23andMe could have been sold to someone that is not based in California which would result in a loss of many protections currently there, such as being able to have the data be deleted.
Sure, the data is not that valuable. Nobody really cares that is doing serious decision making based on good science or following the law.
I think he also ignores a new risk that's developing: bad tests. Current polygenic risk scores are all the rage, but they are very close to junk science, and if not created and applied very very carefully, far more carefully than most machine learning models, they will be junk.
So even if there's nothing in your DNA that could be used to discriminate against you, bad application of the technology could harm (or benefit) you, completely randomly. All because some pointy haired boss demanded that a bad model gets built and applied, whether or not the engineers knew what they were doing or gave proper warning to management.
This isn't just health care, it could be admissions to a private school, or the application for an apartment or NYC housing co-op, or whatever.
That's a serious risk, that some junk company uses the data in completely inappropriate ways, once the data is out in the wild.
Why not delete? There's zero benefit to the consumer to keep the data in 23andMe, at least for this consumer. Others that want to connect with 5th cousins might think differently of course.
But the point is that it's a personal decision and we all have different values and wants.
Author dismissed privacy concerns in the same way we see others downplay it: you already are giving up your privacy in other parts of your life, why not give it up here, too? Total nonsense, IMO.
The conclusion I came to from this, that I don't believe the author intended, is that you should delete your data from this company because it is pointless.
This tired canard makes me mad. It's not either/or. Be concerned about anyone who is collecting data on you and selling it without your consent.
And in my mind, the reason to delete your data from 23AndMe isn't to protect PII, it's to take an a salable asset away from a company that promised they wouldn't sell it in the first place, then changed their mind.
Data that can be used against my children is another.
My late wife had MS. It took her. Insurance companies would love that data to load against anything my kids do.
There are other issues but the fact is that companies will use DNA and every other data point they can to maximise what they take and minimise with loaded terms what they might, just might, maybe, pay out.
It's not about the now.
It's about the later.
Sadly this is coupled with incontinence (mainly urinary), so before I go out (every 3 months to the doctor), I have to make sure I do not drink, or if I do drink, I need to account for that when I go outside, but as a precaution I wear those diapers, not sure how they are called, those undies that are diapers, essentially. I wet my bed many times at night.
I have severe anxiety and depression which I have had long before the lesions, but given my circumstances and the damage, it is now worse.
I wish I had more financial help. There is a friend who helps me as much as he can, but other than that, I got no one. The Government gives me almost nothing per month. According to their calculations, somehow a person is supposed to get by by 900 HUF (~2.6 USD) per day.
I'd probably suggest you post about your experience with this in a way to relates to your experience as a dev since it seems you write about technical stuff?
I'm thinking about that blind guy recently talking about Linux accessibility making blindness a lot more relatable to people on sites like HN, who also are more likely to have disposable income to donate
So it’s pointless in the end
What kind of reasoning is that? Fine, they're not doing whole genome sequencing on you (yet), but having a detailed chip profile of several million informative SNPs absolutely can and will be used to profile you.
Very quickly and easily I might add.
Classical linkage analysis has been used quite effectively to profile people since the 80s using only a handful of (polymorphic) markers, because the power of the analysis is driven more by the number of related members than by the number of markers of an individual.
23&Me has a customer base of more than 10 million people(!!)
(Note that there are very different ways to measure that percentage and they can mean very different things. I'm not intending these percentages to be accurate, but I'm sure you get my point.)
We do Whole Genome Sequencing, and sometimes we outsource the sequencing. We always get the excess of DNA back, and it is stored in our own freezers. Even in this scenario we can't be 100% sure they don't store the DNA or the files for their own purposes, but that's the risk we assume. The DNA we send is only identified by a number.
I can 100% imagine a company such as 23andMe storing DNA for later sequencing, or even doing WGS to do their side business, while sending you back only the genotype. Did you request your excess of DNA back? No, you didn't, because you didn't even know how much you sent or how much is needed for a genotyping. What you did was linking your DNA with your real name and some extra data, so further data augmenting is trivial.
They do, as far as I know. Most genealogical DNA testing companies do, and they tell you so. In case you want to upgrade the analysis later.
> doing WGS to do their side business
That would land them in hot water with the EU. Per GDPR, you can't ask for PII for one purpose and use it for something else down the line. 23andMe customers didn't consent to WGS.
