Okay but like, I'm not planning on committing a crime and nothing I do now is considered criminal, but let's play out the worst case scenario and a fascist government comes to power and something I do now is considered criminal and they can place me doing it with this DNA that as the author describes can narrow down if it was me pretty easily.
You can tell me I'm paranoid or something, but I can also just not give them my DNA for no effort and be all the more better off if something like this happens OR if I do commit a crime under current laws I haven't given up the ghost immediately.
This feels like short term little gain for catastrophic effects in the worst case scenario.
The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.
I want all of my privacy, or better worded I want privacy to be my choice such as here on HN where I use my real name intentionally. :)
For those still doubting, this is not a hypothetical case.
In the Netherlands, in the early 30's we had a census. All the good jewish citizens of the good kingdom of the Netherlands filled in their religion. Because, why shouldn't they? Fast forward a couple of years, and those detailed census results are really handy for the occupying nazis.
During WW II, 95% of the jewish in the Netherlands were killed. Compare this with a country that does not have a central register of it's citizens (France), where "only" 25% of the jewish were killed.
Also, when you give up your DNA, you're not just giving it up for you. You're giving it up for your family.
The exact same thing happened in Hungary (sort of, we can't blame it all on the nazis, Hungarians did it enthusiastically themselves). They used the census data of 1920 and 1930 (but not declaring your religion and ethnicity was illegal) in the numerus clausus acts and then in the mass killings and holocaust (600k of 850k).
But after the 2nd ww, they used the same census data against the German minority as well, to evict them and move them en masse to Germany.
Okay, but the Jews were already being regularly persecuted for actual millennia at that point, and this was in... the 1930s, with a very different geopolitical situation. On the other hand, I doubt GP has any real reason to fear imminent ethnic persecution. We can and should take our best guess as to the likelihood of catastrophic events into account in our cost/benefit analysis, surely?
Because they're not being deported for their Hispanicity. It's for their nationality, which happens to be highly correlated with ethnicity. Why else would US citizen Hispanics have voted in record numbers for the current President?
The admin is overplaying their hand with some shoddy tactics, and the more citizens they drag into the net, the more quickly they'll lose the popular opinion here.
> Why else would US citizen Hispanics have voted in record numbers for the current President?
Perhaps because they mistakenly thought he wouldn't do exactly what he said he would do, or that there would be checks & balances to make sure it wasn't too heavy-handed so they personally were not in danger. Now he is doing what he said he would do in that regard (even when accidentally saying the quiet bits out loud) many are somewhat surprised and concerned.
Oddly while not beleiving he would go all-in on the purge many did believe he would do what he said with respect to what they saw as good things (lowering prices, and taxes (for them), ending the Ukraine conflict, keeping America out of other conflicts particularly in the middle-east, releasing any and all Epstein information, …), and are aghast at those things not being carried through as promised on the campaign trail.
> I doubt GP has any real reason to fear imminent ethnic persecution
I don't know them but they could be gay, or have a gay friend, or be atheist or religious, or maybe they once visited Costa Rica as a tourist and Costa Rica becomes the next pariah state or whatever. They might have driven a friend to an abortion clinic in the past
The very point is that you can't predict what could become a problem for a hypothetical future authoritarian state. If you look at the worst examples in history it could be something as innocuous seeming today as writing a non-political book or having distant relations with the same people as some other "undesirable" person.
I am pretty sure, the people of Netherlands didn't count the chance of a nazi regime invading them in a few years as very high.
The question is, is the marginal value that you are gaining from such services worth the risk, even if theoretical, at all. - I don't think so.
A decade ago, the idea that fairly light and frivolous social media discussion could be used as a reason to deport you from the bastion of free speech known as the USA was laughable. Now, it's reality.
Thing is, a fascist government probably isn't bother to use DNA to make sure they got the right guy. To them, if you look like a useful guy to blame, they'll blame you whether the evidence fits or not. The various "deterrence" effects of punishing wrongdoers don't really rely on the punished actually being guilty, it only relies on people thinking they're guilty.
You can see right now with the mass deportations, evidence and making a watertight case aren't priorities once you get to this point.
So I think the author's point stand, that there's little additional risk in some private company having your SNPs. The question is, is it worth it? I'd say, unless you (or a relative you want to help) are into genealogy, it's not worth it, even if the risk is small.
But genealogy is fun. It's also, I think, something that can be deeply meaningful for almost anyone.
Because, do you have all answers to what's important in life? Probably not, I hope? If you haven't, aren't you interested in what answers your own ancestors implicitly (through the lives they lived) gave to the big questions in life?
It's commonly said, "those who learn nothing from history are doomed to repeat it" etc. Might that not be true on an immediate, personal level too? History is more than grand politics, it's also the lives of normal people. And who could you learn most from, if not the people who are most similar to you?
That's my pitch for doing genealogy as a hobby... Now, it should be said, genetic genealogy is a pretty small part of genealogy, unless you're unfortunate with adoptions etc. in your family. Even for that, I'd say there are better options than 23andMe, I do not see personally have my SNP data there.
Point is, for all things, security is a trade-off, about which risks are worth it and for what gain.
It's not a "weird" dichotomy, it's a straight-up false dichotomy.
DNA is just one facet of all the data being actively collected by SuperMegaCorp and/or governments (or probably worst of all, both at the same time and in cooperation with each other).
maybe this kind of fear mongering is needed to finally make people care about privacy but I doubt most would beyond posting about it on social media for performative outrage.
Two common points crop up in these kinds of discussions:
- what if you're part of a minority the government wants to disappear, like the Uyghur in China? DNA is indicative of many minorities. You don't have to commit a crime.
- you don't have to share your DNA, some distant cousin sharing theirs is enough to implicate you (as in the Golden State Killer's arrest). You cannot control your far-flung relatives. You may not have a choice in this kind of privacy. That's what makes DNA unique in relation to other kinds of private data: your cousin's browsing history does not implicate you, DNA however may.
It's difficult for me to imagine what in your mind would justify extrajudicial disappearances. You don't even account for the immorality of certain laws, you assume that the law _IS_ morality. Quite interesting, indeed.
It is more of the converse in that I see breaking the law as immoral. My position is consistent which is why an extreme example has what people conceive of as an extreme response. I try and avoid letting emotions cloud my judgement in such matters.
>It is more of the converse in that I see breaking the law as immoral
It's the same thing. When you see breaking the law as inherently immoral, you guide your life to exist strictly in-line with the law. In other words, you use the law as a moral guide.
You unequivocally equate law with morality. And you fail to account for immoral laws, as well as illegal enforcement actions. Was having gay sex immoral in the 80s, but suddenly became moral as it was legalized? What about countries where it is illegal? Is having gay sex there immoral? Not exactly a position I'd call consistent, as you put it.
What about simply existing as a Palestinian person? Is being Palestinian immoral? It's certainly bordering on illegal, as extermination efforts continue.
We give up degenerate and harmful "interests" sure (murder, theft etc.) but we certainly don't need to give up any what we believe in just because of some irrational attachment to a certain state.
I fully agree with your apprehensions, but the question is whether this can be prevented at all.
We shed DNA in useful, analyzable amounts wherever we go. In a decade or so, "collectors" of DNA from the air may sprout up everywhere, aggregating DNA of the passersby and sorting it into buckets using, say, face recognition. Even if such practice was limited to the airports, the databases will grow. People have to prove their identity when boarding flights, so pairing them with their DNA trace is feasible.
And if a country bans this practice, another may not, and their database may be hacked and sold openly, so any person which traveled there will be exposed.
The privacy argument might work in some Western countries, and the corresponding legislation may be enacted there, but once you have to travel to India or China or Dubai profesionally, the cat will be out of the bag.
> people have to prove their identity when boarding flights, so pairing them with their DNA trace is feasible
Feasible and present are entirely separate.
Look at illegal immigrants today. The ones who co-operated with the government by e.g. showing up to court appointments or registering in apps are easier to catch because of that documentation. So they're prioritised. Same with DNA. Yes, you could pass a rule and then slowly collect DNA from all Americans who fly. But it's a lot easier to start with those who have already given it up.
