> Searches each data broker site for your name + state
Is this US only or would it also work for international profiles (and if so what would be the "state" equivalent)?
Jokes aside, I unironically suspect the purpose of many opt-out forms is merely to record the up-to-date information.
How many require you to make an account or confirm your email address/phone?
I’m not in the business of fixing their mistakes for free.
I will click the unsubscribe link and that’s it.
But there is a (somewhat plausible) defense here: if someone forwards you an email and you hit the unsubscribe link, then it unsubscribes them; not you. Requiring the user to enter their email helps ensure you don't accidentally unsubscribe the wrong person.
That said — the most impactful thing anyone can do to punish dark pattern digital marketing behavior is to report the message as SPAM in your email client. That'll hurt their delivery rates and damage their sending reputation with email providers.
Pre-filling the address in the field is easy and prevents that. But if I get redirected to an empty address field, I immediately close and mark as spam. I refuse to reward that behavior.
They already know your email, I don’t see why getting it again would sell it to a new vendor. Clicking an unsubscribe link already verifies you are a real person.
Does this work for anyone outside the US as well? e.g. Will it work for an Australian?
Requirements
macOS (uses launchd for scheduling and Messages for iMessage)
Node.js 18+
Playwright browsers installed
Right, so my suspicion was correct: I'm the only one being inconvenienced by the same old captchas.
The reCAPTCHA v3 Enterprise version and MtCaptcha cost a whopping 3x as much ($3 per 1000 solves). Seems like they're the best CAPTCHAs to go for.
"Select stairs": okay, does that mean the railing too? And probably some percentage of people clicked rails, so now I have meta it and guess if that percentage is enough to throw off my guess.
"Select motorbike": okay, but you're showing me a bicycle. I'll click "skip". FAIL. TRY AGAIN. Sighs.. okay, I guess the average person is so dim-witted they will misidentify a bicycle for a motorbike.
And the "correct" pictures all shows steps, not stairs.
> "Select motorbike"
And the "correct" pictures all show mopeds, not motorbikes.
Christ, don't get me stated on taxis that aren't black, fire hydrants that aren't a yellow H sign (apparently I'm supposed to look for something like a yellow painted R2D2) and WTF is a "crosswalk" (a pedestrian crossing?).
That's not gaslighting.
>And probably some percentage of people clicked rails, so now I have meta it and guess if that percentage is enough to throw off my guess.
No, there are multiple accepted answers.
Google will get to know every user browsing the web and link it to a smartphone. Since they’re rolling out government issue ID verification at the OS level, this change will allow Google to identify a random web visitor to a govt ID.
But then that would not work against correlating fraud detection as sketched above. A client could simply reset the app every now and then to generate a new UUID.
You're just describing a regular cookie.
>But not a fingerprint or otherwise linked to identity?
You'll have to reverse-engineer the app to figure out whether it's actually fingerprinting, and whether it's fingerprinting to make sure it's a real device (vs emulator) or it's fingerprinting to uniquely identify someone. I suspect they're complying with app store guidelines and not doing the latter, because it's not worth the PR hit to just to vaguely improve a product responsible for <1% of their revenue.
>But then that would not work against correlating fraud detection as sketched above. A client could simply reset the app every now and then to generate a new UUID.
The attestation result contains a count of attested keys generated in the past 30 days, which detects this case without a "supercookie" that persists across uninstalls.
https://developer.apple.com/documentation/devicecheck/assess...
Yes regular cookie from Google's perspective, but super in that it works across sites. If for some reason you don't just take Google's word you might suspect they collude and share / sell your identity to the site as well...
> The attestation result contains a count of attested keys generated in the past 30 days, which detects this case without a "supercookie" that persists across uninstalls.
Ah. So there is something special limiting control over the UUID? Or is there some way of correlating the physical device to the attestation history?
Why wouldn't I be able to reset and re-enroll in the app and then have it generate me a fresh new cookie attestation history?
That's just third party cookies.
>Why wouldn't I be able to reset and re-enroll in the app and then have it generate me a fresh new cookie attestation history?
You can get a new uuid, but then that'll be associated with a key that has a high attestation count, which is also suspicious. It's like detecting spam from an account that has 1000 posts in 1 hr vs an ip that created 1000 accounts in one hr making one post each. Both are suspicious.
Location (“coarse location”), identifiers (“device id, user id”)
^ both are deemed a necessity for app functionality, with deviceID required for analytics too.
Chances are you have a Google app, or logged into some Google service installed on the same iOS device also. They now have a holistic picture of the user from deviceID, google id, phone number, location, IP, wifi networks etc.
