Doxxing Defense
December 1, 2014 4:49 AM   Subscribe

 
This is a lot of work. Still, anything to make it harder for sociopaths is a good thing.
posted by a lungful of dragon at 5:23 AM on December 1, 2014 [1 favorite]


Thank you for this. I have been wondering how to protect myself and my info as of late.
posted by Hermione Granger at 5:35 AM on December 1, 2014 [1 favorite]


Note that if you have multiple listings on Spokeo it will eventually lock you out from submitting new requests, even if you complete the captcha correctly.

In order to prevent abuse, we must limit the frequency of automated privacy requests.

It's a bit rich that they can add you in an automated way but if you try to remove yourself from all the listings they block you claiming you're a bot. I also don't see in what way it is abuse to remove personal information which was collected without your consent, unless it's abusing their ability to monetize information that they collect and disseminate without permission?
posted by winna at 5:45 AM on December 1, 2014 [12 favorites]


I also don't see in what way it is abuse to remove personal information which was collected without your consent, unless it's abusing their ability to monetize information that they collect and disseminate without permission?

Bingo. It's the old game of waiting for you to wear out.

Machines are deviously good at this.
posted by Setec Astronomy at 6:04 AM on December 1, 2014 [4 favorites]


This is something I've been making a habit of staying on top of for a while now, after having gotten an EXTREMELY disturbing obscene phone call (when I answered, the guy recited my name and full address back to me, then told me that if I did not comply with answering his sexually-oriented questions he would "break in and rape and mutilate" me). Ultimately the police ascertained the guy was about eight state lines away, and probably got my number from a laptop he'd stolen out of a theater company I'd worked with, but while they were investigating I was doing a little of my own as well and found I was on several of these sites - and I spent a couple hours scrubbing my contact info off of all of them I could find.

And then I did it again just last year when a guy in Long Island who'd seen my OKCupid profile decided he wanted to cut out the middleman, and did some (admittedly impressive) Googling of my handle to find out if there was a place where I'd slipped up and had my real name somewhere, and then used a couple of these sites to find my number and ask me out. I chewed him out and then spent another couple hours scrubbing my info from the sites where I'd cropped up again.

This is unfortunately the kind of thing you need to periodically check back on to stay on top of. I'm not so worried about my real name being out there - there's about four people with my name, and right now most of the Google hits for that name belong to a wedding planner in Virginia. But just so long as my address and phone number don't get attached to that name, I'm good.
posted by EmpressCallipygos at 6:26 AM on December 1, 2014 [21 favorites]


EmpressCallipygos, that is appalling. Not surprising, but appalling. I'm really sorry you had to deal with that.
posted by Kutsuwamushi at 6:43 AM on December 1, 2014 [4 favorites]


thanks; I actually bounced back pretty fast because for some reason my stage-managers "handle the crisis" brain took over and I pretty much did everything right in terms of not feeling victimized; I was more pissed than anything, and got to tell him to fuck off right before hanging up and calling 911. Plus the detective they assigned to my case was totally a real-life analog for Detective Stabler which amused me more than anything else (hell, he and I even talked about BASEBALL during one of our phone check-ins at one point). So yeah, it was scary as shit, but my emotional response pretty much was more "oh no you DI'INT" than anything else, so I got off easy. :-)
posted by EmpressCallipygos at 6:55 AM on December 1, 2014 [7 favorites]


These are good, and I'm sure I'll make my way through the list some idle afternoon.

The funny thing to me, though, is that unless you use a straw man, if you own a home your name and address are likely searchable via your county's online registry of deeds. This seems very problematic to me, since it will show not only your address, but how much you paid for your home, and how much of that you financed. So Joe Smith, 123 Any Street, Anytown, Deed: $500,000, Mortgage: $100,000. From that you have a sense of Joe Smith's financial condition--i.e., he had $400,000 in cash to finance the sale, so he's doing alright. New home equity lines that appear later may suggest he's in financial straits (or paying for a reno, who knows). Some localities use a scan of the official document, with signatures and who knows what else on them. If one knows the right state, there are only so many different counties' online records to look at. There's probably a way to search all records in the country simultaneously. Rough if you have a distinctive name!