> Okay but like, I'm not planning on committing a crime and nothing I do now is considered criminal
I genuinely don't know and would like to know: are you being sarcastic? I'm asking because to me it seems like you are, but please correct me if I'm wrong.
You're literally restating the same point that the original poster has already made in his comment. You're agreeing with him.
Seems like you just read the first phrase of his comment and immediately went into an adversarial "are you being sarcastic?" loop. Because the point you made is what came immediately after the part you quoted in his original comment:
> [...] but let's play out the worst case scenario and a fascist government comes to power and something I do now is considered criminal and they can place me doing it with this DNA that as the author describes can narrow down if it was me pretty easily.
No, I read his full comment, but I have a problem with "I'm not planning on committing a crime and nothing I do now is considered criminal" which is commonplace these days to say. I laid it out as to what.
So, as for the rest of his comments, such as: "The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.", I agree.
I edited my comment as it was deeply misunderstood, and I am not interested in having it derailed even further. Maybe another time.
And it is not the state (criminality) that is the biggest risk IMO. The classifying of people into "sheep and goats" is more likely to come from private power. Governments are dangerous, yes. But there are many fewer democratic checks and balances over private power
He is making a hypothetical scenario, and is pre-emptively addressing the bullshit argument "you only care for privacy because you're a criminal/want to commit a crime, innocent people have nothing to hide".
Oh, okay, not sure why I did not get that from his comment. I suppose I should have asked myself "how come I agree with the rest of his comment apart from the first part?".
Because I actually addressed that "have nothing to hide" argument. Oh well!
> That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.
What kind of reasoning is that? Fine, they're not doing whole genome sequencing on you (yet), but having a detailed chip profile of several million informative SNPs absolutely can and will be used to profile you.
Very quickly and easily I might add.
Classical linkage analysis has been used quite effectively to profile people since the 80s using only a handful of (polymorphic) markers, because the power of the analysis is driven more by the number of related members than by the number of markers of an individual.
23&Me has a customer base of more than 10 million people(!!)
> Fine, they're not doing whole genome sequencing on you (yet).
We do Whole Genome Sequencing, and sometimes we outsource the sequencing. We always get the excess of DNA back, and it is stored in our own freezers. Even in this scenario we can't be 100% sure they don't store the DNA or the files for their own purposes, but that's the risk we assume. The DNA we send is only identified by a number.
I can 100% imagine a company such as 23andMe storing DNA for later sequencing, or even doing WGS to do their side business, while sending you back only the genotype. Did you request your excess of DNA back? No, you didn't, because you didn't even know how much you sent or how much is needed for a genotyping. What you did was linking your DNA with your real name and some extra data, so further data augmenting is trivial.
> I can 100% imagine a company such as 23andMe storing DNA for later sequencing
They do, as far as I know. Most genealogical DNA testing companies do, and they tell you so. In case you want to upgrade the analysis later.
> doing WGS to do their side business
That would land them in hot water with the EU. Per GDPR, you can't ask for PII for one purpose and use it for something else down the line. 23andMe customers didn't consent to WGS.
But there's another reason I think they wouldn't do that, and that's that WGS is time-consuming and expensive. Some random person's DNA data isn't that valuable. There's a reason payment is part of their business model, and if that's true for cheap microarray tests, how much more isn't it true for terribly expensive WGS tests?
Making a report is expensive. The WGS maybe cheaper than you think (I don't know how much you were thinking). Then running a quick admixture and some PRS analysis on the data by yourself, with the aid of ChatGPT or some of its friends if you have zero clue, it can be surpringsingly affordable.
BGI is chinese, but there are other services out there doing similar services (e.g. Macrogen in Korea).
> but having a detailed chip profile of several million informative SNPs absolutely can and will be used to profile you.
Yes, that was 23andMe's business model. They thought so too. Since they went bankrupt, I think it's safe to say, the commercial utility of such profiles was pretty overrated.
Of course they don't store your entire genome; 99.9% of that is identical for all humans. That has no value to them at all. It's only the 0.1% that can vary between humans that's of any interest.
(Note that there are very different ways to measure that percentage and they can mean very different things. I'm not intending these percentages to be accurate, but I'm sure you get my point.)
The article fails to explain why you shouldn't delete your DNA data at 23 and me. It does a good job explaining why the risks of letting them keep it are exaggerated, which might be true (I'm still skeptical), but what is the reason why you should let them hold onto this information? What is the advantage to me to let them keep my DNA data?
(Disclaimer: I never used 23 and me, so this is entirely hypothetical for me.)
The reason is the network effect of enough people having their profiles in one place for genealogy discovery to work as intended. As OP says, he has some relatives in the 23andMe network, but fewer now that people started deleting their data.
It suggests you your genetic relatives as they join 23andme. There are genetic reports that are added or updated wi5 new discoveries in genetics. Both reasons are quite minor benefits and i wonder if 23andme will continue at all.
> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.
This fallacy is oh so common in folks resisting privacy measures. I guess it's psychologically tough for them to realise how bad the situation is, so they have to go to any place they can to resist changing their habits
Maybe it is just meant to emphasize that there are things they themselves believe to be worse. But yeah, this fallacy is extremely common. I love rationalwiki.org.
Data that can be used against my children is another.
My late wife had MS. It took her. Insurance companies would love that data to load against anything my kids do.
There are other issues but the fact is that companies will use DNA and every other data point they can to maximise what they take and minimise with loaded terms what they might, just might, maybe, pay out.
Oh man, I have MS and I have immobility and incontinence issues at 30. Based on the location of lesions, I have a high risk for four-limb paralysis. It scares the hell out of me, and my quality of life is out the window already anyways. Life was hard before, it is much harder now.
Insurance companies cannot use it. And if insurance companies in the future would be allowed to use it, they would require you to get DNA samples for your policy.
They don't use It, but they might use an aggregate of it it. Like google doesn't sell data, but it leaks it freely in the ad bidding process, it's technicalities all the way in this business i feel like.
Also, it's not about fascist regimes or not being a criminal, it's about databases getting hacked and ending up in the hands of scammers
You'd think my ideal self-interest is for no one to volunteer for any research except my own relatives so that all medicine is optimized to my care. But that doesn't work that well. The genome itself is just not that useful. If you learn something from that VCF for a whole-genome sequence that's interesting, feel free to let me know.
I personally benefited from the aggregate that is the UK Biobank's repository of genome sequences and medical histories, and I'm grateful for everyone who contributed that for science. PGP is the closest I can get to providing my data apart from All Of Us which has a bit of medical data about me but no one has all my medical history.
I hope that, if nothing else, I am a piece in an instrument for humanity to comprehend the Universe. Either through my genome being useful when compiled with others or as a cautionary tale to making your genome available.
I have no 23&Me profile, and I prefer to keep my genome private. However, IF you are NOT in the personal-data risk-averse camp, there is a point in rather giving your genome data than giving your online activity profiles. The former can at least be used for biology research/treatment development and thus clearly has higher upside for humanity.
> Zip code 94107 is located in San Francisco, California, specifically in the Potrero Hill neighborhood. It is part of San Francisco County. There are approximately 163 homes for sale in this zip code, with prices ranging from $338.6K to $5M, according to Realtor.com. The minimum combined sales tax rate for 94107 is 8.63%, according to Avalara. The per capita income in 94107 is $124,681.
It is interesting that knowing your zipcode I might have predicted your response.
> I am a piece in an instrument for humanity to comprehend the Universe.
For a lot of people, if their data is being used as a benefit, then they should be properly compensated for that. They're more likely to be trying to comprehend how to keep food on the table.
94107 is a discontinuous zip code. It contains both SOMA (where I live) and Potrero Hill which you have quoted. What was the prediction?
> For a lot of people, if their data is being used as a benefit, then they should be properly compensated for that. They're more likely to be trying to comprehend how to keep food on the table.
Certainly, I am a great believer in the market. If they believe the price is insufficient, there is no reason to sell. I am only offering them this information for free so that they may set their price in a more informed manner. I'm doing that because I have a related semi-religious personal principle https://wiki.roshangeorge.dev/w/Observation_Dharma
This is staggeringly naive, holy moly. The idea that it's bad enough already, so might as well share DNA with a private company to put the proverbial cherry on top is... idk, nihilistic?
