This disaster is the perfect counter-argument to those always saying "why do you care so much about privacy. It doesn't affect you when I share things. You can just choose not to do it", except no, I can't choose when we're relatives and you chose to share our genome.
It is so obvious that your relatives sharing their genomic data with 23andMe reveals a lot of information about you. We can only hope people will realize that this also holds true for collecting behavioural data on other people sharing the same background as you.
> This disaster is the perfect counter-argument to those always saying "why do you care so much about privacy. It doesn't affect you when I share things. You can just choose not to do it"
While I agree it's a perfect counter-argument to that, is that what people always say? I'm not sure I've heard that argument as much as "why do you care so much about privacy?" full stop. As in, they don't really understand why anyone should care about privacy. And this isn't really a counter argument to that, any more than any other breach. And to be fair it's not really even a counter argument to that until you show the harm that came from it. What do you think will happen to people who had their ancestry data stolen here?
I think the more common one I've heard is "Why do you care about privacy if you have nothing to hide?"
In the case of 23andme, it's a perfect answer: We don't know what's hiding in our DNA and I don't know how people will use that against me in the future.
Imagine a correlation study between genes and worker productivity, it'd be an interesting study if done correctly, but it might not be done correctly (and to be clear, I don't think it should be done at all). Now imagine you have genes that have a negative correlation with productivity which makes it hard for you to find work.
It's illegal now, but maybe not forever. Plus, illegal things still happen.
Or, maybe more likely than discriminating based on demography, what if certain "Obamacare" provisions are repealed and insurance companies are allowed to adjust prices based on genes, including the genes of relatives.
It's all a little far fetch, but only a little. My point is privacy is important and even those "with nothing to hide" might second guess their view when they imagine being discriminated against because of their genes. I think we probably agree on this point but got caught up in the details of a hypothetical.
They can already do that without dna though. They can just deny coverage on preexising conditions. This is what I am getting at. All the harms people cite with dna data are usually predicated on some dystopian government emerging, but also you can perform those same exact harms if you wanted without the dna data. In essense the dna data is not enabling anything not already possible for bad actors.
So, the reason for privacy is because the profit motive of capitalism is not sufficiently restrained as to protect citizens from being abused by corporations?
Be careful you don't break something with those gymnastics.
The immediate concern I had with this story is nefarious groups or individuals purchasing this data to target people with violence based on their ethnicities. Imagine if the genome of millions of Europeans was available on the black market in 1930s Europe.
It’s similar to the Office of Personnel Management data breach when every Federal
Employee was just 0wn3d. It included 21.5 million background investigations into people and the personnel files of every federal employee and most contractors.
Just slightly sensitive stuff. Nobody knows how many people died as a result of the hack, but I’m sure it was non-trivial because a LOT of people got surprised doxed.
This information is still rattling around out there and will have implications for generations.
Imagine if the same could be done for demographics based on genetics — the risk factors for medical conditions, the ethnic ties you’re talking about, etc.
Considering one of the hacker's first actions was to offer for sale data identifying people of Jewish or Chinese descent I think that's a very valid concern.
Did anybody actually buy it though? This could be misdirection, or just misguided marketing based on historical instances of abuse. China isn't known for trying to repatriate descendants, and it's not exactly difficult to find Jews.
Ancestry data would certainly be of interest to a particular demographic known to discriminate by caste. There's no escaping your low-class heritage when anyone can look up your stolen DNA profile on the black market.
Really? As a 25% jew whos genetic data was probably just stolen, I'd like to disagree with that statement. I don't harbour any stereotypical jewish phenotypes, and don't self-identify as a jew, but who knows if someone else decides to do that for me.
It doesn’t matter if it got bought because it’s indelibly available forever now. It’s now available to someone who shouldn’t have it whenever they come around with the intent to misuse it.
And the choice to share or protect this information just got taken away from every one of their customers forever.
I have no idea what "it's not exactly difficult to find Jews" means. It struck me as kind of an icky thing to say, so you might want to clarify the benign intent you had for saying it.
What if you're able to pinpoint unique loci for an individual or group which can serve as a target of a highly specific bio-weapon? Do you think genomic bio-weapons aren't being explored as future weapons?
If a group wanted to do that why bother with the dna data? Easier to just perform the violence. Even in 1930s europe I’d bet the SS would not really be concerned with whatever your dna data said if they really wanted you or your people gone, you’d just be labeled an enemy and sent off same as a jew or a gypsy or a communist.
How do you make the leap to it being an issue of capitalism? There are plenty of bad actors who could use this information (or other hacked info) who are not a corporation seeking profit.
Yeah, I didn't mean 'a philosophical ideal of Capitalism'. Apologies for my imprecise question. I meant Western Capitalism which of course is a form of corporatism.
Governements abuse people more than an economic system ever has. A corporation has never marched people to camps, nor have corporations ever imprisoned anyone for their politics. If I don’t want to deal with a corporation, I have the right not to — unless government forces me to.
> Governements abuse people more than an economic system ever has
This is true on one level, as economic systems are not actors, but abstractions for aggregates of actions; its false on a more concrete level because governments are also not real concrete actors but abstractions for aggregates of real actors.
Both governments and economic systems (and corporations, which you seem to drop in as ig they were the same as economic systems) are abstractions through which real actors act, including to oppress, and very often actions by thr same actors involves all thrre abstractions (even a single action might). Corporations, after all. are themselves creatures of gogernment through law, and economic systems exist only as ideals without being made manifest through legal systems.
> A corporation has never marched people to camps,
You probably don't want to think about most of the best known early joint-stock conpanies (any of the variously East India companies, but especially the British, the Royal African Company, etc.)
> If I don’t want to deal with a corporation, I have the right not to — unless government forces me to.
Corporations—like any individuals—can and do apply coercive force on their own with only after-the-fact review by governments (and, in many cases historically, with obvjecting governments having limited power to apply sanctions), so, no, this isn't correct.
