I wonder why he cares whether or not people delete their DNA?

I asked them to delete mine (although I'm not optimistic that they did so), and I'm glad that I did for two reasons. First, I don't think they dealt with me transparently and honestly from the start and second, whether or not that data is directly a risk to me, it's yet more data about me that's out there in the world and can be combined with other data to make a potent risk.

The less data about me that exists in any database, even trivial or apparently innocuous data, the better.

> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.

https://rationalwiki.org/wiki/Not_as_bad_as

I love Steven Salzburg, but he's missing the main point here:

23andMe could have been sold to someone that is not based in California which would result in a loss of many protections currently there, such as being able to have the data be deleted.

Sure, the data is not that valuable. Nobody really cares that is doing serious decision making based on good science or following the law.

I think he also ignores a new risk that's developing: bad tests. Current polygenic risk scores are all the rage, but they are very close to junk science, and if not created and applied very very carefully, far more carefully than most machine learning models, they will be junk.

So even if there's nothing in your DNA that could be used to discriminate against you, bad application of the technology could harm (or benefit) you, completely randomly. All because some pointy haired boss demanded that a bad model gets built and applied, whether or not the engineers knew what they were doing or gave proper warning to management.

This isn't just health care, it could be admissions to a private school, or the application for an apartment or NYC housing co-op, or whatever.

That's a serious risk, that some junk company uses the data in completely inappropriate ways, once the data is out in the wild.

Why not delete? There's zero benefit to the consumer to keep the data in 23andMe, at least for this consumer. Others that want to connect with 5th cousins might think differently of course.

But the point is that it's a personal decision and we all have different values and wants.

This commentary attempts to reassure people about staying with 23 and me, but ultimately ends up concluding that there's virtually nothing useful to be gleaned from the data created from the 23 and me process.

Author dismissed privacy concerns in the same way we see others downplay it: you already are giving up your privacy in other parts of your life, why not give it up here, too? Total nonsense, IMO.

The conclusion I came to from this, that I don't believe the author intended, is that you should delete your data from this company because it is pointless.

> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.

This tired canard makes me mad. It's not either/or. Be concerned about anyone who is collecting data on you and selling it without your consent.

And in my mind, the reason to delete your data from 23AndMe isn't to protect PII, it's to take an a salable asset away from a company that promised they wouldn't sell it in the first place, then changed their mind.

Data about me and what I click is one issue.

Data that can be used against my children is another.

My late wife had MS. It took her. Insurance companies would love that data to load against anything my kids do.

There are other issues but the fact is that companies will use DNA and every other data point they can to maximise what they take and minimise with loaded terms what they might, just might, maybe, pay out.

It's not about the now.

It's about the later.

> That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.

What kind of reasoning is that? Fine, they're not doing whole genome sequencing on you (yet), but having a detailed chip profile of several million informative SNPs absolutely can and will be used to profile you.

Very quickly and easily I might add.

Classical linkage analysis has been used quite effectively to profile people since the 80s using only a handful of (polymorphic) markers, because the power of the analysis is driven more by the number of related members than by the number of markers of an individual.

23&Me has a customer base of more than 10 million people(!!)

This is like saying if you have nothing to hide, you should consent to police searches. What is found only provides more possibly coincidental evidence to use against you (just as DNA provides evidence about your potential health).

What is the benefit of leaving your data with 23andMe?

you can download your data before deletion so this is not useful advice. you can use your data elsewhere if you care about the other stuff

"What’s fascinating–and a lot of fun, for some–is that by comparing these scattered landmarks, called SNPs or “snips,” you can get a very accurate picture of how closely related two people are."

This directly contradicts the claim that these samples reveal nothing about your health or disease risk. Maybe it doesn't reveal anything in isolation, but if you know some medical history about some of my relatives and you have their DNA info, then that gives you some significant info about me too.

> The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up

I worked in DNA analysis for 6 years.

You should absolutely be worried about the data that various companies are hoovering up. Your DNA is part of it.