But there's another reason I think they wouldn't do that, and that's that WGS is time-consuming and expensive. Some random person's DNA data isn't that valuable. There's a reason payment is part of their business model, and if that's true for cheap microarray tests, how much more isn't it true for terribly expensive WGS tests?
https://services.bgi.com/wgs-sequencing
Making a report is expensive. The WGS maybe cheaper than you think (I don't know how much you were thinking). Then running a quick admixture and some PRS analysis on the data by yourself, with the aid of ChatGPT or some of its friends if you have zero clue, it can be surpringsingly affordable.
BGI is chinese, but there are other services out there doing similar services (e.g. Macrogen in Korea).
Assume you have your WGS files. BGI/Macrogen can already provide you with basic analysis (like the Variant calling), but next you can do is head to https://nf-co.re/ and look for pipelines that might be of your interest: sarek, raredisease, oncoanalyser, hlatyping... and have some fun. Next head to https://snakemake.github.io/snakemake-workflow-catalog/ and look if there is something you can be interested in (grenepipe, dna-seq-gatk-variant-calling, PopGLen...). With some help from a decent LLM you should be able to run your "admixture" that some people loves (the "I'm 3% asian, 24% african, 10% nordic..."). I don't know anyone that does à la carta analysis, we do all of them ourselves, but sure there are some.
Note that you enter a difficult world, and there is no absolutes there: is fun to play, the same way that is fun to track your own sugar levels with an app. But you shouldn't be diagnosing yourself or taking radical actions based on the results. You are not debugging yourself. Soon enough you'll be wondering about your RNA-seq under X or Y conditions.
YSEQ will do full genome NGS if you ask for it but it's expensive, can take six months or more, and the owners have apparently been known to cancel your order and refund you if you complain about the wait times.
Yes, that was 23andMe's business model. They thought so too. Since they went bankrupt, I think it's safe to say, the commercial utility of such profiles was pretty overrated.
This directly contradicts the claim that these samples reveal nothing about your health or disease risk. Maybe it doesn't reveal anything in isolation, but if you know some medical history about some of my relatives and you have their DNA info, then that gives you some significant info about me too.
I worked in DNA analysis for 6 years.
You should absolutely be worried about the data that various companies are hoovering up. Your DNA is part of it.
The risk for privacy is not that one piece of your data is out there, but that companies can recreate a very sophisticated model of you by aggregating many pieces.
The idea that one small breach of privacy is equivalent to the vast amounts of informations 23andme has getting correlated with hundreds of other small pieces, is absurd.
It is a total lie that you should not be concerned about your privacy, because total privacy is impossible. The author also does not understand incognito mode.
You can tell me I'm paranoid or something, but I can also just not give them my DNA for no effort and be all the more better off if something like this happens OR if I do commit a crime under current laws I haven't given up the ghost immediately.
This feels like short term little gain for catastrophic effects in the worst case scenario.
The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.
I want all of my privacy, or better worded I want privacy to be my choice such as here on HN where I use my real name intentionally. :)
That's borderline no longer a hypothetical.
I genuinely don't know and would like to know: are you being sarcastic? I'm asking because to me it seems like you are, but please correct me if I'm wrong.
And it is not the state (criminality) that is the biggest risk IMO. The classifying of people into "sheep and goats" is more likely to come from private power. Governments are dangerous, yes. But there are many fewer democratic checks and balances over private power
Seems like you just read the first phrase of his comment and immediately went into an adversarial "are you being sarcastic?" loop. Because the point you made is what came immediately after the part you quoted in his original comment:
> [...] but let's play out the worst case scenario and a fascist government comes to power and something I do now is considered criminal and they can place me doing it with this DNA that as the author describes can narrow down if it was me pretty easily.
So, as for the rest of his comments, such as: "The author also makes this like a weird dichotomy with online tracking, I ALSO care about being tracked on the internet and my personal privacy is pretty important to me in general.", I agree.
I edited my comment as it was deeply misunderstood, and I am not interested in having it derailed even further. Maybe another time.
Because I actually addressed that "have nothing to hide" argument. Oh well!
DNA is just one facet of all the data being actively collected by SuperMegaCorp and/or governments (or probably worst of all, both at the same time and in cooperation with each other).
(not entirely true because we also spread other biometric data, such as facial images)
Probably easier to place you with your cell phone location data, or surveillance cameras and face recognition.
- what if you're part of a minority the government wants to disappear, like the Uyghur in China? DNA is indicative of many minorities. You don't have to commit a crime.