My go-to is "what if literal nazis come to power and use this information to kick-start their eugenics program", but I guess rampant capitalism is also on the threat list.
In Japan there are maps of old caste demographics that are used to exclude categories of people based on where they’re from or their families are from from working - companies have been caught using versions of these maps that are illegal for businesses to use in hiring. They are legal to print or exist without being in use by business.
Yes, but one would hope that if an insurance company was caught using stolen data to calculate the premiums, that would be the end of that company and jail time for management (like the leaders of VW responsible of the emissions testing cheating).
That assumes they do so in a really stupid and straightforward way. LLMs already exist to "AI-wash" copyrighted material in ways that technically don't violate copyright. I'm pretty sure someone will find a way to create a dodgy shell company around a foreign B2B service that reycles this data for them in a way that is technically legal to use.
"Feed personal data into this service and it'll spit out a risk assessment based on a model built on 6.9M historical health data sets."
> I'm not sure I've heard that argument as much as "why do you care so much about privacy?" full stop.
I'm not sure I've ever heard anyone I know mention privacy at all, as if they're totally ignorant to it. In reality, the majority of people will just let Google or Microsoft do whatever with their personal information as long as the product or service is slightly more convenient than the last one.
You are not likely to see the statement you are discussing unless you firstly somewhat frequently get into a situation where someone says something like "why do you care so much about privacy?" and then attempt to debate the issue.
It is not necessary to show actual harm from this breach for it to defeat the tacit premise behind the statement you are discussing, which is that their profligacy with their personal data cannot, by itself, reveal any of your personal data.
I wonder if that could be used as a list of possible organ donors. I don't know what else (data) is stored there tbh but if it helps narrow down to find a kidney or heart for someone rich...
"People always saying" means two different things to you and the parent commenter. Some people do always (or generally) say that. Other people do not always say it.
> This disaster is the perfect counter-argument to those always saying
Personally speaking, I think Equihax was the better counter-argument; at least with 23andme YOU as a customer had to DECIDE to use their services and weigh the pros-cons of doing so, with Equihax I was forced into a rating system to determine my eligibility in a system that hoovers up any and all data sold to them by 3rd parties and holds all my personal information in order to complete anything from a loan application to a job application.
And when found to have been breached no effective recourse was made, and instead of admitting fault to a very high probability of Identity theft being the end result a token 'credit system monitoring' service was offered, which once again relies on these credit agencies who share/distribute this information without my consent and created the problem are let off scot-free and never suffer any consequences.
In short, it's a naive argument made from often ignorant and self-defeating practices that make others worse off because of their complacency and refusal to take privacy serious.
Completely true. However, Equifax was probably hard to wrap your head around. Whereas 23andme might seem a lot more personal and private to the average person. Of course, nothing is likely to come of this regardless.
Not identity theft. Libel. There's a high probability a bank will libel people whose info Equifax leaked. They'll do that because they depend solely on the same (largely public) data compaies like Equifax collect to identify loan applicants.
Sure the customers decided, but what about their relatives? If any of my relatives uploaded their genetic info to this, it by extension has a huge part of my genetic info too, and my consent was decided without my knowlegde...
What I'm trying to say is: I don't think comparing it to equifax is reasonable in that regard.
I'm in favor of privacy, and I'm willing to go more out of my way to not share than the vast majority of people, but I'm also in favor of individual choice, and I can't think of a privacy model that would disallow other people from sharing their information just because you have some matching information.
I can think of an easy model. Disallow collection of personal information. Pull the rug out from under "services" which are really just data collection fronts turning a profit from selling your data instead of the primary service/good for money transaction.
23andMe could still have operated legally under this scheme. They could have done the analysis and sent you a printed sheet. But no, they had to store everything to be able to double dip by selling the data to pharma companies and whoever else would pay for it.
If you can't turn a profit without underhandedly selling your users' data. You deserve to fail.
They are frank about also selling the data for research, it is not underhanded. It's even opt in...
For example, they talk about it on this page, which is linked from the about menu (so available with pretty small effort): https://www.23andme.com/research/
I expect lots of people also like that they get updates when information about new markers becomes available.
I trust them to opt me out, not at all. It's safer to just assume your data is being used, regardless, because it's free money to them. If/when they get caught selling data marked as Opted Out, they'll get a pittance fine, paid with other people's money and bonuses for making numbers that quarter.
FYI, the police is able to find criminals now by finding DNA sequences similarities with your relatives. Not saying this is good or bad, I am just saying you don't know the extent of the impact to your personal freedom when your relative's DNA is shared.
Well they can narrow it down to the family, unless it was the very DNA giver that left that DNA sample on the scene of the crime.
And since 23andme (as I assume others) don't do these anonymously, there is no hope. Unless people use someone as a proxy (i.e. I-1 give my sample to a male colleague to send it as his-2, he-2 gives his sample to someone else to send it as his-3, and so on..). Police would eventually find the guilty in case of a crime, but the 23andme's of this world will be selling confusing (wrong) data.
There are plenty of cases where DNA is found at the crime scene, run through a database, match is found with a relative. Then the cops start looking at the family and boom there's your shady uncle with priors they got their guy.
If this was someone trying to fly under the radar by using this scheme to buy burner phones or some such, sure. But this is literal DNA, so even in your attempts to obfuscate, they’d know the name and the sample do not line up, but then be able to link the sample to a family and then figure out who you really are
I can help track down distant family members who have committed crimes? Sounds like a plus.
I think the angst about this comes from men who don't want their status as fathers of illegitimate children (or, rapists when they were younger) unmasked.
> I can help track down distant family members who have committed crimes? Sounds like a plus.
