I work in population genomics (non-human organisms), and myself participated in an early near-whole genome genotyping study back when microarrays were still the predominant technology (academic NOT commercial).
But for nearly 20 years I've been telling my extended family NOT to participate in any large scale genotyping with 23 and Me or similar commercial companies where they retain rights to your data, anticipating that something like the current scenario would likely play out.
Somehow, 23 and Me genotyping became the "gift du jour" for Xmas some years back -- I never personally understood that or why someone would want to turn over so much data to a commercial entity.
This is not to say that large scale sequence information is not appropriate for *some people*. But if that's something you need, make every effort to make sure you own your own data.
For 90%+ of people, the benefit (or appeal) of seeing an ancestry report is greater than the cost (or risk) of handing over your DNA.
That said, it’s definitely fair to question why more people don’t take their personal privacy seriously. The reality is companies like Google (and 23andme) simply wouldn’t exist if everyone cared as much about privacy as the HN crowd. Google exists because consumers are fine with sharing their data, for better or worse.
It’s not about “the HN crowd”, it’s just that the time has changed so much. Do you remember 2008? Facebook was a swanky way back then to reconnect with your classmates and leave some “Like” things under their wedding photos. Google was seen as a way of organizing the world’s information to make it universally accessible and useful, with their niche ad service being still in limited beta. Twitter was so unknown that it still hasn’t even won a Webby Award.
And 23andMe was already offering a $100 DNA sampling in 2008.
It’s easy to be cynical about this in 2025. Those who didn’t live through the early 2000s, can’t even imagine the amount of optimism surrounding the tech industry at that time. Giving my DNA to a cool new Silicon Valley firm in 2008? Sure, why not, it was like buying a ticket to some utopian future.
> The reality is companies like Google (and 23andme) simply wouldn’t exist if everyone cared as much about privacy as the HN crowd. Google exists because consumers are fine with sharing their data, for better or worse.
This refrain is repeated endlessly but I've never heard a good argument as to why it must be this way and if it was any other way Google simply couldn't exist in any (ideally better) form.
How can someone possibly make a cost/benefit analysis when the future uses of public dna data are so speculative? Criminal in the 70s didn't think leaving their dna around could lead to their arrest 30 years down the line, probably didn't factor in their cost/benefit analysis at all. I guess maybe you could figure there's safety in numbers, if loads of people are in the same boat are you there's a ceiling on your risk (legislation eg). Those of us who grew up in the era of smoking a pack a day don't really feel that way.
But most people don't want Google to not exist. They derive significant value from it - from Google search, from Maps, from Gmail, whatever. I think that the access they have to my data has cost me basically zero, and I've gained a lot.
Had 23andme had access to my DNA, that might be worse in future. Although today there is not immediately a lot of downside, you can certainly imagine futures (maybe slightly dystopian ones) where that turns out to be pretty bad.
I believe it’s more that people don’t see the potential threat and harm into providing sensible data to commercial entities.
People who have been for instance wrongly jailed because Google gave their location history to law enforcement and they happened to be near a crime scene, these people they understand the value of privacy.
Or, at least, the benefits are front-loaded and the costs—if you don’t write them off as theoretical—are future-you’s problem…
Made even more opaque by the way the DNA kit folks gave the impression of a straightforward, first-party transaction: you pay a not-insubstantial sum for us to do this service now, you get your report, done!
The cost is not static over time. As data storage, laws and AI evolve, the cost of having your data stored somewhere will increase significantly. So if you are making a cost evaluation based on the present situation you are incredibly naive.
Because they don’t know why they should take it so seriously. They really just don’t know why it’s bad that data about their DNA might be sold to the highest bidder.
Google is an advertising company. Google exists because businesses advertise and Google became, overnight in geological terms, the sine qua non of advertising.
Consumers aren’t really OK with sharing gobs of private data, but most don’t have a choice, many enjoy the free shit that they get from Google, most don’t notice or realize how much and what kind of data is collected, and none zero zip nada of us can stop Google from doing it.
This is absolutely nothing new in thousands of years. Businesses have sold and hoarded and collected and traded consumer info since time immemorial. Among themselves, with government, with law enforcement, with criminal gangs, who knows. You’re simply deluded if you think any commercial activity is private or confidential for a consumer. Yes even if you pay with $2 from your cleavage.
why more people don’t take their personal privacy seriously.
