Ethics Findings: Data Broker Removal Agencies

[SorryBella]

(Very long post incoming, im sorry in advanced if this thread is hard to read)

 

So ive seen more and more sponsor spots for what i would widely call Data Broker Removal Service. Youre probably familiar with 2 of these, DeleteMe and Incogni.

 

Their premise is quite simple, and ill paraphrase the sponsor talks of both of these services: tracking and cookies has become so sophisticated that Data Broker has become a very very lucrative and easy job to do, and they sell into any online customer from corporations to actual scammers. Their services provides the ability to automate or let someone else submit removal requests against Data Brokers on your behalf, and continues to do so as their database expands.

 

At first i think this is a pretty damn cool service, especially as someone that understoods that true privacy in internet is practically dead, i could see the merit of a way to buff off the bruise from the outside, especially if their database is as extent as they tout themselves to be in the sponsor.

 

But then i looked at their business model, and yeah my reality got checked as usual and im like that time TheReportOfTheWeek bought Popeyes Cheddar Shrimp.

 

 

Lets start with the first thing i discovered on Incogni site, false discounts. Their discount is severely overmarketed as is because they used the advertised annual plan pricing and then compare it to their monthly pricing, an apples to oranges comparison as not everyone can support an annual subscription massive upfront cost.

While buy 6 months for 6 months free is insane deal in the current climate of subscription services and this comparison alone is not that malicious on the outside (if someone can tell me if they kept the same 78$ charge for 2nd year, thatll be appreciated info for this thread), its once you add other discount where it falls apart in legitimacy to me. 

 

For example, this is the current mobile homepage of Incogni as per 26th of November 2023. Theyre advertising themselves an annual plan discount of 55%. This sounds innocuous enough on its own, but we already know that the annual plan as is is already advertised as "50%". So what? 110%? I mean hot damn Incogni if youre that thirsty for customer base, have you try on foot advertising? OR is it the far more logical 5% discount, which means you stacked the initial annual "savings" to that, which is a SEVERE use of dark pattern marketing which is insanely contradictive of their "pro individual internet user" image. This isnt just an error in their banner deals on their homepage, it also applies to their affiliate description, take a look at this one from a very recently uploaded Mentour Pilot video:

 

The correctly marketed discount rate is only used in their opt-out blog post, as shown here:

 

Next up, contradictive privacy policy. For a company that projects that theyre willing to bust butts for your privacy, they seemed to be either ambivalent or ignorant of their privacy policy impact to customers data. In a way, reading to it kinda make me feel like looking at the Peacekeeper/Peacebreaker dynamic from Psycho-Pass: Sinner of the System Part 3 (very specific reference but its straight up a spitting image to me as you can tell), An organization eager to push for peace treaty, yet under the surface they orchestrated chains of false flag operations to cause said peace treaties to fall apart.

 

Both of this site uses cookies, which alone is practically non-issue, i mean youve seen this comic strip hundreds of times right?

 

But what they collect is severely contradictive to their mission. Im glad that Incogni lampshade themselves here in their Privacy Policy by stating that they have Google marketing and analytics cache on, and yes while they do comply with GDPR (which is a good call because they have service in EU member nations and Swiss) by giving the user the option to opt out of marketing telemetry, they do not let you opt out of analytics, and they use the same awful dark pattern of "Accept All" button without a direct access "Accept Necessary" button. 

 

DeleteMe is even more egregiously insane in their cookie run, verbatim from their privacy policy:

Quote

To create anonymous data. We may create aggregated and other anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

 

It has been proven many times that this aggregated anonym data is not in fact, aggregated nor anonym. There is still enough data congruency for someone to specifically target a user in this aggregate, and they can be subjected to target advertising and thus returning us back to square one. They have to know this, this is their business. Its like a KFC franchise willingly sell a half cooked chicken even after we thoroughly know that chicken meat is a petri dish for Salmonella.

 

Third point, lack of data breach contingency disclosure. Quis custodiet ipsos custodes?  Their entire business model hinges on your data being cleared off from the internet, but they never bothered to disclose how they will respond to data breaches of their own to the customer, one of the more common way for rogue data brokers (or some legitimate ones) of getting your personal information. While we have yet to see either of these people get breached in public, there has to be a plan on what to do if that happen. Will there be a compensation to your plan? What to do with the leaked data, drink the kool aid and buy their data to get it off the breachers pool, possibly encouraging more data breach attempts? Or are they gonna just hold contempt like other services?

