26
votes
Data removal services?
Is anyone familiar with data removal services like Incogni, DeleteMe, PrivacyBee, etc? Do they work? Are they safe?
Is anyone familiar with data removal services like Incogni, DeleteMe, PrivacyBee, etc? Do they work? Are they safe?
I've looked into getting one of those service a few years back and ultimately decided not to use them.
Those compagnies juste send mass emails on pour behalf to every databroker and companies that they can. Those emails necessarily contain your definitely correct information (full name, email, adress) to check against their database.
I feel this does more harm than good. You get law abiding compagnies to delete you at the cost of sending out your info to everyone.
Also, compagnies have to keep a record of the request, so there is now a permanent record of your info in every compagnie imaginable (even those that comply). (And email is not very secure).
And you broadcast to everyone that you value your privacy, making you a very juicy target.
I concluded that I'm much better off doing it myself, or poison the data by giving fake info into my account.
It may seem drastic, but the low effort way to have ok privacy would be to periodically change phone number (and redo all your accounts).
Not saying you should abandon trying to acheive privacy, but have resonable expectation, and i think incognito and deleteme type compagnies are mostly privacy theater.
This is very specifically not the case with Optery:
They only contact brokers with pages they've searched for and validated to contain your information, and they're not a fraud/scam like OneRep who owns several data brokers. I initially took the "email everyone and fill out all the forms myself" approach, but it is such a massive waste of my life manually navigating this list every year compared to subscribing to Optery Ultimate for $25/person in my friend/family group for one month every 13 months; few/none of my group are eligible for the August 2026 CCPA opt-out program.
Optery does seem much less scamy than it's competition and I completely agree emailing everyone yourself is way too time consuming to be worth it.
I'd like to nit-pick the "optery doesn't just send emails with your info to everyone" point:
The link you shared says that Optery only provides your info (only the "minimum required info by the broker", but they freely admit that can include everything for some broker) to brokers who they've identified already have some of your info.
But they encourage their optional "expanded reach program" in which they do just contact every broker
Not sure if this means that expanded reach is toggled on by default? I hope not.
So not sure how valuable the Optery service is without expand reach... They don't say how many they cover without it (but to be fair, I wouldn't know how to interpret that number anyway...).
As it is, my read of this is that if you object to sending data which they might not have to brokers, then even Optery's service isn't desirable (even without expanded reach, as brokers can request info they don't already have, as "necessary" to process your deletion).
Mailing everyone yourself isn't reasonable (and brokers can still "require" you to provide more info about yourself than is reasonable).
I still think just outputting lots of fake info about yourself (to poison broker's database, it's actually fun), use a VPN (a well reputed one like mullvad, not the spy ones) and multiple browser ( which you regalarly reset), and shedding your online identities regularly is the only sane way to maintain some kind of privacy.
I don't see how data poisoning can work for a vast majority of these brokers because a lot of them primarily source publicly accessible voter registrars, and most states don't allow you to remove yourselves from these without credible risk of harm (domestic abuse, etc). They're not blindly scraping blogs and social media, they generally use authoritative sources and don't remove historical data either. Someone who's never voted or registered to vote should notice that they're missing from basically every public broker (which I've observed by the lack of residences only where I've not voted).
I think brokers use any sources they can get, no matter how reliable, official or authoritative. It's quantity over quality.
For one, some countries don't broadcast their citizen's private info, yet broker still operate there.
And the GAFAM sure seem to try very hard to collect info about us for a world where only official sources are trusted by brokers.
Of course they don't read blogs (until AI manages to make that viable, if it hasn't already), but they do use "non authoritative sources" like dating app profile, browsing history, type of people you interacted with, ect.
I really don't see how they could get valuable data about you at scale any other way.
Unless I'm mistaken, the Optery link you provided earlier mentions some broker require a linkedin account as proof of identity.
As LinkedIn is a social media, at least some broker find social media authoritative enough.
They'll all work to a degree. There's others like Optery, Kanary, etc. The problem is removals generally aren't permanent. At some point your information will be readded/index from whatever sources they got it from to begin with. That's why they're subscription services.
If you're from a place with privacy laws with some teeth (E.g. USA, CA), removals are a lot more effective, semi permanent.
You can do most of it yourself for free, working through a data broker opt out list like this one: https://inteltechniques.com/workbook.html
And then sign up for a free trial of Optery or Kanary to snipe some of the stragglers//ones giving you trouble.
If you're technically savvy, you can use a residential IP proxy to pretend you're from a state with privacy laws.
Some of the sites make profile searching a major pain in the ass. They drag it out for several minutes and try to upsell you at the end (or grab your email before giving you the results). There's usually a few ways around that. Some offer a phone book like lookup, where you select the first letter(s) of the last name you want to lookup, followed by several sub pages where you select the rest of the name + first name. Or something like that.