Probably because this testing has been happening for almost 20 years at this point, and we’re still waiting to hear about someone being harmed. For the most part, the privacy concerns are FUD.
It's SNP genotyping, which realistically other than telling your ancestry and few health conditions, isn't that predictive of most health conditions. Genotyping only captures a small percentage of total genetic information (it's not a full sequence -- still too expensive for what I paid), and thus the data was actually very limited, so the risk was realistically very small.
Privacy is about risk-reward -- rather than applying the preventative principle to everything (which is overly conservative), we make trade offs in life.
> I never personally understood that or why someone would want to turn over so much data to a commercial entity.
I found my half sister and biological father thanks to 23 and Me. Maybe cases like this will help you understand. Some people are willing to "pay" a lot to find out who they are.
Also, their genetic risk scores and population admixtures are really bad. I can't understand why they are so bad given that they hired pretty good researchers and building these is quite simple. Freely available models run circles around anything they report on their site.
It's a bit like uBiome, they have sold a lot of snake oil and harmed the reputation of B2C tests. It's a shame as something like 23andme, plus a bit of epigenetic testing to capture environmental factors, could be a wonderful way to get an overall health snapshot.
Well... My experience (having worked as an SWE) w/ medical technology is that if a company is selling something, they will choose the version of advice or analysis that most aligns with selling something. (I got ordered to adjust scoring thresholds in a statistical grouping to have "nicer" groups, for example.)
If your company does treatment X that competes with treatment Y, they'll look to expenand the edge cases that suggest X over Y as much as possible. If a company wants people to feel like they're getting something out of a genetic profile, they'll report the broadest version of risk, and then slow roll more detailed analysis.
Things like this are why I strongly think certain profit motives and business models should be extremely restricted. Just like private prisons create a profit motive for creating crimes, medical services have a profit motive for spreading inaccurate and twisted medical advice, whether it's things like alternative or new age medicine, treatment modality choices, or DNA information.
In the case of 23andMe users do own their data. And if they download their data and then request data be deleted then they are the sole owner. But if interested in genealogy, kinship, and some of the more actionable SNPs (e.g. those in drug ADME) then the 23andMe interfaces is informative and even useful medically. I have uncovered two medically useful variants. And some fun ones too: the speed with which I metabolize caffeine.
It only took a couple of decades of grinding down the public’s perception of privacy.
2000s — PATRIOT Act (and other heinous domestic surveillance acts with no due process) — “wE aRe pUrSuInG tERrOrIsM”
Then the invention of the portable digital camera and subsequent social media between the mid 2000s and 2010s — “selfies” and other aspects of social media made it so much easier for private and public entities to spy on people
Then the introduction of godawful companies like “23andme”. Fortunately never bit the hook and “FOMO’d” into it but rather kept this data between my doctor and myself (and the genetics testing company). Much more expensive, but at least I am covered by HIPAA.
Then last but not least, the introduction of big data companies and broker companies which build profiles on everyone that uses “free” products such as Google search, Facebook, tik tok, and many others that preceded it.
We can’t even escape ads and profiling when we _pay_ for the fucking thing.
I want to say 9/11 changed the game, but in reality I think the erosion of privacy was happening way before that (ie, to serve advertisers)
I work in data. I knew what was at stake. But for me, I wanted my son to have the ability to trace his paternal lineage, should he ever be curious. His dad isn’t part of our lives and lives somewhere in Europe. My mom died before he was born. I convinced my dad to take the test (actual quote: “Obama’s going to put me on a list”), and I took the test too — so that my son could someday deduce his paternal side. I think it’s Polish, German, and Danish, but I’m not entirely sure. I didn’t have him take the test, just wanted to leave him the option.
You'll get it when your insurance company bought your profile and automatically added a ton of pre existing conditions to the list of things they won't cover for you. Or when the government decides to start rounding people up based on ancestry or health conditions.
It'll be way too late by then, but at least you'll get it.
If a company offered to pay you $119 for sending them sample cells from your body so that they can sequence your DNA and do whatever they want with it. Would you take up on the offer? I would not.
