A not-so-secret dirty little secret is that many of the reputation management agencies also own many of the public records websites that publish mug shots, court records, and so on. When you hire them to remove that information from the internet it puts you into a cycle of being removed from one or two of their website and added to something else.
You end up in a never-ending game of whack-a-mole. Complete with monthly fees.
In many cases, the potential problem may be caused by the same party that offers to solve it, but that fact may be concealed, with the intent to engender continual patronage.
You know, those entities that hoover up any and all info on you, that you cannot opt out of, maintain information whether its accurate or not and refuse to delete obviously erroneous data, then release it *all* to the world by being extremely poor stewards of said data, then charging you for credit monitoring for the rest of your life, since your immutable info just got shared with assholes.
Guess who owns most/all of the credit monitoring entities?
Luckily you can mail them a permanent opt out for most of that stuff. IIRC, it removes your name from the searchable list of info 3rd parties use for marketing.
Additionally, if you haven't, freeze your credit at all bureaus including LexisNexis.
This sounds awfully familiar, like the window repair guy breaking windows or the tire salesman dropping boxes of nails on the road. The only difference is both of those things are illegal.
The lesson for the modern ago. Don't put stuff into digital form if you want privacy!
Some places don't allow use of smart phone. They actually ask you check your phone into a coat check type thing at door! One journalist friend often leaves the smart phone at home.
This sets a terrible precedent. For most, a phone is all or a combination of; house keys, car keys, bank cards, medical records, photo albums, etc. Giving all that up to a stranger (albeit behind a passcode) is a step backwards in security and privacy. An alternative that I have witnessed is places place your phone in a lockable bag that you then carry with you. They unlock the bag when you exit.
Cabaret at the Kit Kat club in London places a sticker over any camera lens. The Burnt City, an immersive theatrical experience, makes you place your phone in a pouch that is then sealed with a tamper evident fastening before you enter the venue.
I can’t give specifics, I know someone who had to deal with “delete me” requests from these “privacy” companies. The privacy company would literally take your personal info (name, email), and _email it to every company they could think of_ asking the company to delete your account _even if you didn’t have one_.
I had a suspicion these services actually do more harm than good, even if they're well intentioned and not actively running a data collection scheme.
But this is really a chicken-egg situation. How do you tell companies to delete your information without telling them what identifies your information? It's in these companies' interest to make this as difficult as possible, so a solution based on data hashes is highly unlikely to appear out of their good will alone. This requires strict regulation and high fines.
There's also the issue of proving ownership of the data requested for deletion. Even in the EU with the GDPR, which is arguably the most progressive data privacy regulation we have, companies routinely violate this by requesting even more personal information from the requester.
Ideally a regulator would intervene, demanding that the data provider prove that each person in their database has explicitly opted in. That should be really easy for these companies -- it's just another record to include in our files. If they can't prove it, they must delete all related data.
My impression is that it depends what company you use. I don't really trust them but at the same time, there are a lot of other companies. All I can really say is that Optery will give you a free report with very minimal information and on a test they dug up far more information that I provided (the minimum).
Given that these companies, like Incogni and DeleteMe, are now sponsoring big time YouTubers I'd imagine they are soon going to get a much closer look. At minimum, they are making far more people aware of the situation and data out there. Even though many of the VPNs fall far short of the promises, it is setting a strong signal that people care about privacy and entering the public lexicon is the first step. I hope these can be a catalyst towards more state or federal privacy protection.
I have a common enough name that about 2/3 of the info data brokers have on me is garbage.
If every data broker could be relied on to faithfully delete my info I would sign up for Optery or Incogni today. I don't, because if even one of those 2/3 is a bad actor I'm just expending effort to clean up their data.
When you use these ‘delete me’ services to remove your information from a platform like Dropbox, there’s a hidden catch. These services are often linked to companies that trade in email addresses. By submitting your email for deletion, you might unwittingly end up having it sold to marketers or data brokers, potentially leading to even more spam and unwanted contacts. Or maybe nice target ads … depending who bought your email address
Devil's advocate here, n=1 is just a data point is rarely the whole story. I would assume, but obviously I could be wrong, that the legit ones actually can check if your info exists in a company before they send a take down request. I have no proof of that but it's probably nearly as good as n=1.
In my opinion, this is a failure of due diligence on behalf of the Mozilla Corporation. I'm sure their legal team is jumping into incident response mode right now.
I think this is one of the problems of organisations not doing anything themselves, and offloading responsibility and liability to both external partners.
Mozilla has never been trustworthy. The Mozilla Foundation is probably what most people are confusing it for, the nonprofit that actually cares, but Mozilla the corporation just wants money.