It's no longer so easy when the definition of "crime" gets expanded. Let's take this scenario:
- you're a first generation Chinese immigrant in the US
- a nephew of yours is in China and critical of the CCP
- you decide to have your genome scanned into 23andme or whatever to determine if you are at risk of genetic illness
- your nephew sprays an anti-CCP tag on a wall somewhere
- the Chinese police gathers DNA evidence from a laxly discarded spray can, but doesn't have fingerprints so they can't immediately link the can to your nephew
- the Chinese government, either via a legal subpoena or via espionage, gets its hands on your genetic profile from the genetic analytics company
- the Chinese government finds your data, now knows that the sprayer must be related to you in some way, and forces everyone of your family to subject to a DNA test
Sounds dystopic? Yes. But this is exactly where we will be headed. Police here in Germany already do DNA tests on petty vandalism [1].
That’s not what the comment was driving at. At all. It’s about how data you think is innocent can be used in a manner you never thought about nor intended for dark purposes.
I actually had intended to point out the dangers of "scope creep". Everyone is happy with a lot of pretty invasive stuff - dragnet surveillance, targeted surveillance (i.e. bugs placed in a suspect's home/car/computer/phone), DNA and fingerprint mass tests, no-knock raids - in severe crime cases such as terrorism, murder, rape, child sexual exploitation or abduction. So far, so good, and almost all Western countries have such provisions for decades that were introduced under the premise "it's only going to be used for <prior list of severe crimes>".
But in recent years, the scope of said "severe" crimes list has expanded massively, across the Western world, driven by both powerful industry lobbies (such as the copyright cartels) and "concerned citizens" aka authoritarians in disguise... and now you got a DNA investigation for about 4.000€ in damages of broken glass and a ticketing ATM. No matter what: this scope creep is not justifiable.
On top of that comes the risk of "what if our governments and the tools/data they and society (both in the form of individuals and companies) possess fall into the hands of authoritarians". For a long time this risk has been laughed off, but nowadays both the far-right (in Europe and the US) and the far-left (in Southern America) have seriously raised the probability of such a scenario.
> Everyone is happy with a lot of pretty invasive stuff
could you stop repeating this simple fallacy? Because millions of people could not organize and opt-out of something being commercialized, that also benefits government, in the USA Does Not Equal "everyone is happy"
in fact, lots of people are deeply unhappy.. so the statement "everyone is happy" is not only not true, but actively provoking.
It is not in the power of an unhappy or protesting individual citizen, let along an elderly, impoverished or medically vulnerable person, to stop the rollout of Big Tech Thing.
Why is DNA investigation supposed to be limited to "severe" crimes? It's just another investigative tool. The idea that it should be limited implies there's something sordid about it. Why should I accept that implication?
An amusing thing here is that the arguments against DNA were also made against the use of photography, back in the 1800s. At some point people have to realize that personal unease is not an argument.
> At some point people have to realize that personal unease is not an argument.
that's not how it works though. if you find enough other people that have the same uneasiness, then you can form groups that get people elected to make rules that forces everyone else to comply with your uneasiness.
Well, I'm in a state that passes legislation as fast as they can that tries to one up how ridiculously they can legislate away the rights of their population. So as flippant as you might try to be about it, doing nothing but making flippant comments on the internet is how we turn into a society that looks at each other wondering WTF happened. Because those with personal unease have mobilized, and now they're in charge.
> Everyone is happy with a lot of pretty invasive stuff
I beg to differ. The fact we're even having this discussion means not everyone is happy with the situation. Maybe Stockholm Syndrome has kicked in for you, but I'm still resisting
Fair. On the other hand, I'm a bit surprised that anti-immigrant forces in the US haven't made DNA sampling compulsory for new immigrants. The argument would be these would be harder to track down by these techniques, because the ancestry information is not as available, giving them an "unfair" advantage over white Americans.
The US does do DNA collection for anyone it detains whether they end up being granted legal status or not.
They were processing so much DNA that they had to write a special rule allowing border agents to _not_ collect it if it would cause operational difficulties to do so.
All you have to do to clear your name for that crime is to turn over your DNA to the police to be in their records forever[1], and Bob's [2] your brother [3].
[1] - You might be able to get a court to order that your DNA records are destroyed after proving your innocence, but it's an ask to believe this would actually happen in every case.
Cause in the case of cheating mother, it is clear she is the mother. And to confirm fatherhood of husband or partner, no external registry is needed or helpful.
Nobody has perfect 100% individual choice/freedom. By itself, maximizing for it is a non-argument. The best explanation I've heard is that "my rights end where yours begin (and vice versa)". That is not an easy line to draw, so the debate becomes where exactly do we, as a society, decide to draw that line. (Noting that this also is never a singular, fixed answer)
Even without defining a specific model around how genetic data should be handled, I think it's more than fair to say that most people right now don't even consider how their choice to sign up for 23andme might affect their relatives (already born or otherwise). Even if they do, in my experience, it's only to a very surface-level degree.
That can be achieved through anonimity. I don't understand why companies have to know who I am in such detail. Every little website requires my phone number, SSN, retina patterns and the name of my childhood pet. If I could use 23andme under the pen name "Ivar the Boneless" and pay for it with a bit of cash in an envelope (or crypto), the current problem wouldn't exist.
Tools like Telegram or Signal do not allow creating accounts without having a valid phone number. Of course, it is possible to use a web service to receive the registration SMS, but that shouldn't be the case in the first place.
To clarify, genomic data was not reported stolen. It sounds like the breach was about genealogical data.
The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
Yes, and remember that data is commonly widely shared. Because, its mostly about long dead people?
The real breach is for recently deceased people (here the time span varies greatly, but dead for ~100 years is definitely enough if you ask me) and for living people. Actually in Sweden the death info is publically available generally right away, more or less. You can buy USB sticks with ~all deaths up until very recently.
ah, good point, I misread the bit “percentage of DNS shared with relatives”, I really thought one could share only Chromosome 3 with relatives for example (which does not make sense, granted), and that it was the bit which was stolen. Thanks for pointing this out.
I guess I'm feeling a bit philosophical today, but in some sense, aren't we all part of a shared data structure given that we are all somewhat related? While there a few bits that make us individuals, there is much that is shared to the point that privacy doesn't seem truly possible.
