A not-so-secret dirty little secret is that many of the reputation management agencies also own many of the public records websites that publish mug shots, court records, and so on. When you hire them to remove that information from the internet it puts you into a cycle of being removed from one or two of their website and added to something else.
You end up in a never-ending game of whack-a-mole. Complete with monthly fees.
Similar to a mafia coming to your small business and telling you you need to pay to stay open, otherwise they’ll make sure you. Still just the cost of business? Seems more like a power imbalance.
In many cases, the potential problem may be caused by the same party that offers to solve it, but that fact may be concealed, with the intent to engender continual patronage.
Lol those orbs! Oddly, Worldcoin's main exchange is Binance which stopped doing business in USA so I couldn't get a bag. Up almost 10x. Not bad for a sphere that proves "personhood". With AI making actual people vs machine created more difficult to discern, it may have evermore applications.
You know, those entities that hoover up any and all info on you, that you cannot opt out of, maintain information whether its accurate or not and refuse to delete obviously erroneous data, then release it *all* to the world by being extremely poor stewards of said data, then charging you for credit monitoring for the rest of your life, since your immutable info just got shared with assholes.
Guess who owns most/all of the credit monitoring entities?
Luckily you can mail them a permanent opt out for most of that stuff. IIRC, it removes your name from the searchable list of info 3rd parties use for marketing.
Additionally, if you haven't, freeze your credit at all bureaus including LexisNexis.
I've frozen all of mine, because thanks to Equifax, I don't have a choice.
I wish you good luck opting out. I'm not talking about what the law says, I'm talking about how they act.
Technically, you can dispute incorrect info. What that dispute amounts to is the bureau asking the entity if it's accurate. No proof needed. If they say it's accurate, then you're stuck with it, until you jump through many, many more hoops.
This sounds awfully familiar, like the window repair guy breaking windows or the tire salesman dropping boxes of nails on the road. The only difference is both of those things are illegal.
The lesson for the modern ago. Don't put stuff into digital form if you want privacy!
Some places don't allow use of smart phone. They actually ask you check your phone into a coat check type thing at door! One journalist friend often leaves the smart phone at home.
This sets a terrible precedent. For most, a phone is all or a combination of; house keys, car keys, bank cards, medical records, photo albums, etc. Giving all that up to a stranger (albeit behind a passcode) is a step backwards in security and privacy. An alternative that I have witnessed is places place your phone in a lockable bag that you then carry with you. They unlock the bag when you exit.
> Giving all that up to a stranger (albeit behind a passcode) is a step backwards in security and privacy.
putting all that on a device that you don't control and that "strangers" at apple or google can access or make changes to at any time, and without any notice to you and without any permission from you sounds like a step backwards in security and privacy.
Cabaret at the Kit Kat club in London places a sticker over any camera lens. The Burnt City, an immersive theatrical experience, makes you place your phone in a pouch that is then sealed with a tamper evident fastening before you enter the venue.
More like : If it is not explicitly illegal and aggressively enforced by someone, a business will attempt it, regardless of whether it makes money or not.
I can’t give specifics, I know someone who had to deal with “delete me” requests from these “privacy” companies. The privacy company would literally take your personal info (name, email), and _email it to every company they could think of_ asking the company to delete your account _even if you didn’t have one_.
I had a suspicion these services actually do more harm than good, even if they're well intentioned and not actively running a data collection scheme.
But this is really a chicken-egg situation. How do you tell companies to delete your information without telling them what identifies your information? It's in these companies' interest to make this as difficult as possible, so a solution based on data hashes is highly unlikely to appear out of their good will alone. This requires strict regulation and high fines.
There's also the issue of proving ownership of the data requested for deletion. Even in the EU with the GDPR, which is arguably the most progressive data privacy regulation we have, companies routinely violate this by requesting even more personal information from the requester.