I used Onerep until I was told it was shady. I now use Optery (https://www.optery.com/) which is a YC company. I'd love to hear if there are any issues with it.
The problem is there are 200+ data brokers out there and I don't have time to deal with that many.
Optery has been flagging the conflict of interest between OneRep and Nuwber for years and put a statement out with our position following the Krebs article:
Kanary is a grant recipient from YC and does data deletion as well. Main difference from Optery is simplicity of the tiers (there is only 1 premium tier that covers all sites + hands on support). While Optery's b2b tooling is more built out than ours.
We have a 'downgrade to a free tier' option if you are paying and want to take a break from the service. We delete all data if you decide to cancel, but you can join back any time. If it's not clear from the username, I'm on the team.
Yeah, I did this, following one of the guides (possibly the one linked in the parent). It definitely worked with the worst of these bottom-feeders: mylife.com
It involved phone call to an Indian call-center. While remaining polite (not easy) but persistent, I had to listen to multiple dumb pitches about their "services". I stuck with it and in the end they removed my name but indicated it "may" come back.
That was in 2018. My name no longer appears when searching their website. I do, however, get MULTIPLE garbage emails per day from mylife indicating "changes" about my profile and that of my family and neighbors.
I have avoided dealing with 3rd parties for this stuff. In addition to the fact that they may, as Krebs indicated, racketeer with the scummy brokers there's ALSO another concern: Some of them PAY the data brokers a percentage of the fees they collect to remove names. The last thing I want is for these bastards to get any money for their activities.
BTW, the founder and CEO of Mylife.com is Jeffrey Tinsley. He appears to have made quite a fortune doing this data-broker shit.
It's like the old days of Ironport. Ironport built a rack-mount spam filtering appliance for business. They also built a rack-mount spam-sending appliance for business. That blew their reputation.
I’m pretty sure Ironport getting bought by Cisco and then Cisco letting their product rot while simultaneously jacking up prices blew Ironport’s reputation. They were excellent appliances before the acquisition.
I wonder if there are reputation protection companies that try a different strategy: for every user that requests their service, prop up thousands of fake identities with the user's name, but each with some inconsistent profile that are almost, but not quite, entirely unlike the original user. So if someone search for a person, their search results would be flooded with garbage.
Since it seems very difficult to try to get a leaked identity removed, maybe try to hide a tree in the forest?
The former British prime minister executed a similar technique to hide his scandal by releasing search-engine chaff. He had a press interview where he claimed one of his hobbies was painting miniature red buses, and the scandal he was hiding was false and distateful ads on a (real) red bus as part of a campaign for Brexit.
> For example, the disaster surrounding London’s new Routemaster city buses disappeared into the depths of the web after Johnson made completely nonsensical statements in the media about building model buses from wine crates. Coverage of these statements triggered a flood of search queries on Google that displaced negative search queries and Google Suggest results related to Boris Johnson.
> Research showed that before the wine crate buses interview, 100% of Google Suggest and search results on page one that were displayed in connection with Boris Johnson had negative connotations. After the interview, it was only 20%.
> Additionally, when news broke that British Government members had flouted Covid guidelines to meet for wine and cheese during a ‘work meeting’, it was seized upon by the British press as “partygate.” Soon after, Johnson was quoted in interview saying, “I don’t work from home. The cheese will distract you.” As a result, negative coverage of the British Government’s party-gate incidents were glossed over by search suggestions and results, and keywords with negative connotations no longer appeared in Google Suggest prompts.
in the same category of "Best of the Internet", my favorite are the sites that claim every person on the planet has an "arrest record found" and you can see those records for $49. Or if you're that person, pay us $99 to remove it.
Readit News
You end up in a never-ending game of whack-a-mole. Complete with monthly fees.
Pay and your problems magically go away. Proofpoint was consistently the only block hit.
In many cases, the potential problem may be caused by the same party that offers to solve it, but that fact may be concealed, with the intent to engender continual patronage.
https://en.wikipedia.org/wiki/Racketeering
They control the supply (the sites with your info) and the demand (the sites you can go through to request it get taken down)
/s, obviously
You know, those entities that hoover up any and all info on you, that you cannot opt out of, maintain information whether its accurate or not and refuse to delete obviously erroneous data, then release it *all* to the world by being extremely poor stewards of said data, then charging you for credit monitoring for the rest of your life, since your immutable info just got shared with assholes.
Guess who owns most/all of the credit monitoring entities?
Edit: typo...words are hard.
Additionally, if you haven't, freeze your credit at all bureaus including LexisNexis.
I guess we could say it’s the data privacy mafia.