I wonder why he cares whether or not people delete their DNA?
I asked them to delete mine (although I'm not optimistic that they did so), and I'm glad that I did for two reasons. First, I don't think they dealt with me transparently and honestly from the start and second, whether or not that data is directly a risk to me, it's yet more data about me that's out there in the world and can be combined with other data to make a potent risk.
The less data about me that exists in any database, even trivial or apparently innocuous data, the better.
This a bone headed article… umm we can’t extract anything from it about your health (*now)… so might as well just spread it everywhere?
Like he doesn’t even go into the fact that it could be used by law enforcement wrongfully etc: e.g Unregulated Chinese crime detection startup buys the data, you happen to be in China and get arrested bc they used inadequate algorithms that wrongfully accused you.
Salzberg states several times that one should browse in 'private' or 'incognito' mode to stop 3rd party tracking. This is false.
Incognito mode stops data such as web history and cookies being stored on the computer you are using - it is good (enough) for obscuring what sites you have visited from other people who may have access to your computer. (It may not defeat a deep forensic search, it might save you from family embarrassment).
Incognito mode does not hide any data at all from your ISP, your DNS server, or the web servers you visit - it does not do anything to defeat 3rd party tracking.
An error of this magnitude does make me wonder whether any of his other propositions are true at all.
> it does not do anything to defeat 3rd party tracking
It does reduce the footprint of data able to be correlated across browser restarts, which is not nothing, but is much less than most people assume.
So everything you do on this visit can be correlated, but when you close your browser and then come back, you're a new person not associated with your previous visit.
This is like saying if you have nothing to hide, you should consent to police searches. What is found only provides more possibly coincidental evidence to use against you (just as DNA provides evidence about your potential health).
Three massive differences between DNA and any other 'private data'.
Once DNA has flown the coop, you won't get a new set of SNPs. That's it, it's a 'complete' picture of your SNPs (not your genome, yes, but SNPs are enough for many use-cases like ancestry estimation). Your private browsing data, however, is messy, ever-changing, has huge holes, changes over devices, and you can take active steps against leaking it (including even fuzzing it - you can't fuzz your SNPs!). Your SNPs are written in stone.
Second, you don't have to leak your DNA for the data to be out there, a distant cousin is enough to implicate you. You can do nothing at all and still get scooped up. (see the arrest of the Golden State Killer) My cousin's browsing history, on the other hand, says very little about me.
Third, your DNA implies you as part of minorities. Your browsing profile does not. China uses DNA to track minorities [1] and that may come to a government near you, soon. Again, data that may not even be shared by you may send you off to a camp.
The author might not be aware of this, but DNA databases from companies like 23andMe are already being used for mass surveillance and police work. They don’t need the entire gene sequence, they already have enough to identify you and invade your privacy more than you might think, especially in combination with other data and the data of other people.
The Golden State Killer was caught because a distant relative submitted a DNA sample to one of these services. Thus, when the police submitted a DNA test report from the unknown killer to GEDmatch, it came back with some useful hits, which they were able to narrow down to just one person.
Maybe you support the outcome in that particular case, but what happens when it’s your sibling that committed a crime, or they are a political dissident, or they practice the “wrong” religion?
And remember that your DNA is one of the few pieces of personal information that is permanent and cannot be changed.
This analysis demonstrates what we call a "Fachidiot" problem in German - deep expertise in one domain coupled with troubling blindness to how that domain intersects with broader realities. The author's "just chill out" recommendation about permanent biological identifiers is about as reassuring as a nuclear physicist telling people not to worry about uranium enrichment because "it's mostly stable isotopes."
The "0.02% of your genome" framing is fundamentally misleading. Those ~640,000 SNPs aren't randomly scattered junk - they're specifically selected markers that correlate strongly with ancestry, health predispositions, pharmacogenomic responses, and familial relationships. The intelligence value isn't in raw percentage coverage but in what can be inferred from those curated data points. And you can infer an awful lot from these targeted markers.
The comparison to browsing history or social media activity is pathetically cavalier. We're talking about immutable biological data that:
- Links you to family members who never consented to participate
- Allows inference about relatives' genetic predispositions based on your data alone
- Has unknown future applications as genomic analysis capabilities advance
- Cannot be changed, deleted from your actual biology, or "opted out of" once the implications are understood
Understanding genomes doesn't automatically confer understanding of threat modeling, data permanence, or the creative ways malicious actors exploit seemingly "harmless" datasets. The recommendation treats a permanent biological identifier with the same casual attitude as a recoverable password breach.
This is exactly the kind of expert blind spot that leads to catastrophic privacy failures decades down the line.
You know genomes. But you don't seem to understand how big corporations operate and what the risks to your privacy are when your DNA and/or significant fractions thereof start floating around. It takes ~33 bits to uniquely identify a human. This is 'gods own GUID' and it has far, far more than 33 bits, even in the most limited case.
> That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.
IIRC, 99 percent of the rest is shared by all humans, 95 precent is shared by humans and apes, and some 80 (?) percent is shared by humans and drosophila flies? That's likely the important 0.02%.
This whole article is a single big "but what about X?" argument.
The main concern stays, even if it's just a tiny bit of your genome, even if web-fingerprinting is also bad, the sequenced genome data is enough to identify and relate you to others. (Didn't they catch a serial killer that way?)
Even without the whole bankruptcy spin, I haven't had my DNA sequenced out of privacy concerns, with being US(-jurisdiction)-based as a big factor against most of the big competitors.
I could write the same article with a little bit of help from ChatGPT, even though I know almost nothing about genomes. Well, in fact, I can't really tell what the author's expertise in genomes is from the article at all. I might as well ask a random stranger on the street about his opinion on the matter.
And if you think about it, "I know genomes" in the title is a giant red flag. It's basically saying, I am the authority, and you should trust me, even though my arguments are very weak and barely convincing at all. What kind of ** put that in the title?
Even if we accept the author’s contention that the downside risk is very low (and plenty of other comments explain why that is a bad idea), they make no case at all for the benefits. If there is no benefit to keeping it, then there is no downside to deleting it.
Definitely. I mean if you believe in some future public health benefit or whatever (right or wrong) sure. Very weird to hear someone emphatically voice support for a position and articulate no upsides at all. Imagine if somebody ran up to you and said "don't open that letter!" and then calmly explained it was probably junk mail anyways.
> However–and here’s the rub–some 25 years after the human genome was sequenced, and despite huge efforts to link genes and disease, there are almost no SNPs that tell you anything consequential about your health. If you have a genetic disease, you almost certainly already know about it, and if you don’t know, then the 23andMe data just isn’t going to reveal anything.
For someone who “knows genomes”, this is a brain dead take on microarrays. Lots of the content on arrays _is_ directly tied to a phenotype because there’s limited space so we directly test variants that are known to cause problems!
Is he really claiming that BRCA1/2 variants don’t increase risk of breast cancer in a meaningful way? Or that there aren’t tons of people who are XXY who don’t know even though it’s the hidden cause of many infertility problems?
This is just such a bad take it is hard to take anything said here seriously
Is he really claiming that BRCA1/2 variants don’t increase risk of breast cancer...
Even worse, if insurance companies had their way, they'd use the family matriarch's BRCA1/2 variant to set the rates for all her descendants. Massive DNA profiling doesn't just impact the "owner" of the DNA - it impacts anybody in their family tree who might have similar genes.
Everyone's focusing on the crime aspect. Nobody's thinking about willingly contributing to the donor database for all the billionaires who want to live forever.
This commentary attempts to reassure people about staying with 23 and me, but ultimately ends up concluding that there's virtually nothing useful to be gleaned from the data created from the 23 and me process.
Author dismissed privacy concerns in the same way we see others downplay it: you already are giving up your privacy in other parts of your life, why not give it up here, too? Total nonsense, IMO.
The conclusion I came to from this, that I don't believe the author intended, is that you should delete your data from this company because it is pointless.
If Hitler had had access to 23andMe type data, there would have been a bigger holocaust.
