Launch HN: Optery (YC W22) – Remove your personal info from the internet
Sites like Radaris, SocialCatfish, VoterRecords.com, Persopo, PeekYou, and WhitePages.com scrape the internet for the personal information of as many people as they can find, plus buy it in bulk from other sources. Then they post it online and sell it to anyone who wants to know about you. This is legal (though there are a lot of gray areas), but the net result is that a shocking amount of personal data is available about us online. Most of these sites will remove your data if you ask—but they don’t make it easy. Plus you have to ask each of them individually, and to do that, you have to know who they are in the first place.
We automate the opt-out process on these sites, first finding your exposed profiles, and then removing your information from both the public internet and the datasets they sell. Because there are hundreds of such sites, it’s impractical to manage all this on your own. Software, however, can manage it nicely. We’ve written that software.
This helps protect you from identity theft, phishing, hacking, spamming, doxing, and more. People search sites are used not only by identity thieves, but by phishers and hackers who craft convincing emails referencing non-obvious personal details as a way to build trust and trick you or those close to you into letting your guard down.
We arrived at this problem from two opposite directions. Two of us worked in the data broker industry in the past, but as we learned more about what this data actually gets used for, and the harms it can cause, we decided to leave. We had a lot of inside knowledge about how the industry worked and decided to use that knowledge to help people learn more about the problem and address it head on.
The other thing that happened was that I was a victim of identity theft. The thieves were able to open new accounts in my name by creating a fake ID and then piecing together information to bypass verification questions like “In which of the following cities have you never lived or used in your address?” or “Which of the following streets has a current or former association with you?” I found it was nearly impossible to remove myself from the Byzantine ecosystem of data brokers posting and selling his info online. Once the dust had cleared, we began discussing approaches to automating opt out and removal requests and Optery was born.
The problem is hard to solve for two reasons. First, there are so many data brokers, each with their own nuances and distinct processes for opt outs. So far we’ve built custom opt out processes for over 200 data brokers. Second, most U.S. citizens actually still have few legal rights to data privacy. Optery is only for U.S. residents for the time being, and this is one main reasons—the problem is at its worst here.
This is changing as new privacy laws are starting to get passed at the state level (e.g. in California, Nevada, and Virginia), but as of this writing the majority of U.S. citizens don’t even have a legal right to opt out of their personal information being posted and sold online, and in our experience, about 5% of data brokers simply do not comply with opt out requests. In these cases we file formal complaints to the FTC and state AG offices, and we recommend you do the same. They are slow to act on these complaints unfortunately, but at least the wheels are in motion, and we believe this issue will eventually get taken care of as more people become aware of the problem. In the meantime, we continue to send opt out requests regardless, and are able remove personal data from the other 95%.
One nuance of the opt-out process, which existing services tend not to handle correctly, is t...
149 comments
[ 8.0 ms ] story [ 264 ms ] threadIf you do nothing, your information will continue to persist, multiply, and propagate unchecked. Those that take the time (or money) to remove the profiles, have dramatically reduced online footprints, which is why services like Optery are becoming more and more popular. Many companies are starting to mandate their employees use services like this to strengthen their security posture to reduce exposure to phishing, hacking, email spam, etc. Similar to being required to use a VPN or MFA at work to protect the security of the company.
You're telling me that to remove my info I have to essentially give (through your service) all these companies & data brokers my info so they can opt me out, and actually trust them that they'll do so? If anything, opting out is a signal that you may actually be of more interest to them than not doing anything. If these companies can also infer that the request is coming from your service (and they will, unless you use random proxies and browser automation), the flag becomes "this person has enough disposable money to pay for such a service" which suddenly increases the value of your profile by orders of magnitude.
How are you going to make money to justify the VC funding? VCs rarely fund boring, sustainable businesses that sell a service and make a slim profit; for them it's all about hypergrowth, but I don't see the potential here - unless of course you start doing the very thing you're currently protecting against. The simple fact that it's VC-funded tells me to steer well clear.
The only proper way to deal with this is with GDPR-like regulation and actually enforcing it - the latter has been lacking in Europe, but thankfully seems like it's somewhat picked up recently.
