this post was submitted on 01 Apr 2024
91 points (96.9% liked)

Privacy

32103 readers
952 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm concerned about the privacy implications of DNA testing services like 23andMe or AncestryDNA. What are the potential risks of sharing our genetic data with those companies, and are there any privacy-focused alternatives available?

top 50 comments
sorted by: hot top controversial new old
[–] SnotFlickerman@lemmy.blahaj.zone 91 points 7 months ago* (last edited 7 months ago) (2 children)

The biggest risk of "sharing DNA" is pregnancy.

...I'll show myself out.

[–] MeDuViNoX@sh.itjust.works 6 points 7 months ago

I was going to say STDs.

load more comments (1 replies)
[–] neidu2@feddit.nl 82 points 7 months ago* (last edited 7 months ago) (7 children)

I can easily imagine a reality where insurance companies have access (intentionally or accidentally) and give you a higher premium because they found something that makes you more predisposed to some ailment.

The above is pure speculation, but it's only one security breach or bag of money away. It's never safe to assume that a your data is 100% secure at a (presumably) benign company. As curious as I am regarding certain aspects of my heritage, the fact that I have no control over what they do with the info is keeping me on the bench.

[–] vulgarcynic@sh.itjust.works 25 points 7 months ago

This is 100% the dystopian reality we are heading for. Maybe not in the near-term future but, there is no way that eventually corporate greed and shareholder gains won't reach a point that this has to become the reality. They are simply leaving too much money on the table by not doing it.

I think our only saving grace is that the laws haven't been defined enough yet to prevent this from happening. But I have to imagine to some degree it already is. Just look at the way driving telemetry is being sold to auto insurance providers in the States already. If the information is out there, someone will get their hands in it and use it to manipulate the price of something.

[–] dukethorion@lemmy.one 7 points 7 months ago

100% this. They already got caught sharing your health data with Facebook. Don't think they (insurance companies)won't buy DNA data en masse.

[–] BearOfaTime@lemm.ee 7 points 7 months ago (1 children)

Just look at the "monitor your driving for a discount" which th already do.

My insurance company offered $30/year discount if I used their OBDII monitor. Are you effing kidding me? Thirty freakin dollars? I'd need to see a 50% discount before I even considered it.

[–] neidu2@feddit.nl 6 points 7 months ago (1 children)

What always rubbed me the wrong way about those is that they don't see what I'm seeing. Yes, I slam my brakes sometimes, but it's not because I'm driving dangerously. Sometimes animal come out of the blue, and what telemetry might show as dangerous driving could just as easily be me saving them money.

[–] catloaf@lemm.ee 6 points 7 months ago (1 children)

That's why they don't ding you unless you do it often. If you have to do it often, you're driving too fast.

load more comments (1 replies)
[–] kersploosh@sh.itjust.works 6 points 7 months ago (1 children)

Life insurance companies could conceivably do this already. They sometimes ask for blood tests (among other exams) as a precondition of granting overage.

load more comments (1 replies)
[–] exanime@lemmy.today 5 points 7 months ago

Insurance companies already extrapolate such data from zip code.... So it's not speculation at all that they'd want an even more accurate metric

Basically in today's world, you'd have less than 1% of actors that would take this data and do something productive or beneficial for you or society as a whole... The other 99% will just use this data to make money on the back of others

[–] eyeon@lemmy.world 2 points 7 months ago

In the US that is not legal per the GINA act. Note that that is specific to health insurance. Life insurance can legally use that data. And laws can be broken often with less penalty than the profit made from violating them. And data can be retained much longer than laws exist so the GINA act could be repealed or updated at some point allowing companies to legally use the data already acquired.

load more comments (1 replies)
[–] floofloof@lemmy.ca 53 points 7 months ago (1 children)

23andme already got hacked and 7 million people's private data was compromised:

https://www.theguardian.com/technology/2023/dec/05/23andme-hack-data-breach

[–] BearOfaTime@lemm.ee 20 points 7 months ago

I have some family who used them (against my advice), so now that's partly my DNA out there.

