This is one of the reasons I've never sent a DNA swab to Ancestry.com, or 23andme. If I could do so anonymously, I'd do it in a heartbeat - but the potential losses+ outweigh the gains%.
+ admittedly, I'm not even sure what the worst case scenarios are, but that just makes them even scarier.
% ooooh, I might learn that I have a predisposition to alcoholism and rectal cancer? That's nothing that my Russian father couldn't have told me.
Unlike the author of that article, don't publish screenshots of your exact results online. With the percentage risk and the ethnic background, it's likely trivial for 23andme to identify exactly which fake profile Sarah A. Downey used for her test.
Once I checked out, I went to my real, personal inbox to
complete the 23andMe registration by clicking the confirmation
email, which was forwarded to me from the alias email address.
How was that problematic? I don't see the issue, especially given that the author was on a VPN and using Firefox in Private Browsing mode while running DoNotTrackMe.
> Even the header would probably be enough in this case, just to identify the particular masked email with the real email behind it.
Are you implying that an HTTP header sent in the request to 23andme upon clicking the confirmation link would contain the forwarded email address of the user?
Unless the user were on a web page that included their email account name in the URL (and thus visible in the REFERER header), I don't see how that would happen. And I don't think I've ever seen an email system that puts the account name in the URL.
No, the email header sent by abine when they forward the email from 23andme. That contains their real email address in plaintext, and might also contain the masked address; if not, a timing attack given the time of 23's emails and the time of the forwarded email might work.
If the actual email is unencrypted, then the NSA gets everything for free.
I would be more concerned with information being passed to providers of life, disability, or long-term care insurance. The Genetic Information Nondiscrimination Act (GINA) prohibits the use of genetic information in health insurance and employment, but not those areas.
That seems unlikely, though. The article's approach is probably enough to prevent one's genetic information from being passed on to such insurance providers.
This doesn't sound very anonymous... for one - he's giving them his DNA. Unless he has an identical twin that's fairly unique. Secondly, an adversary can guess he's an abine employee or knows one. That narrows the search space considerably.
Whenever you donate DNA to a large DNA aggregating project, you can be fairly trivially re-identified via a few ways. Even if you control all the other information, if a relative contributes DNA, your match will be close enough to narrow it down to a few relatives (including you). The FBI has famously used this technique to find serial killers and identify seriously messed up paternity.
If it were me, I'd get the NIH Confidentiality Certificate. At least you have legal protections then.
"Research has shown that users are already desensitized to privacy and security warnings."
This along with the quote below are my biggest takeaways from this article:
"it can be difficult to avoid information leakage through URLs or cookies or more sophisticated attacks."
People may not even realize they are giving the keys away until it's too late. It's unlikely that a dialog box for confirmation would be explicit anyway, especially if Ancestry and others stand to monetarily gain from your DNA.
Moreover, if you're a malicious actor you can simply display an ad from Ancestry and when you have a logged in user you could potentially identify a whole host of other information that can be associated with their email and other aspects of their identity. The malicious actor could resell this to even worse offenders.
Nothing, to my knoweldge. I've had a subscription to Ancestry.com for almost two years and have found it amazingly useful. I've learned far more about my ancestors than is known from oral family history. The subscription is pricey, but their service is amazing.
That said, I suspect Ancestry.com is much less useful for those living outside the United States. In particular, having ancestors who lived in the country at least 72 years prior to the most recent US Census is what makes Ancestry.com most compelling. That's when census records on individual people become available, as outlined at https://www.census.gov/history/www/genealogy/decennial_censu.... Ancestry.com has done high-resolution scans of all US Census records and parsed them with decently accurate OCR, so you can plug in a (likely deceased) ancestor's name and get their street address, age, occupation, rent/mortgage, those living in the household with them, etc.
I have also not tried their AncestryDNA product, and probably will not. If I were to try direct-to-consumer (DTC) genetic testing, I'd probably use 23andme.
I was going to reply with, "I don't care what mumbo-jumbo people say with my name embedded", but that actually is pretty offensive to someone with strong religious beliefs.