Right, like the person posting an idea on an Internet forum was the first and only person to have that idea. Security through obscurity does not work. It’s much better to open up the curtains and let the sunlight in. It’s the best disinfectant. At least then everyone is working with all of the information.
Please provide one concrete example where this leaked information was used to materially impact someone's life that would not have otherwise been possible without the leak.
Absent that, the argument holds that screeching declarations about privacy tend to be overblown.
* You don't have to care about privacy if you didn't do anything illegal.
* If you do care about it, you can just choose not to share your information.
* If you don't share but your data is still leaked, it didn't affect your life anyway.
The point is an average person is incapable of having boundaries with these corporations who have all their data and benefit from it, and we have no way of predicting how all this data about us will affect us.
This is the first time you and I have spoken in our lives; it's impossible for me to have moved any goalposts.
The point is that these privacy claims are nearly exclusively theoretical. Privacy advocates constantly tell anyone who will listen about the complete destruction of privacy in modern society, and yet nothing even resembling the consequences they claim will occur is actually happening.
I never mentioned making an arrest?… Just preventing the crime from happening because then it will be too late.
We don’t wait for a pedestrian to be run over by a car to decide that a specific road is too unsafe for a specific speed, we tend to implement appropriate speed limits to prevent such irreversible things like death from happening.
Same applies with privacy. Once a person’s data is out there, you can’t take it back anymore, so if someone every finds a way to make money out of it to the detriment of this person, it’s too late. You can arrest this someone, then the next one will pop up and do the same with the same data.
Yes, we definitely waited for pedestrians to be hit before deciding road speeds need to be regulated. We waited until long after many pedestrians were struck by vehicles before even considering solutions. And I can't believe I have to say this, but someone dying by getting hit by a car is more serious than someone's SSN getting leaked.
If this is such a big issue, why hasn't more happened already? Why don't we see massive insurance denials based on Facebook posts? Where are the droves of people denied loans because it's leaked they use crypto? There was a huge Ashley Madison data dump some years ago, yet there were no mass firings or even divorces as a result.
Honestly, if nothing big comes out of this DNA leak, I think the idea that privacy is critically important is dead. If someone's DNA being leaked out into the world doesn't matter in a meaningful and systemic way, then there's nothing here.
That rule is as a result of bad things happening while walking alone at night.
I know what you’re talking about, I just don’t think you realize how such things become rules. We very rarely, if ever, create preventative rules, and when we do the rules are terrible because we don’t know the issue well enough.
How much does that have to do with their TOS update which went out on thanksgiving DAY (the most perfect time to get lost in everyone’s inboxes). The TOS update somehow tries to forbid class actions, requires you to go through an “informal” 60 day process before any legal action, and forces you into binding arbitration.
Functionally you as a customer have next to no legal rights, according to 23andMe lawyers who cooked this up.
I'm not a lawyer so I can't answer the question, but it will defintely complicate going to court, and I'm confident that the company has more lawyers and more money for lawyers than the average user. A class action suit may follow, but only if enough people and lawyers are willing, and it'll likely end up with a pittance in damages paid in a settlement, eventually.
What really interests me is "Are ToS changes absolutely binding?"
I am also not a lawyer. But I think there are two types of changes to ToS.
One is purely administrative. For example, they might change the methods available to reach for support. For example, they might say that you are no longer able to send a Fax to get support help. Or that their domain name changed.
Second is something that changes the service that you are receiving. For example, when you have bought their product they said "we are offering free support for all owners or our doodad". But then one day they decide that support is now paid option for all existing customers.
So the question is: can ToS changes that changes the service/product that you have already paid for binding without your consent? If they decide to introduce extra protection from class action, requirement for arbitrage, etc. is this just administrative or is it actually changing the service you are receiving by restricting your rights?
It doesn't really matter in practice, because the discipline around contract law is (typically) based on reasonableness of terms - I can't sign TOS that say I'm a slave, nor will TOS apply if such a clause is introduced at a later stage.
Regardless of whether terms are changed for administrative or product reasons, what matters is the reasonableness of terms imposed on the other party.
Not just "are the changes binding" but also "are the changes relevant". The changes might be binding for future services, but previous services were provided under the old terms; so you can make an argument that any arbitration clause in the new terms doesn't apply to services rendered before the new terms took effect.
Most terms of service include automatic acceptance of future changes, so if you continue to use the service the terms apply to the past too.
“23andMe may make changes to the Terms at any time. If we make a material change to the Terms, we will notify you, such as by posting a notice on our website or sending a message to the email address associated with your account. By continuing to access or use the Services, you agree to be bound by the revised Terms.”
Depends a lot on the jurisdiction several European courts have thrown put EULA's and TOS' agreements as being entirely invalid in a business to customer relationship, but im sure some American court somewhere will declare those as valid contracts.
In the US, yes, these kinds of contracts are unfortunately upheld under current laws and court rulings that are valid nationwide. Of course there are limits and exceptions, but those boundaries have been broadened in recent decades to allow these kinds of terms anywhere in the US, even for consumer contracts.
The US Federal Arbitration Act from 1925 prohibits courts from setting aside valid arbitration agreements. It's recently been interpreted to prohibit almost any kind of interference, so it's being actively enforced if not extended.
Yes, that’s what I’m referring to. I hope that some of the legislative reform bills eventually pass, but I don’t anticipate Congress being sufficiently functional and sufficiently protective of consumer and employee rights to do so any time soon.
Just got an email update from them. It sounds like you can opt out of the new terms. Not sure what the consequences will be.
> We encourage you to read the new terms in full. Please notify us within 30 days of receiving this email if you do not agree to the terms, in which case you will remain subject to the current Terms of Service. If you do not notify us within 30 days, you will be deemed to have agreed to the new terms.
Does anyone think privacy of any real sort is maintainable going forward? Machine learning algorithms are learning to identify people just by their walk -- no face recognition required. Algorithms are moving toward being able to decipher text just by the audio of the keyboard being typed on.