Other people raised that concern when this appeared on HN (https://news.ycombinator.com/context?id=27668140), and at the time, that’s indeed what the service did.
Even if one ignores intentional misuse, simple incompetence by a data broker seems like enough to cause a problem. It only takes one data broker to commingle fields from opt-out requests with existing data (and then share/sell/trade that existing data) for the opt-out fields to spread.
Based on how the underlying problem is presented in your own business model, it seems like this will happen regardless of whether a customers uses this service or not. Like conscripting a recruit into a losing battle (and arguably an unwinnable war) at cost to oneself with little specificity as to what qualifies as success.
To answer your question though, yes, in order to get these companies to remove your info, you have to submit an opt out that identifies who you are. There is a catch-22, otherwise, they would not know who to opt out.
There are a multitude of reasons why people submit opt outs beyond whether or not the person can pay, e.g. victims of domestic violence, police officers, public figures, government officials, members of the military, etc. The data brokers are aware of this and generally have processes to accommodate the requests.
Millions of people use some form of identity protection to protect themselves from identity theft, email spam, phishing, scams, hacking, etc. It is a multi-billion dollar market across the consumer, business, and government levels.
I do agree that we need stronger privacy laws in the U.S. ASAP!
I wonder if you could build an opt-out service or protocol where you share a hash of your personal information instead of the info itself. With the hash you can identify matching records but you cannot create a record from the hash.
If Optery bought full datasets from databrokers, it could use a hash to identify matching records and submit those back to the brokers for opt-out (this wouldn't work for querying their public APIs...)
Probably not a feasible solution, but it's a fun possibility to think about!
I always chuckle when I see someone saying this. A buddy of mine (email marketer) tried to convince me that his 50 million large email database is "well protected" because they are using "industry standard md5 encryption". Of course its not encryption but rather hashing. He was so sure of his, erm, encryption, that he send me the whole database and said "here, crack it".
I found a large hacked Facebook email database online, run few python scripts to weed us most combinations of usernames (name+numbers, numbers+name, numbers+some random chars, etc) and some 1000 generic email domains names (like gmail.com, yahoo.com, etc). It took my regular i9 five days to go thru the whole 50M of md5s and compare each combination of usernames + domains names. Oh boy his shock when I returned some 70% "unencrypted" plain text emails back to him :)
Bottom line is, if there is some "industry standard" of hashing data, then there are ways to unhash it. Yes in many cases it may be in millions of years to circle thru all possibilities, but if your standard is first name + last name + email address (and all caps), then you can easily plug database of names and download millions of email records online and narrow down your hashing search greatly.
What would work would be a mandatory self block list (e.g. most EU countries have a 'do not call' opt-in list against telemarketers) and then the brokers have to check any new days against the hash of data points in this block list. But that requires government intervention, not startups that bandaid the problem.
Does this mean users have to keep opting out every 12 months? If yes, that sounds...dumb, isn't it? Maybe I am not understanding this correctly, is there a reason behind this 12 month period? Even if they wanted to let data brokers add the data back, 12 months seems too short a time. What am I missing?
Why is every bad thing opt out instead of opt in? This is so backwards...
Data brokers can often have a very liberal interpretation of what it means for the consumer to "authorize" the sale of their personal information. I would guess 99% of data sales were never actually “authorized” by the consumer to begin with, and are usually done through some backdoor implicit authorization that the consumer has no knowledge of whatsoever.
> Does this mean users have to keep opting out every 12 months? If yes, that sounds...dumb, isn't it? Maybe I am not understanding this correctly, is there a reason behind this 12 month period? Even if they wanted to let data brokers add the data back, 12 months seems too short a time. What am I missing?
Although it often causes harm and is often considered evil, there is a lot of economic value that results from the free flow of data. U.S. lawmakers recognize this and its partly why they’re so reluctant to pass strict privacy laws like they have in Europe. The other reason is that lobbyists for deep pocketed tech companies water down privacy laws significantly before they can pass. Even with the 12 month expiration, the CCPA is the strictest privacy law in the U.S., and most U.S. citizens have basically no data privacy rights whatsoever.