There's far too much information out there, and so much of it is far too searchable.
posted by Admiral Haddock at 7:10 AM on December 1, 2014 [4 favorites]


One solution to the phone problem is a honey trap. Install a phone number that is public and listed under your real name. Get it from the local bell to ensure maximum advertisement of your name/number (See below). The phone ringer is turned off and connects to an answering machine that is checked like once a month. Give this number out to banks, plumbers, doctors, etc.. anyone who might sell your number to a calling list and who can go straight to voicemail when they call. Then your real number remains private given to trusted parties only. For me this has almost entirely eliminated unsolicited calls. The honey trap answering machine is entertaining to listen to what comes through. Debt collectors are the worse, trying to collect debt I don't have.

Lines can be had for like $12 a month, no long distance service, charges for outgoing calls, etc.. it's not well advertised and you have to ask for the cheapest possible line for incoming calls. It subsidized pricing for poor people but available to anyone if you push for incoming calls only cheapest price no long distance service.
posted by stbalbach at 7:12 AM on December 1, 2014 [4 favorites]


There should be a law of some sort prohibiting sites like these from putting up artificial barriers such as requiring ID or only reaching them via Fax only in order to remove data about you. Thanks for this resource however, I was able to knock out about half of them with no problem.
posted by samsara at 7:14 AM on December 1, 2014 [1 favorite]


The more I see of this sort of thing, the more I wonder if "public records", as we've known them in recent history, are going to have to die, and relatively soon.

It was one thing when someone's address being on public record meant you could go to their local town hall and look them up; few people were going to travel to someone's home town, walk into a town office showing their own face, look up an address, and then proceed to mischief at that address. The barrier to entry of having to locate the records, and the fact that the looking up generally happened in person, was an inherent defense to misuse.

Now when looking those records up means typing two words into google and having your choice of thirty sites competing to feed you everything there is to know about someone, there are no defenses to misuse at all. No one can see you doing it and identify you to the victim. You don't have to get out of your chair. The most you might have to do is shell out a couple bucks to a faceless business whose livelihood depends on not caring who they serve that information to.

That's been true for a while, of course, but we are rapidly reaching the point where everyone knows it's the case, and everyone knows people are actually being injured by it. I suspect (hope?) it will soon become politically undeniable that we are owed protection from brokers publishing our personal details without permission (or holding them ransom in exchange for a driver's license/passport - really? to protect me from having my personal info leaked, you want even more secret personal info??). The same way that cyber-crime required a lead-up where it happened, people realized this was A Thing That Happens Now, and laws had to be written or re-written to encompass it as people came to understand how it worked, data protection is going to have to adapt to the fact that security through obscurity of public records is no longer valid in the age of Google.
posted by Hold your seahorses at 7:24 AM on December 1, 2014 [11 favorites]


If you have a ham radio license or pilot's certificate in the US, your full name and address are online for everyone to see, which kind of sucks.
posted by exogenous at 7:56 AM on December 1, 2014 [1 favorite]


Good god. I keep my personal information on 24/7 lockdown, and always have: no social media accounts (not even under a fake name), every single one of my phone numbers has been unlisted, I use only made-up words or my initials for my email accounts, and I avoid using my perilously unique legal last name as much as possible. I grew up with people to whom the act of calling up the White Pages operator to get your number and address taken out of the phone book was a basic rite of passage; privacy is never very far from my mind.

While I'd long since taken care of the one-click opt-out sites like Spokeo and Pipl, there was a whole bunch of stuff linked that I'd never even heard of before, and man, those sites had it all: court records, every address where I've ever signed a lease, the full names of my parents and siblings, a link to the deed to my house. At least now I know how my family of origin has been able to track me down after all these years; I had no idea all of this was out there, no idea how easy these sites had been making it for them to find me.

