With a quick search of your name on any given "peoplefinder" website, you'll see your name, date of birth, names of family members, current and past addresses, your phone number and gender. Some sites will also reveal your marital status, your hobbies, your online profiles, and maps or a photo of your house.
Many peoplefinder sites will give up enough to make you choke on your latte without a registration or a fee, so anyone with an internet connection can stalk you from their couch (or office) with about twenty keystrokes.
No, this isn't a fluff post, and I'm not being paranoid. I just spent weeks investigating the process of having one's personal data wiped from these sites and interviewing Sarah A. Downey, lawyer and privacy analyst at Abine. Abine is a privacy startup in Cambridge that is in the business of deleting individuals from these sites.
- Infographic gallery: How people search sites get your information - and what you can do about it
- Don't miss, new development: Congressional inquiry responses released: Data brokers refuse to name sources
The complicated opt-out procedures are daunting, and now I'm pretty convinced that they're intentionally intimidating for the average Jane. I discovered Abine through Downey's popular Reddit post about how to opt-out from people search site BeenVerified. I emailed Downey for an interview after using Abine's DeleteMe product and trying opt-out tips from Redditors.
In case you're wondering, this is a pretty scary thing to research and test on yourself. In one instance, I found my home address and a map with a simple search on one of the bigger websites, available without a purchase.
What these sites offer is essentially every woman's nightmare, on tap.
In preparation for this article, I combined doing my own opt-outs with purchasing Abine's DeleteMe product. I am in no way affiliated with Downey or Abine.
In my research and estimation, Abine seems to be the primary independent clean-up service. There are other options but I have not had personal experience with them, and before trying them out I'd recommend research and peer reviews, as I've noticed that some "reputation" and data privacy services are not what they seem.
For instance, US Search (now owned by peoplesearch giant Intelius) was sued last October by the FTC for promising customers their PrivacyLock service would block customers' data from public access (PrivacyLock's own claims to remove individuals from results were false). Reputation.com - aka ReputationDefender - has a partnership with people search service Spokeo, making some people wonder how closely the companies are linked.
As you're about to read, these "people search" sites would really rather that no one privacy-minded noticed them at all. In fact, getting yourself removed is a complete hassle and as I found out in some cases - it's not even possible.
Tip #1: Right now it's unclear whether these sites retain the information you enter into their search boxes; many suspect this is one of the ways they collect data. Avoid typing your info directly into these sites by Googling the site name along with your name.
Your personal information: it's a fire sale with no limits
So-called "peoplefinder" and "background check" sites paint a rosy picture of being online databases where, for free or a fee, anyone can look up contact information to find relatives, find the owners of lost pets, where nervous online daters can make sure they're not about to date a felon, and where businesses can check out potential employees. And people do.
These sites are in the business of posting your personal information for anyone to see, and search.
As you'd suspect, they have a much darker use for people with bad intentions. I have experienced this personally, and I'm sure the victims of things like "Porn Wikileaks" have as well.
People search sites get their data from public records and corporations selling your information to them (including third-party fine print agreements you agree to by using businesses such as Facebook and eBay).
Downey explained that one way they get your info is via social networks:
[One common example is] social networking info, which sometimes depends on the site's TOU regarding sharing info with third parties, as well as your privacy selections on that site (e.g., your Facebook likes and interests, your friends, your tweets, the work information you provide to LinkedIn).
Intelius' blog underscores the use of social network data. In a post about the acrimony between privacy pundits and data brokers, Intelius stated:
In the midst of a social media phenomenon, consumer advocacy groups show how free basic public records have recently transformed into more robust reports from aggregators like Spokeo.com, who compile a wide range of information, including personal information from social networking sites.
The average consumer, they argue, is unaware of how much of the personal information is online and how it is being used. In a new age of modern permanent records, popular sites like Facebook and Twitter are the face of a hidden world of commercial data brokers.
The bold is mine; I reached out to Intelius asking them to explain that very sentence and Intelius has not responded to request for comment at this time. As an aside, the company they mention, Spokeo, was recently sued for using web tracking technology that allegedly violates Federal privacy laws.
But what about those public records? A "public record" includes anything prepared by a government employee or in furtherance of government records. All public records are accessible through the Freedom of Information (FOI) Act, both federal and state - and the laws surrounding them vary from state to state.