Normally I wouldn't bring up Hitler in an internet discussion, I'm aware of its discussion-killing feature, but the big thing that has changed is we now have GENUINE NAZIS in the US government
This is the tired excuses:
If you've got nothing to hide then you shouldn't want privacy
And
If you already lack privacy in some places you should just give up on having any.
The first is stupid. If there exists capacity to keep things private, why would I NOT want to have privacy? What is in it for me to let arbitrary others see everything I do and am?
The second so strange to hear. It is an argument for turning the slippery slope of privacy erosion that you try to resist into a waterslide that you should enthusiasticly throw yourself down.
I never sent a sample to any of these companies and I'm glad I didn't. The next best thing would be to delete your data if there's an option (although of course you only have their word for it). It has nothing to do with panicking.
I love Steven Salzburg, but he's missing the main point here:
23andMe could have been sold to someone that is not based in California which would result in a loss of many protections currently there, such as being able to have the data be deleted.
Sure, the data is not that valuable. Nobody really cares that is doing serious decision making based on good science or following the law.
I think he also ignores a new risk that's developing: bad tests. Current polygenic risk scores are all the rage, but they are very close to junk science, and if not created and applied very very carefully, far more carefully than most machine learning models, they will be junk.
So even if there's nothing in your DNA that could be used to discriminate against you, bad application of the technology could harm (or benefit) you, completely randomly. All because some pointy haired boss demanded that a bad model gets built and applied, whether or not the engineers knew what they were doing or gave proper warning to management.
This isn't just health care, it could be admissions to a private school, or the application for an apartment or NYC housing co-op, or whatever.
That's a serious risk, that some junk company uses the data in completely inappropriate ways, once the data is out in the wild.
Why not delete? There's zero benefit to the consumer to keep the data in 23andMe, at least for this consumer. Others that want to connect with 5th cousins might think differently of course.
But the point is that it's a personal decision and we all have different values and wants.
The problem, as I see, is the moment DNA becomes USEFUL. Once DNA becomes USEFUL and ubiquitous, then it becomes necessary. If everyone that provided DNA is able to avoid all the potential diseases then you would simply get out-competed by people that do. OTOH, this knowledge can also be used against you in your insurance claims or whatever.
So basically the upside and downside get jacked up and effectively "nothing really changes". They will always make up excuses to genocide a group, or deny your insurance claims.
This is the same thing with privacy. If Microsoft's Recall is indeed useful as advertised, that is extremely powerful. People that truly don't have anything to hide, is happy to see ads etc, would be extremely empowered by this tool.
> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.
This tired canard makes me mad. It's not either/or. Be concerned about anyone who is collecting data on you and selling it without your consent.
And in my mind, the reason to delete your data from 23AndMe isn't to protect PII, it's to take an a salable asset away from a company that promised they wouldn't sell it in the first place, then changed their mind.
"What’s fascinating–and a lot of fun, for some–is that by comparing these scattered landmarks, called SNPs or “snips,” you can get a very accurate picture of how closely related two people are."
This directly contradicts the claim that these samples reveal nothing about your health or disease risk. Maybe it doesn't reveal anything in isolation, but if you know some medical history about some of my relatives and you have their DNA info, then that gives you some significant info about me too.
The man so smart he gave his soul to a corporation in exchange for absolutely nothing at all.
It's okay, it's not your whole genome, it's just enough to uniquely identify you and your descendants for generations. Besides, don't you know that internet tracking exists so if you think about it you've sold your soul already and it's hypocritical for you to complain
>Are you browsing the web only in private or “in cognito” mode?
I’m sorry, but the whataboutism argument being made about online data trackers and brokers being “the real bad guys” totally misses the point that insurers are extremely thirsty for data like this, which is a very different buyer than, say, a political campaign fund or marketing agency. But like, both are mutually concerning, too.
The arguments boil down to "we're all fucked so letting 23&me fuck us more is no big deal"
> ...this is only a problem because of our disastrous insurance-based, for-profit healthcare system in the U.S.
That is the reality for the subjects of the USA. So it is a problem
>...far more concerned about all the data that various companies are hoovering up about you based on your online activity
No. I take active measures against sneaky surveillance (my browsers cannot be tracked as far as I can tell) and I use my real name lots of places. I am in control. If my siblings, parents, children submit "their" private data to these evil data horders, I am not in control
Deleting your, and yours, data from 23&me will be closing the stable door, I am unconvinced that these sorts of people will actually delete anything (they will remove it from your view and control) but it has performative value
The author says that health insurance in Europe is provided by the govt and for most it still is, there are plenty of people getting private health insurance as the govt health sector is collapsing, so this argument is mute.
Also, in the 23andme data is risk of getting hundreds of diseases, any private health insurance company would love to see this data to deny paying you any compensation, OBVIOUSLY.
I have never given my DNA to any private company and I never would, if you have: delete it!
Insurance company argument is always nonsense. They cannot use DNA. And if they could use DNA in the future, you would need to get your DNA sampled for the policy.
>The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.
The risk for privacy is not that one piece of your data is out there, but that companies can recreate a very sophisticated model of you by aggregating many pieces.
The idea that one small breach of privacy is equivalent to the vast amounts of informations 23andme has getting correlated with hundreds of other small pieces, is absurd.
It is a total lie that you should not be concerned about your privacy, because total privacy is impossible. The author also does not understand incognito mode.
I run my genome twice through 23 and me, the V4 and V5 chip.
They’re doing this I found a mutation parentheses (not a polymorphism) in my CVS enzyme that was causing my family to have heart attacks before they were 50.
And I currently diagnosed two people just looking at their genetics one with celiac and the other one with 21 hydroxy deficiency. Just let them impress your doctor for test in proving it was right.
What makes me sad about this is that it’s such a valuable resource that no one’s going to have access to because of corporations and greed. Personalized medicine is the only way to cure diseases and the only way to find out what’s going on in your body.
Okay but like, I'm not planning on committing a crime and nothing I do now is considered criminal, but let's play out the worst case scenario and a fascist government comes to power and something I do now is considered criminal and they can place me doing it with this DNA that as the author describes can narrow down if it was me pretty easily.
You can tell me I'm paranoid or something, but I can also just not give them my DNA for no effort and be all the more better off if something like this happens OR if I do commit a crime under current laws I haven't given up the ghost immediately.
This feels like short term little gain for catastrophic effects in the worst case scenario.
The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.
I want all of my privacy, or better worded I want privacy to be my choice such as here on HN where I use my real name intentionally. :)
For those still doubting, this is not a hypothetical case.
In the Netherlands, in the early 30's we had a census. All the good jewish citizens of the good kingdom of the Netherlands filled in their religion. Because, why shouldn't they? Fast forward a couple of years, and those detailed census results are really handy for the occupying nazis.
During WW II, 95% of the jewish in the Netherlands were killed. Compare this with a country that does not have a central register of it's citizens (France), where "only" 25% of the jewish were killed.
Also, when you give up your DNA, you're not just giving it up for you. You're giving it up for your family.
The exact same thing happened in Hungary (sort of, we can't blame it all on the nazis, Hungarians did it enthusiastically themselves). They used the census data of 1920 and 1930 (but not declaring your religion and ethnicity was illegal) in the numerus clausus acts and then in the mass killings and holocaust (600k of 850k). But after the 2nd ww, they used the same census data against the German minority as well, to evict them and move them en masse to Germany.
Okay, but the Jews were already being regularly persecuted for actual millennia at that point, and this was in... the 1930s, with a very different geopolitical situation. On the other hand, I doubt GP has any real reason to fear imminent ethnic persecution. We can and should take our best guess as to the likelihood of catastrophic events into account in our cost/benefit analysis, surely?
> I doubt GP has any real reason to fear imminent ethnic persecution
Why do you doubt that given the very obvious ethnic persecution going on in the US right now against immigrants, especially Hispanics?
Like, okay, "Ian Butler" in particular doesn't sound terribly Hispanic, but I think that's splitting hairs on the larger point
Because they're not being deported for their Hispanicity. It's for their nationality, which happens to be highly correlated with ethnicity. Why else would US citizen Hispanics have voted in record numbers for the current President?
