40 comments

[ 2.6 ms ] story [ 83.2 ms ] thread
This is one of the reasons I've never sent a DNA swab to Ancestry.com, or 23andme. If I could do so anonymously, I'd do it in a heartbeat - but the potential losses+ outweigh the gains%.

+ admittedly, I'm not even sure what the worst case scenarios are, but that just makes them even scarier.

% ooooh, I might learn that I have a predisposition to alcoholism and rectal cancer? That's nothing that my Russian father couldn't have told me.

> I'd do it in a heartbeat

If the benefits aren't really significant why are you interested in doing so anonymously?

Mostly curiosity. For instance, I'd like to know what percentage Neanderthal DNA I have.

Plus, if I am at a significant risk of certain diseases, I'd like to know. I just don't want anyone else to know.

> If I could do so anonymously, I'd do it in a heartbeat

You can. See "How to use 23andMe without violating your genetic privacy", https://www.abine.com/blog/2013/23andme-without-violating-yo....

Unlike the author of that article, don't publish screenshots of your exact results online. With the percentage risk and the ethnic background, it's likely trivial for 23andme to identify exactly which fake profile Sarah A. Downey used for her test.

  Once  I checked  out, I  went to  my real,  personal inbox  to
  complete the 23andMe registration by clicking the confirmation
  email, which was forwarded to me from the alias email address.

LOL. Thanks for posting this bit of comedy.
How was that problematic? I don't see the issue, especially given that the author was on a VPN and using Firefox in Private Browsing mode while running DoNotTrackMe.
Most email is sent unencrypted, so the NSA likely has a record of that email and can cross-reference it with the 23 account if needed.

Even the header would probably be enough in this case, just to identify the particular masked email with the real email behind it.

> Even the header would probably be enough in this case, just to identify the particular masked email with the real email behind it.

Are you implying that an HTTP header sent in the request to 23andme upon clicking the confirmation link would contain the forwarded email address of the user?

Unless the user were on a web page that included their email account name in the URL (and thus visible in the REFERER header), I don't see how that would happen. And I don't think I've ever seen an email system that puts the account name in the URL.

No, the email header sent by abine when they forward the email from 23andme. That contains their real email address in plaintext, and might also contain the masked address; if not, a timing attack given the time of 23's emails and the time of the forwarded email might work.

If the actual email is unencrypted, then the NSA gets everything for free.

Of course, now you have to trust that Abine won't pas your information on to NSA.
I would be more concerned with information being passed to providers of life, disability, or long-term care insurance. The Genetic Information Nondiscrimination Act (GINA) prohibits the use of genetic information in health insurance and employment, but not those areas.

That seems unlikely, though. The article's approach is probably enough to prevent one's genetic information from being passed on to such insurance providers.

This doesn't sound very anonymous... for one - he's giving them his DNA. Unless he has an identical twin that's fairly unique. Secondly, an adversary can guess he's an abine employee or knows one. That narrows the search space considerably.

Whenever you donate DNA to a large DNA aggregating project, you can be fairly trivially re-identified via a few ways. Even if you control all the other information, if a relative contributes DNA, your match will be close enough to narrow it down to a few relatives (including you). The FBI has famously used this technique to find serial killers and identify seriously messed up paternity.

If it were me, I'd get the NIH Confidentiality Certificate. At least you have legal protections then.

> If I could do so anonymously, I'd do it in a heartbeat

Even if you did they still could identify you if e.g. one of your relatives also submitted a sample.

"Research has shown that users are already desensitized to privacy and security warnings."

This along with the quote below are my biggest takeaways from this article:

"it can be difficult to avoid information leakage through URLs or cookies or more sophisticated attacks."

People may not even realize they are giving the keys away until it's too late. It's unlikely that a dialog box for confirmation would be explicit anyway, especially if Ancestry and others stand to monetarily gain from your DNA.

Moreover, if you're a malicious actor you can simply display an ad from Ancestry and when you have a logged in user you could potentially identify a whole host of other information that can be associated with their email and other aspects of their identity. The malicious actor could resell this to even worse offenders.

Ancestry.com is run by trolls on par with the current owners of Sourceforge. Absolutely nothing surprises me when it comes to that site.
That's not even close to the most offensive thing ancestry.com does to you.
What else do they do?
Nothing, to my knoweldge. I've had a subscription to Ancestry.com for almost two years and have found it amazingly useful. I've learned far more about my ancestors than is known from oral family history. The subscription is pricey, but their service is amazing.

That said, I suspect Ancestry.com is much less useful for those living outside the United States. In particular, having ancestors who lived in the country at least 72 years prior to the most recent US Census is what makes Ancestry.com most compelling. That's when census records on individual people become available, as outlined at https://www.census.gov/history/www/genealogy/decennial_censu.... Ancestry.com has done high-resolution scans of all US Census records and parsed them with decently accurate OCR, so you can plug in a (likely deceased) ancestor's name and get their street address, age, occupation, rent/mortgage, those living in the household with them, etc.