How long a data broker honors an opt out is highly variable by the data broker. But yes, in general, you have to continue monitoring these companies and re-submitting opt out requests over time, that's what Optery does with its ongoing scanning and removal technology. We have a little more info on this topic here:
https://help.optery.com/en/article/when-my-data-is-removed-f...
My impression there was that people where pretty conscious of opt-outs and wanting to manage them carefully, if only because the consequences of not doing so could be costly. We spent a lot of time talking about opt-outs and trying to honor them across different tools they used.
Many prospects came from purchased lists. Some were contracts where some other firm was specifically handling a marketing campaign for us, but others were clearly just purchased from a data broker who, presumably, filtered their data for people who indicated an interest in us.
When we asked how to handle these, the decision was that if you showed up on one of these lists, you had opted in. After all, that is what the broker told us.
This presents the first problem: If you buy data from a broker who you have not specifically engaged to campaign on your behalf, its a little gray what that data actually represents. This may be resolved by probing into to broker's collection and segmentation more, but as far as I can tell there's not a lot of incentive for the decision makers to care.
Anyways, I was not particularly thrilled with this approach, especially after working with some lists we purchased several times a year that always had a significant number of duplicates time after time. So I wrote that particular import to check for duplicates and filter them out.
Well, this worked great until the prospects, having no recent activity, grew stale and were cleaned from the system. Then when they showed up in the list again wouldn't match and get a fresh new subscription.
Which presents the second problem: If you don't hold on to their identifiable information, you cannot determine if they have previously requested to be removed from your offerings. So it may be dumb to have to opt out again, bit the alternative is to trust them not to use your information in the mean time.
This is just false. You can opt to keep e.g. a hash to check against future additions. Else you also would not be able to comply with the 12 month requirement.
Personal profiles are messy. People have different names, addresses, email, phone numbers, and different people sharing any of the aforementioned details. This is complicated enough with the raw data and unless you have a very simple profiles or opt-out rules, such as treating the entire household as one, you're going to need more than a simple hash to figure out if there is existing opt-out history.
Profiles may also need to be kept for transactional purposes. Presumably, data brokers and people who have only heard of you through brokers wouldn't have any transactional activity. But everyone else likely needs to deal with opt-outs on the distribution side, making opt-outs a solved problem that doesn't need to happen on intake.
So...sure, you can.
But I wouldn't hold your breath that this will be seen as a reasonable expectation for most developers or businesses to implement.
The organ donor database won't ask you every month to verify that you still want to do it - there is nil legitimate reason why this would be 'needed' in this case.
Why did you opt-out for VC? This seems to be a perfect candidate for a profitable and sustainable business because you don't really need a complicated infra or another 2 years to build an enterprise grade product. (unless I am missing something).
Thank you!
Happy user of Optery here: you don't have to give Optery a whole lot of info. No SSNs or anything, just things they would search by to help you remove them. Are there fields for past addresses or people you lived with or past names you may have had? Sure. Do you have to fill them out? No. Are they provided in bulk to the data brokers? No.
How can you index into a hashmap, an array, or a DB table without a key? Answer: you cannot.
There's no way for data-broker opt-outs to work without uniquely identifying the individual who wishes to be removed.
Sure, I agree that "GDPR-like regulation and actually enforcing it" is the proper solution - but how long will that take? Five years? Ten?
What if I want my personal data removed from these brokers now?
Edit: now that I think about it - you could build some scheme where you give the data-brokers a cryptographic hash of some personally-identifying information, so if they don't already have you in their database, then they can't get your information. But, in order to do that, you'd need regulation equivalent to the GDPR (otherwise they'd never do it), in which case the above argument still applied.
We prefer not to give Dishonorable Data Brokers a free pass, and continue to pursue multiple channels to have our customers' profiles removed from these data brokers, even if they are currently "Dishonorable" and do not honor opt outs, like BlockShopper.
We have seen cases in the past where through persistence, dishonorable data brokers eventually start honoring opt out requests. Below is the Help Desk post with more info on this topic:
https://help.optery.com/en/article/coverage-limitations-for-...
2) How do you handle making sure that you are not 'adding' more information to a data broker who already has information about you? For example, a friend of mine once found his information publicly available on a website on the internet. To remove his information from being publicly displayed, the website required him to provide a phone number where he would receive a confirmation text code that he had to add to the removal request form. This essentially means the website now has more information (another phone #) about him.
