For those of us interested in dropping off the grid, what are the best current methods of removal of information from search engines and servers that host information about you, whether known by you or not? How could these methods be improved upon to increase the coverage of erasure? And what do you think the future of personal identify cleanup will look like, or will it even be possible after a certain point?
Don't try to change the internet, just change everything else.
Move country, change your name, change the industry in which you work and change the hobbies in which you are interested. Change the clothes you wear and your style of haircut.
All of that is a lot easier than trying to track down all lose-ends over the internet. You won't escape state-level actors if that is your concern but you'll have some distance between your offline and online history.
Seriously, this is the best advice. It has been used for literally hundreds of years as people changed their name and moved to a new town to escape a reputation or community memory where they lived.
But if you want to be more deliberate about it, then the question you have to ask are "Who would be looking for you on the Internet and not like what they found?"
That runs the gamut from old classmates to people you're dating to current or future employers to federal agents.
Stay off Facebook and legally change your name, that will protect you from old classmates. If you're running away from bad reviews on dating sites you may need to change your name, move, and change your haircut and appearance. If you are worried about employers you'll probably need to change your social security or taxpayer ID. That gets into the realm of felony territory so you're going to want to be thoughtful about that. Without it though the IRS can connect all the dots and there are various ways background checks can do the same thing.
The alternative might be to try fuzzing, basically create a bunch of accounts with your name and be different people on each of them. That has the down side of obviousness in terms of obfuscation.
Its an interesting take on the problem, but it seems a bit exagerated that taking on a completely new identity in a different country is a lot easier than hunting down and deleting some old accounts.
You won't even have to go further than this site to run into obstacles, you can't delete your HN account, I've tried. And, like me, OP seems to have used their real name.
Yeah, this is an issue for those of us who came online in a different era of the Internet. Nowadays people can and should assume that the Internet is actively hostile and malicious before they even log in for the very first time. We grew up in a far more innocent age. Loads of us used our real names on Usenet for example because it simply never occurred to us that someone was archiving it all, after all, why would anyone even want to do such a thing? And who had the money for it? And they didn't tell anyone they were doing it until years after they started, which was in very poor taste.
Even way back when, archives of Usenet postings were a thing. (Although it wasn't really systematically or completely archived.) Perhaps many people didn't fully appreciate how things they wrote under their True Names could be out there "forever." Or they assumed that Usenet was pretty much an exclusive club and things they wrote wouldn't be visible to the general public. But I'm not sure why someone posting on Usenet would assume that whatever they wrote was ephemeral and wouldn't be seen by anyone else a few years hence.
I don't think anyone anticipated the shift in online culture from "what goes online stays online" to the present day when people are actively scouring forums, mailing lists, archives etc for something to weaponize and brigade in the "real world".
What do you think deleting your HN account would accomplish? All your comments will still be there, and likely backed up by Google Cache, the Internet Archive, HN Search, and anyone else using the HN API.
"Delete my account" may be feel-good symbolism but AFAICT it rarely if ever makes a real difference to the subject (other than emotionally).
MS, Apple and Google has biometric information about you, how will you avoid that? That's the reason I am against fingerprint scanner in iPhone or Macbook as they associate it with Apple ID for transaction. I don't know if facial recognition by MS in Surface associates that information with email id.
I don't think he's suggesting to revise the protocols of the Internet. He's merely asking for a method to delete his online footprints, in which case there are many services to accomplish this task.
.. and that is precisely what the parent is recommending. Changing your personal information is the antithesis of revising the protocols of the internet.
That's the point. Sometimes "not for sale" means incredibly cheap, like air. Sometimes it means "not available in standardized fashion," like trips to the moon.
If the purpose is to make it hard for a 3rd party to use internet searches to find out information about you, there's an easier way.
Instead of the impossible task of making web pages with your name go away, instead, flood the internet with fake information tied to your name and identity. Create profiles with your real name, but everything else faked on popular sites. They'll have a better chance of crowding out pages you want to push down in search results if you make them actually valuable, versus just junk profiles. For example, a fake github identity, but with some actual useful project hosted there carries more weight. Or a profile (your name, faked job, faked photo) on LinkedIn that's tied to actual, insightful posts.
Not easy to do in a way that's there's enough volume to crowd out whatever you're trying to hide. But, it's certainly easier than trying to convince third parties to take down existing web pages.
While not altogether ethical, if the page has a comments section, some people have successfully removed pages from Google using takedown requests. Basically they'll post something on their own site and then in the comments on the target site, then file a takedown request saying that the page has copyrighted material on it. This does work at least in some cases.
I once had an idea for a chrome plugin or something that would search for random stuff while you weren't using your browser. I think creating a lot of convincing noise is one of the best ways to keep some anonymity.
