[HN Gopher] Launch HN: Optery (YC W22) - Remove your personal in... ___________________________________________________________________ Launch HN: Optery (YC W22) - Remove your personal info from the internet Hi HN, we're Lawrence, Chen and Dekel from Optery (https://www.optery.com/). Optery is opt out software that removes your home address, phone number, email, age, and other private info from the internet. Specifically, we find and delete your profiles on hundreds of data broker and people-search web sites. Sites like Radaris, SocialCatfish, VoterRecords.com, Persopo, PeekYou, and WhitePages.com scrape the internet for the personal information of as many people as they can find, plus buy it in bulk from other sources. Then they post it online and sell it to anyone who wants to know about you. This is legal (though there are a lot of gray areas), but the net result is that a shocking amount of personal data is available about us online. Most of these sites will remove your data if you ask--but they don't make it easy. Plus you have to ask each of them individually, and to do that, you have to know who they are in the first place. We automate the opt-out process on these sites, first finding your exposed profiles, and then removing your information from both the public internet and the datasets they sell. Because there are hundreds of such sites, it's impractical to manage all this on your own. Software, however, can manage it nicely. We've written that software. This helps protect you from identity theft, phishing, hacking, spamming, doxing, and more. People search sites are used not only by identity thieves, but by phishers and hackers who craft convincing emails referencing non-obvious personal details as a way to build trust and trick you or those close to you into letting your guard down. We arrived at this problem from two opposite directions. Two of us worked in the data broker industry in the past, but as we learned more about what this data actually gets used for, and the harms it can cause, we decided to leave. We had a lot of inside knowledge about how the industry worked and decided to use that knowledge to help people learn more about the problem and address it head on. The other thing that happened was that I was a victim of identity theft. The thieves were able to open new accounts in my name by creating a fake ID and then piecing together information to bypass verification questions like "In which of the following cities have you never lived or used in your address?" or "Which of the following streets has a current or former association with you?" I found it was nearly impossible to remove myself from the Byzantine ecosystem of data brokers posting and selling his info online. Once the dust had cleared, we began discussing approaches to automating opt out and removal requests and Optery was born. The problem is hard to solve for two reasons. First, there are so many data brokers, each with their own nuances and distinct processes for opt outs. So far we've built custom opt out processes for over 200 data brokers. Second, most U.S. citizens actually still have few legal rights to data privacy. Optery is only for U.S. residents for the time being, and this is one main reasons--the problem is at its worst here. This is changing as new privacy laws are starting to get passed at the state level (e.g. in California, Nevada, and Virginia), but as of this writing the majority of U.S. citizens don't even have a legal right to opt out of their personal information being posted and sold online, and in our experience, about 5% of data brokers simply do not comply with opt out requests. In these cases we file formal complaints to the FTC and state AG offices, and we recommend you do the same. They are slow to act on these complaints unfortunately, but at least the wheels are in motion, and we believe this issue will eventually get taken care of as more people become aware of the problem. In the meantime, we continue to send opt out requests regardless, and are able remove personal data from the other 95%. One nuance of the opt-out process, which existing services tend not to handle correctly, is that you should avoid sending an opt out request to a data broker unless you are reasonably sure that the provider has your data in the first place. Otherwise you're giving them information about you, when what you want is just the opposite! Some other services just take a long list of privacy@ email addresses for every data broker they can find, and then blast out generic opt out requests containing all of your identifying information, regardless of whether or not the data broker even has your information to begin with. But the Achilles' heel of these sites is that they rely heavily on the open web for marketing: SEO, affiliate programs, and paid search ads. Therefore they mostly support HTTP GET requests in standardized formats to reach individual people's profiles, e.g. https://www.data- broker.com/person? firstName=george&lastName=orwell&city=new- york&state=NY. We take advantage of this to find out which providers have you in their database first, before invoking the formal opt-out. These HTTP requests require less information than the formal opt-out processes do, plus are buried inside of the millions of other search requests that are happening through their open web marketing channels (e.g. paid search affiliate, SEO, etc). We've been able to find many more exposed profiles this way than the more old-fashioned approaches other services use such as manual searches and the bulk "spray and pray" emails. Also, it lets us provide our users with a dashboard full of these links they can use to discover and verify what's out there on them. Many people prefer to submit opt out requests on their own, or are already working with a different removal