Category Archives: Security

STOP, THINK & RUN – Stop Innocently Giving Your Information to Cybercrooks on Social Media

Posted on by
16

Yes – you. All of us. This article is written for and applies to everyone.

We are all targets for social engineering which is the act of manipulating, influencing or deceiving people into performing actions or divulging confidential information – generally by engaging you or manipulating your emotions.

The most skilled cybercriminals accomplish their goal without you even being aware of what’s going on. You’re relaxed and just enjoying yourself, checking your social media news feed. No Nigerian princes needed anymore. They’ve moved on, taken on new personas, but are still targeting you.

Literally, everyone is a target.

The Bad Guys Kicked It Up a Notch

The bad guys have improved their skills. Attackers find loopholes and opportunities where you least expect them. They gain your trust or take advantage of your defenses being down – and they are very skilled at what they do.

I see people who I would think should know better engaging in risky behavior every single day, probably because they aren’t aware that the nature of the threats has evolved and changed. The bad guys stay one step ahead of us.

Please read this article even if you know what you’re doing. Someone you care about may not and you can help them.

Social Media

We all want to use social media and public platforms for genealogy and communicating with family and friends. We need to realize that because of the open nature of those platforms, they are full of bad actors trying to take advantage of us in seemingly innocent ways.

Not to mention that the platform is free for users, so access to you IS the commodity. Not just through ads, which you can clearly recognize as such, but by manipulating your behavior.

How, by luring you with “free,” “fun” or “missing out.”

Seriously, you do NOT need a new “free” improved profile picture.

Furthermore, some unnamed person or site you don’t know doesn’t really care about the TV show you watched when you got home from school as a kid.

Well, actually they DO care, but it’s not innocent. Scammers and bad actors gather, aggregate, and distill data about us hoping to breach our electronic security – and/or that of our social media friends.

Even if the person or account asking isn’t malicious, if the post is public, cybercriminals can and do gather and compile information about YOU that they find on public postings and pages.

Why?

In an attempt to defraud you, AND your friends who will also fall for these schemes. If your friends see you do something, they are more likely to engage in the behavior themselves. Just the act of answering these seemingly innocent questions conveys information about you.

  • First, you’re vulnerable and don’t understand that “public posts” and resulting answers make you a target. In other words, you’re advertising that you’re a good target.
  • Second, if you don’t have your Facebook (or other social media) account locked down so that only friends of friends can send you friend requests, it’s not unusual to receive a whole raft of friend requests after doing something public.
  • Third, even if your account is locked down tight, your comment or answer to that seemingly innocent public posting may net you a reply something like this:

Note the bad grammar and lack of punctuation. Probably that Nigerian prince again, with a bogus profile picture.

If people can see your “About” information, the message or reply may be more specifically tailored – targeting you with some common interest. Single middle-aged female? You’ll receive a message from a “widowed” male about that same age, maybe wearing a uniform or otherwise looking like a model, holding a puppy. Yea, right.

Now, holding the 1890 census – that might be an effective scheme to target genealogists😊

Let’s talk about how to stay safe and still be able to benefit from and enjoy social media.

We will begin with a big red flag.

NewProfilePic

The current rage is an artificial intelligence oil painting profile picture that’s “free.”

Right off the bat, you need to always be suspicious of anything “free” because it often means “they,” whoever they are, want your information and are willing to give you something to get it – under the guise of free. Speaking of them, just who are “they” anyway? That’s the first question you need to ask and answer before engaging.

Free almost always never benefits you.

Why would anyone want to give you a cool new profile picture for free? It may only take a few computer cycles, but it’s not free for them to produce, just the same, especially not when multiplied by the tens of thousands. What are they getting out of all those free photos they are producing?

I’ll tell you what. To gain access to your data – including the data on your phone.

Hmmm, I want you to think about something for a minute.

Do you have your phone set or apps set to scan your face and automatically open? Is that your security? For your bank account maybe too?

And you just sent a photo of your FACE to some unknown person or group in some unknown place?

Really?

You can change a lot of things, but you cannot change your face and facial recognition software is powerful.

Snopes says the NewProfilePic app really isn’t any worse than many other apps – which isn’t saying much.

Aside from the fact that NewProfilePic was initially registered in Moscow, which should be a HUGE red flag by itself, especially right now, what can the app do on your phone?

Here’s the list.

In essence, you just gave someone the keys to the candy store.

In perpetuity.

Is your blood running cold? It should be.

Still think this fun new app is “free?” You’re paying for it dearly, and may yet pay for it even more dearly.

Here’s a warning from a state Attorney General and here’s an article from MLive that interviewed a cybersecurity expert who notes that this app scrapes your Facebook data.

However, so do other people and apps.

Public is Public

When you see anything on Facebook with the little globe, that means that anyone anyplace can see this posting AND all replies, including your answers. Everything is fully public.

In this case, more than 80,000 people answered this question from an entirely unknown person or website.

Just a couple of days later, this same posting had 54K likes, more than half a million comments, and more than 6,100 shares. That’s how effective this type of seemingly innocent question can be.

Several of my friends answered.

What does this question tell anyone looking? Your approximate age, for beginners.

Maybe an answer to a security question. Just google “top security questions for gaining access to forgotten passwords.”

Engaging with a web page also means the Facebook algorithm will send you more postings from that website in your feed. So maybe if this post doesn’t yield anything useful about you, the next one might.

Cumulatively, many answers to many postings will reveal a lot.

Never answer these.

But There’s More

Because this posting is public, I can click on the name of ANY person who has answered that public question and see every other public thing they’ve shared on their timeline.

As an example, I randomly selected Charlotte, someone that I don’t know and am not friends with who replied to that question. (You can do this same experiment.)

I clicked on her name and scanned down Charlotte’s postings. I can immediately see that she’s a good target and has fallen for several other things like this.

Here’s one from her page.

That scammer, James, latched onto her immediately. Again. Note the grammar.

Here’s another seemingly innocent game that Charlotte played to get a new Facebook profile picture and “secret” info about herself. That “4 Truths” app told Charlotte that she was very mysterious and promised to “show what’s hidden in you.” Of course, she had to provide her photo, give permission for this app to post on her timeline, publicly, and access her Facebook account. Charlotte probably didn’t even realize that was happening, or what it meant was happening behind the scenes to her data.

But now Charlotte has the new NewProfilePic oil portrait, so this one isn’t in use anymore. Maybe Charlotte’s friends wanted some nice things said about them too so they might have clicked on this same link. Just for fun, right? That’s how these scams work.

These unfortunate choices on Charlotte’s timeline were accompanied by many more that were similar in nature. Those were interspersed with notices on her Facebook page that she has been hacked and not to accept any new friend requests or messages from her. The effects are evident.

It’s worth noting that some people do have their profiles cloned and haven’t engaged in any risky behavior like this, However, you dramatically increase your odds of being compromised when you engage in risky online behaviors. Every time someone clones your profile and sends messages to all of your friends with malware links, it increases the cyberthief’s harvest of you and your friends. Cha-ching!

Eventually, the bad actors will find people who they can scam, either by:

  • Talking your friend, their target, into doing something bad for them, maybe thinking they are helping you or responding to you
  • By sending malware links that people click on thinking the message with the link is actually from you.
  • Gathering enough information to breach you or your friends’ security questions and clean out bank accounts.

No, I’m not fearmongering or being overly dramatic.

I utilize KnowBe4, a security and vulnerability consulting and training company to keep abreast of threats. You can follow their blog articles, here.

How Do Cybercrooks Access Your Friends?

Looking at Charlotte’s Facebook page, all of her friends are exposed too because they are publicly visible. Everyone can view the entire list of Charlotte’s friends.

Now, all of those scammers have access to Charlotte’s friends. Hence, the scammers can clone Charlotte’s account by stealing her photo, setting up a new account, and sending messages to Charlotte’s friends who think the message is from Charlotte. Something like “Try this new photo app, I did,” or, “Can you pick up an Apple gift card and send it to my friend for me?” You get the drift.

If Charlotte’s friends have their security set to only accept friend requests from someone that also shares a friend, and Charlotte accepts a bogus friend request – then the scammer can send her friends a friend request too and they think it’s Charlotte’s friend.

In other words, seeing a common friend causes Charlotte’s friends to let their guard down. I look at it this way – only one of my friends has to accept a bogus friend request to make me vulnerable too.

Charlotte also told people in a public posting that she was visiting someone on a specific day in another city. How do I know it’s another city? Because Charlotte has posted where she is from, where she lives, works, and the high school she attended in her “About” information.

Hmmm, those are security questions too.

That same website where I found Charlotte answering that question has also posted questions about your pet names.

What is one of the security questions if you lose your password?

Yep, pet names.

Nope, those seemingly cute sites aren’t. They are data-mining and gathering information.

Predatory Sites

First, I need to say that there are three security threats involved with these postings and websites:

  1. Any link you click which may take you to who-knows-where.
  2. That the site itself is data mining. However, this is not always the case. Some very legitimate companies ask questions to get you to engage in their subject topic. However, if the post is public, that’s an open door to the next threat.
  3. “People” or bots who harvest information about people who answer those public posts and then data-mine their accounts.

Let’s look at a few examples.

No person you don’t know cares at all about what you drank last. However, that might be valuable data for other reasons.

Facebook makes these things even more attractive to you by showing you answers from people on your friends list. I’m not going to embarrass my friends and family by showing their identity, even though it is completely public, but please, FOR THE LOVE OF ALL THAT’S HOLY, stop doing this.

Just look at that – 14 million comments and 193 thousand shares. For a data miner, this has been extremely successful.

To make matters worse, if you engage with a site on Facebook, they show you more from that site in your feed in the future. Since I clicked on these to write this article, my feed is going to be flooded with smarmy questions from these sites for days or weeks.

Let’s take a look at a few more examples.

Look at this one. 200,000 people and almost 3000 shares in two months. That means that this question appears on 3000 people’s timelines. It’s like a huge data-gathering pyramid scheme.

