By far the biggest practical knock-on effect is if you match someone who's doesn't know their parentage (adoption/illegitimate children/etc) who can figure out their parentage as a result of that match.

Familial DNA crime searches are probably the next biggest, but they're still very rare at the moment and many of the DNA platforms don't allow them (GEDMatch was one of the few that do).

I’m assuming that the stolen information doesn’t have this limitation.

Stolen information has provenance problems that make it difficult to use as evidence of any crime other than theft itself in any system with even rudimentary due process protections and presumption of innocence.

I mean, it's hardly as if you are going to be able to get the people who handled the data between the people who had it lawfully and the time it got to the police on the stand to attest to it's integrity.

(That doesn't prevent its use in investigations, but it means that it would only lead to convictions in a contested case where the police used it to locate proof that was legally sufficient without the use of the DNA as evidence.)

https://en.wikipedia.org/wiki/Parallel_construction

(obviously if your threat model includes intelligence agencies, etc. then your calculus might be different)

https://en.wikipedia.org/wiki/Parallel_construction

You know what parent a male's X and Y came from.

You can use phasing and linkage to reconstruct parental haplotypes.

You can identify which parent any chromosome came from. They're all marked, and the same genetics may do sharply different things depending on whether it was inherited from the father or the mother.

Inability to recover this data has nothing to do with "the nature of DNA" -- the data is very much present in the DNA. It's unrecoverable because when we summarize DNA, we leave it out.

I did not know this. This sounds interesting! Can you provide any google search terms (or a link) where I can read more about this? (e.g. a name of what they are marked with) This surprises me. I thought that there was a process by which portions of the two copies of a chromosome get switched between the two. Is that right? How does that fit together with these markings?

(If these questions would be answered by searching for whatever search term or reading whatever link you provide, I would consider providing said search term or link to be answering these questions)

The term I know related to this is "methylation". https://en.wikipedia.org/wiki/DNA_methylation . I don't know all that much about it; I would not want to claim that methylation is the only such mechanism, or that this is the only information expressed by DNA methylation.

> I thought that there was a process by which portions of the two copies of a chromosome get switched between the two. Is that right? How does that fit together with these markings?

Yes, that's correct. "Crossing over" does not occur during ordinary cell division ("mitosis"), in which one of your cells divides into two of your cells -- your chromosomes should stay the same (except for new mutations) through your life.

But it does occur during meiosis, the process by which one of your cells divides into four sperm or four eggs (these are "gametes", and in terms of chromosome content they are only half-cells, not full cells). Your children's chromosomes may therefore differ from yours.

So the interaction between parental marking and crossing over would broadly look like:

1. You are going to produce four gametes.

2. Remove the parental marking (indicating the sex of the gamete's grandparent) from the cell undergoing meiosis.

3. Do the crossing over.

4. Apply parental marking indicating your own sex (the gamete's parent, rather than grandparent).

5. Divide into four cells.

I don't actually know where the unmarking and remarking occur in the process; maybe reality is more like 2435, or 3254. But both crossing over and applying correct parental marking are part of meiosis -- since meiosis produces a cell that belongs to your child rather than a cell that belongs to you, it's easy to know what kind of marking should be applied.

You're right that you could reconstruct parental haplotypes, but that reveals a fairly limited amount of data, typically you'll share haplotypes with many millions of people.

Not yet.

"Access to equipment containing health information should be carefully controlled and monitored."

https://en.wikipedia.org/wiki/Health_Insurance_Portability_a...

It's not, not even close, It's a law that very narrowly applies mainly to insurance companies and healthcare entities that accept medical insurance.

As a general rule - if insurance is never involved HIPAA doesn't apply.

If you got a DNA test prescribed by your doctor for a diagnosis or even for genetic counseling then HIPAA applies. It's not the nature of the data, it's the nature of the organization dealing with the data.

I have no idea where this mass misunderstanding came from

No. This is just plain false.

HIPAA applies when personally identifiable health information is shared/exchanged. And it applies whether the data is electronic or physical (paper).

(I am NOT saying DNA falls within the HIPAA guidelines.)

But a covered entity may not. And there are many covered entities which are not insurance related. That is all I was trying to say.

DNA services are not currently considered covered entities.