It's totally legal to access public records - except the way we access public records has changed since the advent of the internet, and it's shattered the kind of privacy we all used to enjoy. Abine's analyst Downey observes:
People search sites argue that they're merely displaying public record information. I think that's a bullshit argument, though. As someone for whom the First Amendment is the closest thing I have to religion, even I can see that an industry-specific limitation on only these people search websites wouldn't have an impact on the First Amendment at large.
Even if something is classified as public record information, we can still limit the context and means in which it's retrieved. That's really the issue here: the high visibility and accessibility of the internet has made public records much more public than they ever were before. Perhaps you should still be able to access this information, but you'd have to go to town hall to do it. You could no longer stalk someone on Intelius from your couch.
The many masks of a few shady data dealers
These data dealers can be divided into two broad categories in terms of how they get and distribute their information.
Primary sites are the big dogs of data: they get their information through public record sources, while secondary sites aggregate their information through automated data mining of other sites. Notable primary sites are Intelius, LexisNexis, Spoke, WhitePages, BeenVerified, and DOBSearch.
Intelius, for instance, offers "over 100 intelligence services" including a simple people search that provides a person's address, phone numbers, and a background report promising to show any criminal activity.
I'm guessing that after reading this far you're already searching for yourself on some of these sites. You're probably noticing that there are a lot of inaccuracies - there are. Though there is also enough true information to give anyone a coronary.
Or like me you saw crazy, glaring inaccuracies repeated on different sites. The inaccuracies are often so unfathomable they make you think that your identity has been hijacked, resulting in different names and addresses incorrectly associated with your own - or even criminal records and vocations assigned to your profiles that you know you don't have in your own history.
Many of these sites are notoriously incorrect and sloppy in their data compilation. Abine's Downey explains,
The secondary-producer people search sites are aggregators, meaning they collect their information from other people search sites, both primary and secondary, social networks, online accounts, online tracking, blogs, etc. A few notable examples you may be familiar with are Spokeo, Radaris, Yasni, Pipl, and 123People.
They appear to have a much greater wealth and depth of knowledge, but they're notoriously inaccurate. It's like they're playing telephone and they're much further down the receiving line.
Even big player Intelius conceded in a 2008 SEC filing that the information that it and similar companies sell is often inaccurate and out of date.
You can check out anytime you like, but you can't ever leave
Not surprisingly, these companies don't make it easy for individuals to opt-out. Some make it seem like you have to register for the site. Or like "Free People Search Engine" Radaris, they actually force you to register and agree to their terms in order to opt-out.
Essentially, you end up giving them your data in the effort to have yourself removed.
Many sites require that you scan and provide your ID, and include onerous procedures such as accepting opt-out request letters only via fax or postal mail. This seems to be a standard.
Tip #2: Never scan and send your ID to anyone without blacking out your photo and ID number.
The opt-out precesses all frustratingly different. While many of the companies are owned by each other, each has its own opt-out procedure and some of the sites don't even state an opt-out is possible in their front-facing privacy policies.
People search sites don't like to make opting-out easy. In one instance, Downey resorted to emailing BeenVerified, citing an FTC Act that states it is an unfair trade practice to not allow people to remove their info from databases such as theirs.
As of now, there is no FTC Act that states we have the right to get our names and addresses off these sites; what the current Act does say is that these sites must uphold their Terms of Service.
Tip #3: Do you think this is wrong? Here is a link to the FTC's Complaint Form.
According to Downey, getting your data off once is not enough because the sites buy data and aggregate more info continually, making it likely that if you don't take precautions, you'll be put back in. Worse, Downey tells me,
I've also noticed that one company in particular, BeenVerified, has been repopulating opted-out information every 3 months. I have been documenting it as I see it happen to DeleteMe customers, and I'm drafting an FTC complaint that I plan on releasing both as a legal complaint and a blog post for the site.
Abine seems to like helping people opt-out on their own, though one can also use their service DeleteMe and they will do it for you. I used both to see how each works.
While maintaining a privacy blog that's like delicious junk food for us pro-privacy people, Abine's Downey also got fed up one day and decided to post a how-to on removing yourself from background checks on Reddit.
Actually, she stated the reason was "Because it's bullshit that corporations buy and sell our personal information."
As someone who's been on the fuzzy end of the lollipop with these sites, that's a good enough reason for me.
NEXT PAGE: Tip #4: Opt out NOW - Links and complete instructions to opt-out, plus the site you can't actually remove yourself from... >>