is there no tool or app or ai agent that cant just automatically request your data to be deleted?
jFriedensreich · 2h ago
And as important: making it impossible or very hard and annoying to export and own your data.
legohead · 5m ago
We didn't set out to hide our GDPR requests, we put them behind our Support/Legal button. But we got sued anyway, and we lost.
Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.
anonzzzies · 2h ago
Yes, I am happy I can export my data with google but boy it is annoying to do.
yard2010 · 2h ago
Those pricks throttled the download to 30 kbps. When I tried to download with aria, after a few failed attempts (not straight forward ofc) I got a message saying I can only download it 6 times, and that I should send a new request.
This is evil.
dkiebd · 1h ago
I have downloaded my data with google takeout dozens of times without a single issue. Speed was very high (maximum possible for my connection) and never had a download error. I’m talking about multi-gigabyte exports of my email and my drive.
anonzzzies · 1h ago
I have 900gb in my account and on my 500mbps connection it took forever to download, not because of my speed but because of theirs and it just 'connection failed' at 80% many many many times and asking to relogin. It should be illegal. Not supporting just wget -c (you can use it with a lot of trouble/hacks and it's not reliable which defeats the point) is just clearly done to annoy you into not doing it.
jeffbee · 1h ago
Yes, I am sure this is a mustache-twirling power move by Google, and not a bug in your obscure 20-year-old HTTP utility.
cnst · 2h ago
Some companies somehow blatantly get away with not allowing any export at all.
For example, Amazon eero, the overpriced WiFi router that doesn't even work (without phoning back home and having an app installed on your phone). They had an outage like a year ago, and during said outage, all your existing ad blocking stopped working, too, even if you never rebooted during the outage, and even though said blocking is supposed to be performed locally. I think you can't even get the ad blocking unless you or your ISP pays for the special subscription, either. (I imagine the thing could have removed all local ad blocking settings and lists during the time it couldn't confirm you're still a paying customer because their cloud was down?)
Does anyone know how exactly does Amazon get away with not providing data export for their eero product? I haven't seen a Blink or Ring exports, either. The main Amazon dot com does have the export, which has some extensive data you may not think they do collect, but it doesn't cover eero, Blink or Ring.
Someone · 1h ago
> Does anyone know how exactly does Amazon get away with not providing data export for their eero product?
I checked eero.com. It seems info about the product other than “it’s a secure WiFi router that doesn’t require users to manage it” is in the videos, if it is on that site at all, but I couldn’t get the videos to play, so I may be wrong, but why would a WiFi router have personal data on the device?
It will have the username and password at your internet provider, but what else does it store?
cnst · 25m ago
It collects WiFi Radio Analytics (2.4GHz / 5GHz-Low / 5GHz-High frequency utilisation), Activity History (data usage by device, as well as "scan" and ad blocks by device).
For ad blocking and network control, it also has "Block & Allow Sites" with the blacklisted and whitelisted domain names, which you may have to use to block ads and also unblock some domains that stop working as a result of bogus entries in the ad block.
All of this information is stored in the cloud, but I found no way to export it in any way. I've actually contacted eero, asking for the export, and they've basically admitted that it's not supported.
williamscales · 1h ago
I’m guessing Amazon could have info on their side about your eero. Without knowing more about the router’s cloud functionality it’s hard to say what exactly they would have.
datadrivenangel · 3h ago
"After reviewing the websites of all 499 data brokers registered with the state, we found 35 had code to stop certain pages from showing up in searches."
That's not as bad as I would have expected
tracker1 · 1h ago
Has anyone used deleteme or a similar service? What was your experience, and do you feel it was worth it?
It feels like such a cat and mouse game, that should be easy to automate, that said, I'm not sure it'll be effective.
neon_electro · 1h ago
I have used Incogni for a few years now, I was a little worried after the first year things wouldn't be worth the price, but I'm noticing that there are data brokers who will happily remove you but not put you on a block-list, meaning that they will happily ingest your information again if it comes to them, and another request from Incogni will be needed to remove it again.
I'm on the fence about whether that's real value delivered from Incogni, but I do think overall it's working to limit some of the spread of my data.
temp0826 · 1h ago
I have (optery, not deleteme) and I think it's good to use at least once to clear out a buildup of your info out there. I couldn't justify paying for it monthly but if I was a semi-important person it might be worth it, or at least 1 or 2 months out of the year. Many brokers aren't responsive and it takes forever or never actually happens, and stuff definitely creeps back, but from what I can tell there is a heck of a lot less of me out there.
hendo3000 · 3h ago
Does deleting your data even matter if it's already been sold to a data broker?
jboggan · 45m ago
If you are a California resident you can request a deletion via the state's new DROP platform which is launching next year. That will send the deletion request to every registered data broker in the state who will then have 45 days to comply. Part of that compliance is sending deletion notifications to everyone downstream that they have shared or sold your data to in the past. The penalty for not responding to a DROP request is going to be $200 a day, per request.