They should be, IMO, but I believe Congress would have to act.

You don't get a choice if your uncle, grandmother, aunt, niece or son share their DNA with law enforcement.

What workarounds insurance companies come up with to circumvent the spirit of the law and how well it can be enforced will be interesting.

Also, I found out last time this discussion came up on HN that the law prevents it being used for regular insurance but does not apply to life insurance.

Insurance is highly regulated, insurance companies have specific legal ways to underwrite policies, the idea that life insurance companies are going to secretly use stolen data of uncertain provenance in their underwriting instead of just making you submit a dna sample is, quite frankly, silly.

If there's enough money to be made, I'm sure the Usual People will be persuaded to bend the law until it gives way.

* Identifying future medical risk factors

* Solving 30-year-old cold cases where DNA is the only evidence

* Identifying parentage in adoption cases

* Linking them to the location of a crime using Clearview AI and similar scraping facial recognition services

* Creating fake but believable defamatory photos and videos, such as deepfakes

* Being scraped and used in fake profiles by spambots and other nefarious actors

* Being exploited as a tool in identify theft and identify fraud, via various kinds of social engineering.

Do you not consider some of these scenarios worthy of a similar amount of consideration?

It is not up to me to decide to just release such data. Because it encodes other people's data too. If I were to release my financial records because "it's my data", i'd be exposing a lot of people, organisations and companies who I had interaction with.

With DNA I'm not so sure.

I am aware that "an ecommerce platform" is something else than "your personal finance", but the principle is the same: X shouldn't release other people's financial transactions just because those were done with X.

https://www.npr.org/sections/health-shots/2018/08/07/6360262...

The point is, at the very least it's a grey area, so to dismiss the counter points so airily as you have done on such a serious subject indicates - at best - a lack of reflection and respect for the rights of others.

The police used the crime scene's partial DNA and compared it to somebody's 23andMe sample.

Thanks a lot, grandson!

"This is a GDPR erasure request. Your site contains my PII by way of that of my father. Please erase this information and indicate that you have complied within 30 days."

Shall I try it?

1. Having your DNA already in the database

2. Your DNA being out somewhere on the street where it could only be linked to you by name through a targeted reconnaissance effort

Has Street View been a problem for the world in that way? I haven't personally experienced that. That's probably why the DNA database idea doesn't scare me. If you want to live in the world it's essentially impossible to keep your DNA a secret. It seems to me that eventually someone will pick it all up and organize it.

And what is with this “this terrible thing X will happen eventually, so why not have it happen now?” argument I keep seeing nowadays? Your argument was quite literally: “Eventually someone will collect all your DNA”, so who cares if it’s now or later?

Isn't this a form of victim blaming? How is this different than saying Black people should try to hide their skin color since in many cases they will be discriminated against because of it? We should be working to suppress the discrimination at it's source, not it's target.

Until we reach zero intolerance nirvana, you can't ignore that personal data collection at scale simplifies discrimination, and also opens up new methods for discriminating. Will there be benefits to society from personal data collection at scale? Of course. But there are also costs. There are plenty of examples of people whose ideas or products became used in unforeseen ways and regretted their actions.

Discrimination should be suppressed at source and systems that simplify its manifestation in the real world should be handled extra carefully.

Just because you can't stop something doesn't mean you shouldn't even try. Otherwise we might skip having laws altogether.

What good will it do you that there's an international ban on DNA databases when corporations use the impossible-to-stop one anyway to discriminate against and target you or the police use it anyway to throw you in prison.

The most helpful course of action imo is to learn how best to cope with this new reality. How should we set our expectations when our DNA is public and searchable? Are there behaviors that would once be safe but will not be in the future? I think those are the more relevant questions.

... unless you were to look it up maybe, in this leaked dna database.

Dna is not inherently an identifier. It needs the lookup code in order to act as one. A database like this MAKES it no longer a secret.

There is a complicated procedure to convert this skin scales to data. Not everybody is able to do it, so if is not a secret, neither is exactly open data.