3) Some of the information these websites display are gathered from public government databases like court records, county registrations of house sales, etc. I would assume those records can't be 'removed' or 'hidden'. Do you have a specific way of dealing with such?
1) It really depends on the data broker and the state you live in, but the majority are the latter (prevent the info from being displayed online). When possible we request full deletion, but California residents are really the only ones that have firm data deletion rights from the CCPA and are typically the only ones that data deletion is even made available as an option by the data brokers. We have some new product features in development that will increase our ability to deliver data deletions though in the future.
Regarding “If the latter, then this is only half a solution because the data broker can still sell your information”: this too is inconsistent. In most cases they will stop selling your information after the opt out, but in some cases, though they take the profile down from the public web, but may still be selling the data behind the scenes, usually to corporate buyers.
When the data is represented as deleted by the data broker, we don’t have a good way to confirm that it has actually been deleted unfortunately. We have some ideas though for how to do this in the future.
2) We recommend only submitting the minimum amount of information necessary to complete the opt out, which in most cases is the minimum amount of information required to sign up for Optery (first name, last name, year of birth, current city, current state), or sometimes also the URL where your profile was found. Many data brokers request a phone number to verify, but we recommend never providing them with your real phone number. Most of the time, demanding the data broker remove the profile and threatening legal action or reporting them to the FTC and your state attorney general's office over email will induce them to remove the profile without a phone number. If data brokers push back on this, we recommend you definitely file a complaint with the FTC and your state attorney general (we do this frequently). If you do feel you want to provide a phone number, we recommend creating a temporary, secondary, or disposable phone number. If you do opt outs on your own, we also recommend you always use a temporary or secondary email address for the submissions, and NEVER use your primary email address. We have a post on our Help Desk about this here:
https://help.optery.com/en/article/do-not-share-your-persona...
3) Definitely there are some data sets that are inherently difficult or nearly impossible to remove, e.g. public records, voter records, etc. However, we can often get this type of data removed from the for-profit web sites that re-publish it. The best best thing you can do is submit the opt out request. Some will honor it, and some will not. It’s hit or miss. The silver lining is that most of the web sites that re-publish public records usually publish more limited information as opposed to other sites that post things like phone number, email address, ethnicity, household income, network, family members' names, etc.
Hotjar is great for providing heatmaps to see what parts of their site are working/ not I mean sure it's tracking you but only on that site AFAIK?
Now I'm not familiar with profitwell, but just seems like a basic CRM.
I think there's a pretty big difference between this basic Marketing SaaS tools / advertising conversion tracking and doing something like collecting your personal real life data and making it easy for anyone to search/dox you online.
They sell removal of personal information off the Internet, and yet they feed tracking data on their visitors to companies directly responsible for nearly complete evisceration of personal online privacy.
Facebook (and maybe Google?) buy data about me to try to match me online so they can provide ads on their own service, but they don't reveal my data to anyone else - advertisers don't get my phone number or physical address or even email from them, when they want to advertise to me.
The companies that optery seems to be fighting against are ones that post my physical address and phone number and family members and name online in one spot so anyone can find it, without me ever opting in to that.
First result for: "facebook data breach"
"Data from 533 million people in 106 countries was published on a hacking forum earlier this month. Facebook said the data was old, from a previously reported leak in 2019. It has denied any wrongdoing, saying that the data was scraped from publicly available information on the site."
Dated: April 20th 2021
There was 100% phone numbers linked to real names and email addresses (at a minimum) in that breach. That may not be what you would consider to be major, however.
Profitwell helps us with revenue reporting and metrics, Hotjar helps us improve our user experience, and Google Tag Manager makes the delivery of these vendor’s tags a little easier.
We disclose the third party vendors we use here: https://www.optery.com/how-we-secure-your-data/
https://www.judyrecords.com/
https://help.optery.com/en/article/coverage-limitations-for-...
As a EU citizen who spent weeks sending GDPR requests back and worth with several data brokers I know just what a pain it is to get some data deleted. Even if it was only "trivial" stuff like things I have shopped for online (I always requested the data they had before requesting that they delete it) it was a laborious process.