Ideally a regulator would intervene, demanding that the data provider prove that each person in their database has explicitly opted in. That should be really easy for these companies -- it's just another record to include in our files. If they can't prove it, they must delete all related data.
amazingly enough the law is more clever than programmers assume it is, and the clever dodges programmers come up with tend to be seen through and just lead to jail time.
I don't understand how Hans Reiser is an example of this. He was convicted of murder and nothing about his case (that I could find) seems to indicate that he used "clever dodges" to skirt the law.
if one followed the case at the time Reiser seemed very much the stereotype of the really superclever person who figured they were smarter than all those dumb folks who were never going to catch him and it all fell apart real quick.
I see what you mean. There is some nuance to that which wasn't captured in the Wikipedia article or my general awareness of the details about the case.
A scanned signature would work, I think, on a form mailed in by the user. The form would need to be clearly identified as coming from the data broker but could be provided by the company ultimately seeking your data.
My impression is that it depends what company you use. I don't really trust them but at the same time, there are a lot of other companies. All I can really say is that Optery will give you a free report with very minimal information and on a test they dug up far more information that I provided (the minimum).
Given that these companies, like Incogni and DeleteMe, are now sponsoring big time YouTubers I'd imagine they are soon going to get a much closer look. At minimum, they are making far more people aware of the situation and data out there. Even though many of the VPNs fall far short of the promises, it is setting a strong signal that people care about privacy and entering the public lexicon is the first step. I hope these can be a catalyst towards more state or federal privacy protection.
I have a common enough name that about 2/3 of the info data brokers have on me is garbage.
If every data broker could be relied on to faithfully delete my info I would sign up for Optery or Incogni today. I don't, because if even one of those 2/3 is a bad actor I'm just expending effort to clean up their data.
When you use these ‘delete me’ services to remove your information from a platform like Dropbox, there’s a hidden catch. These services are often linked to companies that trade in email addresses. By submitting your email for deletion, you might unwittingly end up having it sold to marketers or data brokers, potentially leading to even more spam and unwanted contacts. Or maybe nice target ads … depending who bought your email address
Devil's advocate here, n=1 is just a data point is rarely the whole story. I would assume, but obviously I could be wrong, that the legit ones actually can check if your info exists in a company before they send a take down request. I have no proof of that but it's probably nearly as good as n=1.
In my opinion, this is a failure of due diligence on behalf of the Mozilla Corporation. I'm sure their legal team is jumping into incident response mode right now.
I think this is one of the problems of organisations not doing anything themselves, and offloading responsibility and liability to both external partners.
Mozilla has never been trustworthy. The Mozilla Foundation is probably what most people are confusing it for, the nonprofit that actually cares, but Mozilla the corporation just wants money.
You’re partly right. MoCo only cares about money. MoFo though is/was Mitchell’s political slush fund. TBD how things will shake out once there is a permanent CEO but Mitchell is remaining chair of the foundation. She’s also got really deep ties to how MoCo is funded (google) so it’s likely the new CEO will be her puppet.
Microsoft and Google don't even try to hide the fact they will siphon your data, whether you like it or not. You can turn off some of the egregious siphoning, but that's about it.
Mozilla meanwhile claims to be the champion of digital privacy, marketing Firefox as the private browser of choice along with a host of ostensibly privacy products such as VPN, all the while also siphoning data. Turning it all off requires digging deep into about:config.
One group is honest (or at least relatively more so) about what they do. The other entity is a pathological liar led by a queen on Google's leash for controlled opposition purposes. As such, I daresay Microsoft and Google are more private than Mozilla because you know what you sign up for.
I don't think that's what the word "private" means. It's not the same thing as "honest".
Compare the data. Mozilla may be less honest than Google and Microsoft (a premise I also disagree with), but they are demonstrably harvesting much less data.