>The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity.

The risk for privacy is not that one piece of your data is out there, but that companies can recreate a very sophisticated model of you by aggregating many pieces.

The idea that one small breach of privacy is equivalent to the vast amounts of informations 23andme has getting correlated with hundreds of other small pieces, is absurd.

It is a total lie that you should not be concerned about your privacy, because total privacy is impossible. The author also does not understand incognito mode.

Okay but like, I'm not planning on committing a crime and nothing I do now is considered criminal, but let's play out the worst case scenario and a fascist government comes to power and something I do now is considered criminal and they can place me doing it with this DNA that as the author describes can narrow down if it was me pretty easily.

You can tell me I'm paranoid or something, but I can also just not give them my DNA for no effort and be all the more better off if something like this happens OR if I do commit a crime under current laws I haven't given up the ghost immediately.

This feels like short term little gain for catastrophic effects in the worst case scenario.

The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.

I want all of my privacy, or better worded I want privacy to be my choice such as here on HN where I use my real name intentionally. :)

I’m sorry, but the whataboutism argument being made about online data trackers and brokers being “the real bad guys” totally misses the point that insurers are extremely thirsty for data like this, which is a very different buyer than, say, a political campaign fund or marketing agency. But like, both are mutually concerning, too.

You know genomes. But you don't seem to understand how big corporations operate and what the risks to your privacy are when your DNA and/or significant fractions thereof start floating around. It takes ~33 bits to uniquely identify a human. This is 'gods own GUID' and it has far, far more than 33 bits, even in the most limited case.

This a bone headed article… umm we can’t extract anything from it about your health (*now)… so might as well just spread it everywhere?

Like he doesn’t even go into the fact that it could be used by law enforcement wrongfully etc: e.g Unregulated Chinese crime detection startup buys the data, you happen to be in China and get arrested bc they used inadequate algorithms that wrongfully accused you.

There is absolutely nothing convincing here.

> However–and here’s the rub–some 25 years after the human genome was sequenced, and despite huge efforts to link genes and disease, there are almost no SNPs that tell you anything consequential about your health. If you have a genetic disease, you almost certainly already know about it, and if you don’t know, then the 23andMe data just isn’t going to reveal anything.

For someone who “knows genomes”, this is a brain dead take on microarrays. Lots of the content on arrays _is_ directly tied to a phenotype because there’s limited space so we directly test variants that are known to cause problems!

Is he really claiming that BRCA1/2 variants don’t increase risk of breast cancer in a meaningful way? Or that there aren’t tons of people who are XXY who don’t know even though it’s the hidden cause of many infertility problems?

This is just such a bad take it is hard to take anything said here seriously

> That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.

IIRC, 99 percent of the rest is shared by all humans, 95 precent is shared by humans and apes, and some 80 (?) percent is shared by humans and drosophila flies? That's likely the important 0.02%.

I run my genome twice through 23 and me, the V4 and V5 chip.

They’re doing this I found a mutation parentheses (not a polymorphism) in my CVS enzyme that was causing my family to have heart attacks before they were 50.

And I currently diagnosed two people just looking at their genetics one with celiac and the other one with 21 hydroxy deficiency. Just let them impress your doctor for test in proving it was right.

What makes me sad about this is that it’s such a valuable resource that no one’s going to have access to because of corporations and greed. Personalized medicine is the only way to cure diseases and the only way to find out what’s going on in your body.

Even if we accept the author’s contention that the downside risk is very low (and plenty of other comments explain why that is a bad idea), they make no case at all for the benefits. If there is no benefit to keeping it, then there is no downside to deleting it.

Salzberg states several times that one should browse in 'private' or 'incognito' mode to stop 3rd party tracking. This is false. Incognito mode stops data such as web history and cookies being stored on the computer you are using - it is good (enough) for obscuring what sites you have visited from other people who may have access to your computer. (It may not defeat a deep forensic search, it might save you from family embarrassment). Incognito mode does not hide any data at all from your ISP, your DNS server, or the web servers you visit - it does not do anything to defeat 3rd party tracking. An error of this magnitude does make me wonder whether any of his other propositions are true at all.

