This list, also known as BADBOOL, was started on September 29, 2017 and was most recently updated in October 2023 to add PimEyes and to remove TruePeopleSearch and Cyber Background Checks, since those sites will automatically remove your data if you successfully opt out of Intelius and BeenVerified.
Some of these opt-outs take a long time to go through. Sometimes, information is pulled from other sources, and you’ll need to opt out multiple times for the same site. Data brokers come and go (and are bought out by others), and they also often change their opt-out pages.
In many US states, real estate data and voter registration information is public (or easy to obtain). And, of course, location data can be found by physical means (e.g. following you home) and through other people who know it (i.e., social engineering). That said, removing your home address from data broker sites can significantly lower your attack surface and make it harder for people to find it.
This is mostly US focussed, but does give some idea of all the data brokers tracking users’ data and behaviour, and that it is not easy to just opt out. The list is being managed as an open source project that it has community participation as well. So, it may also be possible to suggest adding resources for other countries too.
Unfortunately, if you’re on the Internet, you do leave many traces. Very few normal users actually boot clean from a Tails Linux on a USB stick in read-only mode, and use Tor Browser without any saved logins etc. Most users also carry a mobile phone with apps installed (no more needs to be said about that).
Your best defence is though to do some basics like using a privacy based browser with fingerprint protection, script bocking, unique secure passwords per site, sandboxing (or not using) Facebook and Instagram type sites, etc.
Just yesterday, I received a phishing mail that had spoofed my own private domain e-mail address (to imply they had hacked my e-mail). I realised that, although I had activated DMARC and SPF on my e-mail service, I had made one copy-and-paste mistake in the DNS records, and no error was shown. I’d not properly checked that the DMARC indicator was showing as verified green on my service. Doing it, and actually checking it, are two separate actions one needs to do. It’s the little things that trip you up.
So why are data brokers a threat to you? Well because they also collect a lot of related information which is often used to verify your identity to a call centre to have your password reset (one example).
See https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
#technology #optout #databrokers #privacy
It relies on slow legal mechanisms that vary widely by jurisdiction. It also highlights the huge problem with forcing users to find workarounds for legal manipulation. Instead of employing an “economies of scale” approach and having authorities crack down on obvious bullshit, you have to go through this process or pay someone to do it for you and pay companies for their credit reports on you and pay to file the lawsuit etc. etc.
Additionally, any of these companies can close down and then open back with with a new name at any time and force you to start the process all over again. It’s called a “phoenix company” where I am.
I also consider it pretty likely that trying to remove your information just verifies your information and therefore makes it more valuable for brokers. There’s no reason to assume they handle information ethically and are doing anything more than providing the opt-out for plausible deniability.