Companies shouldn't be allowed to aggregate and resell that information. Hope the GDPR will give grounds to close shops doing that.

edit: typo DNS instead of DNA

But is it really? I think the point being made here is that actually it is relatively easy to obtain someone's DNA. Is there a law that prevents someone who knows your name from picking up a discarded coffee cup and extracting your DNA? I think it's an interesting debate. Is your face private? Is the sound of your voice private? Those things are unique to you but anybody that interacts with you will be exposed to those features including possibly your DNA. I guess the concern is how the data is collected, what it is used for and in the case of DNA the impact it has on anybody that has a genetic link to us. I think it's fair to consider DNA in separate category. There's only so much that can be deduced from your face as compared to DNA. It's tricky...

We're ok with the former since the dawn of times, we're not happy with the later being digitally shared around the world.

https://www.myheritage.com/

To someone who grew up in the U.S., GEDmatch sounds like a dating site for people who took a test in lue of completing secondary education.

GED files have been used for decades in genealogical circles at least. So I think that's what they're referring to?

https://en.m.wikipedia.org/wiki/GEDCOM, for example.

Millions of GEDMatch accounts where opted in to share info with the police, without consent. Also, user emails where leaked, which lead to a phishing attack targeting MyHeritage users. 16 of them fell for it and they passwords were stolen.

> Mormons trace their family trees to find the names of ancestors who died without learning about the restored Mormon Gospel so that these relatives from past generations can be baptized by proxy in the temple. For Latter-day Saints, genealogy is a way to save more souls and strengthen the eternal family unit.

http://www.pbs.org/mormons/etc/genealogy.html

I die bravely in glorious battle and am chosen by the Valkyries for Valhalla. One evening as we feast after that day's fighting, quaffing giant tankards of mead and boasting of our deeds, there comes a knock at the door.

Two young men in suits enter, and go to speak to Odin.

Odin then call for me to come over. He tells me that the young men are Mormons, and that some distant relative born long after I died (great-grandkid of a second cousin or something like that) has joined the Mormon church and has been busy baptizing the whole damn family tree.

Odin tells me I'm Mormon now, and cannot stay in Valhalla. I must move to the Mormon afterlife.

(Actually, the Mormon afterlife doesn't seem all that bad compared to that of most Christian or Christian-adjacent religions, in the sense that if you reject their teachings but still live a decent life you get a decent afterlife).

But then again, while in Mormon theology the spirits are immediately sorted into paradise and "spirit prison" upon death, they can apparently communicate across the boundary between the two; and those in paradise can thus evangelize to those in prison, until they convert. So by the time they get their proxy baptism, they would presumably be convinced of its necessity.

(Although I never understood why that would even be necessary, given that by that time they already know, and thus don't have to believe...)

And yeah, Mormon theology is not what you'd expect from a religion that's so rigidly socially conservative. Between near-universal salvation and extreme Arminianism, it's really one of the most liberal among Christian denominations.

So even the Mormons admit that having Mormons constantly trying to convert you for the rest of eternity is what hell is like... :D

And while many Mormons take the necessity of baptism (even if after death) very literally, it is important to understand that they also believe that anyone who missed the chance to accept a posthumous baptism, will get that chance during the millennium of Christ's reign on earth, pre-judgement day.

All of that is to say, Mormons aren't frantically searching their genealogy to baptise everyone for fear their ancestors will burn in hell. There is a belief that seeking out and understanding your geneology and then setting aside time to go to the temple is beneficial to ones spirituality and well being.

If you want eternal life, you want to go to Fólkvangr.

"ὁ πιστεύσας καὶ βαπτισθεὶς σωθήσεται, ὁ δὲ ἀπιστήσας κατακριθήσεται."

That's the closest we can get, although Jesus would have assumedly spoken these words in Aramaic, not Greek.

Source: http://bibletranslation.ws/trans/markwgrk.pdf

> The Church of Latter-Day Saints believes that you can't get into the Promised Land unless it's baptized you – but it can do so if it knows your name and parentage, even after you're dead. Its genealogical databases are among the most impressive artifacts of historical research ever prepared. And it likes to make converts.

> The remaining faithful of the Latter-Day Saints are correlating the phase-space of their genome and the records of their descent in an attempt to resurrect their ancestors.

> ...the panopticon-logged Net ghosts of people who lived recently enough to imprint their identities on the information age, and the ambitious theological engineering schemes of the Reformed Tiplerite Church of Latter-day Saints (who want to emulate all possible human beings in real time, so that they can have the opportunity to be saved).