- you don't have to share your DNA, some distant cousin sharing theirs is enough to implicate you (as in the Golden State Killer's arrest). You cannot control your far-flung relatives. You may not have a choice in this kind of privacy. That's what makes DNA unique in relation to other kinds of private data: your cousin's browsing history does not implicate you, DNA however may.
We shed DNA in useful, analyzable amounts wherever we go. In a decade or so, "collectors" of DNA from the air may sprout up everywhere, aggregating DNA of the passersby and sorting it into buckets using, say, face recognition. Even if such practice was limited to the airports, the databases will grow. People have to prove their identity when boarding flights, so pairing them with their DNA trace is feasible.
And if a country bans this practice, another may not, and their database may be hacked and sold openly, so any person which traveled there will be exposed.
The privacy argument might work in some Western countries, and the corresponding legislation may be enacted there, but once you have to travel to India or China or Dubai profesionally, the cat will be out of the bag.
Feasible and present are entirely separate.
Look at illegal immigrants today. The ones who co-operated with the government by e.g. showing up to court appointments or registering in apps are easier to catch because of that documentation. So they're prioritised. Same with DNA. Yes, you could pass a rule and then slowly collect DNA from all Americans who fly. But it's a lot easier to start with those who have already given it up.
In the Netherlands, in the early 30's we had a census. All the good jewish citizens of the good kingdom of the Netherlands filled in their religion. Because, why shouldn't they? Fast forward a couple of years, and those detailed census results are really handy for the occupying nazis.
During WW II, 95% of the jewish in the Netherlands were killed. Compare this with a country that does not have a central register of it's citizens (France), where "only" 25% of the jewish were killed.
Also, when you give up your DNA, you're not just giving it up for you. You're giving it up for your family.
Why do you doubt that given the very obvious ethnic persecution going on in the US right now against immigrants, especially Hispanics?
Like, okay, "Ian Butler" in particular doesn't sound terribly Hispanic, but I think that's splitting hairs on the larger point
The admin is overplaying their hand with some shoddy tactics, and the more citizens they drag into the net, the more quickly they'll lose the popular opinion here.
Perhaps because they mistakenly thought he wouldn't do exactly what he said he would do, or that there would be checks & balances to make sure it wasn't too heavy-handed so they personally were not in danger. Now he is doing what he said he would do in that regard (even when accidentally saying the quiet bits out loud) many are somewhat surprised and concerned.
Oddly while not beleiving he would go all-in on the purge many did believe he would do what he said with respect to what they saw as good things (lowering prices, and taxes (for them), ending the Ukraine conflict, keeping America out of other conflicts particularly in the middle-east, releasing any and all Epstein information, …), and are aghast at those things not being carried through as promised on the campaign trail.
I don't know them but they could be gay, or have a gay friend, or be atheist or religious, or maybe they once visited Costa Rica as a tourist and Costa Rica becomes the next pariah state or whatever. They might have driven a friend to an abortion clinic in the past
The very point is that you can't predict what could become a problem for a hypothetical future authoritarian state. If you look at the worst examples in history it could be something as innocuous seeming today as writing a non-political book or having distant relations with the same people as some other "undesirable" person.
You can see right now with the mass deportations, evidence and making a watertight case aren't priorities once you get to this point.
So I think the author's point stand, that there's little additional risk in some private company having your SNPs. The question is, is it worth it? I'd say, unless you (or a relative you want to help) are into genealogy, it's not worth it, even if the risk is small.
But genealogy is fun. It's also, I think, something that can be deeply meaningful for almost anyone.
Because, do you have all answers to what's important in life? Probably not, I hope? If you haven't, aren't you interested in what answers your own ancestors implicitly (through the lives they lived) gave to the big questions in life?
It's commonly said, "those who learn nothing from history are doomed to repeat it" etc. Might that not be true on an immediate, personal level too? History is more than grand politics, it's also the lives of normal people. And who could you learn most from, if not the people who are most similar to you?
That's my pitch for doing genealogy as a hobby... Now, it should be said, genetic genealogy is a pretty small part of genealogy, unless you're unfortunate with adoptions etc. in your family. Even for that, I'd say there are better options than 23andMe, I do not see personally have my SNP data there.
Point is, for all things, security is a trade-off, about which risks are worth it and for what gain.