I have two questions for you guys:
1) As a EU citizen do I benefit from signing up to your site or are the data brokers you are targeting focused on US citizens?
2) Why the monthly recurring fee? I would gladly make a higher one off payment every now and then for the removal of my data. Or is it monthly because you are keeping track if any of my data shows up at some point and then immediately remove it?
To answer your question - NO - there is no benefit to signing up for Optery if you do not have a presence in the U.S. The only benefit would be that we will notify you in the future when we begin offering our service in your country. This sentence is buried in the post above "Optery is only for U.S. residents for the time being, and this is one main reasons—the problem is at its worst here."
The reasons the service is charged on an ongoing recurring fee are:
1) We are constantly adding new data brokers, so if you keep the service running, you get covered for new data brokers as we add them to your plan.
2) We do ongoing monitoring and scans, to find and remove your profiles if they pop back up. Unfortunately, over time, many data brokers start adding it back. The CCPA (California's Privacy Law) permits a data broker to stop honoring an opt out after 12 months. After opting out, many data brokers actually display a message apologizing in advance admitting that sometimes their opt out records are over-written by accident which might cause your data to reappear.
https://www.optery.com/introducing-optery-remove-yourself-fr...
PCMag also compared Optery and DeleteMe in their review here:
https://www.pcmag.com/reviews/optery
Does Optery not rely on human agents, like Privacy Bee and Delete Me?
The real solutions are one or both of either make privacy a broader public priority than transparency, which is unlikely to happen, or stop making facts about yourself that are part of the public record an authentication mechanism.
And there are some data sets that are inherently difficult to remove, e.g. public records, voter records, etc (as you pointed out). However, we often can get this type of data removed from the for-profit web sites that re-publish it and market it online. And we do remove the vast majority of information that's out there on individuals, dramatically reducing your surface area for discovery and attack. For example, many of the web sites that re-publish public records, usually only publish very limited amount of information, and lead to other sites that have much richer and more sensitive information like phone number, email address, age, home address, family members' names, etc.
Its very difficult to get everything removed, but if you can get rid of 99% of it, you can maintain a much lower profile and make it that much more difficult for someone that's trying to act against you. If a bad actor is just looking for a victim, they're more likely to move on to the next person that has done nothing to protect themselves.
Also, having a low profile might be a signal to bad actors that you take your privacy and security seriously, you have good security hygiene, and are likely to have other security mechanisms in place to protect you, and make their task more difficult, like identity theft protection, a home security system, a VPN, or even Multi-factor Authentication.
OneRep has affiliate partnerships with data brokers (https://imgur.com/a/juSC66b). Optery does not have any affiliate partnerships with any data brokers.
OneRep is based in Belarus. Optery is based in the USA.
Optery provides a free Exposure Report with screen shots of all the places your profile has been found online. If you already use another service like OneRep, use Optery’s free Exposure Report to double-check their work and you’ll probably be surprised by how many profiles Optery finds (20 – 40 on average). For paying customers, Optery provides Removals Reports with before and after screenshots to prove its work. No other service I'm aware of provides this level of verification.
If you want to compare services, the best thing to do is to sign up for each company’s free scan and compare the results. The quality of each company’s free scan is a good indicator of the quality of its opt outs. A lot of the companies in the space have incredible marketing that creates high hopes, but their products are ineffective. The quality of the free scan is usually a tip off if the service is going to be a hero or a dud before you turn over your credit card. Optery’s free scans produce an average of 70+ results per person (sometimes over 100+ results). I’m not aware of any other company coming anywhere close to that number. Most don’t even cover that many data brokers to begin with.
The pricing tiers have to do with how difficult it is to remove consumers from that data broker. Some of the most well-known brokers are also the most difficult to opt out, which is why they’re in the highest priced tier.
Thanks so much for your feedback and for using Optery.
