📆 October 10, 2023 | ⏱️ 2 minute read | 🏷️ computing

Don't Use Ancestry Services

I swear I planned on making this journal entry before the whole 23andMe fiasco. Alas, I never got around to it. Now seems like a good time.

If you’re not up-to-date on what happened, 23andMe is a company that offers genetics testing which reveals ancestry and health information. Recently, they had a data breach with millions of sensitive customer records now being sold on the dark web. These records include names, profile pictures, date of birth, location, and genetic ancestry data. As far as I’m aware, no raw DNA data was leaked, but nothing prevents that from happening in the future. As has been my mantra for years now:

“Companies cannot protect your data.”

How this is not obvious to people yet, I do not know. After seeing breach after breach of user data on the news, one would think that people would stop voluntarily giving companies sensitive data. It doesn’t matter what promises companies make, what expensive advertising campaigns they run, or what laws are supposedly protecting you. The only person who can protect your data is you. The moment you give your data to a third party, you lose control.

Privacy doesn’t exist in a vacuum like people think. Inductive reasoning and statistical inference automated by machine intelligence and applied to data that your associates surrender reveals information about you, even if you never signed anything. Since genetic data, by its nature, always reveals some information about genetically-related nonconsenting innocent parties, and data tends to get leaked, its long-term storage by anyone including governments is a non-starter for me.

Most of the time it’s not the government collecting personal data directly. It’s private entities that people surrender their data to who cooperate with government. We need laws prohibiting the collection of highly sensitive personal data by private entities. While I’m not saying there aren’t legitimate ends that warrant collecting such data about people, even against their will, such collection must be off-limits to private entities since they’re undemocratic and can’t be held accountable like properly-functioning governments can.

To conclude, don’t use ancestry services!