With a quick search of your name on any given "peoplefinder" website, you'll see your name, date of birth, names of family members, current and past addresses, your phone number and gender. Some sites will also reveal your marital status, your hobbies, your online profiles, and maps or a photo of your house.
Many peoplefinder sites will give up enough to make you choke on your latte without a registration or a fee, so anyone with an internet connection can stalk you from their couch (or office) with about twenty keystrokes.
No, this isn't a fluff post, and I'm not being paranoid. I just spent weeks investigating the process of having one's personal data wiped from these sites and interviewing Sarah A. Downey, lawyer and privacy analyst at Abine. Abine is a privacy startup in Cambridge that is in the business of deleting individuals from these sites.
The complicated opt-out procedures are daunting, and now I'm pretty convinced that they're intentionally intimidating for the average Jane. I discovered Abine through Downey's popular Reddit post about how to opt-out from people search site BeenVerified. I emailed Downey for an interview after using Abine's DeleteMe product and trying opt-out tips from Redditors.
In case you're wondering, this is a pretty scary thing to research and test on yourself. In one instance, I found my home address and a map with a simple search on one of the bigger websites, available without a purchase.
What these sites offer is essentially every woman's nightmare, on tap.
In preparation for this article, I combined doing my own opt-outs with purchasing Abine's DeleteMe product. I am in no way affiliated with Downey or Abine.
In my research and estimation, Abine seems to be the primary independent clean-up service. There are other options but I have not had personal experience with them, and before trying them out I'd recommend research and peer reviews, as I've noticed that some "reputation" and data privacy services are not what they seem.
For instance, US Search (now owned by peoplesearch giant Intelius) was sued last October by the FTC for promising customers their PrivacyLock service would block customers' data from public access (PrivacyLock's own claims to remove individuals from results were false). Reputation.com -- aka ReputationDefender -- has a partnership with people search service Spokeo, making some people wonder how closely the companies are linked.
As you're about to read, these "people search" sites would really rather that no one privacy-minded noticed them at all. In fact, getting yourself removed is a complete hassle and as I found out in some cases -- it's not even possible.
Tip #1: Right now it's unclear whether these sites retain the information you enter into their search boxes; many suspect this is one of the ways they collect data. Avoid typing your info directly into these sites by Googling the site name along with your name.
Your personal information: it's a fire sale with no limits
So-called "peoplefinder" and "background check" sites paint a rosy picture of being online databases where, for free or a fee, anyone can look up contact information to find relatives, find the owners of lost pets, where nervous online daters can make sure they're not about to date a felon, and where businesses can check out potential employees. And people do.
These sites are in the business of posting your personal information for anyone to see, and search.
As you'd suspect, they have a much darker use for people with bad intentions. I have experienced this personally, and I'm sure the victims of things like "Porn Wikileaks" have as well.
People search sites get their data from public records and corporations selling your information to them (including third-party fine print agreements you agree to by using businesses such as Facebook and eBay).
Downey explained that one way they get your info is via social networks:
[One common example is] social networking info, which sometimes depends on the site's TOU regarding sharing info with third parties, as well as your privacy selections on that site (e.g., your Facebook likes and interests, your friends, your tweets, the work information you provide to LinkedIn).
Intelius' blog underscores the use of social network data. In a post about the acrimony between privacy pundits and data brokers, Intelius stated:
In the midst of a social media phenomenon, consumer advocacy groups show how free basic public records have recently transformed into more robust reports from aggregators like Spokeo.com, who compile a wide range of information, including personal information from social networking sites.
The average consumer, they argue, is unaware of how much of the personal information is online and how it is being used. In a new age of modern permanent records, popular sites like Facebook and Twitter are the face of a hidden world of commercial data brokers.
The bold is mine; I reached out to Intelius asking them to explain that very sentence and Intelius has not responded to request for comment at this time. As an aside, the company they mention, Spokeo, was recently sued for using web tracking technology that allegedly violates Federal privacy laws.
But what about those public records? A "public record" includes anything prepared by a government employee or in furtherance of government records. All public records are accessible through the Freedom of Information (FOI) Act, both federal and state - and the laws surrounding them vary from state to state.
It's totally legal to access public records - except the way we access public records has changed since the advent of the internet, and it's shattered the kind of privacy we all used to enjoy. Abine's analyst Downey observes:
People search sites argue that they're merely displaying public record information. I think that's a bullshit argument, though. As someone for whom the First Amendment is the closest thing I have to religion, even I can see that an industry-specific limitation on only these people search websites wouldn't have an impact on the First Amendment at large.
