So, this is probably naive of me, but so far I haven’t really been able to find the answer on the web.

Recently I subscribed to a personal info removal company called Incogni, only to find out that they sent a staggering 123 removal requests on my behalf. I never imagined there were that many companies in that business. So far in 20 days, 70 requests have been fulfilled, but 53 are still pending.

Which made me wonder… given my personal data seems to be sold, re-sold and re-re-sold without my express consent, or ability to opt out… if I knew I’ve informed my legit service providers, plus those I have legit obligations to (employer, state, etc.)… how easy would it be to obfuscate it on a regular basis, by simply providing a new, creative address, to entities I don’t get mail communication, or deliveries, from?

So, has anyone tried to trace the map by which a new address, cell phone number, etc. makes its way through the 123 or so data brokers? What are the ‘input nodes’ to that graph?

    • /home/pineapplelover
      link
      fedilink
      4
      edit-2
      8 months ago

      Yeah, I have considered doing this and I just don’t have the time and patience for it. I currently pay $20/year for easyoptouts and it’s been one of the best decisions I’ve ever made. I believe they check back and scrape periodically throughout the year and it’s very effective.

      https://easyoptouts.com/

      • @[email protected]
        link
        fedilink
        English
        58 months ago

        The only concern with easyoptouts is they will send requests to brokers they are not sure of, which can lead to data brokers who had no data on you now being sent it. This is not a specific problem for them, as other services do this as well.

        • /home/pineapplelover
          link
          fedilink
          08 months ago

          I’ve searched the web for my name, home, and phone number. Haven’t found anything on myself yet.

          Your information is already out there, they could’ve easily have found the information by indexing the other sites as well, they didn’t have to wait for you to submit a request with info they could’ve found online.

          Same thing with Easyoptouts, these guys don’t ask for anything other than the information you want removed already public online, they don’t ask for ssn or any other private info.

          • @[email protected]
            link
            fedilink
            English
            2
            edit-2
            8 months ago

            “I’ve searched the web for my name, home, and phone number. Haven’t found anything on myself yet.”

            All this means is your not very good at finding that info. You even stated there are 53 pending brokers, meaning that info is available online.

            “Your information is already out there”

            This is kind of an odd line of reasoning to hide behind. One one hand you are willing to pay to have your data removed, on the other hand you don’t mind a service actively handing over data because its “already out there”

            Again this isnt specific to easyoptouts. Other data removal services do this as well. It would be less of an issue if once your data is removed its permanent but there is nothing stopping brokers from re-adding you, and now your on the radar of new brokers.

            • /home/pineapplelover
              link
              fedilink
              1
              edit-2
              8 months ago

              They checked over 160 brokers and my info was only on 71 of them, which they opted out of. There are probably more data broker sites who use the data on one of these so the rest of my info got scrubbed that way.

              You said I’m not good with searching myself, how do you suggest I look for myself then?

              This is kind of an odd line of reasoning to hide behind. One one hand you are willing to pay to have your data removed, on the other hand you don’t mind a service actively handing over data because its “already out there”

              I’m just saying that worst case scenario, I will repeat to them information they could’ve easily found online already, so there’s not much damage they can do that hasn’t already been done.

              It would be less of an issue if once your data is removed its permanent but there is nothing stopping brokers from re-adding you, and now your on the radar of new brokers.

              Yes, some of these brokers might re-add, this is why I pay for the service, it will check again throughout the year, every 4 months iirc. If you were to do this manually, I don’t think you would have the time or patience to opt out of over 160 sites every 4 months.

    • @Gallus2023OP
      link
      08 months ago

      I’d like to reverse engineer, where they get the data from, in the first place. But thanks for the great resource!!

  • @LordCrom
    link
    6
    edit-2
    8 months ago

    I used to work for a data broker. The main problem here is that profiles are created and compiled from public data. There aren’t any P.I.s at work here… Just massive amounts of data dumps that anyone could access. If you include PII data like socials, then there are limitations on who can view it… But not really that hard to circumvent. A human could not possibly compile profiles from terrabytes of public data, but our programmers could… And this is the real problem. much of this data was public before current computer logic existed and no one foresaw the huge privacy implications.

    For my company, only requests that come from persons living in California were honored…and only the person could request removal, not a 3rd party on behalf of the person. Sux.

    And FYI, any searches for certain people would be reported to the authorities… Like if you searched Donald Trump with SSN Inclusion, we had to report it to secret service.

    • @Gallus2023OP
      link
      18 months ago

      100% agree when you say “there aren’t any PIs at work here”, since we’re talking about data aggregation from multiple sources. My thought is: given data aggregation of PII is largely legal, then equally, publishing of creative PII is also legal.

      So, regularly feeding creative PII for obfuscation, for protection from unknown 3rd-parties, requires knowing the sources communicating your data. At least, the main sources.

  • @JoeKrogan
    link
    5
    edit-2
    8 months ago

    I’m not sure but it is a good question and a good project if none already exists.

    Looking at work history from employees of these companies on linkedin we might discover more.

  • Wilmo Bones
    link
    Akan
    3
    edit-2
    8 months ago

    What makes you think your data has even been sold at all? Most likely a majority of those companies are just resellers of TransUnion, Equifax, or Experian. The 3 big credit bureaus. So while incogni sent then requests the smaller companies may host no data of yours, just the other 3.

  • @Gallus2023OP
    link
    28 months ago

    Let me take a real life example here. Let’s say I’m worried about SIM-swapping schemes, and I go and get a phone number for my banking, and my banking only. If THAT number suddenly shows up in the midst of the 123+ so data brokers, then clearly, me getting a phone number dedicated to avoiding SIM-swapping, is useless. That’s one of the use cases. Makes sense?