You’re likely to be wearing your favorite color and eat your favorite food.

How could this be used against you?

Yep, security, password, or account recovery questions again.

When I went to the page that made this posting, the next posting was a question – “In 1980, you were…” and the first person to answer said, “2 years old.” That person just told the world they were born in 1978.

Did you really want to do that?

Private Groups

You are safer in a private group, meaning only group members can see your posts.

You can tell if a Facebook group is private based on the lock and the words, “Private Group.” You can also see a list of your friends who are members of that group as well. Remember that the criterion for joining a private group differs widely and there are still lots of people you don’t know. Some private groups that I’m a member of have more than a quarter-million subscribers.

Most private groups are focused on a specific topic. Some private groups require answering application questions to join, and others don’t.

You’re safest in a group that does require questions to be answered which allows administrators who are familiar with the topic to craft questions that (hopefully) weed out most of the trolls, bots, and shady characters. That’s the choice I’ve made for the groups I co-administer, but it does require more attention from the administrators, which is why large groups often don’t implement membership questions.

Determining Privacy Settings

When you’re looking at the privacy settings on groups, posts on your friends’ timelines, or your own, you can mouse over the privacy icon. Facebook will tell you exactly who can see this post.

You’re never entirely safe. In addition to behaving safely as noted above, there are steps you can take to educate yourself and configure your social media accounts securely.

How to Stay Safe

Every social media platform is different, but I’m using Facebook as an example. Every platform will have a similar privacy function. Learn how it works.

Go to the Facebook help center, here and do a security checkup, here.

However, neither of those really address privacy, which I feel is actually the biggest security threat – the trapdoor or slippery slope.

Here’s how to access and review your privacy settings.

Click on the down arrow beside your name.

Click on Settings and Privacy, then both the Privacy Checkup and the Privacy Center.

Next, you’ll see several short articles. Be sure to step through each one

Take a few minutes to lock your account down.

The ONLY thing that is automatically public is your profile photo and any photo you use for your cover photo. Anything else can and should be restricted.

Facebook owns Instagram so you can set your Instagram security here too.

You’re not quite finished yet!

Monitoring and Controlling Apps

Next, we’re going to see what apps are installed and interacting with Facebook. Have you authorized apps you weren’t aware of?

In the dropdown arrow to the right of your name in the upper right-hand corner, click on the down arrow again.

You’ll see the Settings gear under “Settings and Privacy.” Click there to see all of the setting categories in the panel on the left side of your screen.

Review everything, of course, but pay special attention to “Apps and Websites” and “Games.”

Predatory operators will fool you into doing something fun, like a profile photo app, or a little game that provides you with your Fantasy Name or something else cute and enticing. That “free” game or app installs software. If you find software during your review, especially from something like we’ve been discussing, I recommend deleting it immediately.

Be sure you only have things you’ve intentionally installed or authorized.

THINK – Stop, Think and Run

When you see “someone” asking a question on Facebook, STOP!

You’ve heard of stop, drop and roll if your clothes are on fire?

Someone trying to breach your privacy is a digital fire, so this is stop, think and run.

Think about who is actually asking and why. “Who” is asking is NOT that cousin who shared the question from that public site. The “who” that is asking is that original site.  They are simply taking advantage of and using your cousin. I hate to put it this way, but always assume the worst and remember that even if the site itself is innocent, all of the people who can harvest your data and try to compromise your security assuredly are not.

Those “fun” sites asking those questions are either actively recruiting you or best case, leaving the door wide open for cyberthieves.

Don’t answer. No matter how much you’re tempted to share some nostalgic information or the name of your deceased pet you’re still grieving. No matter if you notice that your cousin or friend has replied already. Just don’t.

Stop, think, run. It’s that simple.

And speaking of your cousins or friends – if they have shared something that could compromise their security and privacy, not to mention their friends (including you), feel free to share this article or others, such as KrebsonSecurity. Take a look at Krebs’ examples of baiting you with childhood and puppy photos with corresponding questions. Do they evoke an emotional response from you? They are meant to. I mean, how bad can it actually be to enter the name of your beloved childhood pet?

By now, you should be screaming the answer to “how bad”!

Here’s an article from Tulane University. Yes, they are advertising their degree in cybersecurity management, but they do so by summarizing the things that social media users need to be concerned about.

I also follow a company called Facecrooks which monitors and writes about Facebook privacy, fraudsters, other scams, and such. They have a Facebook page here and a Scam Watch page here.

The Baker’s Dozen Messages

The messages I want to leave you with, aside from stop, think and run, are this:

  1. Nothing is free
  2. Think before you engage or answer
  3. Remind yourself that a stranger really doesn’t care about your first-grade teacher’s name, but a crook does
  4. Just because someone you know answered or engaged doesn’t mean it’s safe
  5. Consider potential consequences
  6. Can something you are about to share be used to compromise either you, your family, friends’, or employer’s privacy or safety?
  7. Don’t overshare – only say what’s necessary
  8. Notice what is public and what is not – look for that globe and behave accordingly
  9. Don’t download or play free games, or send anything to a “free” website
  10. Don’t click on links to unknown places
  11. Don’t accept friend requests from people you really don’t know.
  12. Learn the warning signs of a fake profile and report them by clicking on the three dots to the right of the profile
  13. Don’t click on links in private messages and beware of suddenly receiving an “odd” message from someone you haven’t heard from in a while

I’ve written other articles about online privacy, security, and safety too.

Remember…

Stop. Think. Run.

_____________________________________________________________

Follow DNAexplain on Facebook, here or follow me on Twitter, here.

Share the Love!

You’re always welcome to forward articles or links to friends and share on social media.

If you haven’t already subscribed (it’s free,) you can receive an email whenever I publish by clicking the “follow” button on the main blog page, here.

You Can Help Keep This Blog Free

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Uploads

Genealogy Products and Services

My Book

Genealogy Books

Genealogy Research

Stay Safe: Phishing Moves to the Next Level – Meeting Invitations and File Transfer Links

Posted on by
4

A very unusual and alarming thing happened yesterday.

Remember, my original career was in technology. I’m very sensitive about online privacy, cybersecurity, and compromised data. We are so heavily dependent on online everything today that with one misstep, your bank account could be drained in the blink of an eye. And no, I’m not being hyperbolic. Please take this seriously.

Let’s take a look at what happened.

Bogus File Transfer Notification

Today, I received a new type of scam email – a WeTransfer from my email at DNAexplain to my email at DNAexplain. Yes, from me to me.

This file transfer is clearly NOT FROM ME and you may receive the same thing – from me or someone else.

If you do, ABSOLUTELY DO NOT DOWNLOAD THESE FILES TO YOUR SYSTEM!!!

Also, do not right-click to download photos or images in the email itself if you use Outlook or an email client on your desktop.

Delete the email immediately, then delete it from your trash folder. You want it to be removed entirely.

Whether you receive something like this from me or someone else, always CHECK  FIRST and be sure the sender actually did send you the files it says were sent. Don’t let your excitement overrule your sense of caution.

Clues

Your first clue, in this case, should be that the email was actually NOT SENT from WeTransfer.

Here’s what the email header looks like. Notice that the email didn’t actually originate with WeTransfer. Someone created an email that looks like the WeTransfer emails, but the actual sender isn’t WeTransfer. You can easily mouse over the sender to see who sent the email if it’s not displayed. However, remember, addresses can also be spoofed – so don’t let that alone reassure you.

Legitimate WeTransfer emails show noreply@wetransfer.com as the sender. Here’s an old one I happen to have.

Note that the name isn’t capitalized and the grammar isn’t correct. This is probably not a native English speaker, but with social media, we have become somewhat numb to grammar and misspellings. A legitimate business email is unlikely to contain these errors. I have many colleagues and friends who do not speak English as a native language and they don’t make these errors.

These emails try to excite people into clicking before thinking. One of the file names towards the bottom (not shown above) says “Payment Certificate,” which for a business is an enticement. I’ve seen other phishing scams that say things like “payment authorization,” “birthday party photos” and even “grandma’s photo.” As a genealogist, that could suck you right into their trap.

Malware

Malware, designed specifically to compromise your safety, is delivered through a variety of mediums including:

  • E-mails with either attachments or links. Don’t open and don’t click, NO MATTER WHAT unless you are actually expecting something from someone. And even then, verifying through a different communications avenue is smart. DO NOT reply to the questionable email asking if the sender sent it. For example, my friend sent me a phone text with a link. I asked him through Facebook messenger if he sent the link and what it is. I may or may not ever click on it, especially if he forwarded something he found elsewhere to me.
  • Text and messenger links including Facebook, Skype, Slack, and other tools. If someone says things like, “I bet this hero dog won’t get 10 shares,” absolutely DO NOT click, forward, copy or share. Someone is attempting to manipulate you using your own emotions and desire to do good things.
  • Facebook games. DO NOT PLAY!!! It doesn’t matter what your name means. It does matter that you’ve allowed that app access to your information where they can then harvest personal information that you share. For example, you may play other fun games with your friends, like the states you’ve visited or those 20 questions. Bad actors use that information for social engineering. Also, don’t accept friend requests from people you don’t know, and don’t make public posts that are literally visible to the entire world. Facecrooks writes about all kinds of Facebook scams on their Facebook page and on their website as well, including how to lock your account down.
  • Transfer programs or cloud links. Someone sends you a link to files or photos through a cloud-based link or transfer program, like WeTransfer or shared Google documents. If you were not expecting something like that from that particular person – don’t click. I’m verifying everything now since I received that dodgy transfer from myself. If you receive something unsolicited from me or anyone else, DO NOT CLICK ON THE LINK unless you have verified in some other way that the real sender actually sent that specific item.
  • Calendar invitations, like Zoom for example. I received a fake invitation today. Yes, scammers have also invaded those as well.

Meeting Invites

Given the uptick in Zoom and other electronic meetings, it’s not surprising that cyber-crooks have infiltrated that space with phishing too.