The admin is overplaying their hand with some shoddy tactics, and the more citizens they drag into the net, the more quickly they'll lose the popular opinion here.
> Why else would US citizen Hispanics have voted in record numbers for the current President?
Perhaps because they mistakenly thought he wouldn't do exactly what he said he would do, or that there would be checks & balances to make sure it wasn't too heavy-handed so they personally were not in danger. Now he is doing what he said he would do in that regard (even when accidentally saying the quiet bits out loud) many are somewhat surprised and concerned.
Oddly while not beleiving he would go all-in on the purge many did believe he would do what he said with respect to what they saw as good things (lowering prices, and taxes (for them), ending the Ukraine conflict, keeping America out of other conflicts particularly in the middle-east, releasing any and all Epstein information, …), and are aghast at those things not being carried through as promised on the campaign trail.
> I doubt GP has any real reason to fear imminent ethnic persecution
I don't know them but they could be gay, or have a gay friend, or be atheist or religious, or maybe they once visited Costa Rica as a tourist and Costa Rica becomes the next pariah state or whatever. They might have driven a friend to an abortion clinic in the past
The very point is that you can't predict what could become a problem for a hypothetical future authoritarian state. If you look at the worst examples in history it could be something as innocuous seeming today as writing a non-political book or having distant relations with the same people as some other "undesirable" person.
I am pretty sure, the people of Netherlands didn't count the chance of a nazi regime invading them in a few years as very high. The question is, is the marginal value that you are gaining from such services worth the risk, even if theoretical, at all. - I don't think so.
A decade ago, the idea that fairly light and frivolous social media discussion could be used as a reason to deport you from the bastion of free speech known as the USA was laughable. Now, it's reality.
Thing is, a fascist government probably isn't bother to use DNA to make sure they got the right guy. To them, if you look like a useful guy to blame, they'll blame you whether the evidence fits or not. The various "deterrence" effects of punishing wrongdoers don't really rely on the punished actually being guilty, it only relies on people thinking they're guilty.
You can see right now with the mass deportations, evidence and making a watertight case aren't priorities once you get to this point.
So I think the author's point stand, that there's little additional risk in some private company having your SNPs. The question is, is it worth it? I'd say, unless you (or a relative you want to help) are into genealogy, it's not worth it, even if the risk is small.
But genealogy is fun. It's also, I think, something that can be deeply meaningful for almost anyone.
Because, do you have all answers to what's important in life? Probably not, I hope? If you haven't, aren't you interested in what answers your own ancestors implicitly (through the lives they lived) gave to the big questions in life?
It's commonly said, "those who learn nothing from history are doomed to repeat it" etc. Might that not be true on an immediate, personal level too? History is more than grand politics, it's also the lives of normal people. And who could you learn most from, if not the people who are most similar to you?
That's my pitch for doing genealogy as a hobby... Now, it should be said, genetic genealogy is a pretty small part of genealogy, unless you're unfortunate with adoptions etc. in your family. Even for that, I'd say there are better options than 23andMe, I do not see personally have my SNP data there.
Point is, for all things, security is a trade-off, about which risks are worth it and for what gain.
It's not a "weird" dichotomy, it's a straight-up false dichotomy.
DNA is just one facet of all the data being actively collected by SuperMegaCorp and/or governments (or probably worst of all, both at the same time and in cooperation with each other).
DNA is also the only piece of data we all spread around without there being any practical security measure to prevent it.
(not entirely true because we also spread other biometric data, such as facial images)
Sure could have used stronger language here, I agree
> let's play out the worst case scenario and a fascist government comes to power
That's borderline no longer a hypothetical.
maybe this kind of fear mongering is needed to finally make people care about privacy but I doubt most would beyond posting about it on social media for performative outrage.
Two common points crop up in these kinds of discussions:
- what if you're part of a minority the government wants to disappear, like the Uyghur in China? DNA is indicative of many minorities. You don't have to commit a crime.
- you don't have to share your DNA, some distant cousin sharing theirs is enough to implicate you (as in the Golden State Killer's arrest). You cannot control your far-flung relatives. You may not have a choice in this kind of privacy. That's what makes DNA unique in relation to other kinds of private data: your cousin's browsing history does not implicate you, DNA however may.
[flagged]
> Then you should disappear. One's personal wants and desires don't override the laws of the land
Disappearance explicitly occurs outside the protection of the law [1]. It historically occurred during events of ethnic cleansing and mass murder.
[1] https://en.wikipedia.org/wiki/Enforced_disappearance
It's difficult for me to imagine what in your mind would justify extrajudicial disappearances. You don't even account for the immorality of certain laws, you assume that the law _IS_ morality. Quite interesting, indeed.
>you assume that the law _IS_ morality
It is more of the converse in that I see breaking the law as immoral. My position is consistent which is why an extreme example has what people conceive of as an extreme response. I try and avoid letting emotions cloud my judgement in such matters.
>It is more of the converse in that I see breaking the law as immoral
It's the same thing. When you see breaking the law as inherently immoral, you guide your life to exist strictly in-line with the law. In other words, you use the law as a moral guide.
You unequivocally equate law with morality. And you fail to account for immoral laws, as well as illegal enforcement actions. Was having gay sex immoral in the 80s, but suddenly became moral as it was legalized? What about countries where it is illegal? Is having gay sex there immoral? Not exactly a position I'd call consistent, as you put it.
What about simply existing as a Palestinian person? Is being Palestinian immoral? It's certainly bordering on illegal, as extermination efforts continue.
I respect your ability to react to such a post in this way. All I could think was "What the fuck?!"
I'm not shocked by that kind of rhetoric anymore; I hear it a lot from supporters of a certain country, unfortunately.
The laws of the land don't override my personal interests.
I'd say the laws of the land don't override basic human rights...
[flagged]
What is the right way to handle being murdered by an oppressive government?
By definition if you are murdered there is nothing you can do. Unless you come back as a ghost or a zombie.
We give up degenerate and harmful "interests" sure (murder, theft etc.) but we certainly don't need to give up any what we believe in just because of some irrational attachment to a certain state.
> Yes, it may suck if you are forced to give up something you are passionate about
I'm sure Jews in 1930s Germany were passionate about living in dignity. The Nazis made sure they had to give that up.
> it may suck if you are forced to give up something you are passionate about
Your life.
“Genocide/ethnic cleansing sucks but if the people want it, you deserve to get it.”
charcircuit, 2025
> and they can place me doing it with this DNA
Probably easier to place you with your cell phone location data, or surveillance cameras and face recognition.
You can leave the phone at home and bring the ski mask
I fully agree with your apprehensions, but the question is whether this can be prevented at all.
We shed DNA in useful, analyzable amounts wherever we go. In a decade or so, "collectors" of DNA from the air may sprout up everywhere, aggregating DNA of the passersby and sorting it into buckets using, say, face recognition. Even if such practice was limited to the airports, the databases will grow. People have to prove their identity when boarding flights, so pairing them with their DNA trace is feasible.
And if a country bans this practice, another may not, and their database may be hacked and sold openly, so any person which traveled there will be exposed.
The privacy argument might work in some Western countries, and the corresponding legislation may be enacted there, but once you have to travel to India or China or Dubai profesionally, the cat will be out of the bag.
> people have to prove their identity when boarding flights, so pairing them with their DNA trace is feasible
Feasible and present are entirely separate.
Look at illegal immigrants today. The ones who co-operated with the government by e.g. showing up to court appointments or registering in apps are easier to catch because of that documentation. So they're prioritised. Same with DNA. Yes, you could pass a rule and then slowly collect DNA from all Americans who fly. But it's a lot easier to start with those who have already given it up.
> Okay but like, I'm not planning on committing a crime and nothing I do now is considered criminal
I genuinely don't know and would like to know: are you being sarcastic? I'm asking because to me it seems like you are, but please correct me if I'm wrong.
No I'm disarming a common quip from people immediately and effectively.
[REDACTED]
You're literally restating the same point that the original poster has already made in his comment. You're agreeing with him.