E.g. https://www.spokeo.com/people/S0001
Other way is to Google "site:<base domain> <Common Name>". This usually surfaces a url you can then edit to your name/location.
E.g. https://www.spokeo.com/John-Smith/California
This is a very large web to unravel, but I've previously posted about how I was disappointed by Mozilla's choice of partner for a "data protection" service, which is similar.
I think it's worth reading the Krebs article on this. In a nutshell, sometimes these companies are scummy enough to be working both ends of the deal, posting info and then charging to get it removed.
Additionally, at some point, you have to accept that some of your information will always be out there. Property records, any company you've given your mailing address to (even if you've moved, since they can follow mail forwarding), etc. Just run through the potential risks, probability, and so on, which can change depending on how "high profile" you are.
Note, though, that the risks potentially extend beyond you and how high profile you see yourself, and the probabilities can be higher than you might suppose, given the low cost of automatically scanning and exploiting information from multiple sources.
I have been harassed by real estate agents for years at this point attempting to buy some very valuable land I don't own, presumably as a result of them buying information from data brokers that combines current property record mailing address data (a public record) with decades-old data breaches, thus linking my mobile number with a PO Box that was never mine (but that I did use for shipping in some instances), and which as a result of number reuse is now the PO Box of the completely unrelated owners of a completely unrelated property. These are likely automated, but I receive them, along with other scam calls, usually with specific information, with such frequency that my main phone number is now largely unusable.
More disturbingly, my grandmother recently had a call on her phone combining multiple data sources that was likely automated in selecting her as a target, but done manually. What was likely a combination of property record scanning and data broker information on her and her daughter, along with what was likely a synthesized voice from her daughter's voicemail greeting (relatively simple these days) allowed scammers to call her and tell a story of her daughter being arrested in a serious hit-and-run accident in plausible location with plausible information, with audible confirmation from a convincing voice on the call (but only brief and without conversation, most of the call being with the supposed lawyer), and tell my grandmother that she needed to immediately withdraw $15k in cash to pay for bail. (Unfortunately for them, my grandmother defaults to assuming everything is a scam. The bigger problem was convincing her, given the voice, that the scam was not a conspiracy orchestrated by her children.) Neither my grandmother nor mother are 'high profile', though property records would indicate that my grandmother is likely to have cash balances from rental properties that would make her likely to be able to withdraw $15k.
Automated processing of data likely makes it easy to find targets like this, though I have to say that I was quite impressed by the scam attempt. We've responded by my trying to educate my family more about what is now possible (eg, knowing your relatives' names, ages, contact information, and even social security numbers is not particularly unusual, being able to produce superficially convincing voices and photos of them is not difficult, etc), but the experience was quite unsettling.
Unfortunately, as you point out, there is a significant amount of data that is simply unavoidable, partially as a result of governments, and individuals, not understanding how digital records and automated data processing completely change the risks involved. I can recall the illustrative example of one large county in the US: one agency had digital property record data, but they pointed out that in order to protect privacy, they listed property owner names, but not contact information. Another agency, similarly, listed property owner contact information, but not property owner names. Clearly a good way to protect privacy!
Very good point that we need to continue educating everyone about the way this information can be misused by scammers. There's somewhat of a stereotype that only older people are at risk, but as the scams get more elaborate and combine different information sources, anyone can be convinced under the right circumstances.
I’ll co-sign on this post. I’m also interested in hearing what the knowledgeable folks here have to say about these.
It’s hard to find valid information out there about these, especially because Mozilla, who I generally trust, seems to have taken a step in the shady direction with theirs which muddies the waters significantly. I also generally trust Consumer Reports, and they tested several (PDF link).
DuckDuckGo also has a version that sounds promising, but I’m not someone with enough knowledge in this area to endorse anything:
This is pure conjecture, but based on the business models of, like, 95% of VC-funded, YouTube-advertised tech companies I’ve always kind of assumed the data removal ones are a protection racket: they do what they say while you’re paying, and if you ever stop they proactively let everyone know your data is free game again (maybe even get a kickback for doing so). You get inundated with junk again, say “wow, I hadn’t realised how much that service was helping!”, and resubscribe.
I have absolutely no evidence to back that, but from what I can see it’s the amoral profit maximising approach, so I’d almost be more surprised if they’re not doing it.
I wouldn't call these services an outright scam but I think they are advertised misleadingly. They're trying to sell a service that provides little benefit to the average person by instilling a sense of fear. If you want an idea of the processes they're automating or would like to emulate some of their results yourself you could check out the Big Ass Data Broker Opt-Out List. As others in the thread have mentioned, this involves submitting your information to "reputable" data brokers to have your information removed for the time being. It will make your information less easily accessible to unmotivated or non-savvy individuals.
Your data is likely already out there and in places that don't offer or respect these opt-outs, so manage your expectations accordingly.