 

And finally fourth, lack of incentive to prevent. For someone being vouched by Surfshark - a brand with emphasis on prevention of MITM attacks (which btw have failed to be relevant in Post-HTTPS era) - Incogni (and DeleteMe as well) only provide active protection against data brokers. This means that its still up to yourself to keep your data out of the internet through various means, and once that active protection lapsed, youre now responsible to not only keep your data out, but also to delete it. Like atleast a guide to setup an AdGuard to kick trackers off you wouldve been miles ahead more appreciated than nothing that there is right now.

 

So to summarize, Data Broker Removal Services have severe hole in their premise, and severe hole in their practices, which completely eroded my trust in its ethicality to endorse it in any capacity whether thats inside of sponsor extent or not. This includes but not limited to:

1. Scummy marketing tactics.
2. Contradictive privacy policy pertaining cookies and personal data disclosed to them.
3. Lack of data breach plan.
4. Lack of incentive to give a good faithed post-service plan to the customers.

[kirashi]

On 11/25/2023 at 9:54 AM, SorryBella said:

(Very long post incoming, im sorry in advanced if this thread is hard to read)

 

So ive seen more and more sponsor spots for what i would widely call Data Broker Removal Service. Youre probably familiar with 2 of these, DeleteMe and Incogni.

 

Their premise is quite simple, and ill paraphrase the sponsor talks of both of these services: tracking and cookies has become so sophisticated that Data Broker has become a very very lucrative and easy job to do, and they sell into any online customer from corporations to actual scammers. Their services provides the ability to automate or let someone else submit removal requests against Data Brokers on your behalf, and continues to do so as their database expands.

 

At first i think this is a pretty damn cool service, especially as someone that understoods that true privacy in internet is practically dead, i could see the merit of a way to buff off the bruise from the outside, especially if their database is as extent as they tout themselves to be in the sponsor.

 

But then i looked at their business model, and yeah my reality got checked as usual and im like that time TheReportOfTheWeek bought Popeyes Cheddar Shrimp.

 

 

Lets start with the first thing i discovered on Incogni site, false discounts. Their discount is severely overmarketed as is because they used the advertised annual plan pricing and then compare it to their monthly pricing, an apples to oranges comparison as not everyone can support an annual subscription massive upfront cost.

While buy 6 months for 6 months free is insane deal in the current climate of subscription services and this comparison alone is not that malicious on the outside (if someone can tell me if they kept the same 78$ charge for 2nd year, thatll be appreciated info for this thread), its once you add other discount where it falls apart in legitimacy to me. 

 

For example, this is the current mobile homepage of Incogni as per 26th of November 2023. Theyre advertising themselves an annual plan discount of 55%. This sounds innocuous enough on its own, but we already know that the annual plan as is is already advertised as "50%". So what? 110%? I mean hot damn Incogni if youre that thirsty for customer base, have you try on foot advertising? OR is it the far more logical 5% discount, which means you stacked the initial annual "savings" to that, which is a SEVERE use of dark pattern marketing which is insanely contradictive of their "pro individual internet user" image. This isnt just an error in their banner deals on their homepage, it also applies to their affiliate description, take a look at this one from a very recently uploaded Mentour Pilot video:

 

The correctly marketed discount rate is only used in their opt-out blog post, as shown here:

 

Next up, contradictive privacy policy. For a company that projects that theyre willing to bust butts for your privacy, they seemed to be either ambivalent or ignorant of their privacy policy impact to customers data. In a way, reading to it kinda make me feel like looking at the Peacekeeper/Peacebreaker dynamic from Psycho-Pass: Sinner of the System Part 3 (very specific reference but its straight up a spitting image to me as you can tell), An organization eager to push for peace treaty, yet under the surface they orchestrated chains of false flag operations to cause said peace treaties to fall apart.

 

Both of this site uses cookies, which alone is practically non-issue, i mean youve seen this comic strip hundreds of times right?

