If anyone cares, there are a nontrivial amount of companies who have your 'private' LinkedIn info. I don't know if they make fake accounts to friend you, recruiter profiles, or buy it from LinkedIn. I asked one to please remove my info, and they sent me a CCPA form. I told them I didn't live in California, and an agent acted confused and told me to just fill it out, it's the only way to remove it. In short, don't trust LinkedIn.
LinkedIn is pure cancer. They actively tempt you to message your contacts in a way where you think that the recepient would welcome your message right now but it's an opposite situation. This at best creates a communication gap and is at worst rude and might break up communication.
I'm shocked that Microsoft which is primarily bases on trust as far as corporate stuff is concerned went for linkedin. I hope they sell them or just burn them.
Nothing good can ever come out of linkedin they have less ethics than facebook and twitter.
I'm always surprised at the number of people in infosec or _really interesting_ defense positions who have linkedin profiles.
It's the lowest rung of where nation states target and you've just handed it to them on a platter.
As horrible as it sounds you all sort of deserve it for selling your soul to such a horrendous platform hellbent on fucking with its users. For some reason we're all worried about tiktok now though.
It suspect the Facebook DBA+backup teams are the most diverse team in the planet. They surely have representatives from every worthy intelligence service on earth working in perfect harmony.
People describe their company's entire tech stack, in detail on LinkedIn.
And the little shot of dopamine they get from being LinkedIn popular would probably make them happy to answer any questions you have about things they left out.
There's a difference between knowing all the pieces that go into a working machine, and knowing how, in what order, to what end, and all the little interactions and knock-on effects in the form of of unwritten knowledge that keep a company cranking along.
Go ahead and set yourself up a Tomcat cluster, an internal Tomcat cluster, some Oracle databases, and even go so far as to reverse-engineer a UI and maybe a data model if we're being extra ambitious.
IDK. A decade ago, I made a love connection. I apologized for misusing the medium. She said "Not necessary. I'm glad LinkedIn is good for something." We lasted about 6 months.
Linkedin does let you use the same GDPR mechanisms built for compliance even if you live in the US. I work there, not in these systems, but a bunch of development effort goes into maintaining meta-data. This is so systems can accurately auto-purge information when people close accounts or power the ability to export your data and make it as easy as possible.
>Well there was the well publicised man-in-the-middle attack by Linkedin.
>They repurposed user login details to silently rerouted all the user’s email through their servers for scanning and mining.
Isn't that technically not mitm? That would imply the user was using linkedin as a mail client/proxy or something. This is closer to fraud or phishing.
Two years ago, I got a real 'welcome to LinkedIn' email on my relatively new company email address with my real name that couldn't have been extracted from the address.
Password reset did not work, no account existed.
Best guess is someone there messed up when they merged some internal email lists.
This is an interesting question. I was technical lead for CCPA and GDPR implementation at my company. We keep hashes of email addresses that have asked to be forgotten and we compare new email signups with the hash list to make sure we never collect their information. Both laws allow companies to keep lists of requests but we like to be extra secure.
crunchbase is one such place. they harvested everything from my LinkedIn, I asked them to remove my profile they say it's not possible unless I also send them additional data (scan of my passport). they say it's impossible to remove my info because it is "crowd sourced" which may be the case today but from the data they have on me it is from when they had no users yet and when they scraped sh!t from linkedin:
*
Hello,
To comply with various privacy laws, we require the completion of this form to remove the person profile you have mentioned. If you would like to delete your personal profile page, please complete this form here.
Best,
Erika
----
Dear Erika,
thank you for the information.
I have never signed up to this site and therefore do _not_ consent to any information about me being stored on your systems and I do not care who creates these profiles. It is your responsibility under GDPR not to store information about me without my explicit consent and I therefore kindly ask for information about me to be deleted, further I expect any future profiles about me to be blocked from getting created and such info not to be stored also in the future.