The problem with social networks is that you have to get your real friends to play along too, and that may be very difficult and time consuming. If you plan to add some random 'fake' friends, you'll very quickly become part of the spam/porn cliques, and your account will be flagged as such and very likely deactivated.
Nah, it's not that hard. There are a lot of lonely people that will accept friend requests. You do have to ask 100 to get 2, but then, the little script you write to do that on FB becomes real code you can post to the fake github account.
Source: I do amateur level "reputation management" for friends that ended up with some problematic pages about them.
How would you do that without FB flagging you as having sent too many friend requests and then asking you to prove that you actually know those people?
The interesting stuff is what happened after the date when contradictory information began to appear.
Most people's identity gradually changes over time. The usefulness of knowing what they've done comes entirely from being able to predict what they will do in the future. If all you've got is stuff > ~5 years old, it's virtually useless. Occasionally, if you're running for public office, some newspaper will dig up dirt of something inappropriate you did in college, but all you have to do is say "I'm horrified and ashamed that such embarrassing old stories have been dug up now, and they in no way reflect my beliefs or actions today" and most of the public will give you a pass. Most of them did pretty horrifying and shameful stuff when they were in college too.
This also suggests a general way to erase yourself from the Internet: just stop posting. Eventually, all of your old posts - if they don't get deleted by sites going out of business - will simply cease to be relevant, and becomes active misdirection for people trying to predict your actions now.
> This also suggests a general way to erase yourself from the Internet: just stop posting. Eventually, all of your old posts - if they don't get deleted by sites going out of business - will simply cease to be relevant, and becomes active misdirection for people trying to predict your actions now.
It is most definitely not that simple. You're giving people too much credit in thinking that they can let go of the past, rather than making snap judgments from first impressions. You really think an employer is not going to be negatively impacted by seeing an off-color racist joke in an old blog post you made in college? Especially if that blog post is the second thing that comes up in Google results after your LinkedIn page because you don't have anything else attached to your name?
No one cares about predicting your future if they have no interest in associating with you in the present.
Just ignore the people who don't want to associate with you, and focus your energy on the people who do. It's usually a good idea anyway: people might not like you for one of a zillion different reasons, and you probably will never know which one it is, and it doesn't really matter anyway since you're not likely to change that assessment once made.
It's good to stop making those racist jokes because it'll bias the folks who want to hang out with you towards those folks who a lot of other folks don't want to hang out with, but most people judge based on the present reality, and the ones who don't usually aren't folks that you'd want around you now anyway.
If you moved and changed addresses without publishing your new location, (and if this was all you were trying to obscure), you would have no need to begin an elaborate chaffing campaign - the internet would already not know your address!
My point was more that you probably can't prevent the accurate, new information from appearing online, but you can substantially drop its utility by mixing in various false information.
The problem is that the user has no control over his data, so you are at the mercy of the service provider.
Surprisingly, a lot of websites/services don't even give you the option to delete your account.
Best method to delete yourself from the internet:
* make a list of all services you are on
* if a service lets you delete your account, delete it
* if there is no delete option, email customer support and ask them to delete your account. Most sites will not create a fuss about it though it takes time and lots of back and forth with the customer support
* search for yourself on google and ask google to remove links to your profiles(social media). They won't remove links to eg- articles about you, since it does not belong to you
Depending on how generous you were with your personal info, it is most likely not possible to delete yourself completely.
Funny story: I had a LinkedIn account where I signed up with only my email ID and gave no personally identifiable info(like a fake account). A few days later I get an SMS from LinkedIn telling me person XYZ sent me a request or something. How the f_uck did you get my number? To say the least, that scared me so I deleted the account.
Also note that when a service deletes your account and data, it is more often a soft delete so your data is still with them. Good luck getting a hard deletion of your account/data.
Is that so bad? Granted maybe it's annoying looking at old threads, but as a user, the ability to go through and remove old and potentially regrettable posts is quite welcome.
Maybe a good compromise would be to remove the user information after a certain time period (~2 years). Hashing the username salted with the post title would be a decent way of systematically respecting user privacy while also keeping old threads readable. I wouldn't mind if HN did this.
You'd be surprised how much you could piece together with obfuscated (but still unique) usernames. I'd be in favor of your system if the hash was salted with the article's id, so that the hash of my username in one article was different than the hash of my username in a different article.
One day I'm going to run for office and I'm going to have to get lawyers to scrub HN of all my comments because they have no way for users to manage their content :-)
Yeah that was my reasoning. The salted hash would be an easy way to implement single-thread username consistency.
Edit: for better readability it could be further mapped into a table of human readable handles, similar to how Google does the "Anonymous Lemur" thing in gDocs.
I'm not sure if rights is the correct term to use here. Those are choices made by the host, the experience they want to provide; and the members who have chosen to participate, accepting the terms of the host, aren't they? Well, I guess rights of some sort are involved, the commenter ceding copyright or some such to the host.
