,

To comply with various privacy laws, we require the completion of this form to
remove the person profile you have mentioned. If you would like to delete your
personal profile page, please complete this form here.

Best, Erika

\----

Dear Erika,

thank you for the information.

I have never signed up to this site and therefore do _not_ consent to any
information about me being stored on your systems and I do not care who
creates these profiles. It is your responsibility under GDPR not to store
information about me without my explicit consent and I therefore kindly ask
for information about me to be deleted, further I expect any future profiles
about me to be blocked from getting created and such info not to be stored
also in the future.

In case information is not deleted within 30 days I will hand over this matter
to my lawyer and also file a report with my data protection commissioner in
the EU.

best regards,

\----

dear <...>,

Thank you for contacting Crunchbase!

Please note, if you have an active trial or subscription we recommend that you
cancel first before moving forward. Instructions on how to cancel your trial
here. And instructions on how to cancel your subscription here.

If you would like to download or permanently delete your user account
information, please complete this form here.

If you would like to delete your personal profile page, please complete this
form here.

If you would like to deactivate your user account, please reply to this email
to deactivate your account. You can contact support@crunchbase.com if you wish
to reactivate your account at a later date.

Keep in mind, your user account is the private information that you can use to
control your billing, login information, and alerts. A profile page is what
displays externally on Crunchbase - these are completely separate. Because
Crunchbase is a crowdsourced platform, any registered user can add or edit any
profile page - profiles are not explicitly linked to any user.

Please feel free to reach out if you have any additional questions - we'll be
happy to help!

Best,

Erika

~~~
axaxs
Yep, same shit. Just checked my email, the last one in question was 'Apollo'.
The form in question makes you attest you are a resident of California, which
began the back and forth.

APOLLO

Dear Alex,

On behalf of Apollo, we are pleased to assist you in exercising your access
rights under GDPR and/or CCPA. You may exercise your access rights as follows.

If you wish to remove the personal information that we have that is tied to
your email address, then please respond to this communication by submitting
the attached Identify Verification Form. We will then respond to your access
request upon further email verification.

Why we require this: We require the above because GDPR and CCPA asks that we
verify your identity to a reasonable degree of certainty before providing
information: this is important, to avoid providing personal information to
someone “spoofing” an identity. We believe this process provides that
reasonable certainty while avoiding having consumers send us personal
government IDs, which contain sensitive information and which we prefer not to
receive. (And, unlike companies that deal directly with you, it’s not possible
for us to verify you based on our prior relationship – like, by having you
list your last movies watched, clothes purchased, or trips booked.)

If you prefer to avoid the above process, you can learn detailed information
about the categories of personal information that Apollo collects, and how we
source it, sell it, and use it for business purposes, by reviewing our Privacy
Policy (available at:
[https://www.apollo.io/privacy](https://www.apollo.io/privacy)). That Privacy
Policy also will tell you how to easily opt out of our marketing databases.

Thank you for your interest in our business and data practices.

~~~
chinathrow
This is such a shitshow. They never took "reasonable degree of certainty"
before storing private data either - it makes no sense to then ask that for
deletion requests.

~~~
ornornor
It does if you want to feign compliance while making it hard to delete data.

------
dawnerd
So interestingly enough, a Facebook account I made years ago that was only
used as a test is somehow in the records linked to my current address.
Facebook is literally the only person that knows about this account and its
never been attached to my personal FB account. It's making me really suspect
right now...

~~~
aarong11
Why? This is Facebook's business model. They have a shadow profile for you and
managed to link your test account or some other service they own (whatsapp?)
with your real account. They only need a single data point.

~~~
encom
I'm surprised TFA doesn't include Facebook[1]. It's worse than all the others
combined.

[1]
[https://facebook.com/help/delete_account](https://facebook.com/help/delete_account)

------
zxcvbn4038
I’ve been through most of these and removing yourself really can be done. In
many cases the removal is considered temporary and you have to repeat every
four to ten years. It’s not possible to get off of the skip trace and debt
collectors databases run by Transunion, Experian, and others - but you can
flood them with false information and they will record it and keep it forever.