In case information is not deleted within 30 days I will hand over this matter to my lawyer and also file a report with my data protection commissioner in the EU.
best regards,
----
dear <...>,
Thank you for contacting Crunchbase!
Please note, if you have an active trial or subscription we recommend that you cancel first before moving forward. Instructions on how to cancel your trial here. And instructions on how to cancel your subscription here.
If you would like to download or permanently delete your user account information, please complete this form here.
If you would like to delete your personal profile page, please complete this form here.
If you would like to deactivate your user account, please reply to this email to deactivate your account. You can contact support@crunchbase.com if you wish to reactivate your account at a later date.
Keep in mind, your user account is the private information that you can use to control your billing, login information, and alerts. A profile page is what displays externally on Crunchbase - these are completely separate. Because Crunchbase is a crowdsourced platform, any registered user can add or edit any profile page - profiles are not explicitly linked to any user.
Please feel free to reach out if you have any additional questions - we'll be happy to help!
Yep, same shit. Just checked my email, the last one in question was 'Apollo'. The form in question makes you attest you are a resident of California, which began the back and forth.
APOLLO
Dear Alex,
On behalf of Apollo, we are pleased to assist you in exercising your access rights under GDPR and/or CCPA. You may exercise your access rights as follows.
If you wish to remove the personal information that we have that is tied to your email address, then please respond to this communication by submitting the attached Identify Verification Form. We will then respond to your access request upon further email verification.
Why we require this: We require the above because GDPR and CCPA asks that we verify your identity to a reasonable degree of certainty before providing information: this is important, to avoid providing personal information to someone “spoofing” an identity. We believe this process provides that reasonable certainty while avoiding having consumers send us personal government IDs, which contain sensitive information and which we prefer not to receive. (And, unlike companies that deal directly with you, it’s not possible for us to verify you based on our prior relationship – like, by having you list your last movies watched, clothes purchased, or trips booked.)
If you prefer to avoid the above process, you can learn detailed information about the categories of personal information that Apollo collects, and how we source it, sell it, and use it for business purposes, by reviewing our Privacy Policy (available at: https://www.apollo.io/privacy). That Privacy Policy also will tell you how to easily opt out of our marketing databases.
Thank you for your interest in our business and data practices.
This is such a shitshow. They never took "reasonable degree of certainty" before storing private data either - it makes no sense to then ask that for deletion requests.
yes it elapsed and the "profile" is still up. my only choice now is to complain to my "data protection commissioner" but considering GDPR has no teeth I'm not confident it will impress anyone.
It has teeth, but it's not very hungry right now. Still, if you complain and CC crunchbase in, then it's them who have to do this calculation, and in context of risk. It may just be enough to get them to remove the data about you.
Good question. 99.999999% of the time when some internet rando says he'll contact his lawyer, the reality is that he has no lawyer and no lawyer would ever take his case.
Threatening to tattle to an imaginary lawyer just gets you written off as an angry whack job.
"It is your responsibility under GDPR not to store information about me without my explicit consent..."
Not commenting on the particulars of this case (you might be right in this particular instance), as a general statement this is not true. Consent is only one of several possible legal grounds for processing personal data. Generally, data controllers want to avoid it if possible in lieu of more convenient grounds. Nitpicking more, explicit consent is mentioned only as a processing ground for so called special category data, i.e. certain sensitive data, e.g. health data, requiring an additional legal ground.
I mean is their point of view completely wrong? If they are displaying a profile based on public information that’s journalism.
Lists of people who invested in companies, culled from public disclosures, or names of corporate board members and such, aren’t the same thing as private PII.
So interestingly enough, a Facebook account I made years ago that was only used as a test is somehow in the records linked to my current address. Facebook is literally the only person that knows about this account and its never been attached to my personal FB account. It's making me really suspect right now...
Why? This is Facebook's business model. They have a shadow profile for you and managed to link your test account or some other service they own (whatsapp?) with your real account. They only need a single data point.