I'm not a lawyer, and admittedly haven't taken the time to look up the appropriate legal terms and other minutiae involved, rather relying on the kindness of my fellow commenters to extend to me the benefit of the doubt with respect to what I'm getting at, and helpfully clarify anything that needs to be. Thanks :)
I don't have any right to that when I'm a user. However I run various sites, and know that it is a terrible experience for people coming from Google, so I do not allow it on my own site. Once users submit their content they lose all rights to having it be modified or removed.
This is also why most online community/forum owners don't let users delete their own posts (or in a lot of cases, delete their account). Because it makes the content real hard to read/make sense of if some of it randomly goes missing for whatever reason.
That's why I prefer ephemeral threads like imageboards have.
There's almost nothing about most threads that will be of any long term interest to anyone - so you might as well allow them to auto-delete after a certain time.
For domains that you do control, the best way to deal with that is to:
1. Pay the domain registration for as long in advance as possible (I think it's 10 years). Also, pay for hosting of any web sites for as long as possible because:
2. Not only delete all the content, but set up the server to serve up a "410 Gone" response to every URL except for robots.txt. For that, you want:
User-agent: *
Disallow /
The reason for the previous two steps is to inform Google (and other search engines) to remove cached copies of your sites. The robots.txt is not for search engines but for the WayBack machine. It has cached copies of your site (most likely) but if the robots.txt file disallows indexing, then it won't return any results from searches there. Sure, after your domains lapse and the new owner replaces robots.txt the stuff from your domains will be available again, but ten years might be a decent amount of time. If not, make sure you repeat as often as you can.
That LinkedIn thing scares me too. But it might be rather simple. Person XYZ has your email and phone number in his address book, and then shares all of his contacts with LinkedIn (which they pester everyone about).
Yeah probably that. Linkedin are notorious for kind of tricking you into letting them download your contact list. I wonder what percentage of the worlds population they now have names emails and phone numbers for. Probably a good chunk.
> Also note that when a service deletes your account and data, it is more often a soft delete so your data is still with them. Good luck getting a hard deletion of your account/data.
There are reasons for that. If the customer 'accidentally' deletes their data, and they have paid you money, restoring that account would be important for keeping their business. Also, if you have an abusive user, and they have paid for things in the past, they delete their account and file a chargeback, you can provide evidence against that user.
Even if it's not an accident - customers change their mind next year and they don't want to start over again!
You also don't want a user who gets around the moderation system by posting abusive content then deleting it when it gets reported but before moderators see it, stupid stuff like that.
At this point, forget about data privacy. If the data is out there, it's out there and you're never going to change that. The best you can hope for is for the actual practical consequences to be mitigated by effective legal constraints on what people can do to you based on your data.
In the US, there are a few examples of this kind of protection - the Genetic Information Non-discrimination Act prohibits genetic information being used to deny/price health insurance coverage, or to discriminate in employment. The Affordable Care Act (aka Obamacare) prohibits denial of health insurance coverage for (or due to) pre-existing conditions. (Note that life insurance in the US is not covered by these laws, so people who may ever need life insurance coverage would be ill-served by ANY kind of genetic testing for any reason - the information can only hurt you. And god help you if you have a bad credit rating; in most places you won't be able to get a decent job or housing.)
Many European countries have better protections against discrimination in housing, employment, and insurance coverage on the basis of personal data (in addition to granting individual rights over that data held by third parties.) As an American who suffered identity theft in the US and suffered all kinds of hassles for years as a result, the single thing that ameliorated them best was leaving the USA and moving to an EU member state.
Recently I decided to try to 'remove myself from the internet'. I just wanted to be a bit more private personally. The best way I could come up with was to Google myself, go through the first 2-3 pages and work on removing that data. So I had to get some stuff removed from Crunchbase (had to email them for this), delete my Twitter, tell Facebook not to let search engines index me (same for LinkedIn). I also changed from using my real name to using a handle on some services (e.g. GitHub). It too some time but recently I had a new friend tell me they were trying to find me online and couldn't so it was quite a successful approach.
Nice! Yes that's quite a good method. I also found that googling my name + some relevant keywords (like ruby, programming, resume, etc. in my case) found relevant results
Fortunately my name is fairly common, and a google search for it alone shows no links related to me, well past page 10 or so of results, so horay for good opsec. Use the right keywords though and you can still find me. A good newbie approach is to start by not using any of the popular social media stuff (Facebook, Twitter, LinkedIn, etc.) and if you do, make sure it has no information about you or fake information.
EDIT: Of course I acknowledge a determined attacker could obtain all sorts of info about me. Not bragging or inviting doxxing, kthx.
