Ancestry DNA: Protect Your Privacy and Delete Your Account

Using Ancestry’s genealogy services and DNA testing could put your privacy at risk. Because of their wealth of genealogy and personal information, they are worse for your privacy than competitors like 23andMe, Helix, and MyHeritage.

For the past few years, DNA testing kits have been one of the most popular holiday gifts–over Black Friday and Cyber Monday in 2017, AncestryDNA sold over 1.5 million DNA testing kits. Ancestry DNA is the largest consumer DNA testing company in the world, with over 3 million paying subscribers, and more than 14 million test kits sold.

While there has been a lot of discussion about the accuracy of these tests or their role in science one issue has been kept out of the spotlight: how do these services impact your privacy?

Ancestry DNA and Your Personal Information

Ancestry’s genealogy service has two main aspects: DNA testing and genealogy research through public records. They have a historical record and people search that contains a wealth of historical records detailing births, marriages, deaths, military service, and immigration.

Ancestry has a wealth of public records information available online for a small subscription fee. According to their own stats, over 20 billion records have been added over the past 20 years. People have created over 100 million family trees on their site, containing over 11 billion profiles and over 330 million photographs, scanned documents, and written stories.

This means that documents containing personally identifiable information (PII), such as birth dates, parents’ birthplaces, schools attended, and mothers’ maiden names–information often used as security questions to prevent fraud–are easily found online. Depending on your state’s privacy laws, your PII might be dangerously easy to access–either through Ancestry or other data broker websites.

Ancestry DNA even acquired its own data broker website, Archives.com, where anyone can find personal information (like names, addresses, family members, phone numbers, etc) about pretty much anyone in the US, for just $9.99. That includes information coming from birth and death records, census data, yearbooks, and more. For a cybercriminal looking to steal your identity and take advantage of you, this is a goldmine.

Ancestry DNA: Handing Over Your Most Sensitive Identifier

The centerpiece to Ancestry’s service is their DNA testing kit, which millions of people have used to learn about how their genes can tie in to their family geography.

But, there is more to the service than most might think. Your DNA is your most sensitive information, even more personal than your social security number or your fingerprint. When you send away your saliva sample, you are putting immense trust in a company with profit-maximizing motives.

As privacy lawyer Joel Winston explains, “They make a big deal of stating that you own your DNA. But they are taking a worldwide, perpetual, royalty-free license to do what they want with your DNA and your actual genetic sample that they keep in storage.”

Many others (including Senator Chuck Schumer and the Federal Trade Commission) have raised serious privacy concerns about how Ancestry uses the DNA data that they collect, and the kinds of research they are doing with it.

What Does Ancestry do with Your DNA?

Ancestry will keep your saliva sample indefinitely, but they will dispose it if you make a request over the phone with their customer service team.

I called their customer support team to ask some questions about this, which I will paraphrase here:

Q: Why do you keep the DNA samples for such a long time?

A: In case the first test does not work, we hold onto the sample in case re-testing is needed.

Q: But, after the test is performed successfully, why continue to store the DNA?

A: We need a customer’s direct permission before disposing of their DNA.

Ancestry DNA and Google: Secret Research

Like some other DNA testing companies, Ancestry DNA participates in scientific research– but their main research partner is Calico Life Sciences, a Google subsidiary whose focus is on extending human lifespans. Calico does not reveal much about their research, and has been criticized and called the “vanity project” of a few Silicon Valley billionaires.

Its research is kept very secret- their website just speaks about a vague goal in lengthen the human lifespan, and it has published very little research. While customers might believe they are participating in altruistic research, they will not know exactly what kind of research their data is involved in.

How does Ancestry DNA Compare to Other DNA Testing Companies?

Ancestry DNA is the largest DNA testing company, having tested over 10 million people. The basic DNA kit from Ancestry.com costs $99, and breaks down your ethnic heritage based on a sample of your saliva.

Ancestry’s privacy policy and practices are average compared to other DNA testing companies, like 23andMe, Helix, and MyHeritage. While their privacy policy is long, they provide a summarized version in their Privacy Center.

Ancestry DNA deserves a below-average privacy score because their wealth of PII data is so easily available to anyone willing to pay $10 through Ancestry’s genealogy records, or through Archives.com. They can easily look up your name to find information about you and your family, steal personal information like your address or your mother’s maiden name, use it to hack into your accounts, and steal your identity.