In short, given a gestalt of ALL public data and sufficiently advanced algorithms is there really a way for people to maintain what we today consider reasonable privacy without extraordinary measures, unfailingly applied?
To be clear, I'm not value-judging the situation, just expressing what I think the ongoing trend is.
> Does anyone think privacy of any real sort is maintainable going forward
Probably not, but it doesn’t mean we can’t guide the conversations about how it looks in the future. Sitting idly by just means they win, but discussing it in the open means that we might be able to put some safe guards in place.
Oh, who am I kidding. We’re all screwed and evilCorp will win so we’re just wasting our energy and making ourselves crazy fighting. Resistance is futile
> Machine learning algorithms are learning to identify people just by their walk -- no face recognition required.
About a decade ago I knew people researching computer vision algorithms doing non-facial recognition (stuff like ear shape/gait/etc) because companies like Fortinet were
trying to build "automated doormans" to apartment/condo complexes where they would scan and analyze any humans walking by the cameras placed at the door.
Not a lick of ethics from anyone involved.
What we need is rabid legislation that encodes a right to be forgotten, because clearly an expectation of privacy isn't enough. I don't think there's anything inherently wrong with automating identification, but I do think there's a lot wrong with companies trying to do it for every human being that they can possibly find without any consent.
Agreed, but also "privacy" is an abstraction that layers over the actual thing that people are worried about.
Any answer to why do you care about hiding this information? can all be boiled down to the fear that "[person or group] might use [private data item] to create [bad outcome] for me."
So the thing people actually care about is the risk of bad outcome, not the actual data itself.
If your theory is correct, then the focus should be on the prevention of asymmetric power imbalances in societal transactions that can even create [bad outcome].
> So the thing people actually care about is the risk of bad outcome, not the actual data itself.
It's more than that. Privacy affects the psychological context for daily activity and alters behavior, sometimes subtly, sometimes overty. If a person knows they have no privacy, they will go about life completely differently, and they will think about life completely differently.
Privacy is a freedom-of-thought, freedom-of-action, and also freedom-from-anxiety consideration.
> the focus should be on the prevention of asymmetric power imbalances in societal transactions
The rules governing social systems built to obscure the jungle (e.g., political, legal, and penal systems) can always be trumped by that which they were chosen to tame. This is the unfortunate reality of our wetware.
> the thing people actually care about is the risk of bad outcome, not the actual data itself
"Bad" is subjective, no?
Is it good or bad if a father learns that his teenage son is not his own?
> "Bad" is subjective, no?
> Is it good or bad if a father learns that his teenage son is not his own?
I feel like that would depend on the person. If the father wanted to know and the son didn't, that would be good for one and bad for the other, and vice versa.
Even taking privacy as a pure abstraction over things that people really care about at face value this conclusion bakes in a ton of assumptions. The assumption a perfect power balance can be attained, the assumption once attained it can be guaranteed to never falter, and the assumption what happens between now and when such a utopia is achieved is an irrelevant concern to the individual at risk now.
I personally don’t. I used to lose my mind over the thought of my confidential documents being leaked. Then after seeing how poorly personal information is handled, I realised it’s almost a guarantee. A few things from Australia (which has good privacy laws) that made me recognise the futility of it all:
1) the large hack of Optus in which about half of the population had their credit card details stolen.
2) the large hack of Medibank in which the details of a large portion of private health insurance customer details were stolen.
3) I applied for a mortgage and found out every 2-bit mortgage broker is emailed 100s if not 1000s of sensitive ID documents every year and they definitely do not go through their email and delete them after the closure of deals.
4) Most companies in Australia only require a name, address, and, birth date to verify identity which is easily found with five minutes of searching most of the time.
5) I set up a pin with Telstra that should have blocked administrative changes on my account for years. One day I called in, got my password ready, and they didn’t ask for it. They just did it anyway. It was entirely futile.
IMO the only way that privacy will ever become respected is if we move the onus for fraud onto the actual victims of fraud: the companies. This is the whole ancient joke about someone’s identity being “stolen”. It wasn’t stolen, your verification procedures ultimately failed as a business and you are trying to divert responsibility to avoid having to suffer a loss. This is one of the reasons I use my credit card exclusively these days - if it used fraudulently I know that I can charge back, and that’s about the only mechanism I can use to truly prevent unauthorised access to my money.
Yes, it's absolutely possible. What's not possible is the society respecting privacy. As a whole, nobody respects it anymore, some even engage in half-assed devil's advocating about it.
People are easy to mislead and so that's what's been done. In the future, privacy will have to be enforced through jammers and Faraday cages.
None of the gait and keyboard detection attempts work in field conditions.
Privacy is a policy issue, not a technical issue. We need to focus on advocating for more useful and effective privacy protections as citizens, instead of focusing on technical evasion strategies. Because as you're pointing out, that is a losing strategy in the long run.
Something super creepy that happened to me recently: a hospital where I've been to a few months ago called me and asked me to participate in some DNA analysis program.
They said "oh and the best part? You don't need to do anything! We will use blood samples we collected the last time."
I obviously declined, but it was a huge wtf to me - they stored biological samples associated with me without informing me and can do a post hoc DNA analysis. This is just insane and a proof of how non existent any privacy laws in the US are.
(In EU they cannot freeze any samples without consent and unfrozen ones are ok for at most a few days)
Predictably?, amusingly? police never had access to this data, until a government minister was murdered in 2003, when a sample from the suspect was retrieved. From what we know it has not been used since. So we can be cynical, but under the circumstances, the police use of the registry has not yet taken hold and is guarded by the courts..
If the government wanted you gone there wouldn’t be this song and dance about getting dna data from a blood bank. They’d just kill you and that would be that.
They can barely agree on a budget. They wouldn't be able to unify against the public, they're too dysfunctional. You'd need a President willing to defy his oath and two other branches on board with him.