This is ridiculous. Firefox doesn't beat around the bush with telemetry and makes this clear when you install a new copy of it to your machine. It also does not require "messing around in about:config", this option is presented to the user in Settings, in plainly stated language and in a central location (unlike other browsers, particularly Edge, and Chrome, with privacy related settings in 40 different drop down menus).
> The other entity is a pathological liar led by a queen on Google's leash for controlled opposition purposes
Oh come on, Baker was around since the Netscape days. You just don't like her cause she was a Suit, and that's fine. But except for a bunch of engineers Netscape had a bunch of Suits. It's not some conspiracy that a Suit is still running things.
I used Onerep until I was told it was shady. I now use Optery (https://www.optery.com/) which is a YC company. I'd love to hear if there are any issues with it.
The problem is there are 200+ data brokers out there and I don't have time to deal with that many.
Optery has been flagging the conflict of interest between OneRep and Nuwber for years and put a statement out with our position following the Krebs article:
Kanary is a grant recipient from YC and does data deletion as well. Main difference from Optery is simplicity of the tiers (there is only 1 premium tier that covers all sites + hands on support). While Optery's b2b tooling is more built out than ours.
We have a 'downgrade to a free tier' option if you are paying and want to take a break from the service. We delete all data if you decide to cancel, but you can join back any time. If it's not clear from the username, I'm on the team.
Yeah, I did this, following one of the guides (possibly the one linked in the parent). It definitely worked with the worst of these bottom-feeders: mylife.com
It involved phone call to an Indian call-center. While remaining polite (not easy) but persistent, I had to listen to multiple dumb pitches about their "services". I stuck with it and in the end they removed my name but indicated it "may" come back.
That was in 2018. My name no longer appears when searching their website. I do, however, get MULTIPLE garbage emails per day from mylife indicating "changes" about my profile and that of my family and neighbors.
I have avoided dealing with 3rd parties for this stuff. In addition to the fact that they may, as Krebs indicated, racketeer with the scummy brokers there's ALSO another concern: Some of them PAY the data brokers a percentage of the fees they collect to remove names. The last thing I want is for these bastards to get any money for their activities.
BTW, the founder and CEO of Mylife.com is Jeffrey Tinsley. He appears to have made quite a fortune doing this data-broker shit.
It's like the old days of Ironport. Ironport built a rack-mount spam filtering appliance for business. They also built a rack-mount spam-sending appliance for business. That blew their reputation.
I’m pretty sure Ironport getting bought by Cisco and then Cisco letting their product rot while simultaneously jacking up prices blew Ironport’s reputation. They were excellent appliances before the acquisition.
I wonder if there are reputation protection companies that try a different strategy: for every user that requests their service, prop up thousands of fake identities with the user's name, but each with some inconsistent profile that are almost, but not quite, entirely unlike the original user. So if someone search for a person, their search results would be flooded with garbage.
Since it seems very difficult to try to get a leaked identity removed, maybe try to hide a tree in the forest?
The former British prime minister executed a similar technique to hide his scandal by releasing search-engine chaff. He had a press interview where he claimed one of his hobbies was painting miniature red buses, and the scandal he was hiding was false and distateful ads on a (real) red bus as part of a campaign for Brexit.
> For example, the disaster surrounding London’s new Routemaster city buses disappeared into the depths of the web after Johnson made completely nonsensical statements in the media about building model buses from wine crates. Coverage of these statements triggered a flood of search queries on Google that displaced negative search queries and Google Suggest results related to Boris Johnson.
> Research showed that before the wine crate buses interview, 100% of Google Suggest and search results on page one that were displayed in connection with Boris Johnson had negative connotations. After the interview, it was only 20%.
> Additionally, when news broke that British Government members had flouted Covid guidelines to meet for wine and cheese during a ‘work meeting’, it was seized upon by the British press as “partygate.” Soon after, Johnson was quoted in interview saying, “I don’t work from home. The cheese will distract you.” As a result, negative coverage of the British Government’s party-gate incidents were glossed over by search suggestions and results, and keywords with negative connotations no longer appeared in Google Suggest prompts.