- Google and Facebook currently allow you to delete your data, and both say that they really mean it. I doubt that this policy will be around in a few years, so it's worth taking advantage of now. Even if you want to still use these services, it's worth 're-incarnating' yourself without decades of data and phone numbers, email addresses, etc. tied to a name. This is easy for Google, but very difficult for Facebook; it's explicitly against their TOS, and algorithmically enforced. If you've got spare cash, it's easiest to buy a $40 dollar burner phone and do it over 4G; spare your IP address, and the sign-up flow is slick (paid for UA channel).
- The email address, phone number, credit card number, and the SSN are still the canonical forms of identity in the data industry. You can almost always transact without an SSN, and the rest can be re-generated so that they don't follow you around, with some money and effort. For example, buy a burner domain, and use a different email address for each service (e.g. joespizza@user_id.lol).
Abine Inc. (I'm a customer, no other affiliation) offer a service which:
* Generates burner emails, and forwards mail to you
* Gives you a virtual phone number which forwards calls and texts (but which you can ditch/rotate)
* Virtual credit cards, no real name needed
I rolled my own solution for the email thing, but the cards and telephone numbers work great. Making-up outlandish names to buy cinema-tickets and burritos with is still entertaining my wife and I after a whole year!
They also have a service called 'DeleteMe' which I think is basically paying an intern to click-through all the opt-out forms of the data brokerages on your behalf.
If google and facebook - who make their money off data - are willing to delete data for free, then they probably have some legal mandate to do so. If so, then they will continue to allow deletion while the laws remain in place.
The profile page for user christianbryant links to a page on darkreading.com that claims the name for that user is Christian Bryant, so, if the name isn't Christian Bryant, he (or maybe 'she'?) shows another way to 'delete' information about oneself from the internet: bury it in misinformation.
That's a lot of work and won't erase everything, but it can help.
In the United States, if you register to vote your name, age, address, and the names of people who live at the same address all end up on https://voterrecords.com and they don't let you remove it. If you are 40+ this may subject you to age discrimination--you may not even make it to the interview stage. I am now looking into how I can unregister to vote.
If you fill in an application to rent an apartment, or purchase property, your information ends up on the internet.
Our laws need to be updated for the internet age. There is public interest in knowing who owns the property at a certain address, but the reverse lookup of the same information--where does a certain citizen live--should be made illegal without the permission of the citizen.
It's a lot worse in India. One can look up voter information in one's constituent area and find the names, ages and addresses of the hundreds or thousands of people living there. Many government enterprises also put up subsidy related information for public view along with detailed personal information in the name of "transparency".
With the unique biometric identification system (Aadhaar) being pushed heavily for various uses (not just subsidies alone, which is what it was intended to curb leakages in), the lack of a national privacy law, and the attorney general recently claiming in court that "privacy is not a fundamental right", things have never looked bleaker. The central (federal) government and state governments don't care about privacy and privacy protections. It seems like the masses, many of whom don't know much or don't care much, are being coerced into systems that can be heavily misused by those in power.
I'm not sure how your proposal would work in any case. If a database record with your name in it exists (because you bought a house, have a telephone number, got married, got arrested, etc.) looking up any permutation of that data is just a search. I don't know how you make that illegal.
It's true that some laws/decisions about what constitutes public data arguably made more sense when finding that data required making the effort to physically look through the physical files of some town clerk who was probably out for lunch. However, this has been a topic of discussion since companies started selling databases on CD-ROMs and nothing much has changed. So I'm inclined to think that genie is well out of that particular bottle.
It shouldn't be "just a search". In other words, it should be possible to go to a web site, enter an address and find out who owns the property at that address. But the same site should not allow the user to enter the name of a citizen and get the address where that citizen lives, or who else lives at the same address. So businesses who possess the data should not be allowed to just dump the entire data into Google's search indexes, they can only allow certain narrow searches.
So, again, you're basically proposing that even though data is legitimately in the public domain, somehow people should be prevented from connecting that data with a search. Good luck with that.
The government should not put citizen's personal information in the "public domain". When government collects personal information about its citizens there should be laws governing what is allowed use and what isn't.
The list of people who voted in a particular election is placed into the public domain as an anti-fraud measure. It's an important part of the US version of democracy. Other info like property ownership is public for similar reasons. Rich people form trusts to buy property and obscure their names.
And in some cases there are. Your tax records are not public. But a wide range of transactions/interactions with both the government and private companies (such as home purchases and arrests) are as a matter of law.
> There is public interest in knowing who owns the property at a certain address, but the reverse lookup of the same information--where does a certain citizen live--should be made illegal without the permission of the citizen.
This is not possible. The most you can do is make it slightly inconvenient to invert the Address -> Resident lookup.
I'm also not sure "public interest" is a valid justification to violate privacy in this way at all. Perhaps one shouldn't be able to look up who owns an address without some rigamorole.
The opt-out is for information they added on top of what is in your voter record. They don't let you opt out of information that's in your voter record.