"We have identified that you are at an increased risk of cancer. To ensure we give you the best care your insurance premium has now gone up 20x, you are welcome."
The problem, not stated, is that a bankruptcy can wipe out the obligations of a company to its customers. This includes privacy obligations.[1] Especially if the assets are sold to a company outside California or outside the US.
Yes.
We need obligations to be able to follow personal data, by analogy with real estate (if you agree an obligation with your neighbour, for example access rights, it can be effected in such a way as to be binding against future owners. Otherwise you could get stuck without access each time they sell up. This is often set up at the point when the land is subdivided)
The fact that 23andme is at risk as a going concern tells you what you need to know about the potential of monetizing large amounts of generic data. It turns out you can’t get much value from it. If you could, they would have.
And no I don’t think all of that DNA data would be valuable to the likes of a large health insurer like Humana or Aetna either.
The medical records you are imagining an insurer can link to genetic data are worth even less than these DNA sequences turned out to be worth.
Sincerely,
A former health economist who has worked both with tens of millions of inpatient discharge records, and (separately) a detailed survey which is complemented by genetic data.
Candidly, given existing law in the US, the highest use an insurer could make of the data is to opt families into specialized preventative care using the DNA profiles in the database. They might make pretty decent profits taking that angle, and possibly generate significant goodwill.
How would that make them money? Every dollar saved in preventative care is $0.15 less profit, because insurers have a fixed profit margin as a percent of total care provided, due to the ACA's 85/15 rule .
The only reason to to do it would be to compete with a peer insurance company that is already doing it, resulting in less profit for both parties. The optimal strategy from the insurance profit perspective is to ban any DNA based cost saving measures for all insurance companies.
(Slightly longer answer: I don’t have the funds to match what someone is likely to pay for this data, but if I bought it and gave it to you for free, and also gave you all the inpatient hospital discharge abstracts in the US in a matchable form, plus whatever health data you want, plus family relationships, plus a budget for 100 PhDs, product managers, and marketing people for 5 years you couldn’t turn it into a viable product. (Indeed that is literally what 23andme tried to do for years!))
I have long suspected that the sequencing data isn't valuable except to law enforcement.
If it were as easy to link sequencing to diseases, we would have seen a rapid advances in our ability to address those diseases. The genetic data alone isn't enough of a predictor.
Whenever I start feeling smug about how cagey I've been about data brokers in the past, I remind myself that enough of my relatives have handed over their DNA to operations like 23andMe so as to render my efforts futile.
The administration could decide to detain, deport, or kill everyone who has certain traits - say, Jewish, or Arab, or Mexican, or maybe just has undesirable traits. The db of millions of users makes this very easy.
The US admin is already at the stage of mass deportations. Detention camps (beyond those we already have at the border) are probably not far behind.
Most people here seem concerned about insurance companies misusing personal data or a full-on totalitarian government takeover. However, my concern is about becoming susceptible to manipulation and coercion. A significant aspect the last election was the use of "Super PACs" like Elon's which targeted individuals on social media to influence their decision.
I think this trend will continue, not just in politics but across all sectors. The internet you experience will be tailored to your personality completely, but it will also be shaped to steer you in directions decided by who pay the most. The more data they collect about you, the more effective this manipulation will be.
This doesn't even account for the risks posed by malicious actors who might target you using this information.
The practice of how this does damage isn't clear to me. But I'm going to test this in the very skin-in-the-game sense. My genome (sequenced by Nebula Genomics) is available to anyone who would like it. I have raw FASTQ files which you will have to pay a nominal fee to access.
Once upon a time, a friend and I decided we should launch a site where people can submit their genomes and health information so that broad population scale studies can be done. I did submit my stuff to All Of Us and so on, but I think the fact that you need to be special-cased to access the data is probably a loss.
So I think it's time to revisit this whole thing. Perhaps I should make VCFs available instead. They're much smaller and may be more accessible for people. In any case, if you want my FASTQs, just email me.
(I had this done when I was launching Google Cloud Genomics so I had some data that I could work with without any restrictions. Illumina's genetic counselors told me "you have no genetic risk factors that we can detect" which is more or less what I expected (not that I don't have any- just that Illumina's genetic counselors weren't very good).
