So, this is probably naive of me, but so far I haven’t really been able to find the answer on the web.
Recently I subscribed to a personal info removal company called Incogni, only to find out that they sent a staggering 123 removal requests on my behalf. I never imagined there were that many companies in that business. So far in 20 days, 70 requests have been fulfilled, but 53 are still pending.
Which made me wonder… given my personal data seems to be sold, re-sold and re-re-sold without my express consent, or ability to opt out… if I knew I’ve informed my legit service providers, plus those I have legit obligations to (employer, state, etc.)… how easy would it be to obfuscate it on a regular basis, by simply providing a new, creative address, to entities I don’t get mail communication, or deliveries, from?
So, has anyone tried to trace the map by which a new address, cell phone number, etc. makes its way through the 123 or so data brokers? What are the ‘input nodes’ to that graph?
Yeah, I have considered doing this and I just don't have the time and patience for it. I currently pay $20/year for easyoptouts and it's been one of the best decisions I've ever made. I believe they check back and scrape periodically throughout the year and it's very effective.
The only concern with easyoptouts is they will send requests to brokers they are not sure of, which can lead to data brokers who had no data on you now being sent it. This is not a specific problem for them, as other services do this as well.
I used to work for a data broker. The main problem here is that profiles are created and compiled from public data. There aren't any P.I.s at work here... Just massive amounts of data dumps that anyone could access. If you include PII data like socials, then there are limitations on who can view it.... But not really that hard to circumvent. A human could not possibly compile profiles from terrabytes of public data, but our programmers could.... And this is the real problem. much of this data was public before current computer logic existed and no one foresaw the huge privacy implications.
For my company, only requests that come from persons living in California were honored....and only the person could request removal, not a 3rd party on behalf of the person. Sux.
And FYI, any searches for certain people would be reported to the authorities.... Like if you searched Donald Trump with SSN Inclusion, we had to report it to secret service.
100% agree when you say "there aren't any PIs at work here", since we're talking about data aggregation from multiple sources. My thought is: given data aggregation of PII is largely legal, then equally, publishing of creative PII is also legal.
So, regularly feeding creative PII for obfuscation, for protection from unknown 3rd-parties, requires knowing the sources communicating your data. At least, the main sources.
What makes you think your data has even been sold at all? Most likely a majority of those companies are just resellers of TransUnion, Equifax, or Experian. The 3 big credit bureaus. So while incogni sent then requests the smaller companies may host no data of yours, just the other 3.
I'm aware that money is made. Most of the time companies are buying API feeds of data from the big 3. So unless someone specifically looked you up, then I am saying your data is probably just sitting in their databases.
There's a state the required that data brokers sign up onto a list if they wished to sell data from residents of that state. Rhode Island I think. Not sure if the list is publicly accessible or not.
Let me take a real life example here. Let's say I'm worried about SIM-swapping schemes, and I go and get a phone number for my banking, and my banking only. If THAT number suddenly shows up in the midst of the 123+ so data brokers, then clearly, me getting a phone number dedicated to avoiding SIM-swapping, is useless. That's one of the use cases. Makes sense?
It's much better to go through the list of data brokers manually and submit your information twice a year, if you have the time. Like doing taxes, but for privacy.