> There is one thing that is absolutely certain about throwing a dead cat on the dining room table – and I don’t mean that people will be outraged, alarmed, disgusted. That is true, but irrelevant. The key point, says my Australian friend, is that everyone will shout, ‘Jeez, mate, there’s a dead cat on the table!’ In other words, they will be talking about the dead cat – the thing you want them to talk about – and they will not be talking about the issue that has been causing you so much grief.
in the same category of "Best of the Internet", my favorite are the sites that claim every person on the planet has an "arrest record found" and you can see those records for $49. Or if you're that person, pay us $99 to remove it.
You see this a lot these days (though I suppose it's just more visible now). Another example is people selling political t-shirts (many offensive or obnoxious) to both sides of a partisan divide.
They do via their advertising copy, which strongly implies it. The productization of opinion is a Bad Thing in my view, for the simple reason that it becomes profitable to stoke conflict and commercial entities are therefore incentivized to do so.
A few seconds worth of work reveals how false this is. Perhaps it's just that you find one type of merchandise offensive but find the other type pleasant. Perhaps this open bias is coloring your perceptions?
I’m mid 30s, and I don’t recall anytime other than the last 7 years in which I saw people wearing stuff that came anywhere close to “Fuck <president>”. Or chanting it at random non political sporting events with families with children in attendance.
And I don’t see the other party doing anything equivalent, from giant flags on pickup trucks, to roadside merchandise stalls, to pick up truck convoys that harass and bully other candidates on the road…
I'm pretty certain that the other side of your political leaning would say the same thing about your party.
Ask anyone about there political merchandise and they will never see it as just "merch" but as a fundamental truth that is pivotal to there way of life they they feel is being threatened. It's much like calling someone's religious garments or iconography just merchandise and is a very closed minded point of view.
Yeah nah, that's some sweet Dark Brandon merch out there.
Guarantee someone's already selling some Jacked Up Joe merch already.
There's always someone selling merch though, a few years back a rather famous/infamous politician in NZ, Winston Peters, came out of left field to win a by-election in the electorate of Northland that the ruling National party government expected to win easy, the same party that had snubbed his offers to work together.
So people started selling "King in the North" t-shirts with ol Winnie photoshopped onto Jon Snow. I, being honest, nearly bought one, because you had to admire his schtick.
So yeah, there's always merch.
But, AFAIK, at least no-one is selling Joe Biden fan art NFTs yet. It's like a double grift.
And obviously Trump loves the merch far more because he gets a cut.
You're fine if a search machine returns zero results about you. Never put your personal information out in the wild. This includes a linkedin profile. I haven't found a solution if you're a business owner but even then try to limit exposure as much as possible.
Asking as a complete amateur, how do these people databases & privacy companies work? They claim to get personal details, family connections, social media content and even court records etc for not-so-exhorbitant price ($30 per report as ballpark?)
Do they just scam people by compiling whatever is available on search engines? In one or two cases, I have seen them at least giving the house address or family member details right. So there seems to be more at play.
Even without using a paid service, if you know what state someone lives in and can narrow it down to a few potential counties, it's typically not that hard to find someone's address by searching online property tax assessment records which usually expose the full address of the property, the owner's name, and the assessed value.
Same for court/criminal records, marriage records (in some states), etc.
Prostitution is not the oldest profession. Racketeering probably is. Probably started with the most basic form: giving your food to Ugg to pay him to stop his brother Grug from punching you.
the last guy who stole an Amazon box off my porch didn't put up a school for my kids, the road in front of my house, help the homeless guy I gave my second burger to the other day get out of the cold, make sure the water out of my tap didn't kill me, etc
Many large drug cartels pay for schools, give out food to the poor, and control some forms of crime to increase public support or at least prevent their protest.
Once organized crime gets big enough, it's really difficult to distinguish from a weak government.