FASTQs are much larger (being raw reads) so I'll leave them available via personal contact but this is a good place to host the VCFs. I'll answer the questions etc. as time goes by. Quite a few screenings have revealed a GJB2 variant in my genome, but I don't know if the Nebula sequencing was good enough to detect.
A government could decide they don't like a particular phenotype and decide to visit people based on a database. Something similar happened with the harmless "what's your religion" question on census forms in the late 1930's early 1940's.
The public already has enough information to substantially harm large groups if they want. A simple example being property ownership databases, which are often publicly available on the internet, can be referenced against culturally-suggestive first and last names to find the domestic whereabouts of large numbers of pick-your-group.
That's just today. We might live to see targeted diseases.
My fear, in the current era, is to be included in countless virtual 'police lineups'. The higher the availability of my DNA, the higher the chance of a false positive affecting me.
No singular person, it's more the value of having a large database. You visit a coffee shop, a stalker collects your dna from a fingerprint and uses the a leaked or sold database from 23andme to tie it to your identity or home address, etc.
Interestingly this also works if a direct relative has used it as well.
I'm interested in sequencing my genome (I don't consider this data private - really any determined entity can collect it with just a bit of effort). How was your experience with Nebula Genomics?
If you would do it today, would your recommend them or somebody else?
Insurance company sees you have a marker for some chronic illness or cancer or whatever and suddenly you can't get life insurance anywhere or have a massive premium. They could even deduce this if only your parents' DNA is available.
Current statute in the US only restricts using this data for health insurance as far as I know; and even if it's straight illegal, the playbook now is just break the rule of law and do whatever you want. I admire your altruism, but our society will not reward you for it.
Sure you can delete your data, but guess what, they'll retain it anyways under "regulatory obligations". I've gone back and forth with their privacy team and this is the last response:
"This is a follow-up from the 23andMe Team. To clarify, we and our laboratory vendors are bound by various legal and regulatory obligations that may necessitate retention of certain information. We want to assure you that our data retention program adheres to applicable legal requirements which can vary depending on what country or state a customer lives in, the state a contracted laboratory is located in, and any applicable federal or state licensing obligations related to the ancestry and health products we sell. We can confirm that samples and genetic testing results are deleted in accordance with applicable law and any legal retention obligation serves as a proper exception related to a data deletion request under data privacy laws."
What did you ask them to get this response? E.g. did you request to delete your data, then followed up over email to confirm it was deleted? Also, are you based in California?
Yes California. I've been asking what data is being retained per their privacy policy and here is the much longer response:
"Your Genetic Information, date of birth, and sex will be retained by 23andMe and our third party genotyping laboratory as required for compliance with applicable legal obligations, including the U.S. Federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professional Code Section 1265, and College of American Pathologists accreditation requirements.
It is important to understand that the information stored is distinct from the raw genotype data available within your account. The raw data we receive from the lab has not been processed by our interpretation software to produce your individual-level genotype data (in your account).
You can read more about our retention requirements in the retention of personal information section of our Privacy Statement."
> The California-based company has publicly reported that it is in financial distress and stated in securities filings that there is substantial doubt about its ability to continue as a going concern
This is one reason I use signal over other texting apps -- I don't want my private messages sitting in a database waiting to be sold during a fire sale when the company goes under. Also why I try to locally host my apps such as security cameras, password manager, home automation, storage, wiki, among others
I use Home Assistant and Frigate for security cams. I have a rack mount server with Ubuntu that acts as a NAS with NFS for ipcam video and SFTP for SwiftBackup from my phone.
I don't host my own password manager but iirc you can self host Bitwarden (I use the hosted version). You can also setup Resilio or Syncthing to sync files from your phone like photos.
WireGuard with a domain that only has private ip addresses. Caddy to handle domain certs. I use a split tunnel so my phone is always connected to my local network at home. Everything is http even with private ip addresses
I use frigate and home assistant. I have unraid for storage. I use a small x86 box with openwrt for my router.
I use vault warden (open source version of Bitwarden) for passwords. It’s amazing. And you can use the native Bitwarden client
If 23andme has an agreement with its consumers on how it will handle the data it should not matter whether they are bought that agreement should be maintained in perpetuity unless those consumers actively choose to change their agreement.