Even if something is classified as public record information, we can still limit the context and means in which it's retrieved. That's really the issue here: the high visibility and accessibility of the internet has made public records much more public than they ever were before. Perhaps you should still be able to access this information, but you'd have to go to town hall to do it. You could no longer stalk someone on Intelius from your couch.
The many masks of a few shady data dealers
These data dealers can be divided into two broad categories in terms of how they get and distribute their information.
Primary sites are the big dogs of data: they get their information through public record sources, while secondary sites aggregate their information through automated data mining of other sites. Notable primary sites are Intelius, LexisNexis, Spoke, WhitePages, BeenVerified, and DOBSearch.
Intelius, for instance, offers "over 100 intelligence services" including a simple people search that provides a person's address, phone numbers, and a background report promising to show any criminal activity.
I'm guessing that after reading this far you're already searching for yourself on some of these sites. You're probably noticing that there are a lot of inaccuracies - there are. Though there is also enough true information to give anyone a coronary.
Or like me you saw crazy, glaring inaccuracies repeated on different sites. The inaccuracies are often so unfathomable they make you think that your identity has been hijacked, resulting in different names and addresses incorrectly associated with your own - or even criminal records and vocations assigned to your profiles that you know you don't have in your own history.
Many of these sites are notoriously incorrect and sloppy in their data compilation. Abine's Downey explains,
The secondary-producer people search sites are aggregators, meaning they collect their information from other people search sites, both primary and secondary, social networks, online accounts, online tracking, blogs, etc. A few notable examples you may be familiar with are Spokeo, Radaris, Yasni, Pipl, and 123People.
They appear to have a much greater wealth and depth of knowledge, but they're notoriously inaccurate. It's like they're playing telephone and they're much further down the receiving line.
Even big player Intelius conceded in a 2008 SEC filing that the information that it and similar companies sell is often inaccurate and out of date.
You can check out anytime you like, but you can't ever leave
Not surprisingly, these companies don't make it easy for individuals to opt-out. Some make it seem like you have to register for the site. Or like "Free People Search Engine" Radaris, they actually force you to register and agree to their terms in order to opt-out.
Essentially, you end up giving them your data in the effort to have yourself removed.
Many sites require that you scan and provide your ID, and include onerous procedures such as accepting opt-out request letters only via fax or postal mail. This seems to be a standard.
Tip #2: Never scan and send your ID to anyone without blacking out your photo and ID number.
The opt-out precesses all frustratingly different. While many of the companies are owned by each other, each has its own opt-out procedure and some of the sites don't even state an opt-out is possible in their front-facing privacy policies.
People search sites don't like to make opting-out easy. In one instance, Downey resorted to emailing BeenVerified, citing an FTC Act that states it is an unfair trade practice to not allow people to remove their info from databases such as theirs.
As of now, there is no FTC Act that states we have the right to get our names and addresses off these sites; what the current Act does say is that these sites must uphold their Terms of Service.
Tip #3: Do you think this is wrong? Here is a link to the FTC's Complaint Form.
According to Downey, getting your data off once is not enough because the sites buy data and aggregate more info continually, making it likely that if you don't take precautions, you'll be put back in. Worse, Downey tells me,
I've also noticed that one company in particular, BeenVerified, has been repopulating opted-out information every 3 months. I have been documenting it as I see it happen to DeleteMe customers, and I'm drafting an FTC complaint that I plan on releasing both as a legal complaint and a blog post for the site.
Abine seems to like helping people opt-out on their own, though one can also use their service DeleteMe and they will do it for you. I used both to see how each works.
While maintaining a privacy blog that's like delicious junk food for us pro-privacy people, Abine's Downey also got fed up one day and decided to post a how-to on removing yourself from background checks on Reddit.
Actually, she stated the reason was "Because it's bullshit that corporations buy and sell our personal information."
As someone who's been on the fuzzy end of the lollipop with these sites, that's a good enough reason for me.
NEXT PAGE: Tip #4: Opt out NOW - Links and complete instructions to opt-out, plus the site you can't actually remove yourself from... >>
Tip #4: Opt out NOW
Opt-Out Link List and Sample Opt-Out Email Template
The email template and process below was originally provided by Abine's Downey in her initial Reddit post (as LawyerCT) HOW TO: Remove yourself from the background check site BeenVerified.com. It has been edited for brevity, and I have used this template with success on multiple people search websites.