1) Sign up for each company’s free scan and compare the results. The quality of each company’s free scan is a good indicator of the quality of its opt outs. If the company can’t produce a free scan, they probably shouldn’t be taken seriously. A lot of the companies in the space have incredible marketing that creates high hopes, but their products are actually very disappointing and ineffective. The quality of the free scan is usually a tip off if the service is going to be a hero or a dud before you turn over your credit card. Optery’s free scans produce an average of 70+ results per person (sometimes over 100+ results). I’m not aware of any other company coming anywhere close to that number. Most don’t even cover that many data brokers to begin with. You can learn more about the Optery Exposure Report (free scan) here:
https://www.youtube.com/watch?v=nVUmjbOG9vY
2) Check the number of data brokers each service covers. Optery covers 200+ data brokers. Whereas, according to their web sites, DeleteMe covers 38, Removaly covers 47, and OneRep covers 94. Some companies don’t even list the data brokers they cover (that's a bad sign). Also, check to see if the company offers “Custom Removals” for when you find a data broker that their service does not cover. Optery provides Custom Removals, and here’s the full list of data brokers covered:
https://www.optery.com/pricing/#data-brokers-we-cover
3) Check to see where the company is headquartered and primarily based, and if it is being run as a corporation, or as someone’s side-hustle. A lot of people are surprised when they find out that OneRep is headquartered in Belarus, since they maintain an LLC, mailing address and a few employees in the U.S.A. Do some background research on each company and its leadership team before you give them any money. Where are they based? Are they professional? Can you take them seriously? Do they have financial partnerships with data brokers? Many of the companies in the space do not list their leadership team on their web site. This is often because the business is being run as a side-hustle for someone with a day job, sometimes from a different country. Optery is incorporated in the state of Delaware as a C Corporation, and is headquartered in California. You can learn more about the company’s mission and leadership here:
https://www.optery.com/about-us/
4) Ensure you are not inadvertently funding the very data brokers you’re trying to be removed from. Most of the companies in the space are high integrity companies with no ties or financial arrangements with the data broker industry. But some are not. OneRep and BrandYourself (parent company of Zoro Privacy and HelloPrivacy) are known for having ties into the data broker through affiliate partnerships. For example, here’s a screenshot of the data broker ClustrMaps directing you to their affiliate partner OneRep after your opt out is complete. Avoid these companies unless you want to fund the very companies you're trying to be removed from.
https://imgur.com/a/juSC66b
5) Demand evidence in the form of screen shots or direct links. Most of these companies will tell you your profiles have been removed, and force you to take their word for it. Optery is the only company I am aware of that provides direct links to your profiles so you can verify at the source when a profile is removed, and also sends out a quarterly “Removals Report” with before an...
Yes it's a huge problem. Many of us (or maybe just me?) would not have been so candid on HN had we known our comments would be indelibly preserved forever with no option for deletion.
The stated reasons for this policy I've seen from 'dang amount to "we don't like the look of a bunch of comment chains with [deleted] everywhere" which I find insulting.
I have a suspicion that the real reason is that the site software conveniently doesn't have a mass-deletion function.
I get the feeling you've never actually attempted to engage with them in good faith, because they're willing to put in quite a lot of work to dissociate you from your comments while leaving the comment intact. In case you missed it, https://news.ycombinator.com/item?id=23623799 is linked from the FAQ.
I mean we're talking about the forum software that can't handle more than a few hundred comments without resorting to pagination, so I feel justified in my thesis that engineering hours going into HN are pretty limited.
They have other fish to fry, because maintaining a community doesn't just mean maintaining a codebase. They have a bunch of existing code that is architected in a way that makes some changes (like removing the comment render limit) not so easy. Though some of the consequences are annoying, they've never stopped anyone from using HN.
My personal experience is that they are implementing features and doing experiments, and it seems to me you've just never bothered to reach out and check with them because you think you know better.
Enjoy your thesis, or whatever. They're nice people and I recommend emailing them.
Would Optery be able to help with that?
(a) Start by opting out of as many of the data brokers as you can, in particular the B2B contacts data brokers that are most likely the source of these unwanted phone calls like RocketReach, ContactOut, Clearbit, Hunter.io, LeadIQ, ZoomInfo, etc. Many of these data brokers Optery already covers, but others we are still in the process of adding to coverage.