I never really thought about that until today. Yes, a second “new style” phishing attempt arrived today too. What is this – worldwide phishing day?

These attempts are becoming quite pervasive, which is why I’m warning you.

I received this meeting invitation. It looked “odd” to me. However, my first glance saw the title, Payment Discussion Meeting. That would get anyone’s attention – especially if they are owed money or contract with any business.

However, I also realized this looked “odd.” So instead of clicking, I evaluated the invitation.

Here is the list of alerting issues that the invitation is fraudulent.

  1. “Payment Discussion” is designed to immediately grab your attention and overpower any caution you might have.
  2. Calendar invites or requests are from a person, not a “calendar event.”
  3. Calendar invites show all of the people invited. This shows one person, me. But at the bottom, it says that 4 people have accepted. But 4 people weren’t invited. This is designed to encourage you to accept to see who else has already accepted.
  4. Note that this email is labeled as “external” meaning that it originated outside of the organization. This will vary by invite and group and may say that people are not in your contact list. The take-away is that it’s not “normal” for invitations that I receive.
  5. This is not the normal meeting icon for these types of meeting invitations. I compared it to a known legitimate meeting invitation.
  6. There is no meeting link. There is always a meeting link in that location.
  7. I have no idea who Otis is. This is another enticement and why some people might click.
  8. This is an invitation, but no meeting time is specified. That never happens. You get invited to a meeting at a particular time, not just in general.
  9. The two dates don’t match. One says the 12th and one says the 15th.
  10. There is no list of names of who else is invited and who declined or accepted. That’s always present in the meetings I’ve been invited to.

There’s one more item that raises suspicion too – can you spot it?

What’s Safe?

It’s very difficult to know what’s safe. Always start out assuming everything isn’t. Yes, I know that’s not how people are wired – but it’s time to shift your perspective.

I highly recommend KnowBe4 – at this link. Many corporations use KnowBe4 for training and they offer free tools.

They also have an educational blog and offer free webinars.

Another good resource is Krebsonsecurity.com.

Please note that these are NOT affiliate links – just products and companies that I know are safe and work. Be careful when googling about security and stay with known current sites like PC Magazine’s security suite evaluation, for example. If you click on the wrong “security advice” link, that could be bogus too.

Your Safety Depends on Your Behavior

The bottom line is that your safety depends on your own vigilance and suspicion. Start out suspicious of everything and move from suspicious to reassured – not the other way around. Create an evaluation routine or checklist for yourself so you don’t stray from the safe path.

  • When possible, especially for all money-related accounts, enable two-factor authentication where the vendor texts or emails you a code to enter in addition to your password. Yes, it’s a pain, but the results of not using two-factor authentication are more painful.
  • If it sounds too good to be true, it probably is. Full stop!
  • If the topic or email arouses excitement, curiosity, sympathy, or anxiety, that’s probably by design and may signal that the sender is trying to manipulate your behavior through your emotions.
  • Always, ALWAYS mouse over links before clicking.
  • Verify. Verify. Verify. It’s easy to verify in advance but you cannot put the money back in your bank account once it’s gone. These fake websites look for all the world exactly like the real ones and you’re entering your user ID and password – giving them directly to criminals.
  • Use Antivirus software and VPNs like Norton, McAfee, BitDefender, or similar mainstream, well-known products to improve your online safety. Remember that they can’t always save you if you engage in risky behaviors and click on things that you shouldn’t.

Various products intercept some viruses and malware, but criminals are always cooking up something new.

Convincing you to do something unsafe through social engineering, like provide your account and password information is not something that security software can protect you from. I receive multiple emails daily informing me that I need to update my email password and account. Yea, right – and I’ve won the lottery too, a Nigerian prince is leaving me money and the IRS is going to arrest me unless I buy them Apple gift cards immediately. (Huge eye roll!)

Even the best software tools cannot protect you from yourself if you reveal information you shouldn’t through social media or social engineering manipulation. This is exactly what happened and continues to happen with the recent ransomware attacks. All it takes is one person that lets their guard down and the bad guys are in the door.

Novel phishing attempts are becoming much more prevalent. These crooks are very intelligent.

Don’t let this happen to you. Educate yourself. Protect yourself. You are your first and last line of defense.

You’re welcome!

_____________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Products and Services

Books

Genealogy Research

GEDmatch Security Breach

Posted on by
18

7-21-2020 Update: Please note that information retrieved from the GEDmatch breach may be being used to send phishing emails intending to lure users into signing into a fake website set up to look like MyHeritage, but is not. If you receive an email that seems suspicious or has the title “Ethnicity Estimate v2,” do not click. Do delete that email. Please read the MyHeritage article, here. To be very clear, MyHeritage has NOT been breached, but bad actors have harvested emails and are using them to try to lure targeted MyHeritage users.

Original article:

I always hate to have to report security breaches within the genealogy community, but GEDmatch not only experienced a breach over the weekend, they are still down while the situation is under investigation.

In a nutshell, for about 3 hours on Sunday, July 19th, all of the accounts, including law enforcement kits, were available in match lists for everyone. Also, kits that had been opted out of law enforcement matching were apparently, based on screen shots of their security settings taken by users who signed on during that time, also available to law enforcement in match lists.

Here are the three announcements on their Facebook page in order of posting.

The first one was posted on July 19 at 6:09 PM.

Gedmatch breach 4

The update was posted on Monday, July 20th. GEDmatch was up for part of the day, but is now down again and will be for some time.

Gedmatch breach 3.png

GEDmatch is now down again.

GEdmatch breach 2

GEDmatch needs to stay down until an independent security firm verifies that the site is secure.

Thoughts

First, I’m concerned about the breach itself and if anything was compromised internally. GEDmatch (Verogen) has been transparent about this, and I have every reason to think they will continue as information becomes available.

Second, I hope Verogen, who now owns GEDmatch, is working with a professional security firm to conduct a security audit. I provided technology consulting for many years in the municipal government sector and I always encouraged my customers to engage with security professionals that challenge websites by having good hackers attempt to break in. This provides the website owner with the opportunity of discovering weaknesses and vulnerabilities before they are exploited by either opportunists or bad guys.

Third, any company that deals with our DNA, our private information and/or or credit card and financial information has an imperative to protect our data by protecting their website at the highest levels possible. And yes, this is a specialty area in technology and expensive. (Take note everyone who wonders why things can’t just be free.)

Fourth, working with law enforcement and handling law enforcement kits means that my third thought should be multiplied several times. GEDmatch’s responsibility is increased and customers, both individual and law enforcement agencies, must be able to have confidence that the company handling their data is both responsible and technically savvy enough to protect their website, and by implication, their customers’ data.

Fifth, while GEDmatch is not the first company, nor the first genealogy company to suffer a breach, this is more serious because data was actually exposed to people who were not supposed to see it, not just hacked from behind. Most hackers try to cover their tracks so companies don’t know they were hacked, if at all, until much later. The fact that this was so public suggests that the perpetrator or perpetrators were trying to harm GEDmatch, probably because of their work with law enforcement, although we won’t know until the investigation is complete. Of course, some people do things like this simply “because they can.” The goal of this hack initially does not appear to be theft of data, but of public exposure.

The Future

I’m not making any decision about the future until after I see what happens. As a consumer, all I can say right now is “we’ll see.” I would like to see an independent security firm audit and would feel much more comfortable if I know that has happened and any issues have been satisfactorily remediated.

I’ll also add that I feel incredibly badly for any company that has to deal with hacked sites and situations like this, especially when the goal seems to be to inflict harm, and the tactic will surely succeed at some level.

_____________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Products and Services

Genealogy Research

Fun DNA Stuff

  • Celebrate DNA – customized DNA themed t-shirts, bags and other items

Smarmy Upstart DNA Websites – Just Say NO!

Posted on by
31

Twice now in the last month or so, new websites that promise to provide customers with a different “better” view of their ethnicity, including ancient DNA, have popped up.

I’m not providing the links to these sites, because I do NOT want to drive any curiosity traffic there.

In both cases, the pages about the website or supposed “company” did not provide any information about the individuals behind the service.

Neither did a google search of their supposed name or LLC name.

In one case, the physical address given was illegitimate. In the newest case, this week, no address, not even a country, was disclosed.

A check of the website registration shows that it’s new and the owner’s ID is hidden.

In both cases, an e-mail sent to the address provided asking about who was behind the company and where they were located remains unanswered.

Please keep in mind that these omissions are violations of GDPR in Europe, yet there was no caveat about not accepting clients whose results fall under GDPR auspices which suggests these companies willfully disrespect regulations.

Of course, the first thing that happened was that people saw these new attractive-looking “tests” and uploaded their data immediately – then excitedly reported the results on Facebook, encouraging others to do the same.

Please, please, put the brakes on and think first.

Think, Please

Let’s look at this objectively.

The first thing the newest site does is require your e-mail address to sign up.

Off the bat, they’ve harvested that information.

Then, you upload your DNA file to some unknown person, in some unknown place.

Now they’ve also harvested your DNA.

What are they going to do with your DNA file, ultimately?

Is it going to China? Is it being sold to unknown entities? How would you know and what recourse would you have?

no free lunch

Seriously, what anonymous person would do this “for free, for fun”?

Without knowing who is behind this type of product, how would you as a consumer ever begin to evaluate their competence to provide this service? Why would you even begin to trust them if they hide their identity? This should be your first clue that something isn’t right.

Next, you discover that to see the “analysis” that you have to pay.

You’re sending your credit card number to someone you don’t know.

Now, they’ve harvested your credit card. So far, they have your e-mail, your DNA and your credit card information.

With that, you are entirely identifiable and scammable.

Those “Nigerian Princes” of yesteryear have stepped up their game with much better bait.

But, It’s Safe Because of the Lock…

No, a little lock in the url only means that communications to and from the site is encrypted, it’s not an endorsement or commentary on the legitimacy of what you are purchasing or the website owner.