service; in those cases, our dashboard can be used to double-check and verify that work. Visibility and transparency is rarely available to consumers in the world of personal data, so when we demo the product to people who care about their data privacy, it's often a "wow" moment. A common question we get is "And what about you? Why should I trust _you_ to collect my data any more than these shady outfits?" To be clear, we do not sell data. We are not a data broker, and do not have any financial relationship or any affiliation with any data broker. If you are looking at an information removal service, research the company carefully. Many other services have deep ties into the data broker industry through affiliate partnerships, data sharing arrangements, and financial relationships. We do not. More on that here: https://www.optery.com/privacy-policy/. You can delete your account at any time and all information we hold about you will be destroyed. Unfortunately, there is a catch-22 where in order to opt out of people-search sites, you must first tell them who you are (otherwise, how else would they know who to opt out!). To create an Optery account, we require only the minimum amount of information necessary for this, which is: First Name, Last Name, Year of Birth, Current City, and Current State. For most people, this is no more information than what is already publicly available online. We also offer users the option to give us more precise details (such as a full birth date rather than just birth year, past addresses, etc.) because this can increase the accuracy of locating profiles at data brokers and opt outs. This is entirely optional though. The only required info is the absolute minimum, without which there would be no point in creating an account, because we would not be able to find or remove you. We have a freemium model. When someone creates an account, we send them a free Exposure Report with ~70 screen shots of where they've been found, which lets them see where their personal details are posted online and being exploited by data brokers. From there, they can decide if they'd like to use our free tools to submit opt out requests on their own self-service, or they can upgrade to a paid tier and we'll remove the profiles for them. We launched Optery as a Show HN last year (https://news.ycombinator.com/item?id=27662114) and the feedback from the community was enormously helpful. We prioritized a bunch of features like adding MFA, expanding our list of data brokers, streamlining UX, and clarifying our privacy terms and practices, all based on feedback from our Show HN. We'd love to hear your thoughts on the current iteration! Author : beyondd Score : 67 points Date : 2022-03-08 19:22 UTC (3 hours ago) | loriverkutya wrote: | After the unroll.me incident, I cannot trust any US company not | to do it again. | pbiggar wrote: | I have this problem, except that my phone number is associated | with my old company. So I get dozens of spam phone calls every | week from sales people believing that they are calling the | switchboard for the company, and asking to be connected to some | random executive. | | Would Optery be able to help with that? | newman314 wrote: | The Ultimate plan is supposed to cover BlockShopper. From the | last time I looked at this several years ago, it is basically | impossible to remove information from BlockShopper. What has | changed? | beyondd wrote: | We have a page up on our Help Desk referencing data brokers | that ignore opt out requests (the 5% mentioned in the post | above). We refer to these data brokers as "Dishonorable Data | Brokers". BlockShopper is one of them. | | We prefer not to give Dishonorable Data Brokers a free pass, | and continue to pursue multiple channels to have our customers' | profiles removed from these data brokers, even if they are | currently "Dishonorable" and do not honor opt outs, like | BlockShopper. | | We have seen cases in the past where through persistence, | dishonorable data brokers eventually start honoring opt out | requests. Below is the Help Desk post with more info on this | topic: | | https://help.optery.com/en/article/coverage-limitations-for-... | nonameiguess wrote: | I'd like to take you at face value and not kind of low-key impugn | your honor as seems to be happening in some of these other | comments. But I still see a problem with the basic core concept | here. As you state upfront, these data brokers are just scraping | and aggregating from public data sources. As long as those data | sources are still out there, your information is still out there. | Some other aggregator can come along or a stalker/identity thief | can just use primary sources. You're not going to get court | records, property ownership, voter registration purged from | public view because those are intended to be public by law. | | The real solutions are one or both of either make privacy a | broader public priority than transparency, which is unlikely to | happen, or stop making facts about yourself that are part of the | public record an authentication mechanism. | beyondd wrote: | To take your first point one further, services like ours don't | do anything to remove people's info from the dark web. Indeed, | no one can, that's the entire premise of the dark web. | | And there are some data sets that are inherently difficult to | remove, e.g. public records, voter records, etc (as you pointed | out). However, we often can get this type of data removed from | the for-profit web sites that re-publish it and market it | online. And we do remove the vast majority of information | that's out there on individuals, dramatically reducing your | surface area for discovery and attack. For example, many of the | web sites that re-publish public records, usually only publish | very limited amount of