That results in a a fun version of the simulation hypothesis where we're all simulated beings in some Mormon-Tipler Heaven.

There was a Chinese general who supposedly did something like that using a firehose.

But the point of the whole thing is actually to spend time learning and researching your family history. In other words, the literal posthumous baptism is not the point. That's the ritual. It's what to learn and do along the way of accomplishing the ritual that is the point.

Note: in Mormon theology, those that die and receive their baptism by proxy still get to choose to accept or reject that baptism in the afterlife.

This always struck me as one of the most stupid and illogical tenets as it's in opposition to the concept of loving and just God: why create millions of people who have no chance to meet the Gospel, and then automatically condemn them to suffer forever, just like that, for nothing? It really makes no any sense! And yet, the modern world lives on remnants of these ideas.

https://www.nytimes.com/2012/03/03/us/jews-take-issue-with-p...

Baptizing the dead seems silly and quaint, but Christians used to ask, how is it fair to send the unbaptized to hell that never had a chance to be saved? Mormons should get some credit for acknowledging the unfairness and coming up with a "solution".

I think it's a sad commentary on human nature that the Christian sects that don't believe anyone goes to hell at all are even more fringe and taken less seriously than Mormons.

One reason they might not be taken seriously is that in the Bible Jesus directly talks about people being in Hell.

Jesus talked about people being in Gehenna (burning trash dump outside Jerusalem), Hades (Limbo or Paradise, Sheol in Hebrew) and I think Tartarus (deep pit). Tartarus may be OT only, I can't recall ATM.

All those terms, each with it's own intent and meaning, were later rolled into Hell (which received a new meaning, one different from any of the original terms). This was eventually codified during one of the Ecumenical councils (1st council of Nicea?)

> Then they will go away to eternal punishment, but the righteous to eternal life.

Diction mattered a great deal to Christ. Gehanna (Hebrew: Valley of Hinnom; גיא בן הינום) was a location in Christ's time, that was likely associated with burning, destruction and loss - things that one might be expected to feel in the absence of the Creator.

Hades was where all dead went and remained until the day of judgment. Christ's reference to it as Paradise implies it isn't a place of suffering. Catholicism's Limbo implies it is a place of waiting.

The modern notion of Hell as a location dedicated to the eternal suffering of man, is quite different from either of those places.

Did God create this place?

One view[1][2] is that Hell isn't really a place, but rather a state of being, and the primary suffering of Hell is the separation from God[3]. God didn't create it, rather we ourselves created it by separating ourselves from God through sin.

[1] https://www.stbensduluth.org/blog/fr-joel-hastings/who-creat...

[2] https://en.wikipedia.org/wiki/Christian_views_on_Hell#State

[3] https://www.vatican.va/archive/ccc_css/archive/catechism/p12...

What about Matthew 25:46?

> Then they will go away to eternal punishment, but the righteous to eternal life.

That article seems to assert that Jesus taught the soul cannot live apart from the body. There are various other quotes from Jesus contradicting that. John 14:1-3:

> Do not let your hearts be troubled. You believe in God; believe also in me. My Father’s house has many rooms; if that were not so, would I have told you that I am going there to prepare a place for you? And if I go and prepare a place for you, I will come back and take you to be with me that you also may be where I am.

John 18:36:

> Jesus said, "My kingdom is not of this world. If it were, my servants would fight to prevent my arrest by the Jewish leaders. But now my kingdom is from another place."

Luke 23:43:

> Jesus answered him, "Truly I tell you, today you will be with me in paradise."

Nevermind that the gospels themselves are copies of copies of texts that were written long after this man lives.

Having been brought up evangelical Christian I just find the whole thing kind of baffling and a little enraging now. What I was taught was in scriptures isn't, really. If you read them again without the template of the interpretation given by the church there's dozens of different ways to interpret that look nothing like Christian (protestant or catholic) theology.

If I weren't an atheist now I'd at least be some kind of heterodox non-Nicean blasphemer, because it's absolutely confusing to me that anybody can take the council of Nicea and related councils seriously.