If something goes wrong, you don’t even have a legitimate business name, address or identity of a person. You have no idea who to complain about, which is most likely the entire goal. If they are offshore, out of the reach of the law where you live, you can complain all day long and there’s nothing that can be done.

Nothing. NADA. You’re toast.

Stop.

Just stop.

Think.

Evaluate.

Before providing any information to a company, do your homework. Take a few minutes and research before jumping into the fire.

Stay with the major testing companies that are known and respected entities in the community. A new, anonymous, overnight upstart isn’t going to provide a better analysis than a company with population geneticists working to provide a quality user experience.

Any legitimate startup is going to be telling you WHO they are and WHY they are qualified – not intentionally remaining in the shade.

Unfortunately, bad experiences tend to tar good companies providing similar products with the same brush and we clearly don’t want that to happen.

Don’t set yourself up to become victimized, parted with both your money and your DNA due to your curiosity and love of genetic genealogy.

Please, stop and think.

If it sounds too good to be true, especially if it’s coming from an anonymous knight in shining armor from an unknown kingdom, it probably is.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some (but not all) of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Ancestry Displays City/State Where You Live on Map to Your DNA Matches

Posted on by
92

A new Ancestry feature, in beta mode, has been rolled out to many, if not most, users. Truthfully, I was quite surprised to discover that Ancestry is displaying the location where I currently live to my DNA matches through fourth cousins.

I never intentionally gave permission for this, meaning I never expected the location where I live to be utilized in this fashion. I’ve been an Ancestry subscriber for many years, and while I may have entered my location information originally, I certainly would never have done that today. We live in a different “privacy breach,” “identity theft” and otherwise unpleasant world than we did a few years ago.

The potential ramifications of this mapping tool are mind-boggling – both negative and positive, depending on your perspective.

For people searching for unknown parents or not terribly distant ancestors, the location information is awesome. Ancestry clearly knows this, which is why your matches to 4th cousins are shown. They are your genealogically most useful matches.

For those more concerned with privacy, this feature could open the door to a number of dangerous or at least unpleasant situations – from dangerously crazy people to family stalkers to unknown children/parent situations resulting in someone landing unexpectedly on your doorstep. I may not want to meet a previously unknown sibling, especially not at my house. And certainly not without some amount of preparation first – including a criminal background check. And yes, I’ve been there and done that, in case you were wondering.

Seeing where I live on a map, displayed to my genetic matches brought me face to face with the realization of how careful we need to be with what we choose, even inadvertently, to share. It’s also important to review your past selections to be sure they are still what you want.

So, here’s how to use the tool and how to change your location if you wish to do so.

Ancestry Matches Map

On your matches tab, beside the blue Search Matches button, click on Matches Map.

Next, you’ll see the map with what appears to only be your matches through 4th cousins, although I can’t verify that exactly. I know 4th cousin matches are included and I didn’t see any more distant.

You can see your own pin, in red.

You can click on any of these pins to view the city and state where that person lives based on the information they provided in their profile.

Here’s how to change your location.

Changing Your Location

To change the location, click on your pin on the map.

You’ll see this popup.

I tried to simply remove the information, but I was not allowed to save. A location is required in this tab, but if you go directly to your Profile, accessible from your user ID on your main page, you can remove the location entirely and save.

Before I discovered that selecting my profile directly allowed me to remove my location entirely, I entered the location where I’d love to live. I now live in Bergen, Norway:)

If you’re not comfortable with the city being displayed, but the state is fine, then you can make that modification as well. If you no longer live where you were born, your birth location might be more useful genealogically.

However, even though the new location is displayed to you on the map when you change to a new location, it is NOT CHANGED on the Ancestry map site at the same time. I signed out, signed in again, and the map pin is still displaying my previous location, even though my profile now reflects the new location. It took a few hours for the change to take effect.

Safety and Privacy Considerations

I would strongly prefer that Ancestry provide an opt-in option for people to have their location displayed to their matches, or for that matter, to anyone – especially since a location is required on the map tab when you attempt to make a change. This would avoid the surprise factor of seeing your location revealed on a map. I’m fine with ancestral locations, but not with where I currently live.

As a genealogist, I can certainly see how this feature would be useful. If you’re fine with having the city/state where you live revealed to your matches and other Ancestry users who view your profile, then this is a great tool and you don’t need to change anything.

Do be aware that your location information combined with your name and a search tool like Intellus or BeenVerified can/will reveal your address, phone, e-mail, family members names and more.

Now is a good time to review your profile. Consider what you are willing to reveal and make any changes accordingly.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

2017 – The Year of DNA

Posted on by
27

Every year for the past 17 years has been the year of DNA for me, but for many millions, 2017 has been the year of DNA. DNA testing has become a phenomenon in its own right.

It was in 2013 that Spencer Wells predicted that 2014 would be the “year of infection.” Spencer was right and in 2014 DNA joined the ranks of household words. I saw DNA in ads that year, for the first time, not related to DNA testing or health as in, “It’s in our DNA.”

In 2014, it seemed like most people had heard of DNA, even if they weren’t all testing yet. John Q. Public was becoming comfortable with DNA.

In 2017 – DNA Is Mainstream  

If you’re a genealogist, you certainly know about DNA testing, and you’re behind the times if you haven’t tested.  DNA testing is now an expected tool for genealogists, and part of a comprehensive proof statement that meets the genealogical proof standard which includes “a reasonably exhaustive search.”  If you haven’t applied DNA, you haven’t done a reasonably exhaustive search.

A paper trail is no longer sufficient alone.

When I used to speak to genealogy groups about DNA testing, back in the dark ages, in the early 2000s, and I asked how many had tested, a few would raise their hands – on a good day.

In October, when I asked that same question in Ireland, more than half the room raised their hand – and I hope the other half went right out and purchased DNA test kits!

Consequently, because the rabid genealogical market is now pretty much saturated, the DNA testing companies needed to find a way to attract new customers, and they have.

2017 – The Year of Ethnicity

I’m not positive that the methodology some of the major companies utilized to attract new consumers is ideal, but nonetheless, advertising has attracted many new people to genetic genealogy through ethnicity testing.

If you’re a seasoned genetic genealogist, I know for sure that you’re groaning now, because the questions that are asked by disappointed testers AFTER the results come back and aren’t what people expected find their way to the forums that genetic genealogists peruse daily.

I wish those testers would have searched out those forums, or read my comparative article about ethnicity tests and which one is “best” before they tested.

More ethnicity results are available from vendors and third parties alike – just about every place you look it seems.  It appears that lots of folks think ethnicity testing is a shortcut to instant genealogy. Spit, mail, wait and voila – but there is no shortcut.  Since most people don’t realize that until after they test, ethnicity testing is becoming ever more popular with more vendors emerging.

In the spring, LivingDNA began delivering ethnicity results and a few months later, MyHeritage as well.  Ethnicity is hot and companies are seizing a revenue opportunity.

Now, the good news is that perhaps some of these new ethnicity testers can be converted into genealogists.  We just have to view ethnicity testing as tempting bait, or hopefully, a gateway drug…

2017 – The Year of Explosive Growth

DNA testing has become that snowball rolling downhill that morphed into an avalanche.  More people are seeing commercials, more people are testing, and people are talking to friends and co-workers at the water cooler who decide to test. I passed a table of diners in Germany in July to overhear, in English, discussion about ethnicity-focused DNA testing.

If you haven’t heard of DTC, direct to consumer, DNA testing, you’re living under a rock or maybe in a third world country without either internet or TV.

Most of the genetic genealogy companies are fairly closed-lipped about their data base size of DNA testers, but Ancestry isn’t.  They have gone from about 2 million near the end of 2016 to 5 million in August 2017 to at least 7 million now.  They haven’t said for sure, but extrapolating from what they have said, I feel safe with 7 million as a LOW estimate and possibly as many as 10 million following the holiday sales.

Advertising obviously pays off.

MyHeritage recently announced that their data base has reached 1 million, with only about 20% of those being transfers.

Based on the industry rumble, I suspect that the other DNA testing companies have had banner years as well.

The good news is that all of these new testers means that anyone who has tested at any of the major vendors is going to get lots of matches soon. Santa, it seems, has heard about DNA testing too and test kits fit into stockings!

That’s even better news for all of us who are in multiple data bases – and even more reason to test at all of the 4 major companies who provide autosomal DNA matching for their customers: Family Tree DNA, Ancestry, MyHeritage and 23andMe.

2017 – The Year of Vendor and Industry Churn

So much happened in 2017, it’s difficult to keep up.

  • MyHeritage entered the DNA testing arena and began matching in September of 2016. Frankly, they had a mess, but they have been working in 2017 to improve the situation.  Let’s just say they still have some work to do, but at least they acknowledge that and are making progress.
  • MyHeritage has a rather extensive user base in Europe. Because of their European draw, their records collections and the ability to transfer results into their data base, they have become the 4th vendor in a field that used to be 3.
  • In March 2017, Family Tree DNA announced that they were accepting transfers of both the Ancestry V2 test, in place since May of 2016, along with the 23andMe V4 test, available since November 2013, for free. MyHeritage has since been added to that list. The Family Tree DNA announcement provided testers with another avenue for matching and advanced tools.
  • Illumina obsoleted their OmniExpress chip, forcing vendors to Illumina’s new GSA chip which also forces vendors to use imputation. I swear, imputation is a swear word. Illumina gets the lump of coal award for 2017.
  • I wrote about imputation here, but in a nutshell, the vendors are now being forced to test only about 20% of the DNA locations available on the previous Illumina chip, and impute or infer using statistics the values in the rest of the DNA locations that they previously could test.
  • Early imputation implementers include LivingDNA (ethnicity only), MyHeritage (to equalize the locations of various vendor’s different chips), DNA.Land (whose matching is far from ideal) and 23andMe, who seems, for the most part, to have done a reasonable job. Of course, the only way to tell for sure at 23andMe is to test again on the V5 chip and compare to V3 and V4 chip matches. Given that I’ve already paid 3 times to test myself at 23andMe (V2, 3 and 4), I’m not keen on paying a 4th time for the V5 version.
  • 23andMe moved to the V5 Illumina GSA chip in August which is not compatible with any earlier chip versions.
  • Needless to say, the Illumina chip change has forced vendors away from focusing on new products in order to develop imputation code in order to remain backwards compatible with their own products from an earlier chip set.
  • GedMatch introduced their sandbox area, Genesis, where people can upload files that are not compatible with the traditional vendor files.  This includes the GSA chip results (23andMe V5,) exome tests and others.  The purpose of the sandbox is so that GedMatch can figure out how to work with these files that aren’t compatible with the typical autosomal test files.  The process has been interesting and enlightening, but people either don’t understand or forget that it’s a sandbox, an experiment, for all involved – including GedMatch.  Welcome to living on the genetic frontier!