What Should I do if I’ve Used Ancestry?

The best way to ensure your privacy if you’ve taken an AncestryDNA test is to delete your Ancestry account, and ask to have your saliva disposed.

According to their Support Center, deleting your account “permanently erases all your personal data from [their] systems.” This means that your family trees, records, photos, and DNA results will all be deleted from their site. Additionally, it means that people with whom your data was shared, (through a family tree) will no longer be able to see it. We’d recommend downloading and saving your information for yourself before deleting your account. Furthermore, if you gave informed consent to participate in their research projects, this will be taken away from any future research. You may not take it away from finished or ongoing research.

Deleting Your Ancestry Account: Step-by-Step

These screenshots were taken directly from the ‘Deleting Your Ancestry Account’ page on Ancestry.com.

1. Go to ancestry.com/secure/account/delete, and sign in to your ancestry account with your email and password.

It will list the subscriptions that will be deleted with your account. Check the box.

It will list the tree(s) that will be deleted with your account. Check the box.

Then, it will confirm that your DNA testing results will be deleted. Check the boxes and click ‘Next step’.

Next, in the pop up box, click ‘Next step’. This will be consenting to the deletion of your account. After this, you will not be able to access your account or undo the deletion, and all of your personal data will be deleted within 30 days. Do not close the box, as you will need to enter a verification code from your email.

Open your email in a new tab, where you will find an email with a verification code. The code expires after eight hours, so it’s best to continue with the process right away. Copy the code.

Paste the code into the verification box and click ‘Delete account’.

You will receive a final email confirming the deletion of your account.

If you want to keep your account, you can just delete your DNA results without deleting your account. We would recommend staying anonymous by putting false information instead of your real personal details. Furthermore, make sure that all of your information is private, and not being shared with a family tree.

Disposing Your Saliva Sample

1. Call Ancestry’s corporate headquarters at 801-705-7000.

1. Press 1 for assistance with your account. Next, Press 3 for product support, and press 1 for AncestryDNA kits. This should get you to a person pretty quickly.

1. Tell them that you want your DNA sample disposed of. They will ask for the email associated with your account, and maybe for the activation code that you used to when taking the saliva sample.

1. They will then contact the lab to have your sample disposed. You can also ask to be notified once it is destroyed.

1. I would recommend doing this before deleting your account, to make sure that they still know which DNA sample is connected to your account.
2. Ask for follow up confirmation.

Remove Your Listing from Archives.com

As we mentioned above, Ancestry owns its own data broker site, Archives.com. To remove your information from this website, follow the following steps:

1. Go to https://www.archives.com/optout and fill in your information. We recommend using a masked email to confirm your request.

When you’re finished filling out the form, click “Submit”.

Wait for the confirmation email. This can take up to three weeks.

How Can I Stay Safe When Using Ancestry DNA?

1. Use Blur to protect your online account if you use Ancestry DNA.
   Whenever you create an online account, you are giving away PII that could be used to take steal your identity or  take advantage of you. You can protect your personal information by being cautious of what you are sharing and the companies with whom you share it.When a company experiences a data breach–or has given your information to another company with lax security–any PII that is being stored by that company can end up being sold on the dark web with the intention to be used to commit fraud. You can use Blur to Mask your email, credit card, and other PII that you don’t want ending up in a stranger’s hands.
2. Use DeleteMe to remove your info from Archives.com and tons of other data brokers.
   DeleteMe will keep you protected by removing information that is already out there on data broker sites like Whitepages, BeenVerified, and Intelius. DeleteMe removes your personal information–like name, address, age, phone numbers, email address, and photos of your home–by removing it from the source. Removing personal information from data broker websites reduces your online footprint and keeps you and your family safe.

About Abine

Abine, Inc. is The Online Privacy Company. Founded in 2009 by MIT engineers and financial experts, Abine’s mission is to provide easy-to-use online privacy tools and services to everybody who wants them. Abine’s tools are built for consumers to help them control the personal information companies, third parties, and other people see about them online.

DeleteMe by Abine is a hands-free subscription service that removes personal information from public online databases, data brokers, and people search websites.

Blur by Abine is the only password manager and digital wallet that also blocks trackers, and helps users remain private online by providing ‘Masked’ information whenever companies are asking for personal information.

Abine’s solutions have been trusted by over 25 million people worldwide.