Taking parables literally obviously we shouldn't do. But interpreting them and building a theology around them seems to be exactly what Jesus wanted. Jesus even interpreted some of them for his apostles (Mark 4:3-20).

Jesus never said we should take scripture as our sole source of truth and ignore other sources. Jesus gave the power to guide the Church to his apostles, and specifically Peter (Matthew 16:18). We can even see the apostles using this power in Acts 15 to establish doctrine. A good explanation of this is in this video[1]. They can continue to use this power at the council of Nicea.

[1] https://www.youtube.com/watch?v=jJCbCs-y1_k

Mormons were hardly the first Christian or Christian-adjacent group to come up with a solution to that, though perhaps one of the earlier groups to adopt a single solution as a firm doctrine rather than leaving the question doctrinally open with multiple possible solutions proposed and not condemned by authority.

https://en.wikipedia.org/wiki/Primitive_Baptist_Universalist

...who are described as taking Calvinism to its logical conclusion.

It says "Bill Leonard estimated in 2011 that there were 1,000 or fewer PBU adherents in total, concentrated in 20 counties in Appalachia"

Genealogy is a side effect of this, I have the vague impression that they need to know who you are to baptize you; however, everyone on the planet is a member of the same "family".

If it turns out that there were two people with the same name born in the same town on the same day... well, the angels will help figure that out later.

If buying your ticket for a party that requires a ticket but you don't have to go to if you don't want to is "incredibly rude and conceited", you would have good reason to condemn all of Christianity similarly for Christ's claim that he paid the mandatory price for your sins, buying you a ticket to heaven that you'll need (Christians claim) but that you can either accept or reject, as you wish.

Mormons offering to extend the deadline for you to decide into the next life is hardly "incredibly rude and conceited" IMO.

after it became the official religion of Rome their aristocracy increasingly took up bishoprics, wich were much more powerful then, and acted as great lords do. paul johnson's a history of christianity is a good read if you want to know (lots and lots) more

&

MyHeritage has clearly lost their way. They've all but abandoned their research role (their once-excellent post 1940 records are nearly unsearchable now) to one obsessed with DNA & image gimmickry.

This seems like the opposite of how a sensible permissioning data model should work.

I understand that in specific instances, for example when paternity is in question or if a person is hiding from someone this information getting out could be catastrophic, but that applies to such a tiny portion of the population. So for most people, what is the downside to some random individual knowing the country of origin one's ancestors are from or that they might have a genetic predisposition to heart disease? It isn't like any reputable company is going to be able to use this information against us.

Plus in the long term there are likely going to be ways to get this information directly and almost instantaneously from any personal interaction you make since we can't really stop ourselves from shedding our DNA wherever we go.

First scenario that comes to mind: The insurance company that gives you an extremely high quote because you come back as "high risk" from a 3rd party company that they use to vet applications, and that 3rd party company uses your genetic predisposition for a condition.

The punishment for violations of the Genetic Information NonDiscrimination Act can be up to a million dollars in fines and some jail time. It is exceedingly rare for corporate officers to go to jail for acts of corporations, so likely violations would simply be fines. Cancer is expensive to cover (less so for insurance companies working with hospitals, much more for you and I), and the fines are relatively small, with the chance of jail time exceedingly small. I am unaware of anyone who has been prosecuted under this Act at all. I did a cursory search and didn't see anything.

The forgoing leads me to believe that like many crimes that have low rates of prosecution and relatively small fines, it would probably make sense for a corporate board (or series of employees acting under mutual light peer pressure) to use DNA information as an input into their actuarial tables.

Additionally, it would be difficult to spot clusters of people who are otherwise healthy with high insurance quotes. Even if you had the actual insurance quotes, getting peoples' medical information, especially in bulk, is extremely difficult because the aggregators of such information are typically bound by HIPAA.

All that to say, I think this is an extremely reasonable concerned and I would be shocked if companies didn't already use DNA information in some form, even if that form is as some input to a machine learning model, but I'll demurr on that subject because I know little about it.