You can characterize this commercial arrangement as whatever you want, but not meaningfully different than what they had before, where they were getting users to click boxes and charging businesses per "verification".
Supporting Systemd should be easy. Not sure what windows uses.
What's the difference? Aren't services always just spawned processes?
Services are executables, but they have dedicated entrypoints/"signals" for interaction with the service manager. That means you can't point a service at a batch file or powershell script, because those applications don't have the symbols to respond to the signalling from Windows.
And you can "just" use nssm to wrap any arbitrary executable with what is needed to make it a windows service.
edit: Windows can use Node and Playwright just fine. I think the only thing this needs a Mac for is to schedule and send messages as an alert.
Well my coworkers and I realized that the opt out form just needed an address. We contemplated pulling all known addresses for the entire country and automating submitting them all over several months to opt everyone out. I don’t think it ever materialized but we had a good chuckle about the emergency meeting the Yellow Pages web devs would have had and at what percentage of opt outs.
The delivery-people got overwhelmed and eventually just resorted to putting the stacks and stacks of phone books into piles and burning them. It took a long time until they got caught because nobody really misses a phone book.
i think we got a season pass to 6 flags out of it, but i'm not positive
They would just pretend they didn't receive the opt outs, like half of the direct mailers and spammers out there.
I've gone through the trouble of trying to get Uline to stop sending gigantic paper catalogs to my PO Box two or three times per year. They have a form, they just ignore the requests:
https://www.uline.com/CustomerService/ULINE_FAQ_Ans?FAQ_ID=4...
But there are other times where I am wrong too and I even comment on threads with less upvotes because the topic is so interesting yet my comment just ends up being isolated.
It's really more like a 50/50.
Even the one post of mine which had reached the front page of Hackernews was something that I absolutely knew could reach front page but then there weren't much responses for a few days but then after a few days, I saw that it was re-uploaded (I think that Hn selects a few submissions which are interesting, I forgot how that mechanism worked) and then I reached the front page of Hackernews ;)
Either way, I think people should just make what they feel is interesting but I remember reading some article once which said a few things which this article follows:
1. I built XYZ... gets more frontpage than we built XYZ...
2. having (Open source) in the title increases the chances too
This article has both of them so its definitely interesting to see it on front page, either way its an really interesting project :-D
1. It asks you to optionally sign up for a bunch of other services like Spokeo
2. It asks for access to your email via Apple's Mail app which I don't use
3. I got a lot of 404s anyway
4. Many sites require manual intervention to work
Assumption that people use Apple services by default is wild
Mac in requirements is wild tho
I do think they should’ve put that in the title, however. Save a lot of people time
I do find the project cool, just a bit too sensationalized given the title
I haven’t checked but wonder what info you need to provide in step 3 (Fills and submits the opt-out form automatically)
I assume it’s gonna be more than just the name and address?
A much better way to solve this would be to fight for GDPR-like legislation in the US.
Would interesting to see the success rate for Claude Cowork or Codex’s equivalent feature.
A few of these services ask you to go find your record among their lists first, so you can confirm which record you want removed using the URL of the record. So either it has to guess on that, or simply isn't doing it.
Sometimes it feels like US-Americans have lost all faith in their government’s ability to improve their lives -i can understand it but at the same time where will this lead?
For consumers, it's already available though! You can join 275K of your neighbors and sign up.
I hate spam = the only reason I built it. No other intention behind it.
I posted here to get support on making it better so others can use it.
I'll take some of these comments and start iterating on them.
Feel free to submit anything directly to the repo or fork and make it better for your own set up.
HN Launch: https://news.ycombinator.com/item?id=30605010
Promo codes: https://www.optery.com/optery-promo-codes/
It feels like the system is rigged and we need a better answer
Until there is serious legislation like GDRP and right to be forgotten in the United States it's a non-starter
Do they even care if I'm not from their countries of origin?
This always felt like theater to me. They say "we deleted it, trust me bro" and we're supposed to believe it?
stephenlthorn•5h ago
Where I need help: The heuristic approach misses a lot. Many of the generic sites have unique flows the four generic strategies don't catch. I'm looking for people who want to:
- Verify which generic sites are actually succeeding vs. silently failing - Add explicit broker definitions for high-value sites that are currently on the generic path - Test on non-macOS (launchd scheduling is macOS-only; cron fallback would help Linux/Windows users) - Handle email verification flows (script submits the form but can't click confirmation links in your inbox) Repo: https://github.com/stephenlthorn/auto-identity-remove No personal data in the repo — setup script prompts for your info locally and keeps it gitignored.
lolpython•4h ago
> Don't post generated comments or AI-edited comments. HN is for conversation between humans.
https://news.ycombinator.com/newsguidelines.html#generated