Sure and many feudal warlords grew the same way but at some point the Castle decayed away and became a tourist destination and what was left behind was the community and governance.
Once organized crime gets really big, it stops being crime and persists on organization alone.
I agree, but I would argue that the label of "crime" is mostly semantics. The violence (or at least the threat of violence) of the crimes still persists, but whoever is the most powerful group gets to change the label of their violence from "crime" to "law enforcement".
One redeeming thing about the monetization of the Internet is that these deep web people search sites are generally not free any longer. There was a time when, for free, you could basically search a person who didn't have an especially common name with maybe a couple for tidbits about them and could you find a huge part of their life history and, of course, info like birthdays.
Gentle reminder that Mozilla Monitor is just OneRep, albeit marked up for Mozilla Corporation’s profits (yes Mozilla is a for profit, its foundation is not).
I find it funny when things like these happen, while conspiracy theorists get lambasted for calling out much less nefarious schemes (with evidence), only to be proven right weeks or months later when a "more official" source confirms it after gaslighting them for that period in between.
A bit off-topic, could someone explain how data brokers operate?
I've been involved in the development of B2B SaaS solutions, and there are a few providers, such as ZoomInfo, Apollo, and Clearbit, that greatly assist the sales team in gaining a deeper understanding of customers. It seems that venture capitalists love those businesses.
Has anyone attempted to create similar companies that offer Data as a Service?
and using that to automate the unsub from trackers:
-->
This really needs to be used to make a tool to automate all the "delete my data" requests and have users map out deleting their data/PII etc from data brokers to a git something and people can submit the recipes to delete your personal data.
I just did so on one of the more terrible ones yesterday - and the dark pattern was it would put you in captcha-loops... and youd have to reload/retry several times before stopped asking you firehydrant bus traffic motorcycle crosswalk over and over.
but to save unsub/delete me scripts with this would be nifty.
A recipe bounty would be neat - for example - Optery found me in more PII dbs than I expected - and it would be cool for people to see which brokers they are found in and there is a bounty list for all the brokers people are finding for someone to create a Delete-Me for each thing, so that one hopefully has the help of many to navigate the minefield of dark patterns in such.
Your data is sitting in an unencrypted excel spreadsheet somewhere as it moves between entities. Good luck.
Your best bet is what the government minister mentioned elsewhere in this thread did. Generate noise. So much noise that none of your "PII" is even remotely accurate.
You can't hide, but you can paint an incredibly inaccurate picture.
> You can't hide, but you can paint an incredibly inaccurate picture.
How do you reasonably do this? You would have to spend an incredible amount of effort creating fake data everywhere, without having any clue if what you're doing is even working. With new AI tools and technologies it's likely that someone with enough resources and motivation would be able to filter out the signal from the noise anyway.
I currently lean towards just minimizing my digital footprint, and carefully choosing the hardware and software I use. It still takes a lot of effort and sacrifice, and I don't expect this method to be foolproof, but at least it's reasonably manageable. At some point you do have to accept that absolute privacy is impossible in the modern world, even if you shun all technology.
Use a different birthday for every service you sign up to, especially the ones like "restaurant wants you to enter details to use their wifi", same for other details that they don't need in order to offer you a service.
>How do you reasonably do this? You would have to spend an incredible amount of effort creating fake data everywhere, without having any clue if what you're doing is even working. With new AI tools and technologies
Not really. AI wasn't an option until very recently. How was this managed before?
And even with AI, it would take a considerable amount of effort to flood all public channels with fake data. Do you do this via APIs for every service? Do you generate image and video as well? You would still have no idea whether your efforts are actually working.
Not to mention that using this approach contributes noise to an already noisy medium. Your fight with an imaginary enemy worsens the online experience for everyone else. We have enough junk on the internet as it is.
You end up in a never-ending game of whack-a-mole. Complete with monthly fees.