  • I assembled a chart of who loves who – meaning which vendors accept transfers from which other vendors.

  • I suspect but don’t know that Ancestry is doing some form of imputation between their V1 and V2 chips. About a month before their new chip implementation in May of 2016, Ancestry made a change in their matching routine that resulting in a significant shift in people’s matches.

Because of Ancestry’s use of the Timber algorithm to downweight some segments and strip out others altogether, it’s difficult to understand where matching issues may arise.  Furthermore, there is no way to know that there are matching issues unless you and another individual have transferred results to either Family Tree DNA or GedMatch, neither of which remove any matching segments.

  • Other developments of note include the fact that Family Tree DNA moved to mitochondrial DNA build V17 and updated their Y DNA to hg38 of the human reference genome – both huge undertakings requiring the reprocessing of customer data. Think of both of those updates as housekeeping. No one wants to do it, but it’s necessary.
  • 23andMe FINALLY finished transferring their customer base to the “New Experience,” but many of the older features we liked are now gone. However, customers can now opt in to open matching, which is a definite improvement. 23andMe, having been the first company to enter the genetic genealogy autosomal matching marketspace has really become lackluster.  They could have owned this space but chose not to focus on genealogy tools.  In my opinion, they are now relegated to fourth place out of a field of 4.
  • Ancestry has updated their Genetic Communities feature a couple of times this year. Genetic Communities is interesting and more helpful than ethnicity estimates, but neither are nearly as helpful as a chromosome browser would be.

  • I’m sure that the repeated requests, begging and community level tantrum throwing in an attempt to convince Ancestry to produce a chromosome browser is beyond beating a dead horse now. That dead horse is now skeletal, and no sign of a chromosome browser. Sigh:(
  • The good news is that anyone who wants a chromosome browser can transfer their results to Family Tree DNA or GedMatch (both for free) and utilize a chromosome browser and other tools at either or both of those locations. Family Tree DNA charges a one time $19 fee to access their advanced tools and GedMatch offers a monthly $10 subscription. Both are absolutely worth every dime. The bad news is, of course, that you have to convince your match or matches to transfer as well.
  • If you can convince your matches to transfer to (or test at) Family Tree DNA, their tools include phased Family Matching which utilizes a combination of user trees, the DNA of the tester combined with the DNA of family matches to indicate to the user which side, maternal or paternal (or both), a particular match stems from.

  • Sites to keep your eye on include Jonny Perl’s tools which include DNAPainter, as well as Goran Rundfeldt’s DNA Genealogy Experiment.  You may recall that in October Goran brought us the fantastic Triangulator tool to use with Family Tree DNA results.  A few community members expressed concern about triangulation relative to privacy, so the tool has been (I hope only temporarily) disabled as the involved parties work through the details. We need Goran’s triangulation tool! Goran has developed other world class tools as well, as you can see from his website, and I hope we see more of both Goran and Jonny in 2018.
  • In 2017, a number of new “free” sites that encourage you to upload your DNA have sprung up. My advice – remember, there really is no such thing as a free lunch.  Ask yourself why, what’s in it for them.  Review ALL OF THE documents and fine print relative to safety, privacy and what is going to be done with your DNA.  Think about what recourse you might or might not have. Why would you trust them?

My rule of thumb, if the company is outside of the US, I’m immediately slightly hesitant because they don’t fall under US laws. If they are outside of Europe or Canada, I’m even more hesitant.  If the company is associated with a country that is unfriendly to the US, I unequivocally refuse.  For example, riddle me this – what happens if a Chinese (or fill-in-the-blank country) company violates an agreement regarding your DNA and privacy?  What, exactly, are you going to do about it from wherever you live?

2017 – The Year of Marketplace Apps

Third party genetics apps are emerging and are beginning to make an impact.

GedMatch, as always, has continued to quietly add to their offerings for genetic genealogists, as had DNAGedcom.com. While these two aren’t exactly an “app”, per se, they are certainly primary players in the third party space. I use both and will be publishing an article early in 2018 about a very useful tool at DNAGedcom.

Another application that I don’t use due to the complex setup (which I’ve now tried twice and abandoned) is Genome Mate Pro which coordinates your autosomal results from multiple vendors.  Some people love this program.  I’ll try, again, in 2018 and see if I can make it all the way through the setup process.

The real news here are the new marketplace apps based on Exome testing.

Helix and their partners offer a number of apps that may be of interest for consumers.  Helix began offering a “test once, buy often” marketplace model where the consumer pays a nominal price for exome sequencing ($80), significantly under market pricing ($500), but then the consumer purchases DNA apps through the Helix store. The apps access the original DNA test to produce results. The consumer does NOT receive their downloadable raw data, only data through the apps, which is a departure from the expected norm. Then again, the consumer pays a drastically reduced price and downloadable exome results are available elsewhere for full price.

The Helix concept is that lots of apps will be developed, meaning that you, the consumer, will be interested and purchase often – allowing Helix to recoup their sequencing investment over time.

Looking at the Helix apps that are currently available, I’ve purchased all of the Insitome products released to date (Neanderthal, Regional Ancestry and Metabolism), because I have faith in Spencer Wells and truthfully, I was curious and they are reasonably priced.

Aside from the Insitome apps, I think that the personalized clothes are cute, if extremely overpriced. But what the heck, they’re fun and raise awareness of DNA testing – a good thing! After all, who am I to talk, I’ve made DNA quilts and have DNA clothing too.

Having said that, I’m extremely skeptical about some of the other apps, like “Wine Explorer.”  Seriously???

But then again, if you named an app “I Have More Money Than Brains,” it probably wouldn’t sell well.

Other apps, like Ancestry’s WeRelate (available for smartphones) is entertaining, but is also unfortunately EXTREMELY misleading.  WeRelate conflates multiple trees, generally incorrectly, to suggest to you and another person on your Facebook friends list are related, or that you are related to famous people.  Judy Russell reviews that app here in the article, “No, actually, we’re not related.” No.  Just no!

I feel strongly that companies that utilize our genetic data for anything have a moral responsibility for accuracy, and the WeRelate app clearly does NOT make the grade, and Ancestry knows that.  I really don’t believe that entertaining customers with half-truths (or less) is more important than accuracy – but then again, here I go just being an old-fashioned fuddy dud expecting ethics.

And then, there’s the snake oil.  You knew it was going to happen because there is always someone who can be convinced to purchase just about anything. Think midnight infomercials. The problem is that many consumers really don’t know how to tell snake oil from the rest in the emerging DNA field.

You can now purchase DNA testing for almost anything.  Dating, diet, exercise, your taste in wine and of course, vitamins and supplements. If you can think of an opportunity, someone will dream up a test.

How many of these are legitimate or valid?  Your guess is as good as mine, but I’m exceedingly suspicious of a great many, especially those where I can find no legitimate scientific studies to back what appear to be rather outrageous claims.

My main concern is that the entire DTC testing industry will be tarred by the brush of a few unethical opportunists.

2017 – The Year of Focus on Privacy and Security

With increased consumer exposure comes increased notoriety. People are taking notice of DNA testing and it seems that everyone has an opinion, informed or not.  There’s an old saying in marketing; “Talk about me good, talk about me bad, just talk about me.”

With all of the ads have come a commensurate amount of teeth gnashing and “the-sky-is-falling” type reporting.  Unfortunately, many politicians don’t understand this industry and open mouth only to insert foot – except that most people don’t realize what they’ve done.  I doubt that the politicians even understand that they are tasting toe-jam, because they haven’t taken the time to research and understand the industry. Sound bites and science don’t mix well.

The bad news is that next, the click-bait-focused press picks up on the stories and the next time you see anyone at lunch, they’re asking you if what they heard is true.  Or, let’s hope that they ask you instead of just accepting what they heard as gospel. Hopefully if we’ve learned anything in this past year, it’s to verify, verify, verify.

I’ve been an advocate for a very long time of increased transparency from the testing companies as to what is actually done with our DNA, and under what circumstances.  In other words, I want to know where my DNA is and what it’s being used for.  Period.

Family Tree DNA answered that question succinctly and unquestionably in December.

Bennett Greenspan: “We could probably make a lot of money by selling the DNA data that we’ve been collecting over the years, but we feel that the only person that should have your DNA information is you.  We don’t believe that it should be sold, traded or bartered.”

You can’t get more definitive than that.

DTC testing for genetic genealogy must be a self-regulating field, because the last thing we need is for the government to get involved, attempting to regulate something they don’t understand.  I truly believe government interference by the name of regulation would spell the end of genetic genealogy as we know it today.  DNA testing for genetic genealogy without sharing results is entirely pointless.

I’ve written about this topic in the past, but an update is warranted and I’ll be doing that sometime after the first of the year.  Mostly, I just need to be able to stay awake while slogging through the required reading (at some vendor sites) of page after page AFTER PAGE of legalese😊

Consumers really shouldn’t have to do that, and if they do, a short, concise summary should be presented to them BEFORE they purchase so that they can make a truly informed decision.

Stay tuned on this one.

