Incognito — February 2023: Your Relationship Data is Putting You at Risk

Welcome to the February 2023 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month: 

• How your relationship data puts you at risk & how those close to you can abuse your personal information. 
• Recommended reads, including “According to Twitter, Exposed User Data Not the Result of a Hack”
• Q&A: I just changed my phone number. Can my old number somehow put me at risk? 

If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. 

It’s February, the month of love. To help you have a great and private Valentine’s Day, we’re focusing on relationship data—and how it can be used against you. 

Did you know? You can save big on DeleteMe by adding people you love to your DeleteMe plan. Save even more by adding the whole family! If you already have a DeleteMe account, use this link to log in and then click “Add a family member”.

How Your Spouse Is Giving You Away

This Valentine’s day, forget flowers (they don’t last) and think about privacy instead. After all, nothing says “I love you,” like giving someone a subscription to a tool that removes them from people’s search sites. At least, we think so anyway. 

You could be the most privacy-conscious individual in the world, but if the rest of your family (spouse, parents, kids, etc.) aren’t, then your personal information is likely still floating somewhere on the web.  

The reason why: data brokers can make some scarily accurate connections between you and your loved ones. 

When someone Googles your name or looks you up on a people search site, they don’t just see information about you. They can also see data about your family relationships and associations. 

For example, LexisNexis says it can “identify relatives, associates and neighbors who may show up in photos or be mentioned in social media postings with a search of hundreds of networks and millions of sites on the open web.” 

This means that even if you personally opt out of data broker databases, your information might still show up in another person’s records, for example, those of your spouse. 

Your Divorce Is Not A Secret (to Real Estate Agents). Neither Is a Death In the Family

“In a down market, some real estate agents say the only real motivators for people to sell or seek property may be the three D’s: death, divorce and debt. But they are tricky markets to reach,” wrote the real estate media company The Real Deal about a decade ago. 

But how tricky is it really for realtors to find bereaved and divorced folks in 2023?

Thanks to data brokers, the answer is not very.

Real estate agents have always used public records to find leads ready to sell. Data brokers make this market even easier to access. 

• The Share Group, which sells divorced household leads’ lists for different geographic areas, says they “see when records go from married to single showing there’s been a separation between two parties” and that their data is “fresh and highly accurate.”
• Other lists The Share Group sells include: “Empty Nest Downsizers” and “Distressed Homeowners” (i.e., properties that are likely to go into probate).
• The companies that sell these lists and the people that buy them like to say they make it easier to help specific households “transition to the next part of their lives.” But we can’t help but think it’s a bit predatory. 

Obsession, Revenge, and Personal Data 

Sometimes you love someone, and they don’t love you back. Unrequited love happens all the time. When it does, the general advice is not to take it personally, give yourself time to grieve, and take up a new hobby. 

Unfortunately, a minority of people ignore the above. Instead, they steal their love interest’s identity and try to ruin their reputation.

In a Senate hearing, attorney and privacy consultant Mari Frank described the first cyberstalking case prosecuted in Orange County, California. 

• The case involved a man who, upset that a woman he liked rejected his advances, pretended to be her on an online chat room. He said she had fantasies of being raped and shared her address which he got from a data broker. After a few men appeared at her door, ready to indulge her fantasy, the woman had an emotional breakdown. 

An even more disturbing case is that of Amy Boyer. The twenty-year-old was killed after a man named Liam Youens found her personal information on a data broker. She had no idea he had been stalking her for more than eight years—ever since they met in eighth grade and she had turned him down. 

Why It’s Often Best If They Don’t Forget You Not 

For survivors of domestic violence, personal data on the internet can put them in immediate danger. Abusive persons can use data brokers and people search sites to carry out stalking, harassment, and physical violence. 

After a domestic violence survivor realized her personal information was available through data brokers, she said, “If you have someone who’s tried to kill you, for them to be able to just type in your name, and any known address that you’ve stayed at can pop up. It’s scary, because now they know ways to start trying to find you.”

There’s No Such Thing As a Blind Date

If you’re dating someone or are about to go on a first date, chances are, your date knows a lot more about you than you’ve told them. 

Most people do their research before they meet someone new. They may check you out on Facebook or LinkedIn. But they may also use people search sites. 

People search sites can also tell someone if you’re on other dating sites. You know, just in case they want a deeper dive into your dating and social life.

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape. 