After all we wouldn't talk about Dropbox being sold resulting in ransacking of your personal data why is that in the conversation with 23andme?
(I am not being critical of the AG here but instead pointing out how lax consumer protections have gotten that we even need to have this be a talking point)
You're right that it should not matter. That would be a great world to live in! It's not this one, though. Companies ignore these agreements all the time. Sometimes they're even caught and their wrists get slapped.
More often (I believe) we just never learn the agreements have been broken in the first place.
But it is a rule—almost approaching a law of nature—that companies facing financial distress will begin putting a price tag on private data they've promised never to sell. It's like the cartoon with the starving people in the life raft: they look at your data, and suddenly they don't see a legal agreement to protect it, they see a juicy drumstick.
> After all we wouldn't talk about Dropbox being sold resulting in ransacking of your personal data why is that in the conversation with 23andme?
> After all we wouldn't talk about Dropbox being sold resulting in ransacking of your personal data why is that in the conversation with 23andme?
Both 23andme and Dropbox's privacy policies only require them to notify users if the privacy policy changes (no restriction on scope of those changes), so maybe we should (if Dropbox were to be sold)?
Readit News
But for nearly 20 years I've been telling my extended family NOT to participate in any large scale genotyping with 23 and Me or similar commercial companies where they retain rights to your data, anticipating that something like the current scenario would likely play out.
Somehow, 23 and Me genotyping became the "gift du jour" for Xmas some years back -- I never personally understood that or why someone would want to turn over so much data to a commercial entity.
This is not to say that large scale sequence information is not appropriate for *some people*. But if that's something you need, make every effort to make sure you own your own data.
It’s a pretty simple cost/benefit equation.
For 90%+ of people, the benefit (or appeal) of seeing an ancestry report is greater than the cost (or risk) of handing over your DNA.
That said, it’s definitely fair to question why more people don’t take their personal privacy seriously. The reality is companies like Google (and 23andme) simply wouldn’t exist if everyone cared as much about privacy as the HN crowd. Google exists because consumers are fine with sharing their data, for better or worse.
It’s the same as infosec in general. Most people don’t know about the risks, and anyway are bad at quantifying tail risk.
And 23andMe was already offering a $100 DNA sampling in 2008.
It’s easy to be cynical about this in 2025. Those who didn’t live through the early 2000s, can’t even imagine the amount of optimism surrounding the tech industry at that time. Giving my DNA to a cool new Silicon Valley firm in 2008? Sure, why not, it was like buying a ticket to some utopian future.
This refrain is repeated endlessly but I've never heard a good argument as to why it must be this way and if it was any other way Google simply couldn't exist in any (ideally better) form.
Had 23andme had access to my DNA, that might be worse in future. Although today there is not immediately a lot of downside, you can certainly imagine futures (maybe slightly dystopian ones) where that turns out to be pretty bad.
People who have been for instance wrongly jailed because Google gave their location history to law enforcement and they happened to be near a crime scene, these people they understand the value of privacy.
23andme started out as a democratized sequencing company
google started out as a search company. It became an identification and dossier-building company later.
or maybe I'm naive and they were data-grabs from the start.
Made even more opaque by the way the DNA kit folks gave the impression of a straightforward, first-party transaction: you pay a not-insubstantial sum for us to do this service now, you get your report, done!
Google is an advertising company. Google exists because businesses advertise and Google became, overnight in geological terms, the sine qua non of advertising.
Consumers aren’t really OK with sharing gobs of private data, but most don’t have a choice, many enjoy the free shit that they get from Google, most don’t notice or realize how much and what kind of data is collected, and none zero zip nada of us can stop Google from doing it.
This is absolutely nothing new in thousands of years. Businesses have sold and hoarded and collected and traded consumer info since time immemorial. Among themselves, with government, with law enforcement, with criminal gangs, who knows. You’re simply deluded if you think any commercial activity is private or confidential for a consumer. Yes even if you pay with $2 from your cleavage.
why more people don’t take their personal privacy seriously.
Probably because this testing has been happening for almost 20 years at this point, and we’re still waiting to hear about someone being harmed. For the most part, the privacy concerns are FUD.
