The website FamilyTreeNow presents itself as an alternative to genealogy websites such as Ancestry and FamilySearch. It claims to have “one of the largest collections of genealogy records anywhere.” Some old-timey photos adorning the site give the impression that it can help you discover family from long ago. Lastly, the account sign-up page says, “Seriously everything is free, no catch.” But the entire website is the catch.
Genealogy sites will provide old records that have been scanned in so that you may find relatives. Birth records, marriage records, newspaper clippings; none of these are present on this site. Despite its trappings as a genealogy site, it is in fact a "people search engine" best-suited for stalkers, blackmailers, and hackers. As young adult fiction author Anna Brittain wrote, the site is an internet safety hazard.
Searching for my name and birthdate yielded the following information: my full name, my address history for the last decade, and presumed relatives and associates. Associates generally include roommates, significant others, landlords, and tenants. In an age when everyone is at risk of being targeted by online mobs, cyberstalking, and identity thieves, this information being in one place is terrifying for anyone concerned for their safety and the safety of close friends and family.
These details might be considered trivial by most. However, in addition to providing a current address to target with pizzas, SWAT teams, and in-person visits, they can also be used by a hacker to retrieve account passwords. Answers to common security questions like “What is your mother’s maiden name?” and “What street did you grow up on?” are easily inferred.
FamilyTreeNow is not the first website to expose this sort of data, but it is likely the first to do this for no cost to users. It closely resembles people search sites like Spokeo, Instant Checkmate, and PeopleFinders, except that those sites charge monthly fees of $5 to $35 to show full records. These sites have information on familial associations, social networks, work history, and much more. These sites collected this information automatically without your permission. You may opt out of these websites, but their existence points to a troubling question: Where is all this data coming from?
The Department of Motor Vehicles may also be selling your personal information.
The most common sources for your personal information are government records. Birth, marriage, divorce, and death records are available for request. This information helps people search sites discover full names and family connections. Property records are also public and will contribute to your location history. Court cases, including those for bankruptcy and divorce, are also public by default.
Permanent mailing address changes are recorded by the United States Postal Service in the National Change of Address database. The information in the NCOA is available for purchase by companies for updating their databases on your new address. You may opt out by filing for a temporary change of address that will forward your mail instead of a permanent change.
The Department of Motor Vehicles may also be selling your personal information. In one example, PennDOT has been selling driver information for 9-digit sums over the last five years in order to upgrade roads and bridges, but at the cost of personal privacy to drivers. Those drivers don’t have much of a choice when it comes to obtaining a license and are unwittingly giving up this info for free. Searches for similar news stories yielded reports in North Carolina, Texas, and Florida.
These are a few examples of the data sources that create fertile ground for independent companies to create a profile of you and your family. Using machine learning, a computer can sift through mountains of data points to make various inferences. For example, FamilyTreeNow correctly identified my immediate family and some of my extended family. I lived at the same address as my parents and siblings for a long time, and we have the same last name. With this information it correctly identified that our connection is quite strong and thus they are all “possible relatives.” It also identified my former roommate as a “possible associate,” likely by noticing that we changed our address to the same apartment at the same time.
Fortunately, FamilyTreeNow allows you to opt out here. This will lock your profile away from prying eyes. Even the site’s founder, Dustin Weirich, has done this. But the broader problem remains. While technology has made it easier to search the internet, it has also developed processes that made it easier to track everyone. I worry that FamilyTreeNow is only the first of such sites that will carelessly expose this information.
The United Kingdom’s Data Protection Act 1998 and the European Union’s General Data Protection Regulation give citizens control of their personal data and how it can be used. Rep. Bobby Rush (D-Illinois) has attempted to introduce the Data Accountability and Trust Act, which would give citizens the tools to audit and protect their personal data, but the bill stalled in committee. As sites like MyFamilyTree weaponize this information, it’s time to recognize the value of our personal data and demand that companies and governments treat that data with respect.