Incredibly unconvincing

The arguments boil down to "we're all fucked so letting 23&me fuck us more is no big deal"

> ...this is only a problem because of our disastrous insurance-based, for-profit healthcare system in the U.S.

That is the reality for the subjects of the USA. So it is a problem

>...far more concerned about all the data that various companies are hoovering up about you based on your online activity

No. I take active measures against sneaky surveillance (my browsers cannot be tracked as far as I can tell) and I use my real name lots of places. I am in control. If my siblings, parents, children submit "their" private data to these evil data horders, I am not in control

Deleting your, and yours, data from 23&me will be closing the stable door, I am unconvinced that these sorts of people will actually delete anything (they will remove it from your view and control) but it has performative value

Delete the data!

What a useful and timely reminder to delete your data from 23andmes website. Thank you.

The author might not be aware of this, but DNA databases from companies like 23andMe are already being used for mass surveillance and police work. They don’t need the entire gene sequence, they already have enough to identify you and invade your privacy more than you might think, especially in combination with other data and the data of other people.

The Golden State Killer was caught because a distant relative submitted a DNA sample to one of these services. Thus, when the police submitted a DNA test report from the unknown killer to GEDmatch, it came back with some useful hits, which they were able to narrow down to just one person.

Maybe you support the outcome in that particular case, but what happens when it’s your sibling that committed a crime, or they are a political dissident, or they practice the “wrong” religion?

And remember that your DNA is one of the few pieces of personal information that is permanent and cannot be changed.

https://www.science.org/content/article/we-will-find-you-dna...

https://en.wikipedia.org/wiki/Joseph_James_DeAngelo

This is the tired excuses: If you've got nothing to hide then you shouldn't want privacy And If you already lack privacy in some places you should just give up on having any.

The first is stupid. If there exists capacity to keep things private, why would I NOT want to have privacy? What is in it for me to let arbitrary others see everything I do and am?

The second so strange to hear. It is an argument for turning the slippery slope of privacy erosion that you try to resist into a waterslide that you should enthusiasticly throw yourself down.

Three massive differences between DNA and any other 'private data'.

Once DNA has flown the coop, you won't get a new set of SNPs. That's it, it's a 'complete' picture of your SNPs (not your genome, yes, but SNPs are enough for many use-cases like ancestry estimation). Your private browsing data, however, is messy, ever-changing, has huge holes, changes over devices, and you can take active steps against leaking it (including even fuzzing it - you can't fuzz your SNPs!). Your SNPs are written in stone.

Second, you don't have to leak your DNA for the data to be out there, a distant cousin is enough to implicate you. You can do nothing at all and still get scooped up. (see the arrest of the Golden State Killer) My cousin's browsing history, on the other hand, says very little about me.

Third, your DNA implies you as part of minorities. Your browsing profile does not. China uses DNA to track minorities [1] and that may come to a government near you, soon. Again, data that may not even be shared by you may send you off to a camp.

[1] https://www.aspi.org.au/report/genomic-surveillance/

P.S.: And no, 'private mode' doesn't help you.

> If you live in Europe, where healthcare is provided to everyone by the government

This partial sentence alone has so much wrong with it that this article is going to PETA me into finally deleting my data

Here is my genome https://my.pgp-hms.org/profile/hu81A8CC

You'd think my ideal self-interest is for no one to volunteer for any research except my own relatives so that all medicine is optimized to my care. But that doesn't work that well. The genome itself is just not that useful. If you learn something from that VCF for a whole-genome sequence that's interesting, feel free to let me know.

I personally benefited from the aggregate that is the UK Biobank's repository of genome sequences and medical histories, and I'm grateful for everyone who contributed that for science. PGP is the closest I can get to providing my data apart from All Of Us which has a bit of medical data about me but no one has all my medical history.