I’ve been through most of these and removing yourself really can be done. In many cases the removal is considered temporary and you have to repeat every four to ten years. It’s not possible to get off of the skip trace and debt collectors databases run by Transunion, Experian, and others - but you can flood them with false information and they will record it and keep it forever.
Transunion, Experian, and others - but you can flood them with false information and they will record it and keep it forever
I don't know why any company relies on data from the big credit reporting agencies.
I pulled my credit reports for the first time just a couple of months ago, and they were all wildly different from each other, and also wildly inaccurate, each in its own way.
There was nothing bad in my report, fortunately. But just the information was so wrong. One agency had my work history all the way back to 1995, but for some reason was missing any of the jobs I had between about 1997 and 2003. One had my residency history back to 1977, but was missing the place I lived just three years ago. None of them were 100% right in any category, but always in my favor. And none of them really had a complete list of my currently open credit accounts.
One thing they all fail at is addresses. If you have a simple address like 123 Main Street, Anywhere, USA, then it's fine. But as soon as you break from that pattern by having an apartment number, or a street name with more than one word, or a street suffix other than "street" or "drive," or a directional, or a city that is commonly abbreviated (St. Paul versus Saint Paul), it all comes apart.
One place I lived had a simple address like "1234 Some Place Drive, Apartment 123B," and two of the agencies mangled it into "123 Some 12." I know addresses are hard, but both the Postal Service and Google have an API for this stuff.
The other thing I ran into is even after you remove yourself you often still show up in lists of relations of family members and former roommates, you have to fill have their data removed also before your name drops off entirely.
- Fill out surveys at malls with your name and either a phone number or address that matches one currently in your credit file and you can supply false info for the the opposite.
- Put in a mail forwarding card with your name from a former address to a random real address like a Starbucks, Taco Bell, apartment complex w/o unit number, etc.
- Change the billing address of a credit card or utility and allow to sit for one billing cycle. Works best if you have e-statements. They will send a physical confirmation to the address and it will most likely go in the trash but not guaranteed.
- once a quarter you can update your information with the credit bureaus and they will Happily record it. Later you can say you never lived there and they will remove the info - but only from the databases used in credit decisions
These are the ones most effective because there is almost no filtering, just a bunch of automated processes collecting and distributing. Just make sure there are one or two “facts” that the data quality algorithms can use to link your “new” data with existing profiles.
Then when you go to open a credit card or actually try to clean up your credit report, you'll need to remember which Taco Bell you randomly pretended to live at to answer security questions.
When I run into that problem I wait for the rejection mail from the creditor, then I write back with a redacted photocopy of my IDs - completely useless with everything blacked out but my name - and a copy of their letter. I say here is my redacted ID as proof of identity and a photocopy of your letter as proof of receipt so please approve me and that has worked every time so far. It makes it very easy to see where the line between security and security theater is drawn. Not that any US bank is going to win awards for security (except maybe Robinhood, they really stand out with standards based 2FA and the ability to block external ACH with a click)
sad state of affairs that this level of surgical precision and orchestration is required just to not be stalked and creeped on to incredible levels. and this doesn’t even cover the situation with respective to showing up on relatives’ profiles.
if you have the time, you should make a complimentary “solution” read me page for this post.
deletion really does seem to be an unwinnable proposition, so flooding with false data is a great approach. can this be automated?
UK civil service users third party identity confirmation for jobs, companiess like Experian and the Post Office - you know companies that leak personal data like a sieve.
Anyway, one of the verifiers is past addresses, so this sort of thing could prove a problem when applying for jobs in the UK.
Tories gotta tory - put a private firm between people and job applications, demand they give all their ID data to that firm. Oh, and the firms all have recent mass data leaks.
It's a core part of several gov departments (passports, drivers licensing, benefits, taxes) to be able to ID people and the gov have all the data with which to do it. Crazy.
If you send any sales person an email with your email signature there is a chance they are using ZoomInfo. That tool will scrape your email for your email signature and now they can sell your very accurate data.
