Public Records, Privacy, People-Search Antics, One Year Later
John Colagioia- Public Records and Privacy from Aug 1, 2021, 8:13am
A little over a year ago, started the process of removing information from people-search sites.
As promised then, I have posted monthly updates about my experiences in keeping up with this in the Entropy Arbitrage newsletter, andâOK, not quite as promised, since I âcalled my shotâ for July instead of Augustâthis post follows up on that post.
Summary of Experiences
If youâve followed the Entropy Arbitrage newsletter, then you probably know that I followed the process of searching for my private data online a total of thirteen timesâfourteen including yesterday, specifically to confirm that things havenât suddenly changed and time the processâand requested removal of anything that I considered too accurate or too precise.
I make the distinction of precision and accuracy, because I opted to leave bogus information behind. If you search for me, youâll find me living in multiple states, sometimes in office buildings, varying in age from my thirties to nearly eighty, and possibly maintaining multiple secret identities. I figure that this buys me some time, if valid information shows up. If a new address shows up, it might have some use, or it might come from yet more garbage. If an address vanishes, the site might have done so at my request, or maybe because they discovered a problem. Plus, it helps me imagine a much more exciting life than I actually lead.
Note: I have the luxury of acting cavalier about this bogus data, because it all falls into categories that I can identify as either benign or clear computer error. If you canât identify the source of something, then you should investigate it as possible identity theft, since that does happen.
New Information and Analysis
That said, a year later, the process looks slightly different from how it worked previously.
Primarily, and probably most heartening, once I grew accustomed to the process and the results, the time required to take care of this dropped from multiple hours to about twenty minutes. Some sites still waste time on lengthy interstitial animations about how secretive and sleazy you should see their work, but I also see far fewer of them than existed last year. But beyond that, the web browser already had the URLs in the history, and I had less thinking and analysis to do.
Also, many sites have finally put obstacles in the way of searches. Several major search-sites now require a state to narrow down the search, for example, meaning that someone who moves across state lines has turned one search into fifty. A couple of sites took down their public-facing search entirely.
Other issues, however, persist.
For example, almost every site wants to look as salacious as possible. They make a point of telling you that they plan to search criminal records and dating sites, especially. One goes so far as to claim that their results will probably include nudity. Several also make you agree to Terms of Service demanding that you refuse to use the provided information for illegal reasons, a rather explicit hint that the site exists primarily to enable those uses: âI canât stop you if you do, but try not to fire someone based on their address or family.â
Also, every site desperately wants to keep our data available. The entire business model involves teasing scandalous results for every search, to maximize the chances that searches will result in the sale of a full profile. I canât describe it in any way other than extortion, honestly.
Because of the extortion motivation, they vary the removal process, but always making sure to have us waste time. At one end, you have sites that require at least one CAPTCHA to submit your request for removal, then confirming your e-mail address for them. At the other end, Social Catfish in particular demands that you prove that you have a right to privacy, verify the correctness of the information that you want removed (thus making it more valuable), andâŚI actually donât know what comes next, because I filed complaints about them and threatened to sue, at that point.
Ongoing Plan
As mentioned, I have now gone through this process once per month for fourteen months. In that time, Iâve learned that data seems to propagate when significant life events occur to leak or expose data to these companies. Otherwise, though, not much seems to change significantly.
For example, when a family member moved, the various sites began to associate me with their old apartment. I would bet that most of the correct information about me got its last significant update when I bought my last car, though I havenât tested that theory.
Based on this theory, because I have the âcushionâ of chaff information to waste the time of anybody searching for me, and because my threat model doesnât suggest any immediate concerns, that suggests how to handle this going forward:
- Iâll still make routine searches on (probably) a quarterly basis. I can afford to waste half an hour of a Saturday, every three months, just in case I have a broken model of how this works.
- For any significant life-event requiring paperwork that might come up, Iâll drop back to monthly for a while, to track that spread.
- Maybe annually, I should search for new articles on this topic, to compare their list of sites with mine.
- When I contact my elected representativesâIâve unfortunately slacked off on thatâmake sure to mention the danger that these sites pose, and point to the California privacy regulations that we need to build on.
The first two should get me what I want. The third should make sure that my process doesnât get too far out of step with the threat. And the final item might make the rest of this work obsolete, if handled correctly.
Final Thoughts
Following up on that last bullet point, I said last year:
Nobody should be using your home address as a âteaserâ to sell subscriptions. You shouldnât be responsible for finding each of those companies, hoping that they abide by current privacy laws, and jump through the hoops that they put in place to request removal, while worrying that the request doesnât convince them that youâre more valuable. Your local government shouldnât be helping them, by providing information on everybody in the area to anyone who files a request. This business model simply shouldnât existâŚ
These sites put people in danger. Politicians and journalists routinely get death threats. Domestic abusers often outright stalk their victims. Anybody voicing progressive opinions online will receive some harassment. We shouldnât have businesses that profit from that danger, because they will find ways to amplify it, in the name of profits.
Until then, however, we need to put the work in individually, to protect ourselves.
Credits: The header image is untitled by an uncredited PxHere photographer, released under the terms of the Creative Commons CC0 1.0 Universal Public Domain Dedication.
No webmentions were found.
By commenting, you agree to follow the blog's Code of Conduct and that your comment is released under the same license as the rest of the blog. Or do you not like comments sections? Continue the conversation in the #entropy-arbitrage chatroom on Matrix…
Tags: privacy