I hope that, if nothing else, I am a piece in an instrument for humanity to comprehend the Universe. Either through my genome being useful when compiled with others or as a cautionary tale to making your genome available.

I never sent a sample to any of these companies and I'm glad I didn't. The next best thing would be to delete your data if there's an option (although of course you only have their word for it). It has nothing to do with panicking.

The article fails to explain why you shouldn't delete your DNA data at 23 and me. It does a good job explaining why the risks of letting them keep it are exaggerated, which might be true (I'm still skeptical), but what is the reason why you should let them hold onto this information? What is the advantage to me to let them keep my DNA data?

(Disclaimer: I never used 23 and me, so this is entirely hypothetical for me.)

This is staggeringly naive, holy moly. The idea that it's bad enough already, so might as well share DNA with a private company to put the proverbial cherry on top is... idk, nihilistic?

The man so smart he gave his soul to a corporation in exchange for absolutely nothing at all.

It's okay, it's not your whole genome, it's just enough to uniquely identify you and your descendants for generations. Besides, don't you know that internet tracking exists so if you think about it you've sold your soul already and it's hypocritical for you to complain

>Are you browsing the web only in private or “in cognito” mode?

Uh oh, GENIUS ALERT!

What kind of argument is "you shouldn't spend a second improving your privacy a little when you can spend days improving it a lot"?

The author says that health insurance in Europe is provided by the govt and for most it still is, there are plenty of people getting private health insurance as the govt health sector is collapsing, so this argument is mute. Also, in the 23andme data is risk of getting hundreds of diseases, any private health insurance company would love to see this data to deny paying you any compensation, OBVIOUSLY. I have never given my DNA to any private company and I never would, if you have: delete it!

How did this article get so many upvotes?

I could write the same article with a little bit of help from ChatGPT, even though I know almost nothing about genomes. Well, in fact, I can't really tell what the author's expertise in genomes is from the article at all. I might as well ask a random stranger on the street about his opinion on the matter.

And if you think about it, "I know genomes" in the title is a giant red flag. It's basically saying, I am the authority, and you should trust me, even though my arguments are very weak and barely convincing at all. What kind of ** put that in the title?

https://en.m.wikipedia.org/wiki/Argument_from_authority

This analysis demonstrates what we call a "Fachidiot" problem in German - deep expertise in one domain coupled with troubling blindness to how that domain intersects with broader realities. The author's "just chill out" recommendation about permanent biological identifiers is about as reassuring as a nuclear physicist telling people not to worry about uranium enrichment because "it's mostly stable isotopes."

The "0.02% of your genome" framing is fundamentally misleading. Those ~640,000 SNPs aren't randomly scattered junk - they're specifically selected markers that correlate strongly with ancestry, health predispositions, pharmacogenomic responses, and familial relationships. The intelligence value isn't in raw percentage coverage but in what can be inferred from those curated data points. And you can infer an awful lot from these targeted markers.

The comparison to browsing history or social media activity is pathetically cavalier. We're talking about immutable biological data that:

    - Links you to family members who never consented to participate  
    - Allows inference about relatives' genetic predispositions based on your data alone    
    - Has unknown future applications as genomic analysis capabilities advance  
    - Cannot be changed, deleted from your actual biology, or "opted out of" once the implications are understood

Understanding genomes doesn't automatically confer understanding of threat modeling, data permanence, or the creative ways malicious actors exploit seemingly "harmless" datasets. The recommendation treats a permanent biological identifier with the same casual attitude as a recoverable password breach.

This is exactly the kind of expert blind spot that leads to catastrophic privacy failures decades down the line.

If Hitler had had access to 23andMe type data, there would have been a bigger holocaust.

Normally I wouldn't bring up Hitler in an internet discussion, I'm aware of its discussion-killing feature, but the big thing that has changed is we now have GENUINE NAZIS in the US government