[–] Nefara@lemmy.world 35 points 7 months ago* (last edited 7 months ago)

You can call me paranoid, but the first thing I thought of when I heard about it was how excited the Nazis would have been to access a database like that when they came into power. Imagine knowing the names and addresses of whatever Undesirables you wanted to single out, and exactly what percentage of "impure" they were. Ethnic makeup information can also be used against you in things like gerrymandering congressional districts to hand select voters and disenfranchise minorities. It's pretty safe to assume that once your genetic profile has been gathered by a private company, it's vulnerable to all sorts of bad actors gaining access and using that information. Would you want the KKK or the Proud Boys knowing just what percentage black you are? No thanks.

[–] mozz@mbin.grits.dev 30 points 7 months ago* (last edited 7 months ago) (1 children)

The big real-world implication I'm aware of is that law enforcement can match DNA they found somewhere against 23andme's database. Then if you (or any of your relatives!) are in the database because they've ever used 23andme, they'll find that out, and they can use it to investigate or prosecute you.

Whether you think that's a good or a bad thing depends a lot on whether you think the cops should be able to succeed if they get a hold of someone's DNA and are looking for the person to match their sample against... that success is, to me, much more likely to be a good thing than a problem, but that may not be the consensus view here and it's certainly a massive, massive privacy implication.

[–] Euphorazine@lemmy.world 14 points 7 months ago (1 children)

Well prosecutors and cops are incentivized to get arrests. Whether to pump numbers up for promotions or to use in campaigning. So it wouldn't surprise me if cops turn a cold case into a witch hunt because some partial DNA match in a "private" database gave them a few suspects and then they start to build some case to fit the suspects.

[–] mozz@mbin.grits.dev 4 points 7 months ago* (last edited 7 months ago) (1 children)

Well prosecutors and cops are incentivized to get arrests. Whether to pump numbers up for promotions or to use in campaigning.

Accurate, and it does impact their decisions in ways that are sometimes pretty bad

So it wouldn't surprise me if cops turn a cold case into a witch hunt because some partial DNA match in a "private" database gave them a few suspects and then they start to build some case to fit the suspects.

What do you think the ratio is of unsolved rapes, to felony cases that were falsified by cops and prosecutors that led to a conviction? I know the second one happened one time in the recent past, and it was a big enough deal that they made a Netflix special about it. I don't know of it happening a second time besides that.

[–] Euphorazine@lemmy.world 3 points 7 months ago (1 children)

Well overall, using these techniques has probably resolved a ton of investigations where the leads ran out and it being an overall positive. I think it would still be better that DNA from these sources cannot be used in trial. So a DNA match can give you a new angle to find other elements, but the fact DNA was used to find a trail shouldn't be admissable.

I guess the saying "better 100 guilty people go free rather than an innocent man should suffer" applies though.

My bias though is probably skewed through the media I consume. I do watch a lot of channels like Lackluster YouTube videos (shows corruption and double standards in policing). I do try to balance it out with channels like Code Blue Cam which does highlight good policing too, but I would say I have an inherent distrust with policing nowadays.

[–] mozz@mbin.grits.dev 2 points 7 months ago (1 children)

My bias though is probably skewed through the media I consume. I do watch a lot of channels like Lackluster YouTube videos (shows corruption and double standards in policing)

Yeah. I don't want to get into my whole take on ACAB or anything, but what I'll say quick about it is that when the court system is involved, the opportunity for abuse is way less. Police on their own with no oversight and everyone believes what they say always like back in the day, is way different from police with bodycams and modern hypervigilant cell-phone/news-media oversight like the modern day, is way different from police having to show up in court and the defense lawyer gets to mount a vigorous at-length factual challenge to whatever they're saying happened. It's still far far from a perfect system (public defender / plea agreement / wtf) but it's also not equal to the stereotype where all the cops are just trying to get out and do as much harm to society as they can possibly manage every single day and nothing like working to catch rapists ever happens in real life.

Plus, if the cops wanted to falsify the DNA and put someone away, they can do that without 23andme being involved. If they're trying to run a match against the DNA they found to look for people to interview / cross match with whatever sample they have, then that's already a moderate indication that they're trying to find the actually guilty person.

[–] BearOfaTime@lemm.ee 3 points 7 months ago (1 children)

You should go sit in on court cases before making such claims.