So it was incredibly satisfying and relieving to opt out of as many of these as I could, do all new searches, and observe that my listings had been removed almost immediately, but damn, the cat's already out of the bag, and I had no idea I'd have to jump through so many hoops to make my personal information less publicly searchable after spending the past 15+ years making deliberate decisions to ensure my online profile would always be minimized. Thanks for the post -- this is important stuff.
posted by divined by radio at 8:01 AM on December 1, 2014 [6 favorites]


Is anyone familiar with equivalent Canadian sites? I removed my information from Spokeo but the rest appear to be US-only.
posted by sea change at 8:06 AM on December 1, 2014 [1 favorite]


Why is the burden on us to keep our information private? Why isn't the burden on the government, or these data brokers, to keep it private? I feel we had, or are still having, this debate with identity theft: If a credit card is fraudulently set up in your name, it should be the bank's fault, not yours. Maybe these data brokers need to be made liable if a stalker uses their information to bad ends.
posted by Cash4Lead at 8:14 AM on December 1, 2014 [10 favorites]


I agree with Eric Schmidt: If I have something I don't want anyone to know, I shouldn't be doing it in the first place. You know, like living in an apartment, or having a phone number.
posted by Lyme Drop at 8:23 AM on December 1, 2014 [21 favorites]


Lyme Drop: I agree with Eric Schmidt: If I have something I don't want anyone to know, I shouldn't be doing it in the first place. You know, like living in an apartment, or having a phone number.
So... you admit to having a phone number, Mr. Commie Muslim Terrorist?
posted by IAmBroom at 8:43 AM on December 1, 2014


There's also this ironic catch-22 kind of thing in that if you (as in YOU, with your real name) have a fairly limited web presence, your personal info is easier to find. If I search my name, it's 3 or 4 pages into search results before the personal info (former addresses and phone numbers) comes up, because I've had a handful of articles posted with a byline. My parents, though, who mostly use the internet for CNN headlines and JoAnn's coupons -- their home address and phone number come up on page 1. (And of course my name is right there in their records, which list immediate family, which sucks.)

Using your mother's maiden name for any kind of security question is a really bad idea for this reason, nowadays. (Ditto: City of birth.)
posted by mudpuppie at 8:45 AM on December 1, 2014 [2 favorites]


here's what I got when I clicked on the Spokeo email to confirm that I have opted out:

Oops, there was an error on this page

A team of highly trained ninja hedgehogs are trying to correct the issue, so please be patient.
If you feel the hedgehogs are not performing their job adequately, please let us know.


so now they have my email as well...
posted by any major dude at 8:51 AM on December 1, 2014


I used to live happily under the assumption "Tom Clancy" was a pain in the ass to Google for but a little location information and presto! Nice to see using things like StackOverflow to help people can be used maliciously.
posted by yerfatma at 9:05 AM on December 1, 2014


So the question I have about this is that it seems like opting out of these sites would cause the (unredeemably lazy) background checks for employment to go "heyyyy, Kyol A Smith doesn't exist, red flag that request, wouldja?" It seems like a catch-22: I don't want to be available for J. Rando Internet Weirdo to look me up, but I need to exist for employment verification and such.

I mean, I already keep a folder of first and last paychecks and I know where my diplomas are because the last two background checks I've weathered have balked at basic investigations.
posted by Kyol at 9:10 AM on December 1, 2014


What's actually even more annoying is that I frequently need the business contact info (phone and email) of former clients who have agreed (in an informal conversation with somebody besides me) to be our references, and those cannot be found anywhere. Even when they are public clients, like cities. If you are Director of Whatsits for City of Bleh, your office contact info should be online. Sometimes I can find their private/cellphone info before I can find their public contact info.

(invariably, trying to just call the City of Bleh to find out how to reach the Director of Whatsits leads to one of those voicemail hellholes where you can only leave a message if you already know the extension).
posted by emjaybee at 9:19 AM on December 1, 2014 [1 favorite]


so now they have my email as well...

this is me in a nutshell. Paranoid enough to believe that the very act of seeking to scrub my info from the net will immediately alert search drones owned and operated by Those Who Seek To Destroy Me.

Best to just lay low, pretend I have nothing to hide, post links to random images and incredibly weird prog-rock vids.
posted by philip-random at 9:20 AM on December 1, 2014 [3 favorites]


If you have a ham radio license or pilot's certificate in the US, your full name and address are online for everyone to see, which kind of sucks.

The pilot database was a result of lawmaking immediately after 9/11 (maybe part of the Patriot Act?). Since, you know, now everyone with a pilots license is a suspected terrorist. I get a ton of junk mail because of it.
posted by backseatpilot at 9:47 AM on December 1, 2014 [2 favorites]


I have a rare surname and a rare first name and I used to "warblog" back when that was a thing. I am utterly screwed on internet privacy/Google presence/etc. On the extremely minor upside, I live in Texas, so when somebody calls to tell me they're waiting outside my door to rape and mutilate me because I'm an uppity feminist bitch, and I tell them to bring it on and I'll meet them with my shotgun, they'll have to guess whether I'm bluffing.