~~~
paulproteus
I'd love to know what kind of false information you're enjoying sending them,
and how!

~~~
zxcvbn4038
\- Fill out surveys at malls with your name and either a phone number or
address that matches one currently in your credit file and you can supply
false info for the the opposite.

\- Put in a mail forwarding card with your name from a former address to a
random real address like a Starbucks, Taco Bell, apartment complex w/o unit
number, etc.

\- Change the billing address of a credit card or utility and allow to sit for
one billing cycle. Works best if you have e-statements. They will send a
physical confirmation to the address and it will most likely go in the trash
but not guaranteed.

\- once a quarter you can update your information with the credit bureaus and
they will Happily record it. Later you can say you never lived there and they
will remove the info - but only from the databases used in credit decisions

These are the ones most effective because there is almost no filtering, just a
bunch of automated processes collecting and distributing. Just make sure there
are one or two “facts” that the data quality algorithms can use to link your
“new” data with existing profiles.

~~~
mike_d
Then when you go to open a credit card or actually try to clean up your credit
report, you'll need to remember which Taco Bell you randomly pretended to live
at to answer security questions.

~~~
zxcvbn4038
When I run into that problem I wait for the rejection mail from the creditor,
then I write back with a redacted photocopy of my IDs - completely useless
with everything blacked out but my name - and a copy of their letter. I say
here is my redacted ID as proof of identity and a photocopy of your letter as
proof of receipt so please approve me and that has worked every time so far.
It makes it very easy to see where the line between security and security
theater is drawn. Not that any US bank is going to win awards for security
(except maybe Robinhood, they really stand out with standards based 2FA and
the ability to block external ACH with a click)

~~~
summitsummit
sad state of affairs that this level of surgical precision and orchestration
is required just to not be stalked and creeped on to incredible levels. and
this doesn’t even cover the situation with respective to showing up on
relatives’ profiles.

if you have the time, you should make a complimentary “solution” read me page
for this post.

deletion really does seem to be an unwinnable proposition, so flooding with
false data is a great approach. can this be automated?

------
summitsummit
be careful you guys. these are awful people collecting this data, and i'm
pretty suspicious that they will use the additional data they gather form you
when you opt out ("for proof its you") and use it against you in their other
databases. for instance, i confirmed my phone and email info in order to opt
out of one but another clone site now says my information is "Verified".

~~~
privacy-matters
You have no idea how sketchy these companies are.

ZoomInfo (public company) for example provides a free plugin for sales people
which is scanning email for all the email signatures and then they sell all
that data to their customers. Even crazier is they take data from their
customer’s CRM systems.

DiscoverOrg is buying data from third parties without really knowing how they
got the data.

There are a bunch of apps and browser plugins that read your emails or
contacts and then those companies sell that data to third parties like these
data brokers. I use very few browser plugins because of this threat.

If you have somehow acquired a list of contacts you can get a lot of these
companies to purchase it with very few questions.

~~~
reaperducer
I used to operate a dozen or so small web sites. A spammer once offered me a
crazy amount of money for the mailing lists. When I declined, he offered an
even crazier amount of money to buy all the web sites, in their entirety,
including mailing lists and social media accounts.

I ended up selling him the one web site that didn't have a mailing list and
only rudimentary social media presences. I bought a new car and moved to a
better city with the money.

~~~
Breza
I bet a blog post about your story would get a lot of votes here. I'd read it.

------
jameson
I'm surprised they have my name and address though it's a few years outdated.

How did they get it?

If I opt out, doesn't it confirm that what they have is accurate and make my
data even more valuable?

Given the nature of these sites, isn't it sketchy to provide DL to opt out or
am I being paranoid?