Seems like you just read the first phrase of his comment and immediately went into an adversarial "are you being sarcastic?" loop. Because the point you made is what came immediately after the part you quoted in his original comment:
> [...] but let's play out the worst case scenario and a fascist government comes to power and something I do now is considered criminal and they can place me doing it with this DNA that as the author describes can narrow down if it was me pretty easily.
No, I read his full comment, but I have a problem with "I'm not planning on committing a crime and nothing I do now is considered criminal" which is commonplace these days to say. I laid it out as to what.
So, as for the rest of his comments, such as: "The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.", I agree.
I edited my comment as it was deeply misunderstood, and I am not interested in having it derailed even further. Maybe another time.
I agree
And it is not the state (criminality) that is the biggest risk IMO. The classifying of people into "sheep and goats" is more likely to come from private power. Governments are dangerous, yes. But there are many fewer democratic checks and balances over private power
He is making a hypothetical scenario, and is pre-emptively addressing the bullshit argument "you only care for privacy because you're a criminal/want to commit a crime, innocent people have nothing to hide".
Oh, okay, not sure why I did not get that from his comment. I suppose I should have asked myself "how come I agree with the rest of his comment apart from the first part?".
Because I actually addressed that "have nothing to hide" argument. Oh well!
> That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.
What kind of reasoning is that? Fine, they're not doing whole genome sequencing on you (yet), but having a detailed chip profile of several million informative SNPs absolutely can and will be used to profile you.
Very quickly and easily I might add.
Classical linkage analysis has been used quite effectively to profile people since the 80s using only a handful of (polymorphic) markers, because the power of the analysis is driven more by the number of related members than by the number of markers of an individual.
23&Me has a customer base of more than 10 million people(!!)
> Fine, they're not doing whole genome sequencing on you (yet).
We do Whole Genome Sequencing, and sometimes we outsource the sequencing. We always get the excess of DNA back, and it is stored in our own freezers. Even in this scenario we can't be 100% sure they don't store the DNA or the files for their own purposes, but that's the risk we assume. The DNA we send is only identified by a number.
I can 100% imagine a company such as 23andMe storing DNA for later sequencing, or even doing WGS to do their side business, while sending you back only the genotype. Did you request your excess of DNA back? No, you didn't, because you didn't even know how much you sent or how much is needed for a genotyping. What you did was linking your DNA with your real name and some extra data, so further data augmenting is trivial.
> I can 100% imagine a company such as 23andMe storing DNA for later sequencing
They do, as far as I know. Most genealogical DNA testing companies do, and they tell you so. In case you want to upgrade the analysis later.
> doing WGS to do their side business
That would land them in hot water with the EU. Per GDPR, you can't ask for PII for one purpose and use it for something else down the line. 23andMe customers didn't consent to WGS.
But there's another reason I think they wouldn't do that, and that's that WGS is time-consuming and expensive. Some random person's DNA data isn't that valuable. There's a reason payment is part of their business model, and if that's true for cheap microarray tests, how much more isn't it true for terribly expensive WGS tests?
> terribly expensive WGS tests
https://services.bgi.com/wgs-sequencing
Making a report is expensive. The WGS maybe cheaper than you think (I don't know how much you were thinking). Then running a quick admixture and some PRS analysis on the data by yourself, with the aid of ChatGPT or some of its friends if you have zero clue, it can be surpringsingly affordable.
BGI is chinese, but there are other services out there doing similar services (e.g. Macrogen in Korea).
> but having a detailed chip profile of several million informative SNPs absolutely can and will be used to profile you.
Yes, that was 23andMe's business model. They thought so too. Since they went bankrupt, I think it's safe to say, the commercial utility of such profiles was pretty overrated.
Of course they don't store your entire genome; 99.9% of that is identical for all humans. That has no value to them at all. It's only the 0.1% that can vary between humans that's of any interest.
(Note that there are very different ways to measure that percentage and they can mean very different things. I'm not intending these percentages to be accurate, but I'm sure you get my point.)
They don't have all your personal information, they just have your name and address.
Which makes it trivial to buy a database and correlate everything.
I think GP was making a joke about the (small!=unimportant) information.
i.e. they can get the rest of it by sending ICE to pick you up.
The article fails to explain why you shouldn't delete your DNA data at 23 and me. It does a good job explaining why the risks of letting them keep it are exaggerated, which might be true (I'm still skeptical), but what is the reason why you should let them hold onto this information? What is the advantage to me to let them keep my DNA data?
(Disclaimer: I never used 23 and me, so this is entirely hypothetical for me.)
The reason is the network effect of enough people having their profiles in one place for genealogy discovery to work as intended. As OP says, he has some relatives in the 23andMe network, but fewer now that people started deleting their data.
Arguably making potential matches less likely could be seen as a privacy improvement for his relatives.
It suggests you your genetic relatives as they join 23andme. There are genetic reports that are added or updated wi5 new discoveries in genetics. Both reasons are quite minor benefits and i wonder if 23andme will continue at all.
> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.
https://rationalwiki.org/wiki/Not_as_bad_as
This fallacy is oh so common in folks resisting privacy measures. I guess it's psychologically tough for them to realise how bad the situation is, so they have to go to any place they can to resist changing their habits
Maybe it is just meant to emphasize that there are things they themselves believe to be worse. But yeah, this fallacy is extremely common. I love rationalwiki.org.
> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up
I worked in DNA analysis for 6 years.
You should absolutely be worried about the data that various companies are hoovering up. Your DNA is part of it.
Data about me and what I click is one issue.
Data that can be used against my children is another.
My late wife had MS. It took her. Insurance companies would love that data to load against anything my kids do.
There are other issues but the fact is that companies will use DNA and every other data point they can to maximise what they take and minimise with loaded terms what they might, just might, maybe, pay out.
It's not about the now.
It's about the later.
Oh man, I have MS and I have immobility and incontinence issues at 30. Based on the location of lesions, I have a high risk for four-limb paralysis. It scares the hell out of me, and my quality of life is out the window already anyways. Life was hard before, it is much harder now.
That would be very tough to deal with. I hope you're doing okay
Insurance companies cannot use it. And if insurance companies in the future would be allowed to use it, they would require you to get DNA samples for your policy.
So it’s pointless in the end
They don't use It, but they might use an aggregate of it it. Like google doesn't sell data, but it leaks it freely in the ad bidding process, it's technicalities all the way in this business i feel like. Also, it's not about fascist regimes or not being a criminal, it's about databases getting hacked and ending up in the hands of scammers
Here is my genome https://my.pgp-hms.org/profile/hu81A8CC
You'd think my ideal self-interest is for no one to volunteer for any research except my own relatives so that all medicine is optimized to my care. But that doesn't work that well. The genome itself is just not that useful. If you learn something from that VCF for a whole-genome sequence that's interesting, feel free to let me know.
I personally benefited from the aggregate that is the UK Biobank's repository of genome sequences and medical histories, and I'm grateful for everyone who contributed that for science. PGP is the closest I can get to providing my data apart from All Of Us which has a bit of medical data about me but no one has all my medical history.
I hope that, if nothing else, I am a piece in an instrument for humanity to comprehend the Universe. Either through my genome being useful when compiled with others or as a cautionary tale to making your genome available.
Thanks for sharing it. Everyone who thinks their individual DNA data is valuable has yet to explain why 23andMe was going bankrupt.
I don't have to consider something (monetarily) valuable to think it can be used against me.
I have no 23&Me profile, and I prefer to keep my genome private. However, IF you are NOT in the personal-data risk-averse camp, there is a point in rather giving your genome data than giving your online activity profiles. The former can at least be used for biology research/treatment development and thus clearly has higher upside for humanity.
> Zip code 94107 is located in San Francisco, California, specifically in the Potrero Hill neighborhood. It is part of San Francisco County. There are approximately 163 homes for sale in this zip code, with prices ranging from $338.6K to $5M, according to Realtor.com. The minimum combined sales tax rate for 94107 is 8.63%, according to Avalara. The per capita income in 94107 is $124,681.
It is interesting that knowing your zipcode I might have predicted your response.
> I am a piece in an instrument for humanity to comprehend the Universe.