Sure, but we need new laws on how public information can be used. Just because you want to register to vote shouldn't mean your date of birth can now be made freely available to identity thieves and potential employers who can use the info to discriminate against you.
>Just because you want to register to vote shouldn't mean your date of birth can now be made freely available to identity thieves and potential employers who can use the info to discriminate against you.
Yes it does - that's exactly what "public" information is.
Maybe you can argue that some information shouldn't be public, but some things can't be hidden, like your date of birth or your name or your DNA, and those things are up for grabs by anyone who can collect them, for better or worse.
Again, the government should not collect citizen's personal information and make it "public" information. Even when certain information is known about a private citizen, there should be laws governing what is allowed use of that information and what isn't. Certain uses should require a release from that citizen.
There's two schools of thought here - that the day you were born is somehow confidential or that the public has a vested interest in knowing who is on the voter roll.
In 4th grade, they started teaching kids about their "digital tattoo". A reasonable analogy -- like a tattoo, it's very hard to erase whatever you put out there.
For those of us who aren't looking to totally drop off the grid, but are concerned about their online footprint and privacy online; check out https://www.privacytools.io (not affiliated). It's a good starting point for choosing trusted third party services. I'd be interested in other responses or advice for people who try and do the same.
First, delete all the content you published and social network accounts like I did. Change the name first of those accounts to be sure that if they wont totally delete your account, it will not be your name in the system.
In the case of some websites you may be able to convince the owners to delete the content you posted.
Some other websites, might not be easily convinced, but you can bait them with money to achieve your goal.
I did all that. Currently the only place my full name shows on the internet in on Companies House, because they keep those records, for almost 20 years after you close a company. And those same records get published by third parties also.
Other than that, I'm GHOSTING.
First, change your names on social media accounts and then delete the account.
Second, use the right to be forgotten laws in Europe (even if you aren't European). They've got Google by the balls and at the very least you'll be scrubbed from google pages in Europe, perhaps very soon - or not - you'll be scrubbed from Google worldwide.
Third, might want to change your phone number. But at the very least, even if you have poor impulse control or are too attached to do the first step, just remove your phone numbers from your social media accounts. Uninstall those apps from your phone. Clear your cookies. The main goal is to disassociate your phone number from social. You inadvertently upload it in a variety of ways, and this is a key component to their graphs. Changing it is better because your friends upload your number anyway. Now you will have a new number and no social media profile linked to it.
Fourth, be conscious of what/where you post. Now that you won't have privacy anxiety, this will be much easier to pay attention to.
Fifth, at your leisure, send sternly worded 'remove this content' emails to any web pages that still reveal info about you. Don't do this from free email and gmail accounts, do it from more authoritative sounding domain names. But in the email, refer to yourself as "my client"
> Second, use the right to be forgotten laws in Europe (even if you aren't European). They've got Google by the balls and at the very least you'll be scrubbed from google pages in Europe, perhaps very soon - or not - you'll be scrubbed from Google worldwide.
This isn't quite accurate.
The search results are only removed for browsers within Europe.
Google will only removed "outdated" or "irrelevant" search results.
Google approve less than half the requests it gets for RtbF.
Best is to first replace all your information on those services by fake information. Then create a bunch of accounts with the same name, and also enter fake information. Then delete all the stuff.
Remember: you can decrease the signal-to-noise ratio by decreasing the signal, or by increasing the noise.
I don't think there's any way. There are too many identity aggregators. I think the only way would be to create lots of fake profiles and fake information tied to your name, thereby drowning out the signal.
Give all service providers a unique email, and a fake name. It will be very hard to correlate your identity between two providers. And most providers don't need your real name.
The question stems from a hypothetical problem. A person who works undercover, let's say, and has a fairly unique name, is concerned that their real name, if ever revealed, could be searched and then the associations to family and friends revealed from this search be used to either coerce the undercover person to work against the law, or simply to hurt the associated family and friends in retaliation for duty performed. The agency for which the undercover person works does not aid in any way the cleaning up of public data available against the person's true identity.
Off the grid is a good phrase. Have you ever tried living off the electrical grid? You either spend a ton of money building your own "grid" so your life doesn't have to change or your life becomes radically different from everyone else you used to know including yourself.
I personally found that having a very very common name provides a lot of privacy. If you look me up by my real firstname/lastname, you'll find out we are borg, we are 1000s, and I'm burried somewhere far and deep in the search results.
For better or worse, having a very common name is one of the best ways to hide. By contrast, my name is effectively unique (at least among people who have any web presence).
The worst of both world though is probably having an almost unique name that you share with someone notorious who could plausibly be you for reasons of age, location, etc. I once knew someone who shared names (in the pre-Web era) with someone who was a widely hated figure at one point in NYC. My acquaintance literally got death threats on his answering machine aimed at this individual.
