top | item 38579454

(no title)

vatys | 2 years ago

When I signed up for 23andme many years ago, it was via a friend in another country, who re-mailed it for me under a fake name and paid in cash. For some time I would log in through a locale-specific 23andme sub-domain until they eventually merged it all together.

It wasn't long before they figured out who I was and placed me within my family tree. My fake name now lives among near and distant relatives I was not aware had signed up themselves or their parents/grandparents. They know who I am, who my siblings and cousins and aunts and uncles are, etc. This was always going to happen as soon as I sent them my sample.

I never believed my anonymity trick would truly work, I just wanted to make it sufficiently difficult for when 23andme inevitably sold out, got gobbled up, or turned evil. I learned what I wanted from the service, and have only logged in once a year or so since to see if they updated any findings or disease studies.

While I truly appreciate the concept of bringing privacy and anonymity to this field, it's worth considering we are all quite easy to identify using these samples.

discuss

kevinmchugh|2 years ago

> While I truly appreciate the concept of bringing privacy and anonymity to this field, it's worth considering we are all quite easy to identify using these samples.

Yes, as long as they have the data. If a company would process the sample, send me a thumb drive of my information, and not retain a copy, that data can't leak because it doesn't exist.

hifreq|2 years ago

> not retain a copy

Unfortunately this is just one step away from a blog post where the CEO apologizes for letting down their customers by keeping copies of all data in an unsecured s3 bucket that was downloaded in its entirety by a 13 year old "hacker".

autoexec|2 years ago

> I just wanted to make it sufficiently difficult for when 23andme inevitably sold out, got gobbled up, or turned evil.

You might as well add "hacked" to that list given recent events.

vatys|2 years ago

Yes, I definitely considered that as well. Basically, I knew that 23andme data would eventually exist outside 23andme, whether that be via hack, acquisition, or eminent domain.

I accepted that and did it anyway, taking steps to at least not be directly associated with my sequence, even if my association can be inferred or derived later. My main concern is that their testing would identify something which in the future would be a "pre-existing condition" and get me denied medical care, but there is certainly a long list of other possible consequences.

At this point I don't trust any company or agency that collects and uses data, or the promises made in any privacy policy, but I also don't lose any sleep over it.

DevX101|2 years ago

I did the same, sans the cash payment. I REALLY wanted my DNA sequenced but they were the only consumer option at the time. Anonymous sequencing is the way to go. There's just too much opportunity for abuse or incompetence around my most private data.

jtsiskin|2 years ago

…if you wanted full anonymity, why did you turn on DNA relative sharing? Why don’t you turn it off now? Or do you mean, you assume they could place your profile within a tree, if they wanted to?

abecedarius|2 years ago

Consider a service which promised to scan your genome, send you the data file, and delete the sample, and their copy of the file on confirmation of your receipt. This is still vulnerable to dishonesty, but only transiently.

There's nothing logically impossible about such a service, and I'd trust it modulo actual red flags. Too bad afaik nobody's offering it. Once they're archiving their copy I just don't see how they can credibly promise privacy in the longer term.

Last I looked it didn't seem really practical to just buy your own sequencer.

dyeje|2 years ago

I thought about offering a product like this but the market seems tough given:

1. Most people don’t care about the privacy aspect

2. People who already got a test from 23andme, Ancestry, etc are unaddressable

Euphorbium|2 years ago

I wish I was that smart when buying 23andme. Bitcoin is also not anonymous, unless you happen to mine it up yourself. Does Nebula accept Monero?

carbocation|2 years ago

Paying anonymously does not resolve the problem of identity by descent / genetic relatedness for a service that retains your genetic data. As relatives sign up with any identifiable bit of information, your anonymity erodes.