> - Put in a mail forwarding card with your name from a former address to a random real address like a Starbucks, Taco Bell, apartment complex w/o unit number, etc.
Perhaps, but I would have assumed creating a USPS mail forward under false pretenses like this would be fraudulent. They seem to take such thing seriously.
GP also mentions in a sibling comment about what to do if you need address verification for something else (which is presumably of value):
> All you need is a passport or driver’s license and a utility bill with current address dated within 60 days. Most of the time the utility bill can be a “photocopy” and you just change the date or address to what you need. DMV is about the only place that needs an original document and will be familiar with what bills from your area look and feel like (because they most likely live nearby also and routinely handle documents from people in the same area as you).
Doctoring a document like this also seems illegal.
It is absurd to accept something like a utility bill as a proof of anything. Even birth certificates I don’t really understand - my original birth certificate is hand typed by an IBM Selectric typewriter on common security paper and embossed with the county seal of the area where I was born. As very few people would be able to verify the seal I think it’s more or less worthless as an secure document because it could be reproduced or approximated so easily. You can obtain guides with examples of secure documents but they are large and expensive, and I’ve never seen them at retail banks or the DMV. I’m not sure how comprehensive they are either - collecting samples at the county or city level across the decades would be a Herculean task.
The legal definition, which doesn't include things like happiness/privacy/karma.
Generally, in court, "value" means "market value" expressed in the currency of the court's country. Often the penalties for various levels of fraud are based on the value (= market value) of the gain -- for example, hypothetically, the law might state that if the value was under $1,000 it's a misdemeanor rather than a felony or that if the value was under $100 you can't be sentenced to prison time.
Something like my own privacy which has value only to one person (me) does not have market value.
This seems mildly dangerous to me for the simple reason that if you need to prove your identity to these places they’re reliant on this information... I’m thinking of when I get my free credit report yearly. Trying to track real addresses I used to live at as well as fake ones seems challenging.
All you need is a passport or driver’s license and a utility bill with current address dated within 60 days. Most of the time the utility bill can be a “photocopy” and you just change the date or address to what you need. DMV is about the only place that needs an original document and will be familiar with what bills from your area look and feel like (because they most likely live nearby also and routinely handle documents from people in the same area as you).
be careful you guys. these are awful people collecting this data, and i'm pretty suspicious that they will use the additional data they gather form you when you opt out ("for proof its you") and use it against you in their other databases. for instance, i confirmed my phone and email info in order to opt out of one but another clone site now says my information is "Verified".
ZoomInfo (public company) for example provides a free plugin for sales people which is scanning email for all the email signatures and then they sell all that data to their customers. Even crazier is they take data from their customer’s CRM systems.
DiscoverOrg is buying data from third parties without really knowing how they got the data.
There are a bunch of apps and browser plugins that read your emails or contacts and then those companies sell that data to third parties like these data brokers. I use very few browser plugins because of this threat.
If you have somehow acquired a list of contacts you can get a lot of these companies to purchase it with very few questions.
I used to operate a dozen or so small web sites. A spammer once offered me a crazy amount of money for the mailing lists. When I declined, he offered an even crazier amount of money to buy all the web sites, in their entirety, including mailing lists and social media accounts.
I ended up selling him the one web site that didn't have a mailing list and only rudimentary social media presences. I bought a new car and moved to a better city with the money.
I’m sure in some countries that would make them liable. It’s a shame the US probably isn’t one of them, our litigative culture would put an end to that stupidity very quickly.
Where does GDPR require you to be a resident? Tourists have plenty of rights, and I doubt their right to privacy is any less than anyone else’s once on the territory.
It would confirm your data but they’re legally bound to respect your choice. For any fairly large orgs (eg if they’re public/listed on major exchanges) disobeying your choice would be a huge risk which they will likely not take ( the smaller data brokers don’t have as much to lose, but just to be clear it would still be illegal).