For a lot of people, if their data is being used as a benefit, then they should be properly compensated for that. They're more likely to be trying to comprehend how to keep food on the table.
94107 is a discontinuous zip code. It contains both SOMA (where I live) and Potrero Hill which you have quoted. What was the prediction?
> For a lot of people, if their data is being used as a benefit, then they should be properly compensated for that. They're more likely to be trying to comprehend how to keep food on the table.
Certainly, I am a great believer in the market. If they believe the price is insufficient, there is no reason to sell. I am only offering them this information for free so that they may set their price in a more informed manner. I'm doing that because I have a related semi-religious personal principle https://wiki.roshangeorge.dev/w/Observation_Dharma
This is staggeringly naive, holy moly. The idea that it's bad enough already, so might as well share DNA with a private company to put the proverbial cherry on top is... idk, nihilistic?
I wonder why he cares whether or not people delete their DNA?
I asked them to delete mine (although I'm not optimistic that they did so), and I'm glad that I did for two reasons. First, I don't think they dealt with me transparently and honestly from the start and second, whether or not that data is directly a risk to me, it's yet more data about me that's out there in the world and can be combined with other data to make a potent risk.
The less data about me that exists in any database, even trivial or apparently innocuous data, the better.
This a bone headed article… umm we can’t extract anything from it about your health (*now)… so might as well just spread it everywhere?
Like he doesn’t even go into the fact that it could be used by law enforcement wrongfully etc: e.g Unregulated Chinese crime detection startup buys the data, you happen to be in China and get arrested bc they used inadequate algorithms that wrongfully accused you.
There is absolutely nothing convincing here.
Salzberg states several times that one should browse in 'private' or 'incognito' mode to stop 3rd party tracking. This is false. Incognito mode stops data such as web history and cookies being stored on the computer you are using - it is good (enough) for obscuring what sites you have visited from other people who may have access to your computer. (It may not defeat a deep forensic search, it might save you from family embarrassment). Incognito mode does not hide any data at all from your ISP, your DNS server, or the web servers you visit - it does not do anything to defeat 3rd party tracking. An error of this magnitude does make me wonder whether any of his other propositions are true at all.
> it does not do anything to defeat 3rd party tracking
It does reduce the footprint of data able to be correlated across browser restarts, which is not nothing, but is much less than most people assume.
So everything you do on this visit can be correlated, but when you close your browser and then come back, you're a new person not associated with your previous visit.
A new person with an identical browser fingerprint and IP
Good catch!
It's almost as if being an expert in one thing doesn't give you any expertise in a completely unrelated thing.
Incognito mode in Chrome does block third party cookies.
This is like saying if you have nothing to hide, you should consent to police searches. What is found only provides more possibly coincidental evidence to use against you (just as DNA provides evidence about your potential health).
Three massive differences between DNA and any other 'private data'.
Once DNA has flown the coop, you won't get a new set of SNPs. That's it, it's a 'complete' picture of your SNPs (not your genome, yes, but SNPs are enough for many use-cases like ancestry estimation). Your private browsing data, however, is messy, ever-changing, has huge holes, changes over devices, and you can take active steps against leaking it (including even fuzzing it - you can't fuzz your SNPs!). Your SNPs are written in stone.
Second, you don't have to leak your DNA for the data to be out there, a distant cousin is enough to implicate you. You can do nothing at all and still get scooped up. (see the arrest of the Golden State Killer) My cousin's browsing history, on the other hand, says very little about me.
Third, your DNA implies you as part of minorities. Your browsing profile does not. China uses DNA to track minorities [1] and that may come to a government near you, soon. Again, data that may not even be shared by you may send you off to a camp.
[1] https://www.aspi.org.au/report/genomic-surveillance/
P.S.: And no, 'private mode' doesn't help you.
The author might not be aware of this, but DNA databases from companies like 23andMe are already being used for mass surveillance and police work. They don’t need the entire gene sequence, they already have enough to identify you and invade your privacy more than you might think, especially in combination with other data and the data of other people.
The Golden State Killer was caught because a distant relative submitted a DNA sample to one of these services. Thus, when the police submitted a DNA test report from the unknown killer to GEDmatch, it came back with some useful hits, which they were able to narrow down to just one person.
Maybe you support the outcome in that particular case, but what happens when it’s your sibling that committed a crime, or they are a political dissident, or they practice the “wrong” religion?
And remember that your DNA is one of the few pieces of personal information that is permanent and cannot be changed.
https://www.science.org/content/article/we-will-find-you-dna...
https://en.wikipedia.org/wiki/Joseph_James_DeAngelo
This analysis demonstrates what we call a "Fachidiot" problem in German - deep expertise in one domain coupled with troubling blindness to how that domain intersects with broader realities. The author's "just chill out" recommendation about permanent biological identifiers is about as reassuring as a nuclear physicist telling people not to worry about uranium enrichment because "it's mostly stable isotopes."
The "0.02% of your genome" framing is fundamentally misleading. Those ~640,000 SNPs aren't randomly scattered junk - they're specifically selected markers that correlate strongly with ancestry, health predispositions, pharmacogenomic responses, and familial relationships. The intelligence value isn't in raw percentage coverage but in what can be inferred from those curated data points. And you can infer an awful lot from these targeted markers.
The comparison to browsing history or social media activity is pathetically cavalier. We're talking about immutable biological data that:
Understanding genomes doesn't automatically confer understanding of threat modeling, data permanence, or the creative ways malicious actors exploit seemingly "harmless" datasets. The recommendation treats a permanent biological identifier with the same casual attitude as a recoverable password breach.This is exactly the kind of expert blind spot that leads to catastrophic privacy failures decades down the line.
> If you live in Europe, where healthcare is provided to everyone by the government
This partial sentence alone has so much wrong with it that this article is going to PETA me into finally deleting my data
You know genomes. But you don't seem to understand how big corporations operate and what the risks to your privacy are when your DNA and/or significant fractions thereof start floating around. It takes ~33 bits to uniquely identify a human. This is 'gods own GUID' and it has far, far more than 33 bits, even in the most limited case.
> That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.
IIRC, 99 percent of the rest is shared by all humans, 95 precent is shared by humans and apes, and some 80 (?) percent is shared by humans and drosophila flies? That's likely the important 0.02%.
This whole article is a single big "but what about X?" argument.
The main concern stays, even if it's just a tiny bit of your genome, even if web-fingerprinting is also bad, the sequenced genome data is enough to identify and relate you to others. (Didn't they catch a serial killer that way?)
Even without the whole bankruptcy spin, I haven't had my DNA sequenced out of privacy concerns, with being US(-jurisdiction)-based as a big factor against most of the big competitors.
What kind of argument is "you shouldn't spend a second improving your privacy a little when you can spend days improving it a lot"?
How did this article get so many upvotes?
I could write the same article with a little bit of help from ChatGPT, even though I know almost nothing about genomes. Well, in fact, I can't really tell what the author's expertise in genomes is from the article at all. I might as well ask a random stranger on the street about his opinion on the matter.
And if you think about it, "I know genomes" in the title is a giant red flag. It's basically saying, I am the authority, and you should trust me, even though my arguments are very weak and barely convincing at all. What kind of ** put that in the title?
https://en.m.wikipedia.org/wiki/Argument_from_authority
Even if we accept the author’s contention that the downside risk is very low (and plenty of other comments explain why that is a bad idea), they make no case at all for the benefits. If there is no benefit to keeping it, then there is no downside to deleting it.
Definitely. I mean if you believe in some future public health benefit or whatever (right or wrong) sure. Very weird to hear someone emphatically voice support for a position and articulate no upsides at all. Imagine if somebody ran up to you and said "don't open that letter!" and then calmly explained it was probably junk mail anyways.
Hmmm feels like an argument in the vein of:
"Knowing who you have in contact/follow list and who has you as contact/follow is not a huge privacy risk"
Which is true, given how willing we are at sharing this information (and even display it for vanity metrics).
But obviously how much a risk this is depends on who you are and your circumstances
> However–and here’s the rub–some 25 years after the human genome was sequenced, and despite huge efforts to link genes and disease, there are almost no SNPs that tell you anything consequential about your health. If you have a genetic disease, you almost certainly already know about it, and if you don’t know, then the 23andMe data just isn’t going to reveal anything.