Likewise, I don't have a very common name at all, but after googling it, found many high-profile people who do. They help me hide way back in the search results.
I had a roommate named John Edward Smith III. Aside from the III, this is basically the most common name in the US. There were 3 people with exactly his name (including the III!) in the University of Virginia database. If you're going to change your legal name for privacy reasons, it's a good choice.
Distributed social media where all your posts are on your own private server/NAS box next to your router. This means only people you "connect with" will have access. No companies will collect data. At the time of your choosing you can just delete your info. This doesn't prevent your friends from making copies, but they usually won't. As for sites like HN, use an alias so the posts can't be connected back to the real you. That's hard to put leakage, so let's try to create such sites so that when an account is deleted it really is. Not sure how to ensure that.
You just described a major feature of the imaginary federated social network I've been designing in my head for the past several years: you have a "profile information provider" (your phone, a third-party website) that you subscribe into your various social networks, SNs then existing only to provide a social graph within their context. Your personal info then remains under your control (as the idea goes) with access granted and revoked at will.
disclaimer - I happen to know digital shadow from event I once attended. I'm not associated with them and for that matter I had not used their product, however I find the idea pretty interesting and kinda cool :-)
Impossible to completely delete yourself - especially with things like the Internet Archive, so even if you delete current pages, there'll be an archive.
Best thing is delete all your accounts, request any mentions of you to be removed, and as others said change your name so that things like Zoominfo and bots don't pick up on you.
I had sent emails to websites I held accounts for but I forgot logins to e.g. myspace to delete my content and they did :) I was not happy with pictures I posted years ago just before my interview after finishing college. I have active social network accounts I m not paranoid about the information there
If I want to remove something, I edit as much of it as possible to be underscores and/or fake/nonsense, then delete the comment/account. So unless the service keeps various versions of the same comment (some may, many don't) that info is effectively gone.
Is there anyway to delete/DMCA those white page websites (whitepages.com, spokeo, instantcheckmate, etc.) that list all your relatives and your past physical addresses?
There are already several SaaS products in this space. They do things like: (1) giving you instructions for deleting yourself on sites that allow it, (2) flood the Internet with fake content about your name, (3) file (potentially bogus) DMCA notices/RTBF requests for stuff that wasn't buried by (1) and (2).
It's called "reputation management" by some.
As an example of (3), sites like Ripoff Report won't remove info, but, if you can get a copyright logo or photo onto a Ripoff Report page, you can DMCA google & have the entire page unindexed.
maybe not so much because any measure you come up with will be met by countermeasures from the data aggregators and your business model is reliant on the companies complying with your data deletion request
You need to find a job that will hire you without I-9 verification, pay cash, and not withhold taxes or report your employment to the IRS. You need to sublet for cash (without the landlord's knowledge, so he doesn't generate any records like a lease) and not have your name on the apartment or any utility accounts.
The banking system is loaded with KYC rules; you will need to steer clear of it. Do not get an ID at all unless the photo no longer resembles you and the address listed on it checked out at the time but is no longer considered a threat (remember that your old neighbors might sit with a sketch artist or remember a comment in passing about where you might be headed next). Obviously no car registration or driving. Switch transit fare cards frequently; be careful of the CCTV cameras on the farecard vending machines.
Use distinct prepaid device for each call. Make your way to a pseudorandom location (the locations of all your calls plotted on a map should not let anyone infer the general vicinity of your home, workplace, or where you might surface next). Make the call over a unique Signal account, be brief, and securely destroy the phone.
Obviously no flying, and especially no crossing international borders. You most certainly cannot do anything predictable like show up at your parents' house at Christmas.
If you must use email, use Tails, use a different email address and PGP key for every message, come up on secondhand laptops over Tor on public wifi at places that can't individually identify laptop users mechanically, and places too busy to remember the faces of specific laptop users.
Obviously, social media of any form, any sort of communication (even letter-writing) with people who won't apply this tradecraft as carefully as you every single time with no exceptions ever, legitimate employment, anything licensed, and anything related to the banking system are totally out of the question.
... by now it should be clear that "dropping off the grid" is almost certainly not what you want to do, and that 95% of what you have to fear from "the grid" has been here long before social media and doesn't care that you deleted your Facebook account, because it is integral to every part of life.
The relation name ~ face ~ residence ~ phone ~ email ~ occupation ~ employer ~ financials is probably not something you actually want to "erase" or keep secret, unless you are willing to go to extreme lengths. And at that point, the government's "someone is using tradecraft" senses will likely go off, and they'll likely come at you with some old fashioned human intelligence work that your Hacker News sensibilities won't protect you against.
You might want to think more deliberately about which pieces of information you're trying to disassociate from that relation, because that's a much more tenable project.