Also you don't need to have a massive amount of HIPAA protected data to be publicly available for someone to notice. There are plenty of independent insurance brokers who serve as middlemen between consumers and the insurance companies. These people have access to all the medicals and usually end up having a decent understanding of how that translates into insurance rates. A drastic change in how insurance companies rate risk would be quickly noticed by these brokers. Right now if a broker receives a particularly bad rate from a specific insurer due to a quirk of their actuarial numbers, they will often turn around and apply to a competitor. That means any single insurer using this information wouldn't necessarily do that much damage to end consumers. It also means that any single insurer who did this would quickly get a reputation for providing rates that look unexplainable on the surface and it won't be long before people start asking why. Once again, I just don't think this is a realistic scenario.

It wasn't HIPPA protected when it was on my heritage, and it won't be healthcare data when it's eventually leaked and resold.

If you don't think legitimate companies are interested in buying that data, look around at the market for our password breach and identity theft data. There's a brisk, legal trade.

> look around at the market for our password breach and identity theft data. There's a brisk, legal trade.

If it is so easy to acquire this data legally, do you want to point to a business from which one can legally purchase "identity theft data"?

But there are more than a handful of "threat intelligence" or OSINT providers. I'll let you Google it for yourself.

People knew about both.

> An employer who looks at an applicant's Facebook page or other social media posts could well learn information that it isn't entitled to have

True, but you cannot unlearn things...

So the believe in laws prohibiting information spread might need rethinking.

The problem with laws is that they can be changed relatively quickly while your DNA, and many other things, can't.

Afaik pre Hitler Germany already had a pretty extensive personal registration system that included thing like birth date, sex, _religion_... Which became very convenient later on. Once the data is out there you have to trust the current government and companies as well as all their successors for your entire lifetime (and potentially more in case of your DNA).

It already started btw, some insurance companies give you discounts if you accept to wear their smartwatch to prove that you exercise, it's just a matter of time before it slowly extends to other things.

I am not currently worried about anything, but I also know that I don’t know everything DNA can be used for. My greatest concern consists of things some smart crook might think of doing.

While a reputable company might not use the DNA for fear of getting sued, they might use a crappy contractor who does not care.

Banks care about information security and take it seriously. They use a crappy contractor called Equifax which doesn’t.

tldr, CRISPR allows targeting bioweapons at specific individuals.

Availability, ease of use, likelihood of success/failure, and ability to be detected prior to and hence defended from, and for it to be detected after the act (who wants to be caught?) would all be considerations that may make it far more viable and attractive as a method, let alone the cost - bullets may be cheap but guns aren't.

Yeah, no one is going to go to all this trouble for some schmoe from the middle of nowhere. But imagine something like regime change as a motivation.

- you are the biological parent of this person who's looking for you, and if you want to stay anonymous…

- your husband isn't the father of his children, and if you don't want him to find out… (follow-up: both parents know but don't want the kids to.)

- you've been living under someone else's identity or a fake name…

- your ancestor was a slave-owner or Nazi or something and if you don't want the people you care about to know…

- your sibling isn't actually a blood relative, and so now the inheritance is in question…

These are all probably extremely rare cases, and were likely already known before or immediately after the test, but it's cheap to spam out the emails to see who's still trying to hide it. In a large enough population, it's still a worthwhile criminal enterprise. And their rarity makes them all the more vulnerable to blackmail. Where before it would have taken real legwork to find them, now it's just some data processing and emailing.

A similar concept is like those annoying ads for semi-legal websites where you can look up someone's criminal history, there could be a similar thing to look up someone's biological records. There might be a dating app in there too: filter for infertility or rare diseases?

There are plenty of other things, from the mundane to the exotic:

- having your medical care made more expensive or being denied insurance.

- being wrongly accused (and even convicted) because crime scene DNA was close to yours or a relative's.

- hiring based on genetic factors as in Gattaca.

- individually targeted attacks like the peach allergy from Parasite.

And again, that's off the top of my head; criminals are much more creative.

The key point that makes DNA (and other biometrics) even worse of a breach than credit cards or bank statements is it cannot be "reset."

Absolutely nothing.

The DNA records aren't the type that can be used to clone you, or frame you with some kind of non-existent DNA copying machine.

They are autosomal records. (or similar genealogical, or non-medical, types)

The people spinning fantastic fairytales about how the jackbooted thug of big brother is going to crush your throat probably don't even know what autosomal means and no amount of eduction will convince them.