2017 – The Year of Education

The fantastic news is that with all of the new people testing, a huge, HUGE need for education exists.  Even if 75% of the people who test don’t do anything with their results after that first peek, that still leaves a few million who are new to this field, want to engage and need some level of education.

In that vein, seminars are available through several groups and institutes, in person and online.  Almost all of the leadership in this industry is involved in some educational capacity.

In addition to agendas focused on genetic genealogy and utilizing DNA personally, almost every genealogy conference now includes a significant number of sessions on DNA methods and tools. I remember the days when we were lucky to be allowed one session on the agenda, and then generally not without begging!

When considering both DNA testing and education, one needs to think about the goal.  All customer goals are not the same, and neither are the approaches necessary to answer their questions in a relevant way.

New testers to the field fall into three primary groups today, and their educational needs are really quite different, because their goals, tools and approaches needed to reach those goals are different too.

Adoptees and genealogists employ two vastly different approaches utilizing a common tool, DNA, but for almost opposite purposes.  Adoptees wish to utilize tests and trees to come forward in time to identify either currently living or recently living people while genealogists are interested in reaching backward in time to confirm or identify long dead ancestors. Those are really very different goals.

I’ve illustrated this in the graphic above.  The tester in question uses their blue first cousin match to identify their unknown parent through the blue match’s known lineage, moving forward in time to identify the tester’s parent.  In this case, the grandparent is known to the blue match, but not to the yellow tester. Identifying the grandparent through the blue match is the needed lynchpin clue to identify the unknown parent.

The yellow tester who already knows their maternal parent utilizes their peach second cousin match to verify or maybe identify their maternal great-grandmother who is already known to the peach match, moving backwards in time. Two different goals, same DNA test.

The three types of testers are:

  • Curious ethnicity testers who may not even realize that at least some of the vendors offer matching and other tools and services.
  • Genealogists who use close relatives to prove which sides of trees matches come from, and to triangulate matching segments to specific ancestors. In other words, working from the present back in time. The peach match and line above.
  • Adoptees and parent searches where testers hope to find a parent or siblings, but failing that, close relatives whose trees overlap with each other – pointing to a descendant as a candidate for a parent. These people work forward in time and aren’t interested in triangulation or proving ancestors and really don’t care about any of those types of tools, at least not until they identify their parent.  This is the blue match above.

What these various groups of testers want and need, and therefore their priorities are different in terms of their recommendations and comments in online forums and their input to vendors. Therefore, you find Facebook groups dedicated to Adoptees, for example, but you also find adoptees in more general genetic genealogy groups where genealogists are sometimes surprised when people focused on parent searches downplay or dismiss tools such as Y DNA, mitochondrial DNA and chromosome browsers that form the bedrock foundation of what genealogists need and require.

Fortunately, there’s room for everyone in this emerging field.

The great news is that educational opportunities are abundant now. I’m listing a few of the educational opportunities for all three groups of testers, in addition to my blog of course.😊

Remember that this blog is fully searchable by keyword or phrase in the little search box in the upper right hand corner.  I see so many questions online that I’ve already answered!

Please feel free to share links of my blog postings with anyone who might benefit!

Note that these recommendations below overlap and people may well be interested in opportunities from each group – or all!!

Ethnicity

Adoptees or Parent Search

Genetic Genealogists

2018 – What’s Ahead? 

About midyear 2018, this blog will reach 1000 published articles. This is article number 939.  That’s amazing even to me!  When I created this blog in July of 2012, I wasn’t sure I’d have enough to write about.  That certainly has changed.

Beginning shortly, the tsunami of kits that were purchased during the holidays will begin producing matches, be it through DNA upgrades at Family Tree DNA, Big Y tests which were hot at year end, or new purchases through any of the vendors.  I can hardly wait, and I have my list of brick walls that need to fall.

Family Tree DNA will be providing additional STR markers extracted from the Big Y test. These won’t replace any of the 111 markers offered separately today, because the extraction through NGS testing is not as reliable as direct STR testing for those markers, but the Big Y will offer genealogists a few hundred more STRs to utilize. Yes, I said a few hundred. The exact number has not yet been finalized.

Family Tree DNA says they will also be introducing new “qualify of life improvements” along with new privacy and consent settings.  Let’s hope this means new features and tools will be released too.

MyHeritage says that they are introducing new “Discoveries” pages and a chromosome browser in January.  They have also indicated that they are working on their matching issues.  The chromosome browser is particularly good news, but matching must work accurately or the chromosome browser will show erroneous information.  Let’s hope January brings all three features.

LivingDNA indicates that they will be introducing matching in 2018.

2018 – What Can You Do?

What can you do in 2018 to improve your odds of solving genealogy questions?

  • Test relatives
  • Transfer your results to as many data bases as possible (among the ones discussed above, after reading the terms and conditions, of course)
  • If you have transferred a version of your DNA that does not produce full results, such as the Ancestry V2 or 23andMe V4 test to Family Tree DNA, consider testing on the vendor’s own chip in order to obtain all matches, not just the closest matches available from an incompatible test transfer.
  • Test Y and mitochondrial DNA at Family Tree DNA.
  • Find ways to share the stories of your ancestors.  Stories are cousin bait.  My 52 Ancestors series is living proof.  People find the stories and often have additional facts, information or even photos. Some contacts qualify for DNA testing for Y or mtDNA lines. The GREAT NEWS is that Amy Johnson Crow is resuming the #52Ancestors project for 2018, providing hints and tips each week! Who knows what you might discover by sharing?! Here’s how to start a blog if you need some assistance.  It’s easy – really!
  • Focus on the brick walls that you want to crumble and then put together both a test and analysis plan. That plan could include such things as:

o   Find out if a male representing a Y line in your tree has tested, and if not, search through autosomal results to see if a male from that paternal surname line has tested and would be amenable to an upgrade.

o   Mitochondrial DNA test people who descend through all females from various female ancestors in order to determine their origins. Y and mtDNA tests are an important part of a complete genealogy story – meaning the reasonably exhaustive search!

o   Autosomal DNA test family members from various lines with the hope that matches will match you and them both.

o   Test family members in order to confirm a particular ancestor – preferably people who descend from another child of that ancestor.

o   Making sure your own DNA is in all 4 of the major vendors’ data bases, plus GedMatch. Look at it this way, everyone who is at GedMatch or at a third party (non-testing) site had to have tested at one of the major 4 vendors – so if you are in all of the vendor’s data bases, plus GedMatch, you’re covered.

Have a wonderful New Year and let’s make 2018 the year of newly discovered ancestors and solved mysteries!

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Genealogy, Identity Theft and Equifax Update

Posted on by
25

Yesterday, I wrote about the Equifax breach and how genealogy can be tied to that breach in the article, Equifax Data Breach, Genealogy and You.

It appears that some folks may not realize how the combination of the Equifax breach AND your genealogy info can be tied together to compromise your online and financial security. I should have given a specific example. This is really, really important, so I’m writing an update today.

This situation is WAY MORE IMPORTANT than your genealogy itself.

I cannot believe those words just came out of my mouth.

It has also come to my attention that banks and other institutions may not use the same types of security smeasures around the world, so people outside of the US may not be familiar with how we do business here.  However, in the past day, this breach has extended beyond the US, so please, read on no matter where you live, even if you read yesterday’s article carefully.  There’s more you need to know today.

This breach doesn’t just relate to existing credit card accounts and establishing new accounts, but relates to your bank accounts, tax refunds and government services that you might apply for in the future, including Social Security and Medicare benefits. You don’t want some crook stealing your identity, filing for your taxes and applying for benefits, which means you can’t.

The Perfect Storm

Here’s an example of how this breach creates the “perfect storm,” for the crooks anyway, which is your worse nightmare come true.

In just three steps, made much easier by Equifax (thanks), your money can be gone.

Step 1 – In the Equifax breach, your social security number and address (along with other personal information like account numbers) was part of the information that was stolen.

Step 2 – Let’s say that at your bank, you use your social security number or your old street address as your password. Through the Equifax breach, the crooks now have that info, so they try both of those and voila, now they have progressed to your security questions, because the bank was smart enough to realize that the sign-in request was not coming from your home computer.

Step 3 – Let’s say you have established two security questions at the bank. Your questions are your mother’s maiden name, which is freely available in your family tree, and your grandmother’s birth location, which is also available in the same source.

Poof – the crook is in and your money is gone.

Yesterday, when setting up a credit freeze at one of the three credit reporting sites, six of the 8 security questions I could select from were genealogy related and readily available in online trees – surnames, middle names and birth locations.  Obviously, they don’t know about online trees and how easy it is to obtain that information – and they need to fix that security loophole. Even if you don’t have an online tree, you may well be in someone else’s.

Security Questions

In some cases, security questions can be selected by you. Don’t just pick the easy ones you can remember. Pick something that absolutely CANNOT be found online in any way associated with you. Your first pet’s name, for example.

However, if your first pet was a goldfish named Goldie that you accidentally flushed down the toilet and you published a blog article about that traumatic event – that’s not a good choice either.

Your first boyfriend’s name? Did you marry him or someone with the same first name? Then not that either.

So, what to do if you don’t get to select your security question and it’s something like your mother’s maiden name?

Lie.

Yep, tell a lie. It’s OK. Your children will thank you when you don’t have to live with them when you’re old and impoverished because your money was all stolen and your social security benefits too.

Make something up – but remember your lie or write it down someplace safe (i.e. not on a yellow sticky postit in the bottom of your keyboard at work) – because your access to your own account is tied to that information.

Passwords

There’s all kinds of advice on password selection. Strong passwords require a lengthy string including upper and lower case of both alpha and numeric characters.

Of course, you can’t possibly remember these passwords, so you will write them down and that too can be stolen. But, chances are that password in your house is less likely to be compromised than information associated with you available online – at least in my house.

Password cracker software runs through thousands of possibilities in the blink of an eye. That’s why most sites today lock your account after some number of erroneous tries. Bummer if you’ve just made a mistake.