 

But what they collect is severely contradictive to their mission. Im glad that Incogni lampshade themselves here in their Privacy Policy by stating that they have Google marketing and analytics cache on, and yes while they do comply with GDPR (which is a good call because they have service in EU member nations and Swiss) by giving the user the option to opt out of marketing telemetry, they do not let you opt out of analytics, and they use the same awful dark pattern of "Accept All" button without a direct access "Accept Necessary" button. 

 

DeleteMe is even more egregiously insane in their cookie run, verbatim from their privacy policy:

 

It has been proven many times that this aggregated anonym data is not in fact, aggregated nor anonym. There is still enough data congruency for someone to specifically target a user in this aggregate, and they can be subjected to target advertising and thus returning us back to square one. They have to know this, this is their business. Its like a KFC franchise willingly sell a half cooked chicken even after we thoroughly know that chicken meat is a petri dish for Salmonella.

 

Third point, lack of data breach contingency disclosure. Quis custodiet ipsos custodes?  Their entire business model hinges on your data being cleared off from the internet, but they never bothered to disclose how they will respond to data breaches of their own to the customer, one of the more common way for rogue data brokers (or some legitimate ones) of getting your personal information. While we have yet to see either of these people get breached in public, there has to be a plan on what to do if that happen. Will there be a compensation to your plan? What to do with the leaked data, drink the kool aid and buy their data to get it off the breachers pool, possibly encouraging more data breach attempts? Or are they gonna just hold contempt like other services?

 

And finally fourth, lack of incentive to prevent. For someone being vouched by Surfshark - a brand with emphasis on prevention of MITM attacks (which btw have failed to be relevant in Post-HTTPS era) - Incogni (and DeleteMe as well) only provide active protection against data brokers. This means that its still up to yourself to keep your data out of the internet through various means, and once that active protection lapsed, youre now responsible to not only keep your data out, but also to delete it. Like atleast a guide to setup an AdGuard to kick trackers off you wouldve been miles ahead more appreciated than nothing that there is right now.

 

So to summarize, Data Broker Removal Services have severe hole in their premise, and severe hole in their practices, which completely eroded my trust in its ethicality to endorse it in any capacity whether thats inside of sponsor extent or not. This includes but not limited to:

1. Scummy marketing tactics.
2. Contradictive privacy policy pertaining cookies and personal data disclosed to them.
3. Lack of data breach plan.
4. Lack of incentive to give a good faithed post-service plan to the customers.

Oh good - another Data Broken Removal company to add to my Company Blacklist™. I did a brief analysis of DeleteMe's sister service IronVest, linked below. The results were extremely unfavorable for a privacy / security focused company.

 

[SorryBella]

2 hours ago, kirashi said:

linked below

Better write up than mine, but pretty much the same issue. The policy is super anti consumer, and their service that can hypothetically be equal or better than their competitor is hampered by said policy.

 

I think i agreed with @GOTSpectrum opinion when i discussed it in a discord server with him that as-is, its practically buying aromatherapy.

[IkeaGnome]

4 hours ago, SorryBella said:

that as-is, its practically buying aromatherapy.

But slightly less useful. At least aromatherapy could leave you smelling good. 

[GOTSpectrum]

8 hours ago, SorryBella said:

Better write up than mine, but pretty much the same issue. The policy is super anti consumer, and their service that can hypothetically be equal or better than their competitor is hampered by said policy.

 

I think i agreed with @GOTSpectrum opinion when i discussed it in a discord server with them that as-is, its practically buying aromatherapy.

Fixed my preferred pronoun 

 

But yes, I would not buy any of those services lmfao 

[smcoakley]

This doesn't surprise me much - this kind of service category has always made me extremely skeptical. Not because in theory it could be useful, but because in practice its the kind of thing that can easily get away with no measurable value. How do I know if I am getting my money's worth? How do I know that things were actually removed that should have been? It is all too easy for this sort of thing to be, "Here, we invented a problem, but don't worry, here's a solution!" The fact that these kinds of services are almost always recurring subscriptions with bundled extras is a telling sign.

[Monkey Dust]

We collect your data, so we can sell it to the companies we asked to delete your data! Sweet business model, until your users realize.