Like he doesn’t even go into the fact that it could be used by law enforcement wrongfully etc: e.g Unregulated Chinese crime detection startup buys the data, you happen to be in China and get arrested bc they used inadequate algorithms that wrongfully accused you.
There is absolutely nothing convincing here.
For someone who “knows genomes”, this is a brain dead take on microarrays. Lots of the content on arrays _is_ directly tied to a phenotype because there’s limited space so we directly test variants that are known to cause problems!
Is he really claiming that BRCA1/2 variants don’t increase risk of breast cancer in a meaningful way? Or that there aren’t tons of people who are XXY who don’t know even though it’s the hidden cause of many infertility problems?
This is just such a bad take it is hard to take anything said here seriously
Even worse, if insurance companies had their way, they'd use the family matriarch's BRCA1/2 variant to set the rates for all her descendants. Massive DNA profiling doesn't just impact the "owner" of the DNA - it impacts anybody in their family tree who might have similar genes.
IIRC, 99 percent of the rest is shared by all humans, 95 precent is shared by humans and apes, and some 80 (?) percent is shared by humans and drosophila flies? That's likely the important 0.02%.
They’re doing this I found a mutation parentheses (not a polymorphism) in my CVS enzyme that was causing my family to have heart attacks before they were 50.
And I currently diagnosed two people just looking at their genetics one with celiac and the other one with 21 hydroxy deficiency. Just let them impress your doctor for test in proving it was right.
What makes me sad about this is that it’s such a valuable resource that no one’s going to have access to because of corporations and greed. Personalized medicine is the only way to cure diseases and the only way to find out what’s going on in your body.
It's almost as if being an expert in one thing doesn't give you any expertise in a completely unrelated thing.
It does reduce the footprint of data able to be correlated across browser restarts, which is not nothing, but is much less than most people assume.
So everything you do on this visit can be correlated, but when you close your browser and then come back, you're a new person not associated with your previous visit.
The arguments boil down to "we're all fucked so letting 23&me fuck us more is no big deal"
> ...this is only a problem because of our disastrous insurance-based, for-profit healthcare system in the U.S.
That is the reality for the subjects of the USA. So it is a problem
>...far more concerned about all the data that various companies are hoovering up about you based on your online activity
No. I take active measures against sneaky surveillance (my browsers cannot be tracked as far as I can tell) and I use my real name lots of places. I am in control. If my siblings, parents, children submit "their" private data to these evil data horders, I am not in control
Deleting your, and yours, data from 23&me will be closing the stable door, I am unconvinced that these sorts of people will actually delete anything (they will remove it from your view and control) but it has performative value
Delete the data!
The Golden State Killer was caught because a distant relative submitted a DNA sample to one of these services. Thus, when the police submitted a DNA test report from the unknown killer to GEDmatch, it came back with some useful hits, which they were able to narrow down to just one person.
Maybe you support the outcome in that particular case, but what happens when it’s your sibling that committed a crime, or they are a political dissident, or they practice the “wrong” religion?
And remember that your DNA is one of the few pieces of personal information that is permanent and cannot be changed.
https://www.science.org/content/article/we-will-find-you-dna...
The first is stupid. If there exists capacity to keep things private, why would I NOT want to have privacy? What is in it for me to let arbitrary others see everything I do and am?
The second so strange to hear. It is an argument for turning the slippery slope of privacy erosion that you try to resist into a waterslide that you should enthusiasticly throw yourself down.
Once DNA has flown the coop, you won't get a new set of SNPs. That's it, it's a 'complete' picture of your SNPs (not your genome, yes, but SNPs are enough for many use-cases like ancestry estimation). Your private browsing data, however, is messy, ever-changing, has huge holes, changes over devices, and you can take active steps against leaking it (including even fuzzing it - you can't fuzz your SNPs!). Your SNPs are written in stone.
Second, you don't have to leak your DNA for the data to be out there, a distant cousin is enough to implicate you. You can do nothing at all and still get scooped up. (see the arrest of the Golden State Killer) My cousin's browsing history, on the other hand, says very little about me.
Third, your DNA implies you as part of minorities. Your browsing profile does not. China uses DNA to track minorities [1] and that may come to a government near you, soon. Again, data that may not even be shared by you may send you off to a camp.
[1] https://www.aspi.org.au/report/genomic-surveillance/
P.S.: And no, 'private mode' doesn't help you.