Don’t use the same password for multiple sites either. If a crook compromises one location, the first thing they are going to try is a second location.

Storing your password list in your cell phone probably isn’t such a good idea either. Someone asked about password “safes” offered by some vendors. I’ve never used them. Think about how attractive those would be for hackers. Use at your own risk.

Worse yet, personally identifying information, like what was obtained from the Equifax breach, is used to reset passwords, so you can easily see how a crook could use info they have obtained from Equifax to reset your passwords.

If your bank and brokerage accounts offer something called two factor authentication, that might be a good option. Two factor authentication requires information plus something you physically have, generally meaning your phone. Access to your account then requires both the password and pin or token issued from something physically in your possession. Yes, I know this is a huge pain. But having your identity stolen is a bigger pain that never ends and thanks to Equifax, more than half of the country is now at a much higher risk than ever before.

Back to the Equifax Breach

In addition to what I wrote in yesterday’s article, you need to know the following things:

  • Even if the Equifax site tells you that your data has “probably” not been breached, don’t believe them.  It has been discovered and reported by multiple news agencies (along with my personal experience) that if you enter the same data, exactly the same way, multiple times, the Equifax story changes relative to whether or not your data was breached. Do not take comfort if the site tells you that your data has not been breached. I don’t think they actually have a clue. Assume that it has been breached and take appropriate measures.
  • Even if your credit has supposedly not been breached but your spouses has, much of your account information is the same, so consider your account breached too.
  • Equifax says that this breach now extends to some people in the UK and Canada, but no further information has been provided. For safety’s sake, assume you are one of these people whose accounts have been breached.
  • Equifax originally required you to waive your rights to join a class action suit in order to take advantage of their free credit monitoring for a year if they tell you your data has been breached. They have now recanted that position and their website now says the following as of noon today:

Options for Protecting Yourself

Because the Equifax breach has such long-term and permanent ramifications, meaning that while you can change things like your e-mail address and close a credit card account, you can’t easily change things like your name, address and social security number. Those are much more difficult and together, readily identify you as you – or the crook as you.

So, you need to accomplish multiple goals:

  • Know if fraudulent activity has taken place
  • Monitor to know if fraudulent activity is taking place
  • Prevent crooks from obtaining credit in your name by using the credit reporting services
  • Prevent bank accounts and other financial accounts from being compromised
  • Protect your assets like tax returns, social security and other benefits for which you may today or someday be eligible

The bad news – there is no one single way to do all of this, so you’re going to have to make some decisions and take multiple steps.

I’ve compiled information in the following chart. Please keep in mind, I’m not a lawyer nor a CPA – so please educate yourself and only use this as a guideline – not gospel. Plus, things change and right now, Equifax is changing their story daily – and it takes days to sign up for their credit monitoring service. I was able to freeze my account yesterday.

In the article, Equifax Data Breach, Genealogy and You, I discussed Credit Monitoring Services, Credit Reports, Fraud Alerts and Credit freezes, sometimes called security freezes. The chart below represents my understanding of how these services work together to protect consumers.

Safety Goals Credit Report Credit Monitoring Service Fraud Alert Credit Freeze Comment
Has fraudulent activity already taken place? Free once yearly for all 3 services, Equifax, Experian and Transunion Typically a paid service that provides credit reports to you periodically. Sometimes provided for free when your data is known to have been involved in a breach. Does not report past events Does not report past events
Monitor to know if fraudulent activity is taking place No, only deals with events that have already taken place No, only deals with events that have already taken place Free service for 90 days that requires a lender to contact you to verify your identity before issuing credit in your name.   You must renew every 90 days. Allows consumers to freeze their credit.   Consumer must unfreeze when they are applying for new credit, then refreeze. You must freeze at all 3 agencies for this to be effective.
Prevent crooks from obtaining credit in your name through credit reporting services No, only deals with events that have already taken place No, only deals with events that have already taken place Yes, but expires and consumer must renew every 90 days Yes, doesn’t expire but you have to remove freeze when you want new credit.  Must freeze at all 3 agencies to be effective.
Prevent bank accounts and other financial accounts from being compromised Not related to bank accounts Not related to bank accounts Not related to bank accounts Not related to bank accounts Use strong passwords, change passwords often, do not use  security questions where answers can be found publicly or in credit reports, read the links below to know what to look for
Protect your assets like tax returns, social security, etc. Not related to this type of protection Not related to this type of protection Not related to this type of protection Not related to this type of protection Stay hyper-vigilant, file as soon as possible, read the links below to know what to look for

Additional Resources

You can read what the IRS says about identity protection at this link:

https://www.irs.gov/identity-theft-fraud-scams/identity-protection

Here’s what the Social Security Administrations says about identity theft:

https://www.ssa.gov/pubs/EN-05-10064.pdf

God forbid you ever really do need to change your social security number:

https://www.consumer.ftc.gov/articles/0248-do-you-need-new-social-security-number

Here’s the FTC’s document about identity theft, what to do, how to report identity theft and a recovery plan.

https://identitytheft.gov/

From the FTC, signs and signals of identity theft.

https://www.consumer.ftc.gov/topics/identity-theft

Again from the FTC, a scam alerts site.

https://www.consumer.ftc.gov/scam-alerts

Please note that this situation is fluid. Educate yourself and follow this in a credible news source for developments that may change your remediation plans.

Thank you to people commenting on the original article and providing additional, useful information.

Grandma’s Legacy

I apologize to my readers for this diversion these past few days with identity theft combined with genealogy. Unfortunately, because genealogists do share and as humans, we are inclined to use information we readily know, that means we’re vulnerable to the crooks – because our genealogy information is near and dear to us, and we remember it easily.

Fortunately, this is easy to fix by not utilizing our genealogy information that we so readily know.

I do love genealogy, particularly genetic genealogy, and I have absolutely no intention of giving it up. I am, however, now more vigilant. I’ve changed my personal security questions, or the answers, so that my family tree and blog articles don’t give me away.

I will be making sure that information from the past hundred years is marked as private. It not only puts me at risk, it puts anyone else in that same line of descent at risk too.

Keep in mind, there’s nothing you can do about someone else’s tree online that may include your grandmother’s birth location. This means that my preventative measure of making the last hundred years private in my tree may amount to closing the barn door after the cow has left.

I’ve frozen my credit, meaning I’ll have to unfreeze it when I apply for a loan someday for a new car. Maybe that means because of the inconvenience I’ll spend less. Hey, there has to be a silver lining someplace.

Here’s what I don’t want, for either you or me. I don’t want my legacy to be the grandma who had everything stolen and had to go and sleep on the park bench….you get the drift.

I hope you’ve found this helpful, and I sincerely hope I never feel compelled to write about something this serious again.

Let’s do everything we can to prevent that so we can get back to genetic genealogy. All of this bother is interrupting my research time!

Caveat

Again, I’m not a lawyer or a CPA. I have no ties to the financial industry except for being a consumer. Use at your own discretion. Educate yourself. Consider this a resource, not gospel.  Follow this developing story and make course corrections as needed. Changes are occurring rapidly. Presume the worst. It’s better than presuming the best and being wrong.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Equifax Data Breach, Genealogy and You

Posted on by
71

What, you may be asking, does the Equifax data breach this week have to do with genealogy?

The answer is actually twofold.

  1. Everyone who works with genealogy now lives in a technology world – or you wouldn’t be reading this.
  2. People tend to use pieces of information to secure accounts – like their mother’s maiden name, their address, birth location and other pieces of data that they can remember. Don’t. Just Don’t. I’m begging you!

And please, please read this article, even though it’s not specifically about genealogy. I spent 30 years in the technology industry, and believe me, if your identity is stolen or your finances compromised, it WILL interfere with your genealogy research, big time.

The Breach

I don’t normally discuss news items, but this security issue is mammoth, the largest breach ever, and could potentially destroy your credit and compromise your identity, either or both.

What’s worse yet, the breach itself occurred mid-May through July, Equifax discovered it on July 29th, but consumers weren’t notified until September 7th, 5 weeks and 5 days later, and then only in the news, not personally. That means that the crooks have had between 6 weeks and 4 months to use or to sell, or just hold your information to sell later.

You can read more about the breach here and here as well as a New York Times article with an update and additional instructions this morning, here.

Please do read those articles to understand the magnitude of this issue. The breach affects more than 143 million people, mostly Americans, with an additional 209,000 credit card numbers stolen as well, along with 182,000 “dispute documents” with additional information.

The US has about 260 million adults, so roughly 55% of the adult population has been affected by this breach. In other words, there is more than a 50% chance that your personal information, enough to file a tax return on your behalf and claim your return, among other things, is among thieves right now, on the black market.

And no, I’m not exaggerating.

Not. One. Bit!

AND, that’s just how many account records are known to be compromised. Equifax may not know the full extent of the breach.

If your spouse’s records are compromised, and yours aren’t, you may think one of you is safe.  But guess again – because your life, credit and resulting misery is inextricably linked together.

If one is breached, both are breached. Period. So the actual breach numbers may actually be closer to 100%, based on “breach by marriage.”

My husband and I have been working on this issue all day today (and no, we didn’t have anything better to do, thank you for asking) and discovered that our shared account numbers are listed, with both names, of course.  My accounts are his, and vice versa. Initially, only one of our Equifax accounts was reported as breached, which would have provided a false sense of security for one of us, until we looked closely.

However, later today, both accounts were reported as breached.

What Was Taken?

Equifax and other credit reporting agencies routinely track your credit history, including account numbers, as well as identifying personal information.

Information about consumers stolen from Equifax includes or may include:

  • Name and Addresses (current and old)
  • Credit History including balances and balance available
  • Account Numbers
  • Social security numbers (the hottest most desirable piece of your information for crooks)
  • Birth dates
  • Driver’s license numbers

The aspect that make this breach so serious is that it includes multiple pieces of information that should be unique to identifying you – such as your birthdate and social security number.  You can’t change those or get new ones to protect yourself – and the crooks know that.