information, and lead to other sites | that have much richer and more sensitive information like phone | number, email address, age, home address, family members' | names, etc. | | Its very difficult to get _everything_ removed, but if you can | get rid of 99% of it, you can maintain a much lower profile and | make it that much more difficult for someone that 's trying to | act against you. If a bad actor is just looking for a victim, | they're more likely to move on to the next person that has done | nothing to protect themselves. | | Also, having a low profile might be a signal to bad actors that | you take your privacy and security seriously, you have good | security hygiene, and are likely to have other security | mechanisms in place to protect you, and make their task more | difficult, like identity theft protection, a home security | system, a VPN, or even Multi-factor Authentication. | opteryqthrow wrote: | Does your service cover websites that scrape arrest records and | create pages based off that? I had a public intox arrest that was | since expunged/sealed, yet the record persists on a lot of pages | deep in the Google index. Would definitely pay for the removal of | these listings. | IG_Semmelweiss wrote: | I dont think it will be deep in the google index, if one knows | where to look | | https://www.judyrecords.com/ | hirundo wrote: | If they _are_ yet another data broker with a novel phishing | pitch, giving them your info just adds it to one more list among | many. If they 're legit, they could lower the spam volume by a | few decibels. Seems like a reasonable risk/benefit ratio. | Nextgrid wrote: | I think this company itself is legit, at least for now, but the | risk is that they'll forward this info to 200+ data brokers to | "opt-out" - would you really trust them to actually opt you | out, as opposed to opt you in (if you weren't already in there) | and silently set a flag saying this person is of even more | interest? If they can tell that the opt-out request comes from | such a service, this increases the value of your profile even | more as it's a signal that you might have enough disposable | income to pay for such a service. | annoyingnoob wrote: | Looks interesting. What makes Optery different than several | existing services that do the same thing? | dheera wrote: | How do you compare to OneRep? | benrapscallion wrote: | I'm signed up for this service and while I am generally | satisfied, they have placed some of the most common websites in | their most expensive tier. If I contact their customer service, | they write back with a condescending tone. | EnergyCrush wrote: | nocommandline wrote: | 1) Are you getting the data brokers to entirely delete a person's | information from their records or are you just trying to prevent | the information from being displayed online? If the latter, then | this is only half a solution because the data broker can still | sell your information. If the former, is there any way to | actually confirm the information has been removed. | | 2) How do you handle making sure that you are not 'adding' more | information to a data broker who already has information about | you? For example, a friend of mine once found his information | publicly available on a website on the internet. To remove his | information from being publicly displayed, the website required | him to provide a phone number where he would receive a | confirmation text code that he had to add to the removal request | form. This essentially means the website now has more information | (another phone #) about him. | | 3) Some of the information these websites display are gathered | from public government databases like court records, county | registrations of house sales, etc. I would assume those records | can't be 'removed' or 'hidden'. Do you have a specific way of | dealing with such? | [deleted] | Nextgrid wrote: | I don't see how this can work at a fundamental level. | | You're telling me that to remove my info I have to essentially | give (through your service) all these companies & data brokers my | info so they can opt me out, and actually trust them that they'll | do so? If anything, opting out is a signal that you may actually | be of more interest to them than not doing anything. If these | companies can also infer that the request is coming from your | service (and they will, unless you use random proxies and browser | automation), the flag becomes "this person has enough disposable | money to pay for such a service" which suddenly increases the | value of your profile by orders of magnitude. | | How are you going to make money to justify the VC funding? VCs | rarely fund boring, sustainable businesses that sell a service | and make a slim profit; for them it's all about hypergrowth, but | I don't see the potential here - unless of course you start doing | the very thing you're currently protecting against. The simple | fact that it's VC-funded tells me to steer well clear. | | The only proper way to deal with this is with GDPR-like | regulation and actually enforcing it - the latter has been | lacking in Europe, but thankfully seems like it's somewhat picked | up recently. | troydavis wrote: | > You're telling me that to remove my info I have to | essentially give (through your service) all these companies & | data brokers my info so they can opt me out, and actually trust | them that they'll do so? | | Other people raised that concern when this appeared on HN | (https://news.ycombinator.com/context?id=27668140), and at the | time, that's indeed what the service did. | | Even if one ignores intentional misuse, simple incompetence by | a data broker seems like enough to cause a problem. It only | takes one data broker to commingle fields from opt-out requests | with existing data (and then share/sell/trade that existing | data) for the opt-out fields to spread. | beyondd wrote: | That's certainly one way to look at it. Another way to look | at it is that if you do nothing, you information will | continue to persist, multiply, and propagate unchecked. Those | that take the time (or money) to remove the profiles, have | dramatically reduced online footprints, which is why these | types of services are becoming more and more popular. Many | companies are starting to mandate their employees use | services like ours to strengthen their security posture to | reduce exposure to phishing, hacking, email spam, etc. | troydavis wrote: | I'm all for spending the time or money to remove my | profile. I'd rather also spend a little extra time to see | where I'm listed and evaluate that organization, though. | beyondd wrote: | Anyone can submit opt outs, with, or without, a service like | ours. The vast majority of data brokers do remove the | information after an opt out request is submitted. | Unfortunately, over time, many data brokers start adding it | back. The CCPA (California's Privacy Law) permits a data broker | to stop honoring an opt out after 12 months. | | To answer your question though, yes, in order to get these | companies to remove your info, you have to submit an opt out | that identifies who you are. There is a catch-22, otherwise, | they would not know who to opt out. | | There are a multitude of reasons why people submit opt outs | beyond whether or not the person can pay, e.g. victims of | domestic violence, police officers, public figures, government | officials, members of the military, etc. The data brokers are | aware of this and generally have processes to accommodate the | requests. | | Millions of people use some form of identity protection to | protect themselves from identity theft, email spam, phishing, | scams, hacking, etc. It is a multi-billion dollar market across | the consumer, business, and government levels. | | I do agree that we need stronger privacy laws in the U.S. ASAP! | striking wrote: | > I have to essentially give (through your service) all these | companies & data brokers my info | | Happy user of Optery here: you don't have to give Optery a | whole lot of info. No SSNs or anything, just things they would | search by to help you remove them. Are there fields for past | addresses or people you lived with or past names you may have | had? Sure. Do you have to fill them out? No. Are they provided | in bulk to the data brokers? No. | Farfromthehood wrote: | I have a paid premium subscription with optery. I provided them | with minimal informed and have been pleased thus far. | | Good customer service. Fairly quick response time. | | For years, I've performed monthly searches on my name and | naturally submit opt-out requests from whatever data brokers I | found. | | I signed up for optery using a couple discounts from stack social | (or one of those sites). | | They found DOZENS of listings under my name. I was surprised+ | pissed, but optery has manager to remove most of them. They send | a quarterly(?) PDF update containing before and after screenshots | of days brokers where my info was once displayed. | | I still perform my monthly searches and report any findings to | optery. They've been receptive and apologetic whenever I find my | info online. | | That's my review. Ask questions if you want. | huhtenberg wrote: | Your homepage pulls something off: facebook.net | googletagmanager.com profitwell.com hotjar.com | | Ain't that some potent irony. | beyondd wrote: | We've been testing ads on Facebook, even though we don't love | their privacy track record. But what Facebook and Google do | with ads targeting, is very different than what the people | search and data broker sites do posting and selling people's | email, phone number, IP address, home address, political party, | ethnicity, etc in plain text on the web. | | Profitwell helps us with revenue reporting and metrics, Hotjar | helps us improve our user experience, and Google Tag Manager | makes the delivery of these vendor's tags a little easier. | | We disclose the third party vendors we use here: | https://www.optery.com/how-we-secure-your-data/ | mazlix wrote: | I think you're being a bit hard on them... The FB and GTM are | likely to track how well their ads are converting users - it's | reasonable for them to advertise to try to get this service | infront of your eyeballs. Facebook doesn't sell user data, just | uses it for (selling) advertising. | | Hotjar is great for providing heatmaps to see what parts of | their site are working/ not I mean sure it's tracking you but | only on that site AFAIK? | | Now I'm not familiar with profitwell, but just seems like a | basic CRM. | | I think there's a pretty big difference between this basic | Marketing SaaS tools / advertising conversion tracking and | doing something like collecting your personal real life data | and making it easy for anyone to search/dox you online. | huhtenberg wrote: | You must be joking. A bit hard on them? | | They sell removal of personal information off the Internet, | and yet they feed tracking data on their visitors to | companies _directly_ responsible for nearly complete | evisceration of personal online privacy. | tiborsaas wrote: | You are right, these scrips could only be loaded after user | consent. | mazlix wrote: | I may be in the minority, but I make a distinction between | personal IRL information like searching my name reveals my | phone number or address. And online tracking information | like when I have this cookie or browse from this IP, show | me more X. Also Facebook is a large responsible company (no | major data breaches, etc.) I know they're hated on, but | something like Equifax is several orders of magnitude worse | in my opinion. | | Facebook (and maybe Google?) buy