This partial sentence alone has so much wrong with it that this article is going to PETA me into finally deleting my data
You'd think my ideal self-interest is for no one to volunteer for any research except my own relatives so that all medicine is optimized to my care. But that doesn't work that well. The genome itself is just not that useful. If you learn something from that VCF for a whole-genome sequence that's interesting, feel free to let me know.
I personally benefited from the aggregate that is the UK Biobank's repository of genome sequences and medical histories, and I'm grateful for everyone who contributed that for science. PGP is the closest I can get to providing my data apart from All Of Us which has a bit of medical data about me but no one has all my medical history.
I hope that, if nothing else, I am a piece in an instrument for humanity to comprehend the Universe. Either through my genome being useful when compiled with others or as a cautionary tale to making your genome available.
It is interesting that knowing your zipcode I might have predicted your response.
> I am a piece in an instrument for humanity to comprehend the Universe.
For a lot of people, if their data is being used as a benefit, then they should be properly compensated for that. They're more likely to be trying to comprehend how to keep food on the table.
> For a lot of people, if their data is being used as a benefit, then they should be properly compensated for that. They're more likely to be trying to comprehend how to keep food on the table.
Certainly, I am a great believer in the market. If they believe the price is insufficient, there is no reason to sell. I am only offering them this information for free so that they may set their price in a more informed manner. I'm doing that because I have a related semi-religious personal principle https://wiki.roshangeorge.dev/w/Observation_Dharma
(Disclaimer: I never used 23 and me, so this is entirely hypothetical for me.)
It's okay, it's not your whole genome, it's just enough to uniquely identify you and your descendants for generations. Besides, don't you know that internet tracking exists so if you think about it you've sold your soul already and it's hypocritical for you to complain
>Are you browsing the web only in private or “in cognito” mode?
Uh oh, GENIUS ALERT!
I could write the same article with a little bit of help from ChatGPT, even though I know almost nothing about genomes. Well, in fact, I can't really tell what the author's expertise in genomes is from the article at all. I might as well ask a random stranger on the street about his opinion on the matter.
And if you think about it, "I know genomes" in the title is a giant red flag. It's basically saying, I am the authority, and you should trust me, even though my arguments are very weak and barely convincing at all. What kind of ** put that in the title?
The "0.02% of your genome" framing is fundamentally misleading. Those ~640,000 SNPs aren't randomly scattered junk - they're specifically selected markers that correlate strongly with ancestry, health predispositions, pharmacogenomic responses, and familial relationships. The intelligence value isn't in raw percentage coverage but in what can be inferred from those curated data points. And you can infer an awful lot from these targeted markers.
The comparison to browsing history or social media activity is pathetically cavalier. We're talking about immutable biological data that:
- Links you to family members who never consented to participate
- Allows inference about relatives' genetic predispositions based on your data alone
- Has unknown future applications as genomic analysis capabilities advance
- Cannot be changed, deleted from your actual biology, or "opted out of" once the implications are understood
This is exactly the kind of expert blind spot that leads to catastrophic privacy failures decades down the line.
Normally I wouldn't bring up Hitler in an internet discussion, I'm aware of its discussion-killing feature, but the big thing that has changed is we now have GENUINE NAZIS in the US government
"Knowing who you have in contact/follow list and who has you as contact/follow is not a huge privacy risk"
Which is true, given how willing we are at sharing this information (and even display it for vanity metrics).
But obviously how much a risk this is depends on who you are and your circumstances
So basically the upside and downside get jacked up and effectively "nothing really changes". They will always make up excuses to genocide a group, or deny your insurance claims.
This is the same thing with privacy. If Microsoft's Recall is indeed useful as advertised, that is extremely powerful. People that truly don't have anything to hide, is happy to see ads etc, would be extremely empowered by this tool.
The main concern stays, even if it's just a tiny bit of your genome, even if web-fingerprinting is also bad, the sequenced genome data is enough to identify and relate you to others. (Didn't they catch a serial killer that way?)
Even without the whole bankruptcy spin, I haven't had my DNA sequenced out of privacy concerns, with being US(-jurisdiction)-based as a big factor against most of the big competitors.
JohnFen•6mo ago
I asked them to delete mine (although I'm not optimistic that they did so), and I'm glad that I did for two reasons. First, I don't think they dealt with me transparently and honestly from the start and second, whether or not that data is directly a risk to me, it's yet more data about me that's out there in the world and can be combined with other data to make a potent risk.
The less data about me that exists in any database, even trivial or apparently innocuous data, the better.