DeleteMe Privacy Service Review Part I

DeleteMe Privacy Service

I frequently get asked about paid privacy services. There are several such services out there. Unfortunately I have not worked with any of them, and cannot give a good answer. Until now, perhaps. As you know, last week I put out a call for a volunteer for the DeleteMe privacy service. Within just a few hours of last week’s post going live, I received a response from John (a pseudonym). John is a 30-35 year old male from the mid-western United States. He and I exchanged a few emails and got busy.

DeleteMe Privacy Service Review

John was kind enough to provide me with some light biographical details. I used this information to conduct a rather detailed search for his information on people-search sites like Spokeo, That’s Them, and Whitepages. John has a level of exposure that is pretty average for the typical American. Within just a few minutes I managed to locate fifteen instances of John’s personal information exposed online. This information included his home address, cell phone number and carrier, and the names of his spouse, parents and other family members. I was also able to locate several previous addresses, which we also want removed because they can be used to verify financial transactions.

I double-checked all of this information with John to make sure it was really him. The sum of this information would be enough to launch a social engineering attack against John or his family. It would also be more than enough for a stalker to physically locate them. I recorded all of the links so I can periodically check and see what has been deleted and what hasn’t. I also found a couple of mentions of John that may be challenging to remove. These are voter records on third-party websites; this will be a good test of DeleteMe’s abilities to remove information beyond the boilerplate opt-out forms.

With this in mind, John took the first step and set up his account with the DeleteMe privacy service. He reported the setup as fairly painless: create a username and password, pay for the service, and input some personal data. Many of you may be nervous about this: for the service to work, it has to know who you are. This means that you have to provide your full name (as well as any aliases used), current and former addresses, telephone number, date of birth and email address. Additionally, to prove to DeleteMe that you are who you say you are, you have to provide a photograph of your drivers’ license.

Next Steps

After submitting your information, there isn’t much to do. Within twenty-four hours of submission, DeleteMe had issued a “Report for John Doe”. Opening this report revealed the list of websites where his personal information had been found by the DeleteMe privacy service. Scrolling all the way to the bottom, it also enumerated a list of aggregators that collect information from the primary sites like Spokeo. The full list includes: 123people.com, 99lists.com, anywho.com, dexknows.com, emailfinder.com, freephonetracer.com, lookupanyone.com, peeepl.com, peoplesmart.com, phonebook.com, Private Eye, publicrecords.com, Public Records Now, spock.com, switchboard.com, thepublicrecords.com, toppeoplefinder.com, USA People Search, Wink.com, Yahoo People Search, and Yasni.

DeleteMe Privacy Service

The next step is to wait. DeleteMe warns that although opt-outs are processed more or less immediately, some sites may take longer than others to respond. In 14 days I will search to verify the results of the opt-out.

The biggest reservation I have so far with providing this information is that your DeleteMe account cannot be protected with two-factor authentication. To use the service you have to place a great deal of very sensitive information into an online form that is protected only with a password. After speaking with a senior executive at Abine, I am told that two-factor authentication for DeleteMe accounts is planned for the near future.

A special “thank you” to John, without whom this wouldn’t have been possible. John has been very responsive to my emails and has helped me out considerably in this effort.

If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.

11 thoughts on “DeleteMe Privacy Service Review Part I”

  1. It will be interesting to see what information still remains after DeleteMe finishes their ability to opt-out. Some information will remain and if you and John desire, people in the community (like myself) can offer tips to do an even more complete job with his removals. Hopefully John is open to suggestions on changing his habits going forward to prevent info from being repopulated into the system over time and also taking more advanced steps to protect his info. All of that would be good to share as part of your review. John…if nothing else, invest in Justin’s book. Thanks to both of you for doing this series of posts!

    1. Thanks for your support! There were a couple of things that I found (that were rather obvious) that DeleteMe doesn’t mention. Hopefully sites are drawing from other sources and disappear. If not, I am going to talk to DeleteMe about adding these to their search queries. I also want to find out about DeleteMe’s personalization. In any event it will be interesting.

      Thanks again for your support and for following!
      Justin

  2. Fantastic story thread! I’m very interested in the outcome. I’ve read several of Bazzell’s books and understand how daunting this task will be if you opt to undertake this. I’ve always been curious how easy/thorough this is if you are married to someone who doesn’t share the mindset (my wife thinks I’m nuts for everything I’ve put in place. It’s very difficult getting her to use 2FA, even. Annoying.)

    Anyway, keep up the good work!

    John

    1. John,

      Thanks for commenting. You aren’t the only one to have problems getting your significant other on board! It would simplify things a lot if you could sign up for something like DeleteMe and have this all taken care of for you.

      Justin

      1. So… Did it work? I’m interested in becoming a customer, but will take it on myself if it their service is ineffective.

    1. It’s coming. If you’d like to pay my salary so I can quit my job and work on the blog on your timeline, let me know. In the meantime, be polite.

Leave a Reply

Your email address will not be published.