Starting in 2028 CA registered data brokers will have to undergo audits to ensure that they have been complying with deletion requests to the fullest extent of the law. Now, maybe only 20% of actual data brokers are registered in California like they are supposed to be, but it's a start.
Shameless plug: I'm building a platform to help the data brokers actually delete the data they are supposed to, provide full auditing and accounting for that process, and automate privacy request handling: forgetmenaut.com
ChrisMarshallNY · 2h ago
What mugshot extortionists do, is charge you to delete your mugshot, then move it to another domain that they own.
nemomarx · 2h ago
"will pay to delete info" is one of the more valuable pieces of data about you after all
BolexNOLA · 2h ago
There’s still value in turning the faucet off if you ask me. Especially if you’ve hardened security/privacy practices to better protect yourself moving forward.
I only got really serious about consistently using VPN’s, firewalls, adblockers, and more privacy centered browsers a few years ago. I would say over the last 8 to 12 months I finally started to see it pay off. I still don’t see a lot of ads if ever, and they are wildly off target when I do see them. Using email aliases that I regularly purge has also made a huge difference when it comes to password/info leaks in particular.
Now if I could only get my damn phone number under control… so tired of the endless spam texts
amarcheschi · 3h ago
btw, in europe, UK, turkey you should be able to use the official european digital advertisement alliance website to opt out from profiling from a bunch of ad providers: https://www.youronlinechoices.com/
droolboy · 3h ago
Try trying to delete your open ai data. Even if you live somewhere with the right to forget or some protection they refuse the request unless you upload a copy of your ID. But then they have that data.
I don't think there is a mechanism to do that. I think that puts all AI models in breach of the GDPR by default.
I might be wrong but if I'm not that's a serious problem for AI companies.
Vinnl · 46m ago
> Telesign, a company that advertises fraud-prevention services for businesses, offers a simple form for “Data Deletion” and “Opt Out / Do Not Sell”. But that form is hidden from search engines and other automated systems, and isn’t linked on its homepage.
>
> Instead, consumers must search about 7,000 words into a privacy policy filled with legalese to find a link to the page.
In fact, while they do have a robots.txt [1], their form [2] isn't actually listed there. Instead, the page itself has a meta tag:
<meta name="robots" content="noindex, nofollow">
The reason is probably something mundane like this being easiest to do via the Wordpress UI, but putting on my conspiratorial hat, they just want to make it even hard to find out that they did this.
(Disclosure: I work on Mozilla Monitor, where we try to help people send these data deletion requests.)
Of course you did. I've been submitting GDPR subject information requests to companies that spam me - and most of them ignore me.
The ones that do take the time to reply usually say "We've deleted your personal data now", which is not at all what I want. I want to know what details they have about me, where they obtained it, and why they think spamming me is acceptable.
I've got a folder where I keep printouts of the recent offenders, and once I get a few weeks of holiday I'll start filing small-claims cases against them.
graemep · 2h ago
> I've got a folder where I keep printouts of the recent offenders, and once I get a few weeks of holiday I'll start filing small-claims cases against them.
A rare case of doing God's work at a profit!
benjiro · 1h ago
Here is another offender "VanceAI" ...
Try deleting your account with the delete button. Nothing happens. Everything on the site perfect, just that Delete button is broken (and the request times out).
But wait, you can send a ticket. Get response days later that it is marked as resolved.
You go back to the site ... O, i am still logged in with my old session.
Then you see your email: deleted_2544642405_blabla@gmail.com
So fake "delete" by simply putting a deleted and some timestamp before your email address, while keeping your other data.
O and the Delete button is also not fixed ;)
Companies really only seem to learn with some hefty GDPR fines.
725686 · 1h ago
Deleting your personal data is just an illusion.
Companies just mark your data as "deleted", but keep the data anyway, in the best of cases just for auditing purposes.
You will never, ever, be able to delete your data.
Stop dreaming.
JoshTriplett · 1h ago
Don't stop dreaming. Keep fighting.
johnisgood · 1h ago
Exactly, that is what I have been saying for ages.
People think they can delete their messages on say, Discord. I tell them it is not deleted, just marked deleted. The data is still there.
martin-t · 1h ago
Here's how the law should work.
You own the data you produce, both intentionally (writing, making videos) and unintentionally ("metadata", logs). You have to explicitly give others permission to use that data for any purpose where money exchanges hands (and many where it does not). You can limit or revoke the permission at any time.
fnord77 · 3h ago
Is there any downside to requesting data brokers delete your personal data?