Some places don't allow use of smart phone. They actually ask you check your phone into a coat check type thing at door! One journalist friend often leaves the smart phone at home.
Cabaret at the Kit Kat club in London places a sticker over any camera lens. The Burnt City, an immersive theatrical experience, makes you place your phone in a pouch that is then sealed with a tamper evident fastening before you enter the venue.
It wasn't paranoia it was a healthy dose of "if this is possible, someone is doing it"
Turned out they in fact were doing it.
Deleted Comment
Dead Comment
Dead Comment
But this is really a chicken-egg situation. How do you tell companies to delete your information without telling them what identifies your information? It's in these companies' interest to make this as difficult as possible, so a solution based on data hashes is highly unlikely to appear out of their good will alone. This requires strict regulation and high fines.
There's also the issue of proving ownership of the data requested for deletion. Even in the EU with the GDPR, which is arguably the most progressive data privacy regulation we have, companies routinely violate this by requesting even more personal information from the requester.
Given that these companies, like Incogni and DeleteMe, are now sponsoring big time YouTubers I'd imagine they are soon going to get a much closer look. At minimum, they are making far more people aware of the situation and data out there. Even though many of the VPNs fall far short of the promises, it is setting a strong signal that people care about privacy and entering the public lexicon is the first step. I hope these can be a catalyst towards more state or federal privacy protection.
I've wondered about this too.
I have a common enough name that about 2/3 of the info data brokers have on me is garbage.
If every data broker could be relied on to faithfully delete my info I would sign up for Optery or Incogni today. I don't, because if even one of those 2/3 is a bad actor I'm just expending effort to clean up their data.
Specifically, the data I don't want them to have.
https://www.mozilla.org/en-US/about/legal/terms/subscription...
I think this is one of the problems of organisations not doing anything themselves, and offloading responsibility and liability to both external partners.
If you trusted Mozilla Monitor with your personal data, their legal contact information is listed on their terms page: https://www.mozilla.org/en-US/about/legal/terms/subscription...
The same terms page you agreed to which both limited their liability to $500, and granted them indemnification from liability.
Dead Comment
The problem is there are 200+ data brokers out there and I don't have time to deal with that many.
https://www.optery.com/optery-statement-following-investigat...
We have a 'downgrade to a free tier' option if you are paying and want to take a break from the service. We delete all data if you decide to cancel, but you can join back any time. If it's not clear from the username, I'm on the team.
One question: Do you know if they pay the data brokers a percentage?
It involved phone call to an Indian call-center. While remaining polite (not easy) but persistent, I had to listen to multiple dumb pitches about their "services". I stuck with it and in the end they removed my name but indicated it "may" come back.
That was in 2018. My name no longer appears when searching their website. I do, however, get MULTIPLE garbage emails per day from mylife indicating "changes" about my profile and that of my family and neighbors.
I have avoided dealing with 3rd parties for this stuff. In addition to the fact that they may, as Krebs indicated, racketeer with the scummy brokers there's ALSO another concern: Some of them PAY the data brokers a percentage of the fees they collect to remove names. The last thing I want is for these bastards to get any money for their activities.
BTW, the founder and CEO of Mylife.com is Jeffrey Tinsley. He appears to have made quite a fortune doing this data-broker shit.
--
1: https://securityplanner.consumerreports.org/
My first thought was: "why stick all this info in a readme and not some nice json list I could scrape".
I then thought: "maybe I can just have my AI friend scan the readme and do all the opt-out work for me"
Since it seems very difficult to try to get a leaked identity removed, maybe try to hide a tree in the forest?
> For example, the disaster surrounding London’s new Routemaster city buses disappeared into the depths of the web after Johnson made completely nonsensical statements in the media about building model buses from wine crates. Coverage of these statements triggered a flood of search queries on Google that displaced negative search queries and Google Suggest results related to Boris Johnson.
> Research showed that before the wine crate buses interview, 100% of Google Suggest and search results on page one that were displayed in connection with Boris Johnson had negative connotations. After the interview, it was only 20%.
> Additionally, when news broke that British Government members had flouted Covid guidelines to meet for wine and cheese during a ‘work meeting’, it was seized upon by the British press as “partygate.” Soon after, Johnson was quoted in interview saying, “I don’t work from home. The cheese will distract you.” As a result, negative coverage of the British Government’s party-gate incidents were glossed over by search suggestions and results, and keywords with negative connotations no longer appeared in Google Suggest prompts.
Source: https://blog.searchmetrics.com/us/cheese-wine-and-whistles-m...
But seriously - trading both sides (or, selling protection, as the case may be) is quite a profitable business model.
Deleted Comment
https://www.optery.com/
(I'm just a user, not associated with them.)