JoinZoro.com (a subsidiary of BrandYourself.com) is an online privacy platform that helps individuals protect and improve their privacy and security. Their software provides dark web scans, deletes old/unwanted accounts, and automates the removal of personal information (pii) from over 100 data brokers and people search sites. We spoke to their CEO Patrick Ambron about data brokers, the risk they pose to people, and how we can help reduce any potential harm. He also provides specific tips and recommendations for people looking to reduce the risk of getting their info out there.
Editor’s Note: The answers have been edited for clarity and paraphrased based on our conversations and are not direct quotes.
The Privacy Co: What are data brokers and how are they different from the other companies that collect our data?
Patrick Ambron: The world of data brokers and people search sites is pretty broad but if you zoomed out and think about who’s collecting your data and why, you should also think about how accessible it is.
Our info is created by our online activity and it’s often collected by the facilitators. Your browser, search engines, social media, the apps you use, websites you visit, your ISP, etc. In many of these cases, collecting and using the data is done to improve an experience, maybe serve better ads, or provide more function. For example, it can be useful if Google Maps knows your address so you can navigate home quicker. The issue starts when data falls into others’ hands.
TPC: Here’s where data brokers come in?
PA: There are different kinds and they have different risks associated. For example, there are data brokers that exist and sell to advertisers in a way so that the data that’s relatively anonymized. They keep their system and databases closed meaning it’s not public so there’s less risk (unless they suffer a breach).
But there’s another layer of people search sites that collect information, expose it, and sell it publicly. You’ve probably run into them if you Google yourself. For just a few dollars, these companies are a treasure trove for people you’d rather not have running around with your data— spammers, identity thieves, robocallers, blackmailers, hackers and even stalkers can all use these services to obtain your information.
TPC: How are these companies getting your data?
PA: People search sites get your info from a ton of available sources — public records, local government records (if you bought a house for example), things posted on social media and more. Many of these data sources were always public but required someone to physically access and search for it, which made it less accessible. As the internet exploded, it became easier to get that data.
There’s no shortage of places on the internet (and the dark web) to get information on people.
TPC: How is this allowed?
PA: It’s important to understand that these sites aren’t inherently evil and their goal isn’t to sell to nefarious users, which is why they are legal. For example, if you were considering a roommate it could be useful to verify their identity. The problem occurs because they’ve compiled all this data that was previously fragmented making it more available to everyone, including nefarious users.
I also think it’s an issue that neither you or I have opted into these sites. Even if they’re taking data from public sources and theoretically not doing anything wrong, they never obtained our permission or our consent.
TPC: What are some of the real dangers that people face here?
PA: Hacking has become more sophisticated because of the info that’s out there and available including information you can find on these sites. Here’s an example. Think about your email—it’s basically the keys to your most important accounts– social media, banks, crypto wallet, etc–because it’s most likely your username. So if someone gets access to your email, they can access everything else because they can reset passwords.
As a first step, a hacker can use these sites to figure out what your email is, and go from there to try and reset your password. Even if you have SMS 2FA (which many don’t), hackers can use a SIM-Jack or SIM-card swap attack. These sites provide enough information to deduce or directly know answers to common security questions and take over these important accounts.
Suddenly, they can now reset your passwords, access all your accounts, and maybe empty financial accounts, blackmail, or extort you. The higher profile and higher income level you are, the higher the risk of becoming a target, especially for those with cryptocurrency wallets.
To learn more SIM-Jacking, click here.
Other attacks can be carried out with this information. General spam and robocalls can start with information taken from these sites. And journalists, activists, protestors, law enforcement, public officials, politicians and even regular folks (think if you have a stalker) can get doxxed (Editor’s note: “doxxed” refers to a term where someone’s personal details are found out and actively publicized in order to induce harassment or intimidation) putting someone’s family at risk. These people search sites make doxxing extremely easy.
TPC: Would you say this problem is getting better or worse?
PA: It’s definitely getting worse and accelerating because so much of our lives are online. Everything we do is online, it’s tracked, recorded and that info can fall into the wrong hands.
Fortunately, there is regulation like the CCPA that is starting to give people rights and control over their data and letting them completely opt-out of sites that track them, including people search sites.
While it’s a good start, I believe more steps need to be taken. For example, many people don’t even realize they are on these sites, so they can’t take steps to remove themselves. People should know that they’re on these sites and companies should be obtaining consent and permission but it doesn’t look like there’s anything on the table that would force them to do this.
TPC: What would you say people do? Going offline seems like a daunting task.
PA: The solution isn’t to stop being online. Suggesting abstinence from the internet isn’t realistic and hardly possible. However, people can assume a more protective mindset.
You should assume everything you post and have online is public or has the potential of being exposed or put in the wrong hands. Have some skepticism, even with things that claim to be secure.
TPC: Do you have any specific recommendations for people who are trying to minimize their info from getting out there?
PA: I think there are three things that are most important.
- Minimize the amount of info that’s readily available.
- Minimize unnecessary tracking or data collection.
- Secure your most important account and assets.
Let me break down the steps you can take to do this.
Minimize the amount of info that’s readily available
- Start with the people search sites to opt out of them. You can use an automated tool like our company Zoro or check out our free guides on how to remove yourself from those sites. For example, here’s our truth finder opt out.
- Audit your own social media — assume everyone can see it, even if you have a private profile page. Start removing things you don’t want people to see.
- Delete your old accounts (MySpace, old forums, subscriptions) and ask them to remove all your collected information. This is something you can also do for free at Zoro.
To learn more about Zoro and the public data removal service, check out our overview here.
Minimize unnecessary tracking or data collection
- Perform a Google Privacy Checkup. See what’s being tracked and add some limits.
- Go into your mobile device, your app settings, and app permissions. You’d be surprised at how many apps collect your information or have access to your mic that don’t need it. Turn them off or at least make sure they’re on only when you’re using the app.
- Download an adblocker like Disconnect, use more private search engines like DuckDuckgo, and use a more secure browser like Brave.
Secure your most important account and assets
- Make a list of your most important accounts – your bank, email, social media etc.
- For each of these, make sure you’re using unique passwords and usernames.
- Use tools like the Priiv app, haveibeenpwned, password managers, and authenticator apps to help you protect your accounts.
- Talk to your mobile service providers to make sure someone can’t easily do a SIM swap — most companies now let you put security measures in place.
- To make sure you’re really secure, I even recommend having a specific email/username just for a single account that’s never used anywhere else. One email for your bank account, a different one for your social media, etc.
TPC: Thanks so much for giving us the opportunity to talk to you today!
Patrick Ambron is the CEO and co-founder of BrandYourself.com and joinzoro.com which provide tools and services that help individuals clean up, protect and improve their online reputation and their online privacy. Popular features include social media clean up tools, the identification and deletion of old accounts, dark web scans and the automatic removal of personal information from data brokers. They also help individuals deal with complex issues like dealing with consensual pornography showing up on the web (“revenge porn”) or online defamation. In an age of cyberbullying, revenge porn, online hate sites, rampant digital identity theft/spam and inadequate online privacy laws, BrandYourself is building the tools consumers need to keep themselves safe, protected and represented on the web.
The company also works with non profits, like Getting Out and Staying Out, a nonprofit organization whose goal is to help young men (aged 16–24) avoid involvement in the criminal justice system. Patrick Ambron also serves as a mentor and advisor through the BlackStone Launch Pad powered by TechStars, and the Syracuse Student Sandbox.