The "experts" often used in court cases are frequently not so expert as the seem. It's staggering some of the stuff that gets passed off as "evidence". Like "gun fingerprinting" - "experts", in court, will claim they can positively connect a case to a gun with extremely high accuracy - if you look into the research, it's practically useless.

load more comments (1 replies)
[–] delirious_owl@discuss.online 27 points 7 months ago (6 children)

Your clone escapes, hunts you down, kills you, fucks your wife, and replaces you

[–] Tangent5280@lemmy.world 9 points 7 months ago (4 children)

I like how the clone fucks my wife BEFORE replacing me.

[–] ouRKaoS@lemmy.today 5 points 7 months ago

The clone wants you to make sure you know you're being replaced.

[–] Shamot@jlai.lu 3 points 7 months ago

He wants to try before accepting the deal.

load more comments (2 replies)
[–] UraniumBlazer@lemm.ee 8 points 7 months ago (6 children)

Can my clone fuck me please? 🥺

load more comments (6 replies)
load more comments (4 replies)
[–] rho50@lemmy.nz 17 points 7 months ago

At least in some circumstances, the risks of sharing your DNA include having children...

[–] ikidd@lemmy.world 16 points 7 months ago

Insurers get hold of it and disqualify you for health, life and disability insurance based on genetic markers.

[–] antlion@lemmy.dbzer0.com 16 points 7 months ago (1 children)

If you’re like me, you could find out at age 38 who your true biological father is, and contact him for the first time. It may spiral you into an identity crisis, wondering if you should change your name and the name of your children. Here’s the thing though, my biological dad didn’t share his DNA. His first cousin did, and I contacted him.

As others have said, because you share your DNA with all of your relatives, it’s already not 100% private. One or more of your relatives has already tested their DNA. The most genetic privacy you can get would be for nobody to know who you’re related to. How tightly do you protect that information? Changing your name would be a good first step.

[–] AstridWipenaugh@lemmy.world 4 points 7 months ago

There's enough DNA registered to find almost literally anyone in the US that way now. It's how they caught the golden state killer. A partial DNA match will narrow down 350,000,000 people to less than 100. Then it's just a matter of gettin' a box of jelly donuts and gettin' down to some good old fashioned police work with a game of Guess Who.

If you're related to anyone that has done a DNA test ever, you're already in the system.

[–] considine@lemmy.ml 15 points 7 months ago (4 children)

Someone could build an army of clones of you, launch galactic war, and then you'd be hated all over the galaxy. Assuming you have good genes. Probably they made a bad movie about this.

[–] livus@kbin.social 3 points 7 months ago

If someone launched galactic war using clones of me, I'd be laughed at all over the galaxy.

load more comments (3 replies)
[–] TonyTonyChopper@mander.xyz 14 points 7 months ago* (last edited 7 months ago) (2 children)

we already know 99.9% of your DNA, it's over

load more comments (2 replies)
[–] FraidyBear@lemmy.world 8 points 7 months ago (1 children)

If anyone in your family starting at like your second cousin and closer have already done DNA testing then the cats outta the bag on worrying about your privacy.

load more comments (1 replies)
[–] zach@lemmy.dbzer0.com 8 points 7 months ago (4 children)

In the US, insurance companies cannot discriminate based on your genetic data, contrary to what many people in the comments are saying.

https://www.hhs.gov/hipaa/for-professionals/special-topics/genetic-information/index.html

[–] livus@kbin.social 14 points 7 months ago (1 children)

For now. The US is a victim of legislative capture by corporations and it's possible that in the future lobbying by insurance companies will open the door to them using some of that data.

[–] drwho@beehaw.org 2 points 7 months ago

They're spending a lot of money lobbying inside the Beltway to change that. So far it hasn't worked but it's only a matter of time.

[–] asmoranomar@lemmy.world 10 points 7 months ago (1 children)

Or what? A slap on the wrist?

[–] zach@lemmy.dbzer0.com 8 points 7 months ago (2 children)

“The penalties for noncompliance with GINA range from $300,000 per incident when noncompliance is intentional and a minimum of $2500 to a maximum of $500,000, where noncompliance with the law is unintentional.”

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3627538/#R1

[–] asmoranomar@lemmy.world 4 points 7 months ago

It's good that you were able to quote the regulations. You're not wrong, I'm just apathetic; the question was more rhetorical. To be clear: I don't have faith that this is strong enough to deter and/or that governing policies have enough teeth to enforce. I'd like to be wrong, but I'm not hopeful.