Even re: California, are you sure CCPA implies these data brokers have to respect your opt-out for this particular purpose? (For reference, the opt-outs existed before CCPA and I believe GDPR as well... so you're saying they gained teeth afterward?)
One of the companies you interacted with likely sold the data to them OR a browser plugin scraped the data from an email you sent to one of your contacts.
I went through the process to delete it, including giving them my email address. They showed me all my relatives, their home address, and said that I needed to confirm my email. Never received my email. This is going to keep me up at night.
For EU-citizens, any legal data collection would have to be opt-in, right? If I've had no business with any of these companies, there should be no reason for me to have to opt-out.
GDPR story time: Sixt car rentals had this braindead policy of having to send a letter to be able to opt out of marketing.
For a short period of time I even had a website dedicated to calling them out on their bullshit practices, and went in to their Facebook page and posted the link everytime there were any questions about it.
I even got a threatening takedown email, to which I kindly restated what I had written on the page: that I would not pay postage to Germany to unsubscribe and that the page would go down either when I got an official notice that I was unsubscribed from everything or when I hadn't received any marketing email for 6 months.
In the end I spent much more time than needed to GDPR-request all information they had on me and detailed information how it was used. Only to ask them to remove all of it in the end.
I think the EU are still being very lenient with companies right now to give them time to adjust their practices. I'm looking forward to when they (hopefully) start to hand out fines.
It's an EU law but enforcement is up to the individual countries. Which is why Ireland keeps its own regulator on a tight leash - to keep the big US players there.
No, consent is just one of the legal bases you can use to justify handling someone's personal data, legitimate interests is another. Their privacy policy should explain if they're using another basis. The ICO have a list of the valid bases https://ico.org.uk/for-organisations/guide-to-data-protectio...
Does anyone have info on GDPR's success in getting data removed or fining companies? I am not following closely, but last I saw was GDPR is a law whose enforcement is untested.
The US has been dismantling the rule of law for decades. They call it "deregulation". It lead directly to the last big financial crash, and it also is largely responsible for predatory schools, prisons, universities, banks, and much more.
It's the fact that we exist in a middle ground between proper regulation and a proper free market. Either of those, and we'd be able to do fine. As it is, we get the downsides of both.
While there are probably things that would be improved in a "proper" free market, I feel like that's overestimating the average person's ability to make informed decisions.
There will always be an information and power asymmetry between ordinary people/consumers and special interests/corporations.
Sure, people could form consumer rights groups, boycott companies with unconscionable data collection policies, demand a sane and afforable health care system, etc. But people have a limited attention budget. It's just too hard to care about everything, so people don't.
That's also why we don't have proper regulation; if we cared about having a functional, efficient government we would, but we don't really care that much.
What I would be banking on most within a "proper" free market would be corporations ability to fail in extraordinary circumstances, as opposed to the current setup where it seems like corps get bail-out after bail-out.
With this being the case, more small companies would be able to compete, at least in theory.
That being said, I believe you are correct. It just seems that the only way to improve things is to get to the point where people do think before purchasing, regardless of the state of State.
As far as having an efficient state goes, I would find it more likely that it's not going to happen because those in power have incentive to maintain the current status. It both provides opportunities for corruption and gives an excellent platform to run on.
I will admit to having over-simplified. In addition, I am by no means an expert and am coming at this from the perspective of an outsider.
However, the way things currently stand now in a middle ground appears far from optimal. There is too much lobbying for there to be enough regulation to be effective, but too much regulation for there to be proper competition. While I believe a middle of the road approach could work, in our current circumstance it isn't.
My ideal path would be to go to a complete free market, and rebuild regulation from there. While rebuilding regulation, actually have legislators listen to experts, and ban lobbying. This will never happen of course, but I can dream.
Edit: Make tone less authoritative, because I need to work on that.
The US has been dismantling the rule of law for decades. They call it "deregulation".
Your response is mostly hyperbole, and indicated an axe to grind. You can be against deregulation, but it's not applicable to the question posed.