SilverElfin · 2h ago
my worry is that the request to delete data requires that you give them data about who you are. And who knows what they will do with that
amanaplanacanal · 3h ago
The biggest downside is that it's probably a waste of your time.
anon_e-moose · 2h ago
If you reach out to them you're risking validating that the data they already have is somewhat accurate, plus they might demand more information from you.
Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.
This is evil.
For example, Amazon eero, the overpriced WiFi router that doesn't even work (without phoning back home and having an app installed on your phone). They had an outage like a year ago, and during said outage, all your existing ad blocking stopped working, too, even if you never rebooted during the outage, and even though said blocking is supposed to be performed locally. I think you can't even get the ad blocking unless you or your ISP pays for the special subscription, either. (I imagine the thing could have removed all local ad blocking settings and lists during the time it couldn't confirm you're still a paying customer because their cloud was down?)
Does anyone know how exactly does Amazon get away with not providing data export for their eero product? I haven't seen a Blink or Ring exports, either. The main Amazon dot com does have the export, which has some extensive data you may not think they do collect, but it doesn't cover eero, Blink or Ring.
I checked eero.com. It seems info about the product other than “it’s a secure WiFi router that doesn’t require users to manage it” is in the videos, if it is on that site at all, but I couldn’t get the videos to play, so I may be wrong, but why would a WiFi router have personal data on the device?
It will have the username and password at your internet provider, but what else does it store?
For ad blocking and network control, it also has "Block & Allow Sites" with the blacklisted and whitelisted domain names, which you may have to use to block ads and also unblock some domains that stop working as a result of bogus entries in the ad block.
All of this information is stored in the cloud, but I found no way to export it in any way. I've actually contacted eero, asking for the export, and they've basically admitted that it's not supported.
That's not as bad as I would have expected
It feels like such a cat and mouse game, that should be easy to automate, that said, I'm not sure it'll be effective.
I'm on the fence about whether that's real value delivered from Incogni, but I do think overall it's working to limit some of the spread of my data.
Starting in 2028 CA registered data brokers will have to undergo audits to ensure that they have been complying with deletion requests to the fullest extent of the law. Now, maybe only 20% of actual data brokers are registered in California like they are supposed to be, but it's a start.
Shameless plug: I'm building a platform to help the data brokers actually delete the data they are supposed to, provide full auditing and accounting for that process, and automate privacy request handling: forgetmenaut.com
I only got really serious about consistently using VPN’s, firewalls, adblockers, and more privacy centered browsers a few years ago. I would say over the last 8 to 12 months I finally started to see it pay off. I still don’t see a lot of ads if ever, and they are wildly off target when I do see them. Using email aliases that I regularly purge has also made a huge difference when it comes to password/info leaks in particular.
Now if I could only get my damn phone number under control… so tired of the endless spam texts
I might be wrong but if I'm not that's a serious problem for AI companies.
In fact, while they do have a robots.txt [1], their form [2] isn't actually listed there. Instead, the page itself has a meta tag:
The reason is probably something mundane like this being easiest to do via the Wordpress UI, but putting on my conspiratorial hat, they just want to make it even hard to find out that they did this.(Disclosure: I work on Mozilla Monitor, where we try to help people send these data deletion requests.)
[1] https://www.telesign.com/robots.txt
[2] https://www.telesign.com/privacy-requests
The ones that do take the time to reply usually say "We've deleted your personal data now", which is not at all what I want. I want to know what details they have about me, where they obtained it, and why they think spamming me is acceptable.
I've got a folder where I keep printouts of the recent offenders, and once I get a few weeks of holiday I'll start filing small-claims cases against them.
A rare case of doing God's work at a profit!
Try deleting your account with the delete button. Nothing happens. Everything on the site perfect, just that Delete button is broken (and the request times out).
But wait, you can send a ticket. Get response days later that it is marked as resolved.
You go back to the site ... O, i am still logged in with my old session.
Then you see your email: deleted_2544642405_blabla@gmail.com
So fake "delete" by simply putting a deleted and some timestamp before your email address, while keeping your other data.
O and the Delete button is also not fixed ;)
Companies really only seem to learn with some hefty GDPR fines.
People think they can delete their messages on say, Discord. I tell them it is not deleted, just marked deleted. The data is still there.
You own the data you produce, both intentionally (writing, making videos) and unintentionally ("metadata", logs). You have to explicitly give others permission to use that data for any purpose where money exchanges hands (and many where it does not). You can limit or revoke the permission at any time.
What do you get back from giving that?