Congress is not the agency that does the killing. More efficient ones with practically zero oversight do. See Frank Olson for an example, we only know about that after mkultra was revealed in CIA abuse investigations. His family still is fighting for justice some 60 years after his assassination.
How do I know they didn't use them? They already did something with my biological samples (storing for a different purpose than when they drew my blood) without my consent nor informing me.
I am not sure, only guessing. But why would they ask for permission in the firs place?
> They already did something with my biological samples
I can only guess you were tested for something in the hospital. Samples are sent to the lab (separate department) to be tested. If additional tests need to be perform they can use the blood they already received. The samples are kept for ready availability if additional tests are requested by doctor. Doctors dont care how its done, they dont have time to inform lab patient x is out home.
After some time they need to be destroyed - due to expiry date on it. Before destroying the lab contacted you and asked for dna permission.
> And also - could eg. police use it?
I don't know that. But you might want to check how medical data is protected in your jurisdiction.
They asked for permission because if you want to use data a hospital already has stored for another use, you need to contact the patient to get additional consent (you already gave them consent to collect and keep the sample).
"23andMe said the data breach was caused by customers reusing passwords"
Yet 14,000 accounts were breached in one go? Where did these passwords come from? Maybe there was another related breach (something like lastpass can explain this)?
Also, using the "DNA Relatives" features the hackers were able to access personal information relating to 6.9 million individuals. That means each one of the original 14,000 accounts had about 492 unique relatives. What am I missing?
That part isn't super surprising beyond the technical issue of the data usurpers probably not being metered or flagged for continuously logging into different accounts. They could have used a massively distributed network to pull all the data, but there probably simply wasn't the detection or protection.
Having said that, in logging into my account to verify how many relatives are shown to add this response, 23andme refused to let me login and demanded that I reset my password because of password reuse. I have always had a very strong password on this account, and it isn't reused anywhere. I even have 2FA on. So it seems that the company isn't entirely comfortable with the notion that it was reused passwords behind it...
However after resetting my password that I never reused anywhere, the DNA relatives panel shows 60 pages of relatives, with each having 25 relatives. So 1500 relatives could be pulled. Grabbing that for 14000 random accounts would be a pretty formidable network someone could build.
I don't find that surprising at all. There are publicly available large lists that compile many historical password breaches, they are easy for attackers (or anyone) to access and it's quite reasonable to expect that at least 0.1% of anyone's users (14k accounts out of 14m+ users) will be reusing a password that has been leaked elsewhere, unless you explicitly attempt to detect and invalidate such passwords e.g. as in yesterday's discussion on HN about Troy Hunt's work.
For a breach to be caused by password reuse, it must be the case that a set of usernames and passwords got leaked somewhere else. If the usernames and passwords were leaked from 23andMe, that wouldn't be a breach related to password reuse, it would just be someone who found and cracked 23andMe's list of credentials.
It isn't even slightly surprising that a list of credentials leaked from some other website (or a composite list built from leaks from several sites) might have 14,000 users in common with 23andMe.
Seems plausible to me, assuming that my situation on 23andMe is about average when it comes to the number of DNA relatives and the vulnerability of my relatives to being hacked.
A quick search says 23andMe has 14 million customers, so 14000 accounts breached would be 1 in 1000 accounts breached.
The DNA relatives listing for me lists just over 1500 people. If each of those accounts had a 1/1000 probability of being hacked, the probability none of my relatives were hacked would be (1-1/1000)^1500 = 0.223. The probability that at least one of my relatives was hacked would then be 0.777.
I'd then expect, based on my assumption that I'm typical, about 10.8 million people to have had relatives with hacked accounts, which is close enough to 6.9 million that the latter seems plausible.
Its because you can get some data if you opt in to relationship tracking. For instance, my 23andme shows like 1,500 genetic relatives. So saw you are jewish and opt-in to this feature. The person can login to the account and see X amount of other jewish people and their names. This is the data that was stolen from my understanding. Not the actual raw DNA of those individuals. With the current gaza/israel issue, you can see why someone having a list of the names of thousands of Jewish people might cause some concern.
I never seriously considered using 23 and me. Not because of hackers, but rather what government would do with that information. I don't want to be responsible for some random relative getting charged with a crime just because I was curious about my family tree.
Thanks to using 23 and Me. I found out that my dad was not actually my biological dad and that I have a half sister and a large extended family that I did not know existed. I'm fully aware of the privacy and PII concerns, but for me it was absolutely worth it, both to better understand who I am and to find a large group of relative who I never knew were there (and who have been incredibly welcoming to me). It's a trade-off.
I’d really like my 23 and Me info, but I assumed it was only a matter of time before they were hacked or sold to an untrustworthy organization willing to sell out users to make a quick buck.
If the test was done, the results were sent, and then my test data/info were destroyed on their end, or if I could do a home test where the data never left my home, then I’d do it.
I struggle to understand why companies hold on to all this data. It is a huge liability. In this case, maybe it is so they can identify familial relationships, but is that feature worth the risk?
Have they used these sorts of databases to charge things other than murder and rape? The cases I have seen solved by way of this technology, I would very much feel glad that something I did led to stopping someone doing seriously bad things.
You have no guarantee on the type of regime under which you will live in a few years nor on the rules it will enforce. Actually, democracies are perfect regimes for rapid rule change without requiring a regime change.
Look at what they did without it. Godwin's Law aside, the point is, if a sufficiently powerful group is set on doing something, they'll do it. Such a group won't let "facts" or "accuracy" get in the way. Look at McCarthyism.
People bent on doing evil things are going to do evil things, but perhaps it's a good idea to not build systems that will let their evil be faster and more efficient.
I have yet to see how this allows them to move faster and be more efficient. People have this fear of some orwellian government killing or imprisoning with little regard for ethics or due process except they will stop all of that for careful analysis of DNA. Seems bizarre to me. Either you are getting screwed or you aren’t but this stuff makes no screwing possible that wasn’t already.
No need for careful analysis, just force the company to give you a list of registered users matching some criteria. Your kill list is just a SQL query away.