There were no data gathering laws "dismantled" in the name of "deregulation." You statement is false.
What is happening here is what has always happened: Laws are almost always a step behind technology. Only very rarely are conditions prohibited by legislation before an offense is committed.
GDPR and the California thing are good steps in the right direction, but they're just the landing of a very long staircase. Hopefully we'll get to the top eventually.
Sure, there were no laws to remove in this case, but when the political ideal is deregulation it's very hard to make new laws. It's the same underlying ideal of "government bad" which is just wrong.
> It lead directly to the last big financial crash,
Erm no. 2008 was directly linked to Greenspan (Fed), Freddie Mac (Federal) and Fannie Mae (Federal), all government run entities, which stopped making proper risk evaluation when issuing loans. That's not deregulation, that's a problem with how these government agencies actually functioned.
> If not the boldest of the group, then at least the most public, Greenspan, the man many are now blaming for the housing bubble (there were a brave few that piped up years ago), has refused to go quietly into his well-padded retirement. The man charged with providing the country with a financial voice of reason fell far short, so much so that it might be comical if it weren't so tragic.
> Greenspan's denial of the possibility of a housing bubble has been widely derided in the past year, but a single statement could be excused as human error. However, a quick scan shows that this wasn't a single event. He also promoted the adoption and expansion of adjustable-rate mortgage (ARM) products in early 2004, when short-term rates were at or near historic lows. That same year he claimed, "securitization by Fannie and Freddie allows mortgage originators to separate themselves from almost all aspects of risk associated with mortgage lending." And separate themselves they did, ceasing to perform any kind of due diligence as to the ability of borrowers to pay for the homes they were buying.
The Financial Crisis Inquiry Commission (FCIC) tasked with investigating the causes of the crisis reported in January 2011 that: "We had a 21st-century financial system with 19th-century safeguards.
The FCIC placed significant blame for the crisis on deregulation, reporting: "We conclude widespread failures in financial regulation and supervision proved devastating to the stability of the nation’s financial markets. The sentries were not at their posts, in no small part due to the widely accepted faith in the self-correcting nature of the markets and the ability of financial institutions to effectively police themselves."
There were multiple things that went wrong, and it's extremely disingenuous to put the majority of the blame on Greenspan, Freddie/Fannie. Private risk assessment failed utterly, see
Moody's. CDS allowed for infinite leverage, securitization allowed hiding of risk. These originated with private actors, and infected the system with toxic assets.
Do you mean why can the government force enterprises to delete data they own due to opt-out requests?
It's a mystery to me.
Most HN commenters constantly whine how "data wants to be free" (no IP, no patents, no copyrights...), but when it comes to their own data they act like crony capitalilsts of the worst order and want to enlist the State to help them ensure exclusive, monopolistic rights to that data.
I'm curious if anyone has any info on the business model here. There seems to be a ridiculous number of data brokers, so with this amount of competition, the marginal profit must be low. Online advertisers probably get better bank for buck just using Google's or Facebook's pre-targeted profiles. Banks and financial institutions and real background checks probably stick with the few big ones (credit bureaus, or lexis nexis etc.) Is this for snail mail spam? Telemarketers? Stalkers?
Sales teams need this data to reach the right roles with the right message. My friend was quoted $19k per year to access to the ZoomInfo database for his two person company. There is crazy money here. ZoomInfo has a $17B market cap last I looked.
A lot of the data brokers specialize in specific audiences. For example, I work with a lot of physician data at my job and a ton of companies sub-specialize in specific aspects of that market.
Exactly as most are asking for email which inadvertently can confirm the identity and if you use the same email for other services, they can get even more data about you. I guess it's a matter of trust, how much do you trust their 'opt out' promise.
If you're paranoid, definitely use a throwaway email for the opt out. They already have so much info on me that I'm doubtful that confirming my identity would add anything to that.