You have to consider who you are trying to hide from. Hiding something in the face of an active pursuer is an act of aggression or at least, counter-aggression. In warfare there is the concept of enemy combatant. An ethical force will adhere to the idea that they only actively pursue and disable combatants not merely resistors, demonstrators or those taking countermeasures to protect themselves.
Some people may be combatants by things other than actions of violence. Wearing an enemy uniform even if you are not holding a rifle or actively participating in a battle, spying, providing serious material aid to the combatants etc.
I think these are apt comparisons to privacy and personal information because having them is a sort of ephemeral habeas corpus (I'm aware of the contradiction). You 'have the person' (that's what habeas corpus literally means) in a digital/information sense. Of course there's no exclusivity as there is with an actual bodily person.
Warfare is ultimately about controlling the bodies - you kill the bodies and then you win. If more of your bodies are standing or if more of their bodies can be convinced to stop fighting or to come over to your side or just lose the will to fight then you win (trying to encompass more than just battlefield warfare here which is quickly becoming less important)
So this very long winded setup is just to say that the "future of personal identity cleanup" is an oxymoron or at least a contradiction. "Hiding" whether digitally or otherwise is an ACTIVE thing. I guess the cleaning concept is useful to a degree. If I clean my kitchen then it stays clean...until I make dinner the next night - which, because I need to eat, I will inevitably do. And then it's just as messy and requires just as much effort as it did previously to clean.
So unless you are dead, you can't just clean up your digital trail and be done. This is assuming that you want to go about living a relatively normal life and not smuggle yourself to an uninhabited island.
So the future of digital privacy will be a series of compromises and trade offs. I don't want to be at all disrespectful about the situation in Syria because it is grief ridden disaster but I think this illustration is a good one.
There are still people in Syria. You may think to yourself, "Why are people still in Syria? People with families". Because some people can't leave, some people don't think it's that bad for any number of reasons such as blind luck, blind faith or any other form of blindness. Regardless they are still there.
And that's how digital privacy is. Most people won't care which means there won't be a demand which means you will stand out when you do demand (to be not seen)
This is too long.
TLDR:
1: TOOLS - tools to help you just like new kitchen gadgets. Some will be fads, some will be workhorses like the classic kitchenaid mixer and others will be just for pros or people with a passion for it.
2. KNOWLEDGE - Knowing how to hide what you really want to hide. This is going to be helped more and more by tech. People who don't want to hide anything won't ever know about these but those who do will. Starts with VPNS, separate accounts, never bringing a device with an EMF signal to certain places, how to use strong encryption etc. but includes basic digital tradecraft.
3: COMPROMISE - Don't ever use social media. Or do and realize that part of your life is never going to get a privacy cleanup. It's the fryolator of your digital life. Makes things delicious, unhealthy and never clean. Other compromises and realizing that just like credit, it's hard to repair mistakes in digital privacy.
The question is so simple. . . . I wish the answer was. Sorry this is so rambling. I was going to include a why you should listen to me section but then I'd have to tell you who I am.
I have a fairly unique name. Anyway 5 years ago I was on a date, met the girl online. She started asking me about places I had lived... and she just knew way too much about me. She confessed she had paid like $20 to look me up on one of those extended search services before the date. There was no second date. Totally creeped me out... but I did get the name of the service she used, and when I got home I ran a search on myself to see what all was there.
What's worse than all the information being out there, or parallel I guess, is that the shitty service had a bunch of information wrong. It said I lived in a state where I co-signed a lease for my sister (and since I have the same last name as my sister the service drew the conclusion we were married), it said that I still owned a home in yet another state (I had sold it years before)... It also returned my year-by-year income (most of which was fairly accurate), court records (even from when I was a little kid showing up at my parents' divorce hearing), and the exact amount I still owed on my house. No clue how they got all that shit.
Around that time I went looking for ways to purge it all, I stumbled across this post:
Here we are, 5 years later... I can say... a few less scammy sites show up when you search for me... but on the whole not really much impact. A bunch of information these sites have is still wrong, and a lot of the sites... even if you go through all the trouble of opting out... they only honor the opt-out for a year.
I asked my lawyer if there was a way, how do celebrities and such keep their records out of these people's hands... and his response was, "You probably have to contact each site and pay then to take you off..." At which point I decided to cheer if anyone ever fire-bombed the offices of Radaris or Spokeo or Yatedo or any of the other shit-information sites.
We need laws that make it legal for us to all kick the CEO of these companies in the nuts -- one good solid kick each. Freedom of information, all that... necessary for democracy... and it's just a short hop from there over to aggregation services... but we should at least ensure that people who want to profit off eroding privacy shouldn't be able to reproduce.
To be clear, just in case anyone reading does not understand, this would have no impact as data is now routinely stored at multiple, geographically disparate data centers run by disparate companies within completely distinct legal jurisdictions, as contracted by distinct legal entities, and these are increasingly all kept secret via services like Cloudflare, corporate service agents, DNS privacy services, international accountants and lawyers.