~~~
pm90
It would confirm your data but they’re legally bound to respect your choice.
For any fairly large orgs (eg if they’re public/listed on major exchanges)
disobeying your choice would be a huge risk which they will likely not take (
the smaller data brokers don’t have as much to lose, but just to be clear it
would still be illegal).

~~~
mehrdadn
> they’re legally bound to respect your choice

Can I ask by what law?

~~~
sofixa
GDPR and the California law inspired by it.

~~~
mehrdadn
So only for those in Europe and CA?

Even re: California, are you sure CCPA implies these data brokers have to
respect your opt-out for this particular purpose? (For reference, the opt-outs
existed before CCPA and I believe GDPR as well... so you're saying they gained
teeth afterward?)

~~~
Scoundreller
Well, I guess I know what I’m doing the next time I’m in Europe (or even just
their airspace?).

~~~
Breza
Or the next time you're using Tor with an EU exit node...

------
summitsummit
I went through the process to delete it, including giving them my email
address. They showed me all my relatives, their home address, and said that I
needed to confirm my email. Never received my email. This is going to keep me
up at night.

------
occz
For EU-citizens, any legal data collection would have to be opt-in, right? If
I've had no business with any of these companies, there should be no reason
for me to have to opt-out.

~~~
jonplackett
Despite this, loads of companies still do opt-out with impunity.

~~~
sleavey
I think the EU are still being very lenient with companies right now to give
them time to adjust their practices. I'm looking forward to when they
(hopefully) start to hand out fines.

~~~
mehrdadn
> I'm looking forward to when they (hopefully) start to hand out fines.

Given the pandemic, plausible economic collapse, Brexit, and so many other
things going on in the world right now, I wouldn't hold my breath.

------
seqizz
Pardon my ignorance,is this US specific (or mostly US)? Why is this stuff
allowed?

~~~
boxed
The US has been dismantling the rule of law for decades. They call it
"deregulation". It lead directly to the last big financial crash, and it also
is largely responsible for predatory schools, prisons, universities, banks,
and much more.

~~~
ekianjo
> It lead directly to the last big financial crash,

Erm no. 2008 was directly linked to Greenspan (Fed), Freddie Mac (Federal) and
Fannie Mae (Federal), all government run entities, which stopped making proper
risk evaluation when issuing loans. That's not deregulation, that's a problem
with how these government agencies actually functioned.

[https://www.fool.com/investing/dividends-
income/2008/09/10/t...](https://www.fool.com/investing/dividends-
income/2008/09/10/the-people-responsible-for-fannie-mae-and-freddie-.aspx)

> If not the boldest of the group, then at least the most public, Greenspan,
> the man many are now blaming for the housing bubble (there were a brave few
> that piped up years ago), has refused to go quietly into his well-padded
> retirement. The man charged with providing the country with a financial
> voice of reason fell far short, so much so that it might be comical if it
> weren't so tragic.

> Greenspan's denial of the possibility of a housing bubble has been widely
> derided in the past year, but a single statement could be excused as human
> error. However, a quick scan shows that this wasn't a single event. He also
> promoted the adoption and expansion of adjustable-rate mortgage (ARM)
> products in early 2004, when short-term rates were at or near historic lows.
> That same year he claimed, "securitization by Fannie and Freddie allows
> mortgage originators to separate themselves from almost all aspects of risk
> associated with mortgage lending." And separate themselves they did, ceasing
> to perform any kind of due diligence as to the ability of borrowers to pay
> for the homes they were buying.

~~~
bosswipe
That's the narrative that one side of the ideogical divide went with. The
other side blamed deregulation such as the removal of Glass-Steagal

~~~
adeelk93
The citation is also a hotly written article from 2008. A more objective
explanation from recent years would cite a bit of all of it.

------
highenergystar
I'm curious if anyone has any info on the business model here. There seems to
be a ridiculous number of data brokers, so with this amount of competition,
the marginal profit must be low. Online advertisers probably get better bank
for buck just using Google's or Facebook's pre-targeted profiles. Banks and
financial institutions and real background checks probably stick with the few
big ones (credit bureaus, or lexis nexis etc.) Is this for snail mail spam?
Telemarketers? Stalkers?

~~~
privacy-matters
Sales teams need this data to reach the right roles with the right message. My
friend was quoted $19k per year to access to the ZoomInfo database for his two
person company. There is crazy money here. ZoomInfo has a $17B market cap last
I looked.

------
29athrowaway
By opting out sometimes you have to provide them with even more information
than what they initially had.