First, see if you're listed.
Second, email Support@BeenVerified.com with the following template:
Dear Been Verified Customer Support:
a. First name:
b. Last name:
c. Middle initial:
d. Aliases & AKA's:
e. Current address:
Thank you for your assistance.
Third, you'll get one email saying they received your opt-out request, and another confirming you've been deleted.
Fourth, spread the word.
What follows is an excerpt from Redditor Pibbman's HOW TO: Remove yourself from ALL background check websites. Thanks to LawyerCT. It is not a complete list, but is is fabulously comprehensive in that it targets removing your data from the primary search sites - the big guys. I witnessed a lot of Reddit community at work to put this list together; it took more than a few people to figure it all out.
This list has been edited for clarity, direct links, and to include updates:
BeenVerified.com (link to Downey's how-to)
DOBSearch.com "In order for us to "opt out" your public information from being viewable on the public DOBsearch People Finder search results, we need to verify your identity and require faxed proof of identity. Proof of identity can be a state issued ID card or driver's license, or notarized letter. If you are faxing a copy of your driver's license, you may cross out the photo and the driver's license number. We only need to see the name, address and date of birth. Please fax to 516-717-3017 and allow 4 to 6 weeks to completely process your request. It is your responsibility to ensure legibility of your document."
MyLife.com "To request that a Member Profile or Public Profile be deleted, please contact Customer Care at 1-888-704-1900 or contact us by email at firstname.lastname@example.org. Upon receipt of these requests, and confirmation that you are requesting that your own profile be removed, please allow MyLife 10 business days to complete this removal. It may be necessary to contact you to validate that you are the profile owner requesting the removal. This is to ensure the correct identity and profile ownership before completing these requests, and is for the protection of our users and their privacy."
PeopleLookup.com "In order for PeopleLookup to suppress or opt out your personal information from appearing on our Website, we need to verify your identity. To do this, we require faxed proof of identity. Proof of identity can be a state issued ID card or driver's license. If you are faxing a copy of your driver's license, we require that you cross out the photo and the driver's license number. We only need to see the name, address and date of birth. We will only use this information to process your opt out request. Please fax to 425-974-6194 and allow 4 to 6 weeks to process your request."
Radaris.com (warning: Radaris automatically signs you up for an account on opt-out)
Spoke.com (Scroll down to Access and Correction Section)
For an exhaustive list, here's the Privacy Rights Clearinghouse's page of how to opt-out of directory services and information brokers.
As someone in the comments pointed out, what's missing is data powerhouse LexisNexis, whose front-facing background data provider product is KnowX (and Accurint). That's because LexisNexis has no warm and fuzzy ToU that allows removal of your data. Don't like it? Too bad.
Well I didn't like it at all, so I gave them a little push back and contacted them with an explicit opt-out request (and help from the email template).
Here is the LexisNexis opt-out page. As it happens, LexisNexis only allows people to have their personal information suppressed from being shared with the general public:
- If you are a law enforcement officer or public official, submit a letter from your supervisor stating that your position exposes you to a threat of death or serious bodily harm; or
- If you are a victim of identity theft, submit a copy of a police report documenting the identity theft or documentation that verifies the identity theft claim such as a letter from your credit card company, and an Identity Theft Affidavit; or
- If you are at risk of physical harm but do not work in law enforcement, submit a copy of a court protective order, a copy of a police report or similar documentation such as a letter from a social worker, a shelter administrator or a health care professional
As it happens, I have been stalked by a man that used people search websites to find and use my personal information (luckily, some of it was inaccurate). He has a police file documenting this activity, and more, as well as another police file I have open on an internet stalker. I figured his was the police report to use, since he has poisoned various corners of the internet with false information about me culled from people search sites.
I provided LexisNexis with the requisite ID, a letter and a copy of my police report. Cost: time, paper, and a stamp. They responded with two letters within three days of my mailing.
One letter stated my request was on hold pending review of the documentation, the next letter was good news: that my opt-out request was accepted.
Of course, there's always a catch. The caveats in their letter told me that it was removed from their public-facing products, and that the information could be re-introduced to their databases in the future.
At least they gave me a number to call if I have any questions, non-ironically called the "Privacy Hotline."
- Check out this infographic gallery: How people search sites get your information - and what you can do about it
Facebook data sync image via The Greatest Trick the Devil Ever Pulled Was... Disclaimer: The Devil Doesn't Pull Tricks. Infographic created by Sarah A. Downey lawyer and privacy analyst at Abine.