"makes no screwing possible that wasn’t already"
Sure, but it makes it easier and faster to select targets for your screwing.
Historically the people doing the screwing weren’t so concerned about precision. Imprecision lets you throw in political enemies who don’t fit the demographic you are directly targeting so its quite useful
Imagine what a racist government would do if they were able to tell who's black!
Sure, now they can start hating on people who have the gene that makes Cilantro taste like soap, but a lot of genetic things are already visible so I don't see this as being fundamentally different.
That Nazis could use something for truly evil purposes is hardly limited to this but, I think, the concern is. You can imagine nazis transporting Holocaust victims and soldiers by rail, because they did, but I’ve never heard anyone argue against adding more rail infrastructure because if Nazis take over they could use the rail infrastructure to enable genocide.
Small world. Only yesterday I read that great comment from user
adameasterling about credential stuffing in another thread [1]
> Troy Hunt is such a treasure. And for us web application developers, there is no excuse for not having protection against credential stuffing! While the best defense is likely two-factor, checking against Hunt's hashed password database is also very good and requires no extra work for users!
That user even listed 23andMe [2] as an example but it's from 60 days ago. This incident is referenced on the techcrunch article.
Penalties should be strong enough that sites and apps do not collect more than an email address without very good reason. Just wanting to contact me with marketing literature is not a good reason.
I can't help but think that we need is for a class action suit to impose strong enough penalties that insurance companies to insist on proper audits of what data is actually needed and what is just a financial loss waiting to happen.
Not because it’s hard work to protect themselves. But because it’s typically not a business priority (at top middle and via coercion and incentives, the bottom/workers too) to invest in security. Most of these big hacks are via well known threats that can be caught in typical good-faith auditing
"Luckily we are now offering a genome monitoring service. For only $79.99 per month you can be sure that you're alerted any time someone tries to access your genetic record!" - 23andMe
"What do you have to fear if you have nothing to hide?"
I fear stupid people in places of power. DNA-matching as a crime solving technique always was problematic.
Given the nature of the service, you should probably treat it as inherently pseudonymous. You're handing over irrevocable genetic data which will link you to relatives. Whatever their data protection assurances are, you have to imagine the worst case scenario - massive data leakage. And if this happens then you will in all likelihood be identifiable.
Obviously I don't trust any assurances, but on the other hand I'm handing over my genetic data all the time because parts of me end up over in the hands of 3rd parties whenever I go outside but they just happen not to run test on those.
If I can have a test that is not connected to my persona, from their perspective the data would be as valuable as running a test on the hair in the barbershop or picking a random leftover of food and running test on the saliva left on the half consumed food.
There's quite a big difference between the DNA you leave in a forensic sense all around you (which would take a lot of effort and expense for someone to gather against your will) versus serving it up on a plate in a format that is trivially searchable for close matches against any relatives. The value is in the fact that millions of people's DNA is gathered in the same place in the same format, not the individual value of your DNA. It's a classic network effect.
I mean, what is your threat model, and what are you trying to get out of DNA/ancestry services?
If you're worried about getting arrested for one of the many crimes you've committed, and you want to meet far-flung relatives, you're kind of in a bind here. Assuming unlimited cooperation between the police and the DNA/ancestry services -- which your threat model in this case would require -- even if they don't have your name or address, they could fabricate a half-sibling/double-cousin in the system and have them reach out to you. What, are you not going to talk to and eventually meet the cop pretending to be your previously unknown half-sibling/double-cousin?
My threat model is about the changing world, essentially activist who feel like having right to tell who lives where. I usually pass by the look, fail by the accent and I intend not to have another data point they can use.
I wouldn't count on any data protections from firms in the United States. There's no responsibility taken by those with the influence to end lives.
Until there's actual punishment for being breached, there will never be data protections in the United States. Even HIPAA and the DMV sell access to businesses.
indeed, if you have a cousin that has already filled in the data about your grandparents, and they do a scan showing "John Doe" is the descendent of Arthur, Betty, Charlie, and Debbie; then you're already linked with a "shadow profile". Chances are they'll have the data from your cousin with your name added too, so now they can link the DNA of "John Doe" with the shadow profile of "YourActualName, cousin of Timmy TakeMyData".
The only solution to this is regulation and enough incentive that companies have to treat data as they treat radioactive waste material. Storing data should be a liability, not an asset.
I used a fake name and a masked email address, and no issues so far. I've told close family members that if they get a sibling, child, or uncle show up called "James Brown" not to freak out too much
You DNA is shared with others, so any amateur geneaologist is likely to be able to find out who, approximately, you are.
The exact info though should be easy to protect. Just dont give it away.
But remember that other close family members to you are very likely to know who you are, and they may share that info by accident. Normally you can't share data of anyone living on these services, since that is illegal pretty much anywhere, but its enough if one user happen to mark you dead in their tree and has filled in your real data.
I signed up with fake name, delivered to a friends address, and a Privacy.com single use credit card. No one is forcing you to use real credentials anywhere online.
More like using Tor to create a FB account with made up information and expecting FB not know who you are because your IP is obscured and you use fresh browser profile. In your DNA doesn't tell your identity, there's DNA everywhere and it's not something hard to come by. The analysis is only valuable if can be connected to a persona, otherwise its just chemical reaction.
No, your analogy makes no sense. A fake facebook account is not identifying information. DNA is. They can figure out who you are based on the DNA alone, if they have enough data from your relatives.
There are billions of addresses in the world and you can look it up online. It is an identifying information only when it is attached to an identity. That's exactly the same. DNA is everywhere, it's only identifying when connected to an identity.
They can match me with my DNA if they already have complete knowledge of my family structure and all their DNA. So if all Kardashians but one send their DNA for tests providing their true identities and the last one sends anonymously, they can assume the identity of the last one.
So yes, there's a risk but its not much different from going outside and leave behind hair or saliva unaccounted for. That's Putin level of paranoia IMHO(he is known to have men collecting his poo etc. when outside).