~~~
suyash
Exactly as most are asking for email which inadvertently can confirm the
identity and if you use the same email for other services, they can get even
more data about you. I guess it's a matter of trust, how much do you trust
their 'opt out' promise.

~~~
e_y_
If you're paranoid, definitely use a throwaway email for the opt out. They
already have so much info on me that I'm doubtful that confirming my identity
would add anything to that.

I guess we're lucky that most of these SEO-saavy brokers seem to at least pay
lip service to US/EU laws (or even do so voluntarily, since I think only a
handful of states actually restrict selling your publicly-available or
personal information online).

I shudder to think about what's floating around for sale on the dark web or
companies hosted in countries that don't care about US law.

~~~
jobigoud
> If you're paranoid, definitely use a throwaway email for the opt out.

If this worked then anyone could opt out anyone else, which some people would
object to. I think that's the loophole they use to force you to provide even
more info.

------
gfaure
[https://www.instantpeoplefinder.com/optout.php](https://www.instantpeoplefinder.com/optout.php)
goes directly to a 404. Honestly doesn't surprise me, but there's a special
place in tech hell for these people.

------
l33tman
One way to attack this in a larger scale is to get the responsible politicians
somehow outed in media by any of these databases. For example one media
article that got good spread here was when the newspaper bought the GPS-
tracking information for a politician and wrote about it (they did not publish
it, no need to).

------
avivo
"DeleteMe, PrivacyDuck, OneRep, Reputation Defender and Reputation.com all
offer different opt-out services. However, these are not comprehensive, as
_some data brokers do not allow third parties to remove listings_."

This seems odd. I'm curious if anyone has substantiated it? PrivacyDuck seems
deeply ethical, and I would assume they would inform users if this was the
case.

Here is their guide for reference, that walks you through exactly what they
do:
[https://www.privacyduck.com/resources/](https://www.privacyduck.com/resources/)
(Assuming I understand correctly what they are saying; please correct me if
I'm wrong!)

------
sanqui
It would be nice if there was an indication if any of these cover non-American
citizens, Europe in particular.

------
slvrspoon
founder of deleteme here (joindeleteme.com) Yael's list and other free DIY
lists are good. You can do this yourself, it is simply time-consuming.
[https://joindeleteme.com/help/diy-free-opt-out-
guide/](https://joindeleteme.com/help/diy-free-opt-out-guide/)

The worst part imhop is that your opt-out is often not respected over time
when new data flows in (including voting records scraped so get ready for
November).

Of course, you can always pay deleteme to do it for you. the real solution
here is better-crafted legislation and a re-definition of public record
information when it is published virtually.

i expect this to take ~5 years, but optimistic we can get there.

------
3np
Lots of these are 403ing now. Good job HN, don't forget to get back once
they're up again ;)

------
jonahx
Are there any paid services that will do the work to opt you out of all of
these?

~~~
axaxs
Seriously, I'd pay 100 dollars right now if someone just handled this all for
me. And I'm sure at least a few thousands of others would too. Sounds like a
decent startup idea to me.

Edit to add: I did read the other comments. joindeleteme seems like a
scam/money grab. Yearly sub that autorenews, and a BBB rating displayed? Give
me a real tech service.