So... don't go getting firebombing ideas. Instead, take your pyro inklings out through the retro game Pyro ][ in which our protagonist begins by burning down the IRS - https://duckduckgo.com/?q=pyro+2+abandonware
A large scale, sustained global atmospheric thermonuclear barrage might do the trick - generate a wave of electromagnetic pulses and fry all the electronics on the planet.
Your ire is probably misplaced. It should be with the laws that make most of that information public in the first place. (Although there are good reasons to make various information public as well.) Yes, it's easier to access that information with a quick search than in the past but that's the reality of public information in this age.)
But there is a creepiness factor. As someone who is fairly visible publicly and deals with a lot of PR people etc., there's a fine line between finding areas of common interest/conversation starters and we ran a creepy background check on you.
There is a database of mortgages, I forgot what it was called though, that's how they know what you owed on your house.
Most of that stuff is pretty easy to find on local records, it's just a dumb aggregator, they are getting the information from elsewhere.
If I had time I'd be able to find 80% of that information on you now. If I had access to a few nonpublic databases (like a PI would) I'd have access to everything. And since I am a smart human not a dumb machine id probably be able to tell most of the innacurate information was inaccurate.
Im aware it could be done. I just think anyone who does it deserves a swift kick to the nuts.
I could create plastic rice and sell it... but I'd be a horrible person for doing so. Just like these people that created the aggregators. Pathetic waste of life ass hats... can't think of anything good for society... so they shit on it.
> anyone who does it deserves a swift kick to the nuts.
Let's say you want to buy a house and apply for mortgage. The bank can either look at your credit history to determine your probability of default, or not look at your credit history and assume your probability of default is the same as US average. The bank uses this probability and prime rate to decide what interest rate to offer you.
If you paid your bills on time in the past, your credit history would be clean and you'll get a better rate.
OK, joking aside... Sure... the bank has that info. Presumably the bank had to go through special screening and training to get access to it. I'm OK with that. One step better, it would be nice to have notification whenever any person or institution queried my info... but at least they have some level of screening.
Huge difference between that, and just throwing all the information out there to the wind. Certainly your insurance rates would go down if all your health info were made public and the insurance provider was allowed to factor that in, right? It's creepy, it makes the world a worse place for existing.
I guess what's nice is that when someone does a search, they probably know most of these sites aren't all that accurate to begin with... But my comments were more around how it would be nice to stop the spread of some things... companies that work to make a buck eroding our privacy for starters. I could set up a truck on the street in front of your house... document everything about you for a few months... it's creepy.
On that note, the way to kill these sites off would be to just have Google de-list these sites. Now, I get that Google won't actually de-list sites... but treating them like the scammers they are would be a good change the the SERP ranking algorithm.
> Presumably the bank had to go through special screening and training to get access to it.
No, not really. They just have to ask you if it's OK preform that query from a Consumer Reporting Agency (CRA) and have regulations around informing you about the sources they used to make decisions. Same for any 'background check' company. But if you want to participate in society you're going to have to authorize these sorts of searches... There's not a whole lotta choice.
In the US The Fair Credit Reporting Act (FCRA) regulates how the CRAs use that information.
I'm no expert, but I believe the FCRA only applies if the information is being used to make credit, insurance, employment, housing, etc. decisions. It doesn't apply for personal curiosity. That's why those sites say "you agree not to use this information for employment, housing purposes, etc." When you use them.
It's probably more useful to read the FCRA rather than listening to me though.
> your insurance rates would go down if all your health info were made public and the insurance provider was allowed to factor that in, right?
It's already happening, the only difference being that it's the people rather than insurance providers that make those decisions. Healthy young people do not buy insurance (because they will pay more in premiums than amount of healthcare they consume), premiums go up because average remaining customer needs more healthcare, etc. In the limit premiums are sky high and nobody has insurance. That's why universal health care makes sense.
The key difference is that people have little control over their health, but a lot more control over how much they work, how much they spend, and whether they pay their bills on time.
Credit bureaus and companies like Axciom or DataTree collect, keep and sell tons of data.
At the very least you should request your credit report (it's free if you don't want FICO score) and check that everything in it is correct. This is not the last time someone pulled a background check on you.
we've run this service for a number of years and processed probably a million or so opt-outs successfully. nothing "deletes you from the web" obviously, but happy to answer any questions from anyone:
https://www.abine.com/deleteme/landing.php
Move country, change your name, change the industry in which you work and change the hobbies in which you are interested. Change the clothes you wear and your style of haircut.
All of that is a lot easier than trying to track down all lose-ends over the internet. You won't escape state-level actors if that is your concern but you'll have some distance between your offline and online history.