Meta Sues Firm That Used Fake Accounts to Collect User Info

Meta has filed a complaint requesting that the surveillance firm Voyager Labs be blocked from its Facebook and Instagram services after the firm created fake accounts to scrape data from more than 600,000 users. The firm also partnered with the Los Angeles Police Department (LAPD) in 2019, allowing them to reconstruct users’ digital lives and predict criminal activity. 

According to Twitter, Exposed User Data Not the Result of a Hack 

Twitter says there’s no evidence that a database containing 200 million Twitter users’ usernames and email addresses, which is being sold online, came from a breach of its systems. Instead, Twitter says the database is likely a compilation of data that’s already available online through different sources. The database was added to Have I Been Pwned, which means users can check if their email is compromised. 

Disney Plus Asks Users to Share Their Kids’ Birth Dates

Disney Plus is now asking users with children to disclose their exact birth dates if they want to continue streaming. While parents are concerned, The Washington Post predicts that more services will do the same in the near future. The reason why: looming online age check laws, i.e., the Online Safety Bill in the UK and the controversial Age Appropriate Design Code Act in California. 

Hackers Buy Google Ads to Distribute Malware

Bad actors are buying Google ads to lure web users to fraudulent websites filled with malware. The malvertising campaign first garnered media attention after a cryptocurrency influencer fell for it, losing their cryptos and NFTs and access to personal and professional accounts, including Twitter. An investigation by BleepingComputer found that hackers even outbid legitimate developers for ad placement.

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: I just changed my phone number. Can my old number somehow put me at risk? 

A: Unfortunately, yes. 

Because phone numbers are recycled in the US, there are several privacy risks tied to switching numbers: 

• Accidental exposure. If you don’t tell friends, family, and businesses that you’ve got a new number, then messages/calls from them can expose your personal information to the new phone number owner. How to resolve this: Let everyone know you’ve changed your number. 

• Reverse phone lookup. The person who gets your old number could also run it through a people search site, which could give them enough information to impersonate you. How to resolve this: Remove your profiles from data brokers and people search sites. 

• Account hijacking. In case a user forgets their password, some websites allow them to authenticate themselves with a one-time passcode sent to their phone. 

With carriers that let people preview full numbers, hackers can look at the available numbers on online number change interfaces to see if any of them are linked to online accounts of previous owners. If they are, the hacker can buy the number and take over the account. 

But hackers can do the same even when you can’t reset your password using your phone. That’s because they can use an available phone number to find your email on a people search site and see if there are any breaches associated with it. How to resolve this: Don’t use your phone number for two-factor authentication, remove yourself from people search sites, update your phone number on online accounts (including those you no longer use, like Myspace), and be sure to change your passwords following breaches. 

It’s not just your old number that puts you at risk, though. 

Bad actors might also learn that you just got a new number and try to phish you with messages that look like they’re coming from your carrier. As a result, it’s a good idea to be extra vigilant right after you switch your phone number. 

Q: Are there any alternatives to DuckDuckGo that are more like Google? I like DuckDuckGo because of privacy, but I only get the results I’m looking for like 50% of the time.  

A: Really good question. 

Brave Search, which many people had given up on before, has reportedly improved over the last while, so you may want to check it out if you haven’t already—or if you had written it off because it didn’t live up to your expectations previously. 

And, if the results Brave Search returns are still not hitting the mark, try enabling “Google fallback mixing.” 

This will prompt Brave Search to anonymously check Google for the specific thing you’re looking for, which could improve the results Brave Search shows you next time. As Brave says, enabling this feature doesn’t have any impact on your privacy. 

There’s also Startpage, which actually uses Google search results, so it may be your best option if you like Google but are not comfortable with tracking. 

Startpage asks Google whatever you ask it and then privately shows you the results via its own site. Google has no idea who asked it a specific thing. It just sees “Startpack.”

Startpage pays for Google’s “Syndicated Web Search” and makes money from advertisers. Startpage users see ads based on their search queries but not on past searches, cookies, browsing history, or anything like that. 

Also, Startpage is adamant that it “never share[s] your personal details with any third party, including Google.” You can read its Privacy Policy here. 

Another interesting option is Kagi, a paid search product with a ton of interesting features (it even claims to be faster than Google). 

Kagi generally gets great reviews, but the price point will undoubtedly deter many people: $10 a month for unlimited ad-free, private search (that said, there is a free basic option that has usage limits). 

If you’re tech-savvy, you can also host your own private search engine, like searx. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.