~~~
Scoundreller
Better yet, one that sends paper opt-outs by registered mail to maximize
removal cost and receipt confirmation. It’s not expensive when there’s 100
names in 8pt font in each envelope.

~~~
axaxs
That's actually a fantastic idea. Like that one service here not long ago that
sent letters to Chase opting out of arbitration. Some company that can figure
out the exact verbiage needed and contact address, and send off as needed.

With enough updates and utility, that I'd consider a monthly subscription for.

------
libra1
I highly recommend OneRep ([https://onerep.com/](https://onerep.com/)) as a
service to remove you from these websites. I've been using it myself for a
while and it has saved me a lot of headache.

For those of you who do want to remove all of the info yourself, I've found
this is also a good resource:
[https://inteltechniques.com/data/workbook.pdf](https://inteltechniques.com/data/workbook.pdf)

~~~
chriscampbell
From the research I have done, Onerep is also a data broker that lists your
data online [https://www.privacyduck.com/comparisons/privacyduck-vs-
onere...](https://www.privacyduck.com/comparisons/privacyduck-vs-onerep-com-
the-eastern-european-privacy-company/)

~~~
libra1
Thanks for posting this. I do feel foolish that I didn't come across the
relationship between OneRep and Nuwber myself. I hope other HN readers will
see this and take this into account before they consider OneRep. I'll
definitely consider deleting my account.

------
noahmbarr
Amazing list. Wish you could sort by search rank order.

------
specialist
Opt-out lists are just another vulnerability. Hysterical.

There are just two possible outcomes.

Default to David Brin style radical transparency. With a pay-for-privacy grift
on top.

Or we get serious about privacy. That means translucent databases (hash all
PII, just like password files), Real ID (no anon, no bots, registered alias
ok), and extend property rights to our personal data (it's my data, pay me).

------
ixxie
Can I pay a service provider to do this for me en-masse? If not, why is nobody
starting a business like this?

~~~
dublinben
Abine offers a service called "DeleteMe" which promises to do just that.

[https://joindeleteme.com/](https://joindeleteme.com/)

------
suyash
I get a lot of hotel offers, essentially robocalls. Is there an opt out for
the same?

~~~
suyash
Just registered with FTC's do not call list, let's hope that works.

~~~
anonymoushn
This is an awful idea. The volume of spam calls I receive greatly increased
when I did this.

~~~
pbhjpbhj
Did you report any of the calls?

~~~
anonymoushn
I'm not sure what the point of that would be, the caller ID is generally fake.

~~~
pbhjpbhj
Oh, I talk to them and ask the caller for information that reveals the company
behind the call; then complain via the agency that manages the donotcall lists
in my country.

Like oh yeah, double glazing, yeah, send an appraiser to my house, can I have
a phone number in case I need to cancel? What company ID badge will the
appraiser have?

I don't get many calls through though.

~~~
anonymoushn
I usually get calls from people who want to extract my credit card information
during the call or take over my Windows computer using a remote desktop
program during the call. So most of the times I asked for call back
information they hung up.

~~~
boring_twenties
> take over my Windows computer using a remote desktop program during the
> call.

I wish I got calls like this, it seems like it could be a lot of fun.

What kind of stuff are they usually looking for? What would be the best ways
of fucking with them?

Are they dumb enough to be somehow enticed or tricked into downloading an
executable from the "victim" system and running it on their own systems?

*The only calls I get are the car warranty scam and the credit card debt scam. Unfortunately, not much entertainment value to be had with those.

------
johnjungles
We should write an automated open source script that’ll submit the forms for
us. Be happy to contribute, checking to see if there already is any efforts

------
malchow
Isn't this what Spartacus ([https://spartacus.com](https://spartacus.com))
does?

------
luplex
Are there tools that would automate the opt-out process for a lot of these?
Those would be really helpful!

------
agustif
I just spent 10 minutes opting out of everything my linkedin settings let
me...

Short of deleting it...

------
Jemm
Time for stricter privacy laws and a code of ethics for programmers.

------
leptoniscool
This should be called BADBOOL

------
Dowwie
Thanks, Josh!

------
luxurycommunism
The DoNotCall registry is compromised. If you have never received
telemarketing calls and you don't receive them frequently, keep your precious
number off this site. Once I did and after a week I got more spam calls than
ever. The FTC strongly denies that the list is compromised but it obviously
is.

