I've been hesitant to submit removal requests due to requirement of uploading a picture of your ID. How can I trust these shady companies won't use this irresponsibly?
Same here. I know that a fair bit of the data they have on me is inaccurate. Yet, to delete that, along with accurate data, I’m being asked to enrich their data with even more accurate data. It feels like the old “click here to unsubscribe” scam that actually just confirms a real person behind an email.
I would love to know who sold them my data though. That would allow me to stop the flow more effectively before I felt okay deleting at the terminal data broker.
I've started to give services domain-specific email addresses as a sort of reverse-tracking identifier. So I give google@mydomain.com and apple@mydomain.com and so on. I figure I'm using a password manager for all of my passwords anyway. It obviously won't work in all situations, but it might provide some leads.
I've done the same thing for years (yikes-- 20 as of last year-- I'm old!), albeit sometimes I use an opaque identifier for the username portion (because some sites treat addresses with their own domain name in then funnily and I've had humans question it). As a bonus I've identified and reported two previously unknown data breaches by reporting the date I started receiving spam to a one-off address.
Previously I was using service@service.myname.com, and I realized that's leaking a bit too much info.
So, I bought genericname.com and switched to using service@service.genericname.com
Slightly less leakage, although I really doubt anyone is looking. I still have occasional issues with companies rejecting emails with their name in them, but that's easy to work around.
It's great in stores when they ask you to sign up for something and you give them an email that's obviously their name. Raises some eyebrows but most people working the checkout really don't care. A few just comment that it's cool, most are skeptical.
It's all hosted on fastmail and routes via wildcards to my central inbox anyway.
Unless mydomain[.]com is used by more people than just you and maybe your family, doesn’t the domain itself serve as a unique(ish) identifier? I think public aliasing services offer better anonymity, but they’re also blocked by some services.
For humans who are paying attention, sure. In practice, not really, because it's all done by scripts without an easy way to query "is this domain shared".
The way to determine who sold them the data is a service and agent I've envisioned for a long time, but never had the wherewithal to produce. (I won't go into all the hurdles.)
Everyone should have their own email domain, and an agent that also serves as your email client will generate a proper looking (for some definition of that) email address within your domain for every new correspondent.
Now, whenever you see your identity (email address) associated with anything at all you can determine the original source.
Maybe the data is sold from some of the apps on our smartphones. Also, pretty sure most of the payment providers folk e-shops use on their checkouts sell the data to Google (and I am dead certain Google were bragging about knowing about almost any transaction which happens on the on the web). That is a part in the chain which not even most online shops would even be aware of.
Yup, I often speculate that for me, perhaps for many others, apps (and the Android/iOS platforms) are the source.
I’ve been slowly switching to web/desktop based alternatives- those too have their issues (eg correlating all the traffic out of my single home NAT’d IP address.
Mulling deleting apps off my phone as well, but many non-app “mobile” experiences are completely unusable.
I had the same concern. I almost went through with DeleteMe, but it felt paradoxical to give all my info to one company so they could remove it from others. I understand they need it to do the work but it didn't feel right. They requested photo ID, SSN, all past addresses, online handles, family member information, etc. It was just too much.
Of the three listed, it looks like Albine is just DeleteMe (they have the same ToS link.)
Neither of them have a forced arbitration clause, class action waiver, etc. which is refreshing. These waivers are regularly upheld and make it very difficult to sue companies who do something wrong.
Having no forced arbitration clause is a good thing! It doesn't make me trust them more per-se, but it means I don't need to trust them as much in the first place.
You can trust them only as much as you think they have self interest in not being sued for doing something nefarious.
That said, they could very easily have a data breach and every customers full info would then be out in the wild.
Were not talking about ordinary payment details either, just full on dox - every address you have lived at, your license scan, all emails, phone numbers, its crazy. Id be willing to bet all these services are targeted quite alot as well because the people who would be willing to pay for this stuff are likely the ones with the most to lose.
I made a post lower in this thread but in general this entire model is flawed. Deletions should happen directly between your device and the service in question.
Also, its just as important to wipe the data YOU create as the data other people create about you. Just like databrokers, you can either do it manually or automated.
Check out https://redact.dev if you want to automate that part at least (I'm on the team)
> they could very easily have a data breach and every customers full info would then be out in the wild
Based on the many notifications I've received from hospitals and insurance providers telling me they've allowed my private information to get repeatedly pilfered, at this point I operate under the assumption that if any organization collects information about me, it's going to leak within the next 5-ish years.
The first and most effective line of defense is to not let the data brokers collect your information in the first place.