(b) You can use Optery to opt out of a large chunk of these data brokers (200+ as of today), but you might need to supplement that with your own effort until we can catch up to the rest of them. We’re constantly adding more data brokers to our list of covered every month.
(c) Update your visibility settings on LinkedIn. A lot of information gets leaked out onto the web from LinkedIn, and in particular into the B2B contacts data brokers mentioned above: https://www.linkedin.com/help/linkedin/answer/a523134/visibi...
(d) Do not include your phone number or title on your email signature – many of the B2B contacts data brokers have data co-ops where all of their millions of customers share contacts and they parse through the email signatures in your email
(e) After you have done all of the above, and have reduced the footprint and presence of your phone number in these different places, change your phone number.
Good customer service. Fairly quick response time.
For years, I've performed monthly searches on my name and naturally submit opt-out requests from whatever data brokers I found.
I signed up for optery using a couple discounts from stack social (or one of those sites).
They found DOZENS of listings under my name. I was surprised+ pissed, but optery has manager to remove most of them. They send a quarterly(?) PDF update containing before and after screenshots of days brokers where my info was once displayed.
I still perform my monthly searches and report any findings to optery. They've been receptive and apologetic whenever I find my info online.
That's my review. Ask questions if you want.
I signed up as "Notareal Personxxx." I listed my city as "Detroit, MI." I'm shown a list of 202 domains under the heading "Websites exposing your personal information." I click "More information" next to one of the listed websites. A modal appears:
>> Notareal Personxxxx, Detroit, MI,
<Yes, that's me> <No, I'm not there>
See screenshots: https://imgur.com/a/Z2M8y3d
No comment on if the service is real or whatever, just that your "test" is flawed.
To explain what’s happening from the inside, immediately after the sign up, we retrofit the profile data you’ve input at the signup process into our URL templates for each data broker. This provides an immediately actionable link you can click on to see if your profile is present on the other end at the data broker. Meanwhile, our automated scanner starts running to see if it can actually find your profile at each data broker. After about 1 hour, a PDF report is emailed with ~70 (on average) places on the web that your profile has been found.
What’s often really confusing, and that we definitely need to fix in the UI, is when the user starts clicking on the links and they find “no profile found” they think that something’s gone wrong, or that we’re trying to be deceptive. Even more confusing is when a dummy name like "Notareal Personxxx" is input, the links are still there for you to click through.
The defect in the product is that the UI assumes a large number of matches for each user will be found, typically 50 – 100 on average. Everything in the UI is framed up with that assumption. However, when there are only a few results, or in the extreme case where a fake name is input, and there are no results at all, the UI still frames everything up as if it were for a typical user with 50 – 100 matched profiles. The other reason this product defect has persisted is because our Free Basic users use the links to QA their own self-service opt out work. So after they’ve submitted their own opt out, they want to be able to click through the link and see that the profile is gone. This is why most people use the product with glee, but when a link leads to a “page not found”, at best people are confused, and at worst they cry “foul” of deception.
I love Show HN and Launch HN threads because the builders get so much rich feedback like this on how to improve the product. This is the best feedback that we’ll take with us and start hammering away on immediately. Thank you!
We do have a Help Desk post describing what’s happening with these links, but we need to update it and make it more clear based on this feedback. You can find a little more information on how these links work here:
https://help.optery.com/en/article/what-if-a-view-leads-to-a...
1) We changed the data broker dashboard title from "Websites exposing your personal information" to "Websites that expose personal information"
2) We changed the data broker dashboard subtitle from "Discover where your personal data is exposed..." to "Explore where your personal data might be exposed..."
3) Within the data broker dashboard subtitle, we added the text "Links frequently lead to empty pages" with a "learn why" link to the post on our Help Desk titled "What if a "View" link leads to an empty or not found page?" that goes here:
https://help.optery.com/en/article/what-if-a-view-link-leads...
We have several more changes we're working through to address this issue. Thank you again!
Even if it somehow existed, to see it with the same first and middle name and location just seems way too much of a coincidence. Do any of these brokers really have my info or are you just showing this false information to help increase conversions?
So just because you see a data broker in your dashboard, does not mean we are implying that your profile is there. In fact, if you click on any of the links, you’ll see we spawn a modal that says “External links help with self-service opt outs and provide visibility into where your info is posted online, but are not always perfect.”