data about me to try to | match me online so they can provide ads on their own | service, but they don't reveal my data to anyone else - | advertisers don't get my phone number or physical address | or even email from them, when they want to advertise to me. | | The companies that optery seems to be fighting against are | ones that post my physical address and phone number and | family members and name online in one spot so anyone can | find it, without me ever opting in to that. | not1ofU wrote: | >> Also Facebook is a large responsible company (no major | data breaches, etc.) | | First result for: "facebook data breach" | | "Data from 533 million people in 106 countries was | published on a hacking forum earlier this month. Facebook | said the data was old, from a previously reported leak in | 2019. It has denied any wrongdoing, saying that the data | was scraped from publicly available information on the | site." | | Dated: April 20th 2021 | | There was 100% phone numbers linked to real names and | email addresses (at a minimum) in that breach. That may | not be what you would consider to be major, however. | 9wzYQbTYsAIc wrote: | Sounds like a new competitor to DeleteMe. | beyondd wrote: | Optery does compete with DeleteMe. There's some info on how | Optery is different than DeleteMe here: | | https://www.optery.com/introducing-optery-remove-yourself-fr... | | PCMag also compared Optery and DeleteMe in their review here: | | https://www.pcmag.com/reviews/optery | tstegart wrote: | Can you delete my old HN comments? | striking wrote: | You can have your old HN comments deleted by emailing the mods. | There's limits to how much they'll delete, but they definitely | don't want you to get into trouble over something you posted on | HN. | na85 wrote: | >There's limits to how much they'll delete | | Yes it's a huge problem. Many of us (or maybe just me?) would | not have been so candid on HN had we known our comments would | be indelibly preserved forever with no option for deletion. | | The stated reasons for this policy I've seen from 'dang | amount to "we don't like the look of a bunch of comment | chains with [deleted] everywhere" which I find insulting. | | I have a suspicion that the real reason is that the site | software conveniently doesn't have a mass-deletion function. | tstegart wrote: | Thank you, I appreciate that. | hld wrote: | Hi! | | As a EU citizen who spent weeks sending GDPR requests back and | worth with several data brokers I know just what a pain it is to | get some data deleted. Even if it was only "trivial" stuff like | things I have shopped for online (I always requested the data | they had before requesting that they delete it) it was a | laborious process. | | I have two questions for you guys: | | 1) As a EU citizen do I benefit from signing up to your site or | are the data brokers you are targeting focused on US citizens? | | 2) Why the monthly recurring fee? I would gladly make a higher | one off payment every now and then for the removal of my data. Or | is it monthly because you are keeping track if any of my data | shows up at some point and then immediately remove it? | beyondd wrote: | Great to hear you are fighting the good fight to protect your | data! | | To answer your question - NO - there is no benefit to signing | up for Optery if you do not have a presence in the U.S. The | only benefit would be that we will notify you in the future | when we begin offering our service in your country. This | sentence is buried in the post above "Optery is only for U.S. | residents for the time being, and this is one main reasons--the | problem is at its worst here." | | The reasons the service is charged on an ongoing recurring fee | are: | | 1) We are constantly adding new data brokers, so if you keep | the service running, you get covered for new data brokers as we | add them to your plan. | | 2) We do ongoing monitoring and scans, to find and remove your | profiles if they pop back up. Unfortunately, over time, many | data brokers start adding it back. The CCPA (California's | Privacy Law) permits a data broker to stop honoring an opt out | after 12 months. After opting out, many data brokers actually | display a message apologizing in advance admitting that | sometimes their opt out records are over-written by accident | which might cause your data to reappear. | tobylane wrote: | Are you able to use the internal processes these companies | made in response to gdpr? I wonder what happens if you copy a | "delete/send your data on me according to your | responsibilities in the EU" form letter and send it from a US | address to an international company. | teeceetime2 wrote: | Seems very useful. However, I am not a fan of a subscription- | based model for this sort of thing. I would hands down sign up if | it was a one-time transaction. If that were the case I would also | likely be a repeat customer every year. | beyondd wrote: | We do see people activate the subscription for a few months, | and then cancel their plan to downgrade back down to the Free | Basic tier. The Free Basic tier sends ongoing Exposure Reports, | so if they start to see more profiles pop back up, they re- | activate. Others activate the subscription for a few months, | then cancel, and then completely delete their account, and we | destroy all info we have about the user at that point. | chaostheory wrote: | I'm pretty happy with the service, and even the top tier is | affordable. | kieloo wrote: | This looks very useful. Is it available in the US only or in | other countries as well? | dang wrote: | From the text above: "Optery is only for U.S. residents for the | time being" - sorry that wasn't obvious (it's my editing | failure). ___________________________________________________________________ (page generated 2022-03-08 23:00 UTC) |