The privacy threat model sitting at your dinner table


Estimated reading time: 3 minutes
Category: Privacy

Many of you will have read about the recent bankruptcy of the genetic testing company 23 and Me. They ran one of those services where you spit in a tube, sent it away in the post, and got a report back telling you “where you were from” (based on a cable-TV understanding of 200 years of global history) and, more to the point, what diseases you might develop someday (based on playing on people’s neuroses).

Now that the company has gone under, of course, all that data – meaning people’s genetic fingerprints – are now just corporate assets up for sale, with no protections for the people that data is about, or rights for those people to have a say in where that data goes. (Naturally, people are gobsmacked that the cheap gimmick they fell for turned out to be a cheap gimmick.)

There was a time when those spit kits were popular family gifts, mostly among families looking for hyphens. By which I mean, some sort of quaint identifier to attach to their identity, as if that identifier from centuries past had any meaning to who they are today. Yeah, you know the type. “Oh wow, I’m 14% from Holland and 18% Scotch! I’m Dutch-Scotch-American!”*

Then there was another type who loved these kits, and they’re the ones I want to discuss in context today.

This is important.

Because in our increasingly dystopian times, when most of you are working on your personal threat model, you’re probably overlooking the walking, talking, smiling threat model who is sitting across from you at the dinner table.

And that, dear readers, is your genealidiot.

The genealidiot – more to the point, your family history fuckwit – is the one who’s really into family history research. Data is their passion. They’ve done quite a feat of tracing things back centuries, as far as surviving records will go.

What you don’t know is that they were just as diligent in the other chronological direction.

If you thought family history research was about researching long-gone generations in the past, have a word with your family genealidiot, who has created a public data lake about you, everyone else at the dinner table, and all of your living relatives without your knowledge or consent.

You tend to find this out after they send you a link to their family history research, like a proud child showing off their artwork, and you log in to find not grainy photographs from two centuries past, but a massive doxx about yourself.

Your medical records? Your essential documents? Your current and past addresses? They’re all there. On a “family history” site. Publicly accessible to anyone on the planet who logs in.

And then you find your kids. And their data. And their schools. Everything.

It’s “family history research!!” šŸ™, after all.

And your family history fuckwit is proud of this.

It is critical for everyone to recognise that one of the biggest privacy risks in your threat model might be sitting across from you at the dinner table. They don’t look like a threat. They don’t sound like one. But the damage has been done. Family history researchers are a critical threat. They always have been.

I would highly recommend you do a few things here:

  1. Make sure that your genealidiot has not, in fact, doxxed you online.
  2. Explore whatever sites said genealidiot used to see what’s there about you, and use the sites’ procedures to have your data deleted.
  3. At this point, the genealidiot will respond in two ways:
    • First, they will throw a massive family-wide tantrum about how badly you hurt their feelings because you didn’t show “gratitude” for their family history research.
    • Upon learning that you have deleted your information, they will take this as your intention to delete yourself from the family. Every secret resentment about you that they’ve been toting up on a mental list, since you vomited on their carpet as a toddler, will come out. “You never really loved us!” “You never wanted to be part of this family!” Have fun with that.
  4. Repeat this process with genetic/DNA sites, to make sure the genealidiot has not also doxxed you there so that they could find out that they are “18% Scotch”.*
  5. Now think like a genealidiot: work backwards. See that data they used to doxx you: where did they get it from? What sites etc? Because now you’ve got to delete your data from those sites too.
  6. Again, think like a genealidiot: work forwards. Assume that everything they’ve posted about you has been hoovered up by several dozen data brokers.

By now you’re wishing you’d stabbed your genealidiot with that spit kit they handed you under the Christmas tree when you had the chance. Quite right.

If you’re reading this, and you think you may be showing signs of becoming a genealidiot, do you still want to find out where it is you come from and who you are?

Let me tell you.

You don’t own a passport and you spend your life driving a big stupid SUV up and down a six lane highway to go to and from Wal-Mart.

That’s where you come from.

You’re already there.

*Do not attempt to become “18% Scotch”, though many have tried.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.

2 Comments

    • Yeah Michael, being betrayed by relatives who put your immediate personal safety at risk for their hobby is incredibly shitty, as are extended family members – and reply guys – who try to shame you for calling out their dangerous and deeply irresponsible behaviour.

      So what’s your story, then, Michael? Guilty conscience?

Comments are closed.