Maybe can be useful for insurance companies to match you and price you according to your DNA but they are not allowed to do that and they can only exist within legal structure.
there was a craze for DNA analysis 10+ years ago, the idea being 'if we can analyze e-commerce transactions, why not the human DNA!' The UPS being mostly around Health than Ancestry. That's flopped in my view.
Recent Gnome sequencing research is revealing that actually a Gene (downstream) doesn't necessitate a Health/Medical Condition (upstream) [1]. I think we need highest security measures, user education and Regulation when it comes to DNA, medical records, and biometric data (face, finger, iris, voice etc).
Charles Darwin & Co documented their theory of evolution well, there's enough ancestry there for most i think, at least as a solid starting point / platform. My guess would be if there was more education around theory of evolution (science), there would be less interest in Ancestry services (DNA based), leaving only a Medical case for them, and hence demanding greater protection/security.
>“We believe that the threat actor may have then, in violation of our terms of service, accessed 23andme.com accounts without authorization and obtained information from those accounts.”
It's funny that they had to note "without authorization".
I was thinking about getting a DNA testing kit for my parents and my conclusion was that I'd have to advise them that they'd need to be comfortable with their genome being public because over time leaks are inevitable. As the UK marches on towards increased fascism the chances a Tory government will demand access to such data "for security purposes" gets higher.
Im sure someone just gave them access... Given the number of SE attacks on dumbass SaaS companies, seems easy when they all cut corners and overwork everyone...
So people in my family have used 23andMe but I'm assuming my data is also compromised. I've never used the service because I think it's kind of weird and gross. But it probably doesn't matter that much if both of my parents and my brother have. Health insurance companies in the future can still charge me different prices based on my risk profile.
I uploaded my genome to a public database. And it's higher fidelity than this. My children will, too. This isn't a really big deal to me. Hopefully, my DNA (as part of the big database) will help us find out something about humans in the future.
In my country where the police has a LOT of power I'm more worried about inadvertently getting my relatives arrested for old closet crimes. Am I being too dramatic?
Yes, likely at different levels. For example, if I log into my myheritage account, I have 27000 DNA matches which I can download a .csv of, which includes the matching parts. I can also access the trees of those users that share theirs. This really does not include personal data, _except_ the information about where our DNA is identical or half-identical. Which has potentially far-reaching implications, but the personal data should not really be available here, unless people has opted in to sharing it.
Since its a site about sharing data, its not weird that its easy to extract data from it. It is sort of the purpose.
Fun fact, they can sometimes narrow down crime scene DNA to just a single person by having enough partial matches from their (potentially distant) relatives. I can't remember which DNA database was used, but some cases were solved this way, IIRC it introduced a bunch of legal questions about if you can search a database in that way.
There have also been a number of false positives because many believe that DNA is infallible. What people tend to forget is that DNA tests used by law enforcement is only using a very small subset of DNA markers. This mean that if you're already in a DNA database you can get an unpleasant knock on the door just because you have 10 DNA markers in common with some random criminal.
Danish police only upgraded from 10 DNA markers to 16 in 2021, forcing them to review 12.000 cases and redoing the DNA test. Resulting in at least one person having the sentence reversed. No word on how many was falsely suspected, but I assume more than a few.
imagine the next hitler... as an immigrant with his data on 23andme, I am pretty scared. I am sure 1 out of the 10 ethnicities that I am affiliated with, will be eventually hated by some group.
You can't punish a corporation, it is a collective and most members of it are worker bees told what to do without a big picture. You have to punish the members of the C-Suite individually if any change is to be seen.
I bet a lot of insurance risk adjusters will make an order for the data, optimize their models a bit, raise a few rates, and make a few new millionaires in the process.
I’m being snarky but isn’t it really scary that 2% of Americans could be impacted by something like that?
I know this is a terrible event and we should look at this critically, but i can't help but read this headline as the start of a sci-fi conspiracy theory/spy fiction novel.
"It all started when that hacker group obtained the genomic data of millions of humans..."
Isn't it time governments start to regulate passwords ? (They already regulate a lot of privacy issues like medical and financial history. Some governments even regulate the use of finger print authentication of employees)
For example, any website that allows users to choose normal, easy to remember passwords should meet a long list of requirements: For example security audits, bug bounties, capital reserves to deal with class action suits.
Then small websites will start either implement Open ID or encourage their users to use password manages.
Please have a look at the "recommendations" of your national security agency (except NIST).
It is all outdated, written by people who thought they understood security in the 90's.
The French ANSSI recommendations are ridiculous. The German as well. Having an incompetent gov org forcing you to apply their "best practices" is terrible.
We have already for banks and look at what they have done: all possible "don't do it!" implementations neatly on one page (source: Boursobank, Fortuneo and other French banks who replay that the security is "reviewed by experts")
It's imperative to recognize that the healing of cross-generational trauma is a journey within an individual's lifetime, rather than resorting to a confrontational approach that employs genetic data to incriminate individuals based on what science implies about their genetic makeup. The flaws inherent in this data—biased, widespread, and contaminated—highlight its unreliability. Relying on such data, which historically proves to be often incorrect, represents a narrow perspective. Using it to calculate high probabilities for targeting individuals in specific scenarios fosters more animosity than extracting genuine, overarching truths.
Sorry, if Google didn’t make so many world changing products so quickly I’m sure I would have less criticism of Google in general and fit in more easily here.
Personally in downvoting because your posts seem irrelevant or incoherent and I want to discourage that sort of thing on hackernews. Though in your particular case I strongly suspect you're having a psychotic break and need immediate medical help.
Cool story. Care to administer a psychological evaluation in person? If spell checked typed words are a measure of psychology you just failed. I’m not “in” wise guy.
It is so obvious that your relatives sharing their genomic data with 23andMe reveals a lot of information about you. We can only hope people will realize that this also holds true for collecting behavioural data on other people sharing the same background as you.