For someone who “knows genomes”, this is a brain dead take on microarrays. Lots of the content on arrays _is_ directly tied to a phenotype because there’s limited space so we directly test variants that are known to cause problems!
Is he really claiming that BRCA1/2 variants don’t increase risk of breast cancer in a meaningful way? Or that there aren’t tons of people who are XXY who don’t know even though it’s the hidden cause of many infertility problems?
This is just such a bad take it is hard to take anything said here seriously
Is he really claiming that BRCA1/2 variants don’t increase risk of breast cancer...
Even worse, if insurance companies had their way, they'd use the family matriarch's BRCA1/2 variant to set the rates for all her descendants. Massive DNA profiling doesn't just impact the "owner" of the DNA - it impacts anybody in their family tree who might have similar genes.
What is the benefit of leaving your data with 23andMe?
For the same reason you bought the service in the first place? They update their service with new features and update their estimates
But things did happen since that "first place". Enough things to merit the original post. Is it not a good time to review the original decisions?
With a large genetic database you can find correlations between genes and traits to identify the function of new genes.
Can you share an example of this? I see that they adverise Cilantro Taste Aversion is that what you had in mind?
Everyone's focusing on the crime aspect. Nobody's thinking about willingly contributing to the donor database for all the billionaires who want to live forever.
This commentary attempts to reassure people about staying with 23 and me, but ultimately ends up concluding that there's virtually nothing useful to be gleaned from the data created from the 23 and me process.
Author dismissed privacy concerns in the same way we see others downplay it: you already are giving up your privacy in other parts of your life, why not give it up here, too? Total nonsense, IMO.
The conclusion I came to from this, that I don't believe the author intended, is that you should delete your data from this company because it is pointless.
If Hitler had had access to 23andMe type data, there would have been a bigger holocaust.
Normally I wouldn't bring up Hitler in an internet discussion, I'm aware of its discussion-killing feature, but the big thing that has changed is we now have GENUINE NAZIS in the US government
This is the tired excuses: If you've got nothing to hide then you shouldn't want privacy And If you already lack privacy in some places you should just give up on having any.
The first is stupid. If there exists capacity to keep things private, why would I NOT want to have privacy? What is in it for me to let arbitrary others see everything I do and am?
The second so strange to hear. It is an argument for turning the slippery slope of privacy erosion that you try to resist into a waterslide that you should enthusiasticly throw yourself down.
I never sent a sample to any of these companies and I'm glad I didn't. The next best thing would be to delete your data if there's an option (although of course you only have their word for it). It has nothing to do with panicking.
I love Steven Salzburg, but he's missing the main point here:
23andMe could have been sold to someone that is not based in California which would result in a loss of many protections currently there, such as being able to have the data be deleted.
Sure, the data is not that valuable. Nobody really cares that is doing serious decision making based on good science or following the law.
I think he also ignores a new risk that's developing: bad tests. Current polygenic risk scores are all the rage, but they are very close to junk science, and if not created and applied very very carefully, far more carefully than most machine learning models, they will be junk.
So even if there's nothing in your DNA that could be used to discriminate against you, bad application of the technology could harm (or benefit) you, completely randomly. All because some pointy haired boss demanded that a bad model gets built and applied, whether or not the engineers knew what they were doing or gave proper warning to management.
This isn't just health care, it could be admissions to a private school, or the application for an apartment or NYC housing co-op, or whatever.
That's a serious risk, that some junk company uses the data in completely inappropriate ways, once the data is out in the wild.
Why not delete? There's zero benefit to the consumer to keep the data in 23andMe, at least for this consumer. Others that want to connect with 5th cousins might think differently of course.
But the point is that it's a personal decision and we all have different values and wants.
The creepiest part is that they associate your DNA with a user and not a random hash.
The problem, as I see, is the moment DNA becomes USEFUL. Once DNA becomes USEFUL and ubiquitous, then it becomes necessary. If everyone that provided DNA is able to avoid all the potential diseases then you would simply get out-competed by people that do. OTOH, this knowledge can also be used against you in your insurance claims or whatever.
So basically the upside and downside get jacked up and effectively "nothing really changes". They will always make up excuses to genocide a group, or deny your insurance claims.
This is the same thing with privacy. If Microsoft's Recall is indeed useful as advertised, that is extremely powerful. People that truly don't have anything to hide, is happy to see ads etc, would be extremely empowered by this tool.
What a useful and timely reminder to delete your data from 23andmes website. Thank you.
> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.
This tired canard makes me mad. It's not either/or. Be concerned about anyone who is collecting data on you and selling it without your consent.
And in my mind, the reason to delete your data from 23AndMe isn't to protect PII, it's to take an a salable asset away from a company that promised they wouldn't sell it in the first place, then changed their mind.
"What’s fascinating–and a lot of fun, for some–is that by comparing these scattered landmarks, called SNPs or “snips,” you can get a very accurate picture of how closely related two people are."
This directly contradicts the claim that these samples reveal nothing about your health or disease risk. Maybe it doesn't reveal anything in isolation, but if you know some medical history about some of my relatives and you have their DNA info, then that gives you some significant info about me too.
The man so smart he gave his soul to a corporation in exchange for absolutely nothing at all.
It's okay, it's not your whole genome, it's just enough to uniquely identify you and your descendants for generations. Besides, don't you know that internet tracking exists so if you think about it you've sold your soul already and it's hypocritical for you to complain
>Are you browsing the web only in private or “in cognito” mode?
Uh oh, GENIUS ALERT!
I’m sorry, but the whataboutism argument being made about online data trackers and brokers being “the real bad guys” totally misses the point that insurers are extremely thirsty for data like this, which is a very different buyer than, say, a political campaign fund or marketing agency. But like, both are mutually concerning, too.
you can download your data before deletion so this is not useful advice. you can use your data elsewhere if you care about the other stuff
Incredibly unconvincing
The arguments boil down to "we're all fucked so letting 23&me fuck us more is no big deal"
> ...this is only a problem because of our disastrous insurance-based, for-profit healthcare system in the U.S.
That is the reality for the subjects of the USA. So it is a problem
>...far more concerned about all the data that various companies are hoovering up about you based on your online activity
No. I take active measures against sneaky surveillance (my browsers cannot be tracked as far as I can tell) and I use my real name lots of places. I am in control. If my siblings, parents, children submit "their" private data to these evil data horders, I am not in control
Deleting your, and yours, data from 23&me will be closing the stable door, I am unconvinced that these sorts of people will actually delete anything (they will remove it from your view and control) but it has performative value
Delete the data!
The author says that health insurance in Europe is provided by the govt and for most it still is, there are plenty of people getting private health insurance as the govt health sector is collapsing, so this argument is mute. Also, in the 23andme data is risk of getting hundreds of diseases, any private health insurance company would love to see this data to deny paying you any compensation, OBVIOUSLY. I have never given my DNA to any private company and I never would, if you have: delete it!
Insurance company argument is always nonsense. They cannot use DNA. And if they could use DNA in the future, you would need to get your DNA sampled for the policy.
They cannot admit to using DNA.
>The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.
The risk for privacy is not that one piece of your data is out there, but that companies can recreate a very sophisticated model of you by aggregating many pieces.
The idea that one small breach of privacy is equivalent to the vast amounts of informations 23andme has getting correlated with hundreds of other small pieces, is absurd.
It is a total lie that you should not be concerned about your privacy, because total privacy is impossible. The author also does not understand incognito mode.
I run my genome twice through 23 and me, the V4 and V5 chip.
They’re doing this I found a mutation parentheses (not a polymorphism) in my CVS enzyme that was causing my family to have heart attacks before they were 50.
And I currently diagnosed two people just looking at their genetics one with celiac and the other one with 21 hydroxy deficiency. Just let them impress your doctor for test in proving it was right.
What makes me sad about this is that it’s such a valuable resource that no one’s going to have access to because of corporations and greed. Personalized medicine is the only way to cure diseases and the only way to find out what’s going on in your body.