I have also not tried their AncestryDNA product, and probably will not. If I were to try direct-to-consumer (DTC) genetic testing, I'd probably use 23andme.

The mormons use ancestry.com data to proxy-baptize your ancestors into their ridiculous death cult.
I was going to reply with, "I don't care what mumbo-jumbo people say with my name embedded", but that actually is pretty offensive to someone with strong religious beliefs.
Right, Martin Luther is probably a Mormon now ;)

To me, it's just funny. But maybe not to Lutherans?

You have to be a descendant of the deceased to submit their name to be done. Also, there's a lot of sensitivity toward religions who have general qualms about the practice (for example, it's against the rules to submit Jewish holocaust victims). Also, many religious leaders of other faiths have gone on record[1] saying how they're glad the Mormons have brought back the biblical practice of baptisms for the dead.

The practice isn't as cultist as some (gp) may want to imply without understanding what it implies and really means.

[1] https://youtu.be/4mMDYt0Twpo

>The practice isn't as cultist as some (gp) may want to imply without understanding what it implies and really means.

You are having some group of people you don't know say something about a dead relative followed by a ritual not based in any science to change which imaginary place they will be in.

Well yes, but that's not really a criticism specific to Mormon rituals; it applies to most religious rituals.
Mormons use genealogy data to proxy-baptize their own ancestors. Like many Christians, they have a rather literal interpretation of the New Testament: if you don't get baptized, you won't be "saved." Like many Christian denominations, they also believe that not any old baptism will do. You have to be baptized by someone with the proper authority and in the proper way (by immersion). Unlike most Christians, they believe that if you died without getting baptized properly, you're not damned. You just have to wait until one of your ancestors baptizes you by proxy. They believe that before the "end of the world" every human being who has ever been born will receive one of these proxy baptisms. That way, nobody goes to hell on a technicality.

It's an interesting loophole to get around a completely sick and twisted part of Christian theology: that many innocents are damned just because they didn't accept Christ and baptism in their lifetimes.

Now, I personally think Christianity is hogwash, and I don't believe in Mormonism. But to be worried that some well-meaning Mormon descendent is going to retroactively make you Mormon after your death is pretty silly. If you don't believe in Mormonism then the proxy baptism is meaningless.

I wonder how they account for people who died unbaptized and childless. I'm baking a descendant now, but what happens if a comet strikes New York tomorrow?
Everything to do with DNA sequences ought to be done by personal agents who are certified, licensed and bonded. And subject to strict oversight and liability. Or it could be done client-side, by those with requisite skills and resources. Only specific information, suitably redacted and abstracted, should be submitted to untrusted third parties.

Sending swabs to untrusted firms is just batshit insane, in my humble opinion. And being "anonymous" is rather pointless. It's ones DNA! That's an ultimate biometric.

> And being "anonymous" is rather pointless. It's ones DNA! That's an ultimate biometric.

But unless it's tied to my identity, I don't care! It may be the ultimate biometric, but that only matters if they can compare it to my DNA by taking it from me directly - and at that point, they have my DNA, so it doesn't matter whether I previously provided it anonymously or not!

I suppose. But once there's a bunch of stuff online that's linked to your DNA data, anyone who has your DNA data can correlate it all. And tie it to your true name.

Bottom line, I see no compelling upside to putting ones DNA data on the Internet.

That's why I would like to send my DNA in anonymously; I don't want to link anything to my DNA data.
Pay with a burner credit card, throwaway account? Access via VPN / LiveCD if concerned?

23andme knows my DNA. They know my email, and possibly where I bought the kit.

They don't know who I am, I hope.

And, regardless, I suspect the de-anonymization will be either so haphazard or so thorough in the future that it's not a primary concern.

Even if you send it in anonymously, your DNA is so unique to you that by comparing it to other data you can infer at least the last name.

See for example http://www.ncbi.nlm.nih.gov/pubmed/23329047

That's a valid concern, actually, my last name is fairly rare, especially in the United States.
The upside is getting potentially profound information about yourself, in a way that is inexpensive and convenient.

There are also significant benefits to biological research. Most genetic variation is rare, and the effect of each of these rare variants is small, but they add up. Having access to larger datasets will allow us to be able to better correlate those variants to diseases. 23andme is already doing this with Genentech: http://www.forbes.com/sites/matthewherper/2015/01/06/surpris....

I do get that.

But what if 23andme or Genentech starts selling people's data to health and life insurance firms? And maybe employers will want that data, just as they want credit reports etc.

There ought to be meaningful privacy protection, in my opinion.

GINA prohibits them from selling it to health insurance firms or employers.

Not life insurance firms, yet, though.

Any malicious agent doesn't have to take it from you directly, taking it from your relatives is enough.
Here we go again, reading privacy policies like the devil reads the bible.

A more honest headline would have have been:

"There is no exception in place in the privacy policy stopping Ancestry.com from theoretically being able to target ads using your DNA."

The link is clickbait, but ancestry.com is both a ripoff and full of incorrect data. They infer relationships based on totally faulty or very circumstantial inputs, and then dangle those relationships in front of people with more money than sense.