[–] janus2@lemmy.zip 3 points 7 months ago* (last edited 7 months ago)

in terms of corporate expenses for legal penalties that's barely a disinterested-grunt-from-parent-in-other-room, let alone a wrist slap

load more comments (2 replies)
[–] UnpluggedFridge@lemmy.world 7 points 7 months ago

I would never allow my DNA to be characterized or sequenced outside of a medical setting where strict privacy laws are in place.

[–] smb@lemmy.ml 7 points 7 months ago* (last edited 7 months ago)

All who could have an idea of what to do with it could seek a way to get that data out of every company or gov that have it for their specific reasons, no matter if data was collected lawful or not, or if access to the data is then lawful or not.

  1. search for source of evidences on crime scenes: if one of your relatives happened to have been (related to crime or just bad luck) at a place where later on some evidence was collected, you might cause trouble for them bcs your data is very similar to theirs and that is obvious to laboratories. depending on the the "later on" current state of technology it could affect relatives more than two or three steps away from you. if you live in a country where law enforcement gives a shit about truth and just seeks for one argument to punish just anyone they can point a finger at, that could become a huge problem for the whole family then just because there was data that could have been abused.
  2. illegal organ traders could - once they have access to your data - think you or your relatives could be a source of nice income if a client of theirs happen to pay enough. however you will probably never know as the illegal organ traders are unlikely to ring the doorbell to ask nicely for a contract. How much do you think would a richie in personal needs pay for "spare parts" if those who deliver them wants him to just never ask where it came from ? does it matter if such organ teaders could know a "compatible match" by data only? maybe not because they might know tomorrow or someone might put up an AI to do the matching (does it matter if that matching by AI is correct then? i guess such traders don't really care and their customers probably, but wouldn't that be possibly too late then?)

For me the latter is actually enough to not willingly give my DNA data to anyone. for no reason. gov might already have it (covid probes had been collected and frozen at least) but actively pushing your data out inzo the world would be insane IMHO.

Laboratories often use Microsoft Windows, Microsoft Active Directory and Microsoft Exchange, thus i personally see no reason to NOT believe that any data they have received once in time would - sooner or later - end up rotating uncontrolled in the hands of uncountable criminals waiting for any chance to make quick or huge money out of it.

[–] nothacking@discuss.tchncs.de 7 points 7 months ago

These services, like most companies will store your data indefinitly, and can be hacked. You cound end up with your name, what ever infromation the service gave you, and contact info on the internet. This is not the end of the world, but something to be aware of.

[–] communism@lemmy.ml 6 points 7 months ago

Forensic data on you is already pretty easy to obtain unless you're taking special effort to avoid it being taken. Also when you get arrested they take whatever biometrics they like. The info on you those DNA testing companies are getting is info already easily available to the government. I guess if you're concerned about your DNA being used to tailor ads to you, not just to criminalise you, it could be an issue, but idk I don't think your DNA can really predict what ads will be effective on you.

[–] oxomoxo@lemmy.world 6 points 7 months ago

It doesn’t matter if you use a service or not. Someone in your family most likely has DNA on file, either through voluntary submission, like 23andme, or through law enforcement, military government interactions that require submission. Once a family member is on file, it’s easy to ID you. Many crimes have been solved this way. Point being, doesn’t even matter if you try to keep private, if a nation state or three letter agency wants you, you done. If you’re worried about some company having your data just don’t participate in any of them… pretty much all you can do currently.

[–] Gooey0210@sh.itjust.works 6 points 7 months ago (2 children)

I was wondering about this for a while, is there an option to have a dna test like anonymously?

load more comments (2 replies)
[–] mazelado@lemmy.world 6 points 7 months ago

https://www.dnasquirrel.com/ provides some guidance on how to get DNA results while maintaining privacy. I haven’t tried it yet, but I’d like to hear if anyone has.

[–] crispy_kilt@feddit.de 4 points 7 months ago

Babies, I guess

[–] jlow@beehaw.org 2 points 7 months ago

Those two apparently don't allow law enforcement access to their databses (yet?) even though I seem to remember they do. But others do:

https://www.nytimes.com/2021/05/31/science/dna-police-laws.html

load more comments
view more: next ›