My guess is that if you click through any of the links, it will lead to pages that say something like “profile not found” because it’s a name that does not exisit.
We also have an article on our Help Desk that explains what’s happening, and further below is a snippet that most likely explains what you are experiencing:
https://help.optery.com/en/article/what-if-a-view-leads-to-a...
“What is often confusing is that we display the “View” links for every data broker, regardless of whether we find your profile at the data broker or not. The "View" links are not intended to be perfect matches for your profile. Results will vary for each user, depending on your circumstances. Sometimes the "View" links are not perfect, and other people may be listed, or you might not be there at all, but in most cases, they allow you to quickly view a snapshot of where your personal details are exposed online.”
This question has come up before, so we really need to do a better job of ironing out the confusion in the product. Thanks so much for the feedback.
>> “External links help with self-service opt outs and provide visibility into where your info is posted online, but are not always perfect.”
That is 100% misleading when you are linking to every data broker regardless of whether or not someone is in their database.
I can definitely see how this is confusing though to see all the links for all the data brokers regardless of whether the user has been found or not, and we have a Help Desk article on the topic:
https://help.optery.com/en/article/what-if-a-view-leads-to-a...
The primary reason we have this is for our Free Basic users who use the links as a mechanism to explore where their profile might be exposed and do their self-service opt out work. This is great feedback that we need to address this and make it more clear in the product. Thank you for the feedback.
Below is the full text of the modal:
================
You Are Leaving Optery
Optery is not affiliated with the site you’re being redirected to.
External links help with self-service opt outs and provide visibility into where your info is posted online, but are not always perfect.
When visiting data brokers, we recommend never sharing your personal email or paying any data brokers any money.
We then link into our Help Desk article advising users to never share their personal email or pay any money to data brokers: https://help.optery.com/en/article/do-not-share-your-persona...
We then give the user the option to click "Back" and return to Optery, or to "Continue".
1) We changed the data broker dashboard title from "Websites exposing your personal information" to "Websites that expose personal information"
2) We changed the data broker dashboard subtitle from "Discover where your personal data is exposed..." to "Explore where your personal data might be exposed..."
3) Within the data broker dashboard subtitle, we added the text "Links frequently lead to empty pages" with a "learn why" link to the post on our Help Desk titled "What if a "View" link leads to an empty or not found page?" that goes here:
https://help.optery.com/en/article/what-if-a-view-link-leads...
We have several more changes we're working through to address this issue. Thank you again!
i.e. (how) can you assure users that this isn't yet another business actually trying to collect their data? It's kind of hard to do that unless you guarantee you will lose any data related to them once you've finished performing all the opt-outs on their behalf.
https://www.optery.com/privacy-policy/
Optery provides a free Exposure Report with screen shots of all the places your profile has been found online. If you already use another service like Abine’s DeleteMe, use Optery’s free Exposure Report to double-check their work and you’ll probably be surprised by how many profiles Optery finds (20 – 40 on average). For paying customers, Optery provides Removals Reports with before and after screenshots to prove its work. At the time of this writing, DeleteMe does not provide screen shot evidence of their removals work.
If you want to compare services, the best thing to do is to sign up for each company’s free scan and compare the results. The quality of each company’s free scan is a good indicator of the quality of its opt outs. A lot of the companies in the space have incredible marketing that creates high hopes, but their products are ineffective. The quality of the free scan is usually a tip off if the service is going to be a hero or a dud before you turn over your credit card. Optery’s free scans produce an average of 70+ results per person that can be verified visually through screen shots (sometimes over 100+ results). I’m not aware of any other company coming anywhere close to that number. Most don’t even cover that many data brokers to begin with.
Is there a service which will remove medical debt which is beyond the statute of limitations?
This is a simple process to do manually. I have done it myself.
Look up my credit report, find old[0] medical debt, find the originating state's statute of limitations on medical debt, dispute the charge citing the appropriate statute.
Poof, medical debt gone. Credit improved.
This is so simple, unless regulations prevent this service, it must already exist, correct?
[0] Meaning of "old" varies by US State. CA=4yrs, FL=5yrs