I guess we're lucky that most of these SEO-saavy brokers seem to at least pay lip service to US/EU laws (or even do so voluntarily, since I think only a handful of states actually restrict selling your publicly-available or personal information online).
I shudder to think about what's floating around for sale on the dark web or companies hosted in countries that don't care about US law.
> If you're paranoid, definitely use a throwaway email for the opt out.
If this worked then anyone could opt out anyone else, which some people would object to. I think that's the loophole they use to force you to provide even more info.
One way to attack this in a larger scale is to get the responsible politicians somehow outed in media by any of these databases. For example one media article that got good spread here was when the newspaper bought the GPS-tracking information for a politician and wrote about it (they did not publish it, no need to).
"DeleteMe, PrivacyDuck, OneRep, Reputation Defender and Reputation.com all offer different opt-out services. However, these are not comprehensive, as some data brokers do not allow third parties to remove listings."
This seems odd. I'm curious if anyone has substantiated it? PrivacyDuck seems deeply ethical, and I would assume they would inform users if this was the case.
Here is their guide for reference, that walks you through exactly what they do: https://www.privacyduck.com/resources/
(Assuming I understand correctly what they are saying; please correct me if I'm wrong!)
The worst part imhop is that your opt-out is often not respected over time when new data flows in (including voting records scraped so get ready for November).
Of course, you can always pay deleteme to do it for you. the real solution here is better-crafted legislation and a re-definition of public record information when it is published virtually.
i expect this to take ~5 years, but optimistic we can get there.
Seriously, I'd pay 100 dollars right now if someone just handled this all for me. And I'm sure at least a few thousands of others would too. Sounds like a decent startup idea to me.
Edit to add: I did read the other comments. joindeleteme seems like a scam/money grab. Yearly sub that autorenews, and a BBB rating displayed? Give me a real tech service.
Better yet, one that sends paper opt-outs by registered mail to maximize removal cost and receipt confirmation. It’s not expensive when there’s 100 names in 8pt font in each envelope.
That's actually a fantastic idea. Like that one service here not long ago that sent letters to Chase opting out of arbitration. Some company that can figure out the exact verbiage needed and contact address, and send off as needed.
With enough updates and utility, that I'd consider a monthly subscription for.
For those interested, see Yang's Data Dividend Project [0]. Just reading the fine print will give you legal insight into what you can and cannot do in the US.
I highly recommend OneRep (https://onerep.com/) as a service to remove you from these websites. I've been using it myself for a while and it has saved me a lot of headache.
Thanks for posting this. I do feel foolish that I didn't come across the relationship between OneRep and Nuwber myself. I hope other HN readers will see this and take this into account before they consider OneRep. I'll definitely consider deleting my account.
Checkout CircleBack which is a free tool that scrapes your email for contacts for you. Now look at their CEO. He also owns a data broker. I am sure he is selling the CircleBack data.
Opt-out lists are just another vulnerability. Hysterical.
There are just two possible outcomes.
Default to David Brin style radical transparency. With a pay-for-privacy grift on top.
Or we get serious about privacy. That means translucent databases (hash all PII, just like password files), Real ID (no anon, no bots, registered alias ok), and extend property rights to our personal data (it's my data, pay me).
Oh, I talk to them and ask the caller for information that reveals the company behind the call; then complain via the agency that manages the donotcall lists in my country.
Like oh yeah, double glazing, yeah, send an appraiser to my house, can I have a phone number in case I need to cancel? What company ID badge will the appraiser have?
I usually get calls from people who want to extract my credit card information during the call or take over my Windows computer using a remote desktop program during the call. So most of the times I asked for call back information they hung up.
We should write an automated open source script that’ll submit the forms for us. Be happy to contribute, checking to see if there already is any efforts
The DoNotCall registry is compromised. If you have never received telemarketing calls and you don't receive them frequently, keep your precious number off this site. Once I did and after a week I got more spam calls than ever. The FTC strongly denies that the list is compromised but it obviously is.