You have to be a descendant of the deceased to submit their name to be done. Also, there's a lot of sensitivity toward religions who have general qualms about the practice (for example, it's against the rules to submit Jewish holocaust victims). Also, many religious leaders of other faiths have gone on record[1] saying how they're glad the Mormons have brought back the biblical practice of baptisms for the dead.
The practice isn't as cultist as some (gp) may want to imply without understanding what it implies and really means.
>The practice isn't as cultist as some (gp) may want to imply without understanding what it implies and really means.
You are having some group of people you don't know say something about a dead relative followed by a ritual not based in any science to change which imaginary place they will be in.
Mormons use genealogy data to proxy-baptize their own ancestors. Like many Christians, they have a rather literal interpretation of the New Testament: if you don't get baptized, you won't be "saved." Like many Christian denominations, they also believe that not any old baptism will do. You have to be baptized by someone with the proper authority and in the proper way (by immersion). Unlike most Christians, they believe that if you died without getting baptized properly, you're not damned. You just have to wait until one of your ancestors baptizes you by proxy. They believe that before the "end of the world" every human being who has ever been born will receive one of these proxy baptisms. That way, nobody goes to hell on a technicality.
It's an interesting loophole to get around a completely sick and twisted part of Christian theology: that many innocents are damned just because they didn't accept Christ and baptism in their lifetimes.
Now, I personally think Christianity is hogwash, and I don't believe in Mormonism. But to be worried that some well-meaning Mormon descendent is going to retroactively make you Mormon after your death is pretty silly. If you don't believe in Mormonism then the proxy baptism is meaningless.
I wonder how they account for people who died unbaptized and childless. I'm baking a descendant now, but what happens if a comet strikes New York tomorrow?
Everything to do with DNA sequences ought to be done by personal agents who are certified, licensed and bonded. And subject to strict oversight and liability. Or it could be done client-side, by those with requisite skills and resources. Only specific information, suitably redacted and abstracted, should be submitted to untrusted third parties.
Sending swabs to untrusted firms is just batshit insane, in my humble opinion. And being "anonymous" is rather pointless. It's ones DNA! That's an ultimate biometric.
> And being "anonymous" is rather pointless. It's ones DNA! That's an ultimate biometric.
But unless it's tied to my identity, I don't care! It may be the ultimate biometric, but that only matters if they can compare it to my DNA by taking it from me directly - and at that point, they have my DNA, so it doesn't matter whether I previously provided it anonymously or not!
I suppose. But once there's a bunch of stuff online that's linked to your DNA data, anyone who has your DNA data can correlate it all. And tie it to your true name.
Bottom line, I see no compelling upside to putting ones DNA data on the Internet.
The upside is getting potentially profound information about yourself, in a way that is inexpensive and convenient.
There are also significant benefits to biological research. Most genetic variation is rare, and the effect of each of these rare variants is small, but they add up. Having access to larger datasets will allow us to be able to better correlate those variants to diseases. 23andme is already doing this with Genentech: http://www.forbes.com/sites/matthewherper/2015/01/06/surpris....
But what if 23andme or Genentech starts selling people's data to health and life insurance firms? And maybe employers will want that data, just as they want credit reports etc.
There ought to be meaningful privacy protection, in my opinion.
The link is clickbait, but ancestry.com is both a ripoff and full of incorrect data. They infer relationships based on totally faulty or very circumstantial inputs, and then dangle those relationships in front of people with more money than sense.
40 comments
[ 2.6 ms ] story [ 83.2 ms ] thread+ admittedly, I'm not even sure what the worst case scenarios are, but that just makes them even scarier.
% ooooh, I might learn that I have a predisposition to alcoholism and rectal cancer? That's nothing that my Russian father couldn't have told me.
If the benefits aren't really significant why are you interested in doing so anonymously?
Plus, if I am at a significant risk of certain diseases, I'd like to know. I just don't want anyone else to know.
You can. See "How to use 23andMe without violating your genetic privacy", https://www.abine.com/blog/2013/23andme-without-violating-yo....
Even the header would probably be enough in this case, just to identify the particular masked email with the real email behind it.
Are you implying that an HTTP header sent in the request to 23andme upon clicking the confirmation link would contain the forwarded email address of the user?
