Joseph White was on a mission: to wipe himself off the Web.
Because his job as a federal government employee requires a low profile, the 37-year-old Quincy resident did not want his address or information about his family showing up on Google. “What aggravates me,” White said, “is that any Tom, Dick, or Harry who looks can find this information out about you.”
It’s not easy to remain anonymous when so much of what we do on the Web — searching, shopping, banking, photo-sharing — generates personalized information that is mined by or sold to online advertisers and technology companies. So White got some professional help.
He hired Abine Inc., a Boston start-up and one of a crop of online privacy companies, including PrivacyChoice and Reputation.com Inc., that promise to help people control their personal information on the Internet.
And there’s a ton of that information online. Many websites download small tracking files called cookies to the computers of people who click on their pages. Cookies record and transmit anonymous information about those users; for example, that’s how online retailer Amazon.com knows what books to recommend when you revisit the site, or how Google.com chooses which ads to show particular users when they search its site.
User data are also stored and sold by many websites to marketing agencies and online advertisers, or to companies known as data brokers. Those brokers collect and analyze personal data on huge numbers of users, selling it to a wide range of customers, from law enforcement agencies to insurers.
In combination with personal information from offline sources — legal records such as criminal convictions, for example, or mortgage loans and other financial records — such information can be used to compile a virtual “dossier about a person that is all encompassing,” said Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse, a San Diego, Calif., nonprofit group.
Short of falling off the social grid, it’s nearly impossible to remove all the online information about an individual, said Sarah Downey, a privacy analyst with Abine. “You’re never going to be able to completely delete yourself, but you can reduce your profile,” she said.
That’s what Downey set out to do for White about a year ago, when he signed up for DeleteMe, Abine’s $99-a-year service.
The company scours at least 20 data sources to find the ones that peddle the personal information of subscribers — from simple data like age and address to potentially damaging information such as credit histories, divorce records, or criminal histories — then sets out on the arduous task of expunging whatever it can.
That takes some old-fashioned legwork. There’s no way around it: To remove personal data from the Web,every website that contains the data must be contacted, and a request made of each to remove the information. “If you want to remove yourself, you literally have to go site by site, faxing and calling these people,” Downey said.
In its early days, most of what Abine did was to help customers erase unflattering photos or disparaging blog posts from the Web. One client was able to remove an intimate video; a business owner had an erroneous review wiped away.
But the company quickly realized that type of content was often impossible to scrub completely, Downey said, especially since the client did not always own the rights to troublesome information and could not order its removal. So Abine shifted its business model, trying to help clients avoid the growing marketplace for personal data such as names, addresses, and employment histories.
High-profile data breaches that expose passwords and credit card numbers to computer hackers, including one at the Internet company Yahoo this month that compromised the personal information of about 450,000 users, have increased public awareness about the amount of personal information available online, said Peder Magee, senior staff attorney at the Federal Trade Commission, the government’s chief consumer watchdog.
In March, the FTC released recommendations urging Web companies and data brokers to become more transparent about the data they collect. The agency wants tech companies to tell users when they are tracking their Web browsing and to give consumers easier means to opt out of being followed online. “The data-collection industry as a whole needs to do a better job of making consumers aware of what the industry does,” Magee said.
Online advertising networks have started implementing some do-not-track tools on their own, said Mike Zaneis, general counsel for the Interactive Advertising Bureau, a New York-based online ad industry group.
“We collect a tremendous amount of data; that’s the way the Internet works,” Zaneis said. “We should be upfront and honest about it, and that’s something that we didn’t do as an industry for a long time.”
But self-regulation isn’t enough, said Stephens, the privacy rights advocate. His group wants the government to regulate data collection on the Web.
It’s more likely that the Internet behemoths Google Inc. and Facebook Inc. will set the standards for how tracking evolves online, rather than the government, said Jim Brock, founder of PrivacyChoice, a Santa Cruz, Calif., online privacy services start-up. Google and Facebook maintain deep wells of data about users, and how they use it will probably set the standard for the rest of the market, Brock said.
But what about individuals like Joseph White, the government employee seeking to wipe out his online presence?
For him, the price of online privacy is constant vigilance. While White does not completely avoid the Internet, he does play a constant virtual game of Whac-a-Mole to conceal his address from data brokers, paying Abine to search for new instances of his private information appearing online, then fighting to erase it.
White said that although he has reduced his online presence, his address does reappear in data broker indexes. “What aggravates me,” he said, “is that I don’t know how it keeps showing up.”