I encourage everyone to submit their Autosomal DNA to public databases. You may bring closure to someone who has been or known a victim of a horrific crime and there is no risk to you.

You have at least one reply about insurance companies using this information to screw you.

1. This type of information is practically useless, actuarially, and

2. It has been illegal for them to do so for many years.

I can imagine the hacker swaps your name + account metadata on the data warehouse website with the DNA content of a murderer. Then you get a visit from the police just like you were being SWATted.

The mismatch is only found if the police bother to verify by doing a fresh DNA comparison (which they might, but only if they can't convince you to admit guilt first).

All of the hypotheticals in this thread (except for the CRISPR future superweapon) can happen right now without the need of a DNA leak: the US had an explicit system of racial discrimination encodes in the law until the mid 1960s without the need of 23AndMe. My insurer already has data about my genetic diseases and pre-conditions from blood tests I did as a baby.

I want to be worried about the leak, but I really cannot think of any consequence that's not a crazy sci-fi hypothetical or something that can be done more easily without access to the DNA database.

There is always risk. You probably don't see it yet just like only privacy-forward folks thought Facebook's encouragement to "share everything" publicly (circa 2007) foresaw the problems that would commit 10+ years later.

The small benefit of closure to a stranger who has already dealt with the grief of loss is not worth it for me. It depends on your personal value system.

> It has been illegal for them to do so for many years.

Laws can change. Just like I always assume a company can screw me after I agree to a ToS (eg. through a pivot, an M&A, or a bankruptcy), I assume any law can change with enough societal acclimation.

Also, laws are relative to where you are. If you try to visit another country, expect that they might have access to your leaked data. Hopefully you never want to work as a spy in the future.

Lots of things can happen and could have happened but never did.

This is analogous to the definition of "literally". It was misused so much that a new second definition for the word is close to the opposite of the original definition.

It's still worth mentioning the nuance at least occasionally.

But the unprivileged benefit from the privileged identifying longer term issues.

Watching The Genetic Detective[0] series has really shown what a great resource a searchable DNA database can be for people like CeCe in helping to solve violent crimes... even when they have been "cold cases" for so long.

[0] https://abc.com/shows/the-genetic-detective

The DoJ used similar wording when prosecuting Aaron Schwartz for using Python scripts to glue together "curl" calls.

The targets of the attack are doing their level best to control the narrative by spinning their attackers as extremely sophisticated so they don’t end up with a million or so people holding torches and pitchforks outside their offices.

That said, for my understanding: which political bodies are countries but not nation-states? Is this a reference to places like Singapore and the Vatican, which are probably more accurately labeled city-states?

> Present-day examples of multinational states are Afghanistan, Belgium, Bolivia, Bosnia and Herzegovina, Brazil, Canada, China, France, Ethiopia, India, Indonesia, Iraq, Madagascar, Malaysia, Mauritius, Montenegro, Nigeria, Pakistan, Philippines, Russia, Serbia, Singapore, South Africa, Spain, Sri Lanka, Suriname, Switzerland, United Kingdom and United States.

"Sophisticated" I suppose means above-average in complexity, which indeed could be "basically anything."

Step 2: Type in stolen password

Step 3: Click log in button

Step 4: ( •_• ) ( •_• )>⌐■-■ ( ⌐■_■)

Step 5: I'm in

One example of a "sophisticated" attack

curl is great if you already have the command crafted. My suspicion is that the Python script scraping a web page for URLs/IDs which then ran a curl shell command which saved the resulting document to the file system.

With password/payment/location breaches you have the ability to change what you entered as to invalidate/outdate the data which was stored.

Having your biometric/genome authentication data stolen or made public will be a nightmare.

There's no practical way to protect our genomes in meatspace. We're constantly shedding DNA into the environment. Hair, skin, saliva, etc. For example, an adversary can just tail us to a coffee shop or restaurant, and take a utensil or straw or napkin that we've used. And then submit the sample using a fake name, as investigators often do.

Edit: Those are excellent comments about scale. But generally, if you don't want to publicize your genomic data, just don't send in a sample.

  INSERT INTO Citizen(dob,ssn)
  VALUES 2030-10-28, sha(atgcaatgcatcgc..)