Unless the user were on a web page that included their email account name in the URL (and thus visible in the REFERER header), I don't see how that would happen. And I don't think I've ever seen an email system that puts the account name in the URL.
If the actual email is unencrypted, then the NSA gets everything for free.
That seems unlikely, though. The article's approach is probably enough to prevent one's genetic information from being passed on to such insurance providers.
Whenever you donate DNA to a large DNA aggregating project, you can be fairly trivially re-identified via a few ways. Even if you control all the other information, if a relative contributes DNA, your match will be close enough to narrow it down to a few relatives (including you). The FBI has famously used this technique to find serial killers and identify seriously messed up paternity.
If it were me, I'd get the NIH Confidentiality Certificate. At least you have legal protections then.
Even if you did they still could identify you if e.g. one of your relatives also submitted a sample.
This along with the quote below are my biggest takeaways from this article:
"it can be difficult to avoid information leakage through URLs or cookies or more sophisticated attacks."
People may not even realize they are giving the keys away until it's too late. It's unlikely that a dialog box for confirmation would be explicit anyway, especially if Ancestry and others stand to monetarily gain from your DNA.
Moreover, if you're a malicious actor you can simply display an ad from Ancestry and when you have a logged in user you could potentially identify a whole host of other information that can be associated with their email and other aspects of their identity. The malicious actor could resell this to even worse offenders.
That said, I suspect Ancestry.com is much less useful for those living outside the United States. In particular, having ancestors who lived in the country at least 72 years prior to the most recent US Census is what makes Ancestry.com most compelling. That's when census records on individual people become available, as outlined at https://www.census.gov/history/www/genealogy/decennial_censu.... Ancestry.com has done high-resolution scans of all US Census records and parsed them with decently accurate OCR, so you can plug in a (likely deceased) ancestor's name and get their street address, age, occupation, rent/mortgage, those living in the household with them, etc.
I have also not tried their AncestryDNA product, and probably will not. If I were to try direct-to-consumer (DTC) genetic testing, I'd probably use 23andme.
To me, it's just funny. But maybe not to Lutherans?
The practice isn't as cultist as some (gp) may want to imply without understanding what it implies and really means.
[1] https://youtu.be/4mMDYt0Twpo
You are having some group of people you don't know say something about a dead relative followed by a ritual not based in any science to change which imaginary place they will be in.
It's an interesting loophole to get around a completely sick and twisted part of Christian theology: that many innocents are damned just because they didn't accept Christ and baptism in their lifetimes.
Now, I personally think Christianity is hogwash, and I don't believe in Mormonism. But to be worried that some well-meaning Mormon descendent is going to retroactively make you Mormon after your death is pretty silly. If you don't believe in Mormonism then the proxy baptism is meaningless.
Sending swabs to untrusted firms is just batshit insane, in my humble opinion. And being "anonymous" is rather pointless. It's ones DNA! That's an ultimate biometric.
But unless it's tied to my identity, I don't care! It may be the ultimate biometric, but that only matters if they can compare it to my DNA by taking it from me directly - and at that point, they have my DNA, so it doesn't matter whether I previously provided it anonymously or not!
Bottom line, I see no compelling upside to putting ones DNA data on the Internet.
23andme knows my DNA. They know my email, and possibly where I bought the kit.
They don't know who I am, I hope.
And, regardless, I suspect the de-anonymization will be either so haphazard or so thorough in the future that it's not a primary concern.
See for example http://www.ncbi.nlm.nih.gov/pubmed/23329047
There are also significant benefits to biological research. Most genetic variation is rare, and the effect of each of these rare variants is small, but they add up. Having access to larger datasets will allow us to be able to better correlate those variants to diseases. 23andme is already doing this with Genentech: http://www.forbes.com/sites/matthewherper/2015/01/06/surpris....
But what if 23andme or Genentech starts selling people's data to health and life insurance firms? And maybe employers will want that data, just as they want credit reports etc.
There ought to be meaningful privacy protection, in my opinion.
Not life insurance firms, yet, though.
A more honest headline would have have been:
"There is no exception in place in the privacy policy stopping Ancestry.com from theoretically being able to target ads using your DNA."