It's SNP genotyping, which realistically other than telling your ancestry and few health conditions, isn't that predictive of most health conditions. Genotyping only captures a small percentage of total genetic information (it's not a full sequence -- still too expensive for what I paid), and thus the data was actually very limited, so the risk was realistically very small.
Privacy is about risk-reward -- rather than applying the preventative principle to everything (which is overly conservative), we make trade offs in life.
I found my half sister and biological father thanks to 23 and Me. Maybe cases like this will help you understand. Some people are willing to "pay" a lot to find out who they are.
Deleted Comment
It's a bit like uBiome, they have sold a lot of snake oil and harmed the reputation of B2C tests. It's a shame as something like 23andme, plus a bit of epigenetic testing to capture environmental factors, could be a wonderful way to get an overall health snapshot.
If your company does treatment X that competes with treatment Y, they'll look to expenand the edge cases that suggest X over Y as much as possible. If a company wants people to feel like they're getting something out of a genetic profile, they'll report the broadest version of risk, and then slow roll more detailed analysis.
Things like this are why I strongly think certain profit motives and business models should be extremely restricted. Just like private prisons create a profit motive for creating crimes, medical services have a profit motive for spreading inaccurate and twisted medical advice, whether it's things like alternative or new age medicine, treatment modality choices, or DNA information.
Their interface is also better than AllofUs.
2000s — PATRIOT Act (and other heinous domestic surveillance acts with no due process) — “wE aRe pUrSuInG tERrOrIsM”
Then the invention of the portable digital camera and subsequent social media between the mid 2000s and 2010s — “selfies” and other aspects of social media made it so much easier for private and public entities to spy on people
Then the introduction of godawful companies like “23andme”. Fortunately never bit the hook and “FOMO’d” into it but rather kept this data between my doctor and myself (and the genetics testing company). Much more expensive, but at least I am covered by HIPAA.
Then last but not least, the introduction of big data companies and broker companies which build profiles on everyone that uses “free” products such as Google search, Facebook, tik tok, and many others that preceded it.
We can’t even escape ads and profiling when we _pay_ for the fucking thing.
I want to say 9/11 changed the game, but in reality I think the erosion of privacy was happening way before that (ie, to serve advertisers)
"As an added security measure, we’re requiring that all customers choose a new password unique to 23andMe. To proceed, please reset your password."
I did my test over 10 years ago and lost access to that email.
NICE.
It'll be way too late by then, but at least you'll get it.
Dead Comment
Dead Comment
[1] https://harvardlawreview.org/print/vol-138/data-privacy-in-b...
That's the only thing I can come up with to stop this and maybe have a side benefit of killing credit companies at 7am before I've had my cup of Joe.
And no I don’t think all of that DNA data would be valuable to the likes of a large health insurer like Humana or Aetna either.
The medical records you are imagining an insurer can link to genetic data are worth even less than these DNA sequences turned out to be worth.
Sincerely,
A former health economist who has worked both with tens of millions of inpatient discharge records, and (separately) a detailed survey which is complemented by genetic data.
The only reason to to do it would be to compete with a peer insurance company that is already doing it, resulting in less profit for both parties. The optimal strategy from the insurance profit perspective is to ban any DNA based cost saving measures for all insurance companies.
(Slightly longer answer: I don’t have the funds to match what someone is likely to pay for this data, but if I bought it and gave it to you for free, and also gave you all the inpatient hospital discharge abstracts in the US in a matchable form, plus whatever health data you want, plus family relationships, plus a budget for 100 PhDs, product managers, and marketing people for 5 years you couldn’t turn it into a viable product. (Indeed that is literally what 23andme tried to do for years!))
I have long suspected that the sequencing data isn't valuable except to law enforcement.
If it were as easy to link sequencing to diseases, we would have seen a rapid advances in our ability to address those diseases. The genetic data alone isn't enough of a predictor.
The US admin is already at the stage of mass deportations. Detention camps (beyond those we already have at the border) are probably not far behind.
One drop rule. https://en.m.wikipedia.org/wiki/One-drop_rule
IBM and the Holocaust, Japanese Internment, Stasi. Sibling mentions a worrying current development.
I think this trend will continue, not just in politics but across all sectors. The internet you experience will be tailored to your personality completely, but it will also be shaped to steer you in directions decided by who pay the most. The more data they collect about you, the more effective this manipulation will be.