(NB: My father actually did this to someone who we thought was a drug dealer. He decided our number belonged to someone named Roy, called repeatedly, and threatened to blow my father's brains out if he didn't put Roy on the phone. While we did not have a shotgun, there was a loaded weapon in the house. Nothing came of it, but my take on internet threats against my person was colored by that event, though I recognize others react differently.)
posted by immlass at 10:04 AM on December 1, 2014 [1 favorite]


The EU Right to be forgotten may have its flaws, but I prefer it to the current system where these companies can simply collect and sell your data with no way to easily force them to remove and stop collecting your data.
posted by humanfont at 10:05 AM on December 1, 2014 [3 favorites]


backseatpilot: "The pilot database was a result of lawmaking immediately after 9/11 "

I believe the law predates 9/11 by a couple of years. I guess people can opt out — maybe I should do that. Also, around the time my pilot medical certificate is up for renewal, I get postcards from aviation medical examiners soliciting business. Something about the medical aspect makes it a little extra creepy.
posted by exogenous at 10:12 AM on December 1, 2014


A few years ago I signed up for a Google voice number (free), and give only that number to businesses, which goes directly to voicemail. My personal cell number only goes to family and friends. If the Google number gets too polluted by unsolicited calls, I can just torch it and get a new one, and start giving that one out. This has successfully avoided nearly all unwanted calls to my cell phone.

I also refuse to give my address to any merchant (other than of course if delivery is needed, or I'm entering cc info). I have a separate email address for all commerce-type transactions.

This separation of data streams has been extremely effective.
posted by LooseFilter at 10:26 AM on December 1, 2014 [4 favorites]


I had no idea I'd have to jump through so many hoops to make my personal information less publicly searchable after spending the past 15+ years making deliberate decisions to ensure my online profile would always be minimized.

My experience has been that you should check back annually to make sure you're still in the clear, unfortunately.
posted by poffin boffin at 10:33 AM on December 1, 2014


Also can anyone confirm or deny that I am being ridiculously overparanoid in wondering what kind of data/connections/idfk is gathered by someone (google? facebook? satan?) when an individual takes all these steps to remove themselves from databases?
posted by poffin boffin at 10:40 AM on December 1, 2014


Don't forget to add driving a car to the list of privacy-deficient activities:

Vigilant, for example, offers its law-enforcement customers access to its National Vehicle Location Service (NVLS) private database, which contains 2.2 billion scans. Conversely, if a PI wants plate information from a police department, a written request is often all it takes. That arrangement is what unlocks the data to the public.

For a private citizen to tap in, he simply hires a licensed investigator to make the request. The cost? About $100. This means that anyone with enough cash can track your car’s movements without you knowing about it – or being able to stop it.

posted by RobotVoodooPower at 12:03 PM on December 1, 2014


The EU Right to be forgotten may have its flaws, but I prefer it to the current system where these companies can simply collect and sell your data with no way to easily force them to remove and stop collecting your data.

One of those big flaws being that there's no real boundaries on the Internet, so data of EU citizens is found just as much on these sites as US citizens.

Thanks for the reminder that it is actually possible to get your data off these sites. Scary how closely some of them are able to link location and job data.
posted by wingless_angel at 12:57 PM on December 1, 2014


It's been a few years since I've gone down this rabbit hole. It was scary enough then (and I've been pretty privacy-savvy since the mid-90s), but I'm actually afraid to look now.
posted by Room 641-A at 3:17 PM on December 1, 2014


...and of course I'm a notary public which means my name, address and personal information is irrevocable public record with the State of Colorado.

:P
posted by lonefrontranger at 4:00 PM on December 1, 2014


If a credit card is fraudulently set up in your name, it should be the bank's fault, not yours.

I have a similar little internal dialog every time I use an ATM and the display reminds me to protect my PIN - "No, you protect my PIN."
posted by paleyellowwithorange at 8:57 PM on December 1, 2014 [3 favorites]


« Older Look at the flowers, AMC   |   "a question of human dignity", said the archbishop Newer »


This thread has been archived and is closed to new comments