This doesn't even account for the risks posed by malicious actors who might target you using this information.
I have a suspicion it will entail making an account.
Once upon a time, a friend and I decided we should launch a site where people can submit their genomes and health information so that broad population scale studies can be done. I did submit my stuff to All Of Us and so on, but I think the fact that you need to be special-cased to access the data is probably a loss.
So I think it's time to revisit this whole thing. Perhaps I should make VCFs available instead. They're much smaller and may be more accessible for people. In any case, if you want my FASTQs, just email me.
(I had this done when I was launching Google Cloud Genomics so I had some data that I could work with without any restrictions. Illumina's genetic counselors told me "you have no genetic risk factors that we can detect" which is more or less what I expected (not that I don't have any- just that Illumina's genetic counselors weren't very good).
FASTQs are much larger (being raw reads) so I'll leave them available via personal contact but this is a good place to host the VCFs. I'll answer the questions etc. as time goes by. Quite a few screenings have revealed a GJB2 variant in my genome, but I don't know if the Nebula sequencing was good enough to detect.
Also TIL about Google Cloud's stuff for this. Seems like it's been subsumed into a more general SKU for now https://cloud.google.com/life-sciences/docs/process-genomic-...
My fear, in the current era, is to be included in countless virtual 'police lineups'. The higher the availability of my DNA, the higher the chance of a false positive affecting me.
Interestingly this also works if a direct relative has used it as well.
If you would do it today, would your recommend them or somebody else?
A high resolution image of a face contains as much or more functionally useful personal data than a vcf.
Hard to be optimistic about US trend lines now but I trust GINA to stay the law if the land.
https://en.wikipedia.org/wiki/Genetic_Information_Nondiscrim...
And if I am wrong then my DNA security is about the least of my/our problems.
Current statute in the US only restricts using this data for health insurance as far as I know; and even if it's straight illegal, the playbook now is just break the rule of law and do whatever you want. I admire your altruism, but our society will not reward you for it.
https://en.wikipedia.org/wiki/Genetic_Information_Nondiscrim...
"Your Genetic Information, date of birth, and sex will be retained by 23andMe and our third party genotyping laboratory as required for compliance with applicable legal obligations, including the U.S. Federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professional Code Section 1265, and College of American Pathologists accreditation requirements.
It is important to understand that the information stored is distinct from the raw genotype data available within your account. The raw data we receive from the lab has not been processed by our interpretation software to produce your individual-level genotype data (in your account).
You can read more about our retention requirements in the retention of personal information section of our Privacy Statement."
This is one reason I use signal over other texting apps -- I don't want my private messages sitting in a database waiting to be sold during a fire sale when the company goes under. Also why I try to locally host my apps such as security cameras, password manager, home automation, storage, wiki, among others
I don't host my own password manager but iirc you can self host Bitwarden (I use the hosted version). You can also setup Resilio or Syncthing to sync files from your phone like photos.
I use frigate and home assistant. I have unraid for storage. I use a small x86 box with openwrt for my router.
I use vault warden (open source version of Bitwarden) for passwords. It’s amazing. And you can use the native Bitwarden client
After all we wouldn't talk about Dropbox being sold resulting in ransacking of your personal data why is that in the conversation with 23andme?
(I am not being critical of the AG here but instead pointing out how lax consumer protections have gotten that we even need to have this be a talking point)
More often (I believe) we just never learn the agreements have been broken in the first place.
But it is a rule—almost approaching a law of nature—that companies facing financial distress will begin putting a price tag on private data they've promised never to sell. It's like the cartoon with the starving people in the life raft: they look at your data, and suddenly they don't see a legal agreement to protect it, they see a juicy drumstick.
> After all we wouldn't talk about Dropbox being sold resulting in ransacking of your personal data why is that in the conversation with 23andme?
Well, opinions differ on that one too!
Both 23andme and Dropbox's privacy policies only require them to notify users if the privacy policy changes (no restriction on scope of those changes), so maybe we should (if Dropbox were to be sold)?
If you don't interact in a meaningful way you cannot change a contract from one side you need a new agreement.
Now whether this is enforced is a different manner.