Additional information in your file that Equifax has not said was or was not compromised includes:

  • Employer and position (current and former)
  • Employment dates
  • Phone numbers
  • Spouses name

I would presume that this too was compromised.

If you think your information isn’t at Equifax, you’re wrong, because Equifax, as well as the other credit reporting services, routinely gather identifying and financial information about everyone.

How Do I Find Out About My Information?

Equifax has set up both a telephone hotline (that is, *surprise*, entirely jammed) and a website for you to enter a partial social security number along with your surname to determine if your account was compromised.

https://www.equifaxsecurity2017.com/

Click on the tab at the top of the page that says “Potential Impact.”

If your data is not known to be part of the breach, you see a notice to that affect, but note that the wording is not definitive. It says:

“Based on the information provided, we believe that your personal information was not impacted by this incident.”

However, and this is a HUGE HOWEVER, when I tried this a second time, to be sure of the wording for this article, I got the opposite result for the same person, which said,

“Based on the information provided, we believe that your personal information may have been impacted by this incident.”

Bottom line, I don’t think Equifax knows for sure and their system appears to be flawed, so ASSUME YOUR DATA HAS BEEN BREACHED.

If your information is known to be part of the breach, you are given the option for free credit monitoring, BUT, you must remember to return to the site on a specific date to begin credit monitoring. Personally, I think they should be required to provide this service AT A MINIMUM for everyone, but they are not. Neither are they making it easy.

Equifax provides you with a date that you must return to their website to set up credit monitoring service. Mine was September 11th. You have to remember. They aren’t going to remind you. This credit monitoring service is initially free, but becomes a chargeable service at some point in the future AND you have to relinquish your right to sue in order to obtain this free service. So yes, strings are attached.

Furthermore, a free year of monitoring won’t help you in the future, beyond year 1, when the crooks still have your data. The crooks know this and may simply wait for a year to begin using the information. You must assume your data base been breached permanently and act accordingly.

Worse yet, a free year of monitoring at Equifax, or even permanent monitoring at Equifax won’t help you at the other reporting agencies.  The crooks can and will take your valuable information and simply use it elsewhere.

What Is Credit Reporting and Monitoring?

Credit reporting companies like Equifax gather information about you and your credit, including open and closed accounts, so that when you apply for a loan, the loan originator (the bank for example) only has to call one of three credit reporting services to obtain your information and verify that you are a good credit risk – instead of calling each of your current and past creditors individually.

Equifax is one of those services, along with Experian and Transunion.

A credit monitoring service, offered by a credit reporting company life Equifax, reports activity to you when it occurs on your account. That means if someone applies for a new credit card in your name, you are notified. That does NOT mean that the transaction is prevented. This also does nothing to stop other fraudulent activities, such as filing for your tax refund, running up medical bills in your name or charging items on an existing credit card.

Or, worse yet, using your information in your stolen Equifax account information to attempt to hack your passwords at banks, Paypal, etc.

There are other options for consumers, in addition to or instead of a credit monitoring service, such as a credit freeze or a fraud alert, which we’ll discuss just as soon as we talk about passwords and security questions.

Don’t Use Familiar Records as Part of Your Password or Security

Using information about you that is publicly available, or available in your credit report allows the crooks to crack your passwords much easier. And yes I’m referring here to passwords for financial accounts like bank accounts, retirement and investment accounts and Paypal.

DO NOT USE:

• Your mother’s maiden name
• Your address
• Your previous address
• A pet’s or child’s name or any name that can be found publicly, on any service like Intellus or social media platform like Facebook
• A hobby that is discussed publicly in any way (so genealogy, DNA, genetic genealogy, quilting and gardening words are all out for me)
• The name of a school that you attended
• Your, your parents’ or grandparents’ birth locations
• A date such as a birthday or an anniversary
• Pretty much anything you can remember easily

Let’s look at steps you need to take to protect yourself.

Twelve Fourteen Steps to Protect Yourself Right NOW!!!

Yes, I added two more steps because it’s critical to protect yourself and your family, now. Please complete ALL of these steps to secure yourself.

First, check the Equifax site to see if your information is known to be breached. Regardless of their answer, assume that it has been.

https://www.equifaxsecurity2017.com/

Click on the Potential Impact tab.

Second, order a free credit report, which you can do once yearly, from Annual Credit Report at the link below. Do NOT fall for scam sites that offer free reporting or your credit score.

https://www.annualcreditreport.com/index.action

Order a report from all 3 credit reporting companies to be sure that no fraudulent activity has taken place to date and that your report is accurate.

Unfortunately, and somewhat maddeningly, when we attempted to order our free credit report online for Equifax, the process has changed and we now have to fill out a form.  Yes, I know their system is probably overwhelmed by this, BUT, making receiving a free credit report to which the consumer is entitled at a time like this difficult is reprehensible.  Do whatever you have to do to obtain your reports, because this breach is incredibly serious.  Do not be deterred.

Third, while credit monitoring only tells you what has already taken place, placing a fraud alert on your account means that a lender must contact you to verify your identity before issuing credit in your name. However, this can only be done for 90 days when it expires. You must renew it every 90 days at Equifax, Transunion and Experian, all three. Again, the results of this breach will be very real for years, so 90 days isn’t going to help you if you forget to call and put the alert on your account every 90 days.

Fourth, put a credit freeze on your account. A credit freeze actually freezes your account at the credit reporting agencies, meaning that if you are going to apply for credit, you have to go into your credit account and unlock your account with your pin to unfreeze the account, then refreeze it when you are done applying for new credit. The credit freeze service isn’t free in every state, but typically costs under $10, if anything, and is a whole lot less than the headaches you could have otherwise. Be sure to freeze your credit at all 3 credit reporting companies. This is what I’m doing. You can read more about this process here.

Fifth, many credit cards have an option to notify you when charges are made on your account through text messaging before the end of the month when your bill is sent. Visit your credit card provider to see if this option is available, enabling you to catch fraudulent credit card activity immediately instead of later when your bill arrives.

Sixth, monitor your credit card bills closely. Look back over your accounts since April. You might want to close any accounts you don’t need or use anymore.

Seventh, change your passwords on existing accounts, everyplace, just in case, especially any that include any piece of information that even MIGHT be held in a credit report or public location.

DO NOT use any type of identifying information such as your place of birth, mother or grandmother’s maiden name, or anything else that is in any way publicly available on a social media site, your tree at a genealogy site or anything else that can in any way be associated with you.

Eighth, at tax time, file your return immediately, as soon as possible. Guaranteed, if the crooks target you, they’ll file as soon as they can and you won’t find out you’ve been scammed until the IRS tells you that they already processed your refund and it’s long gone.

Ninth, be sure, absolutely positive, that your spouse takes these steps too, because if they are exposed, so are you!

Tenth, help family members that are not technologically savvy to be sure they are protected. The elderly are often targets.

Eleventh, this could not have happened at a worse time with hurricane Harvey in Houston and Irma positioned to strike Florida. Be sure family members in those locations who are distracted presently are aware that this security issue occurred, that their data may well have been breached, and that they need to take action – sooner rather than later.

Twelfth, take action NOW. Delay may well mean money – yours – gone – in someone else’s hands.

• Thirteenth, check your children’s names and social security numbers at the credit agencies.  Social security numbers of children are considered high value items, because they last so much longer. Young children shouldn’t be in the system, but teenagers, you never know and much better safe than sorry.

Fourtheenth, never ignore what seems like a “mistake” on a credit report, such as a misspelled name or an extraneous address.  On my husband’s report, his name was misspelled, only slightly, in one “odd” entry and it turns out that someone had run up bills in his name in another state.  When the creditor attempted to collect by contacting my husband, that’s when my husband discovered the issue. This also pertains to reported unpaid medical bills on your credit report.  I know of someone who supposedly had a baby and was billed by the hospital for an exorbitant amount after her identity was stolen.

You can visit the Federal Trade Commission site to learn more about identity theft and how to protect yourself.

https://www.consumer.ftc.gov/features/feature-0014-identity-theft

Ok, when you’re done with all that, feel free to resume genealogy research!

However, from here forward, you can never be complacent or really rest easy, because your identity truly is in jeopardy, forever.

Please note that these actions may not be the only actions you’ll need to take to keep yourself safe, now, or over time.  This story and the ramifications are still developing.  Please educate yourself and follow credible news sources.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Hide and Seek at 23andMe, DNA Relatives Consent, Opt-In, Opt-Out and Close Relatives

Posted on by
25

To say that the matching policies at 23andMe are confusing is an understatement. Of course, that would imply that we could figure out what those policies are, this week, exactly.  What I have been able to discern is that there is widespread confusion about the entire topic.  This is my attempt to figure out which end is up, and who can see whom, under what circumstances.  I feel like this is a high-tech game of Hide and Seek, a game customers should not have to be playing.

hide and seek

On October 17, 2014, I received this e-mail for one of the 23andMe accounts that I manage. I did not receive it for any of the other accounts that I manage at 23andMe.

When I clicked on the “can’t miss it” red block in the e-mail, it did absolutely nothing. However, by clicking on the “view as a web page” link, clicking on the “Confirm your DNA Relatives participation” took me to the 23andMe signon screen.

I signed in, but was not taken to the account in question. When I switched to that account, this is what I saw – in essence, a second warning.

hide and seek2

I was not allowed to proceed further until I clicked on yes or no.

Of course, this begs the question of why my other accounts weren’t asked the same question. With the exception of one, they are sharing in DNA Relatives too.

It also made me wonder about the sharing with Close Relatives option.

I decided to check the DNA Relatives Option information in the Privacy/Consent settings, but there was nothing further.  You can visit your consent options by clicking on the down arrow by your name, shown on the upper right hand corner of the screen shot below, and selecting “account settings.”

hide and seek3

So, what the heck happened to the close relatives option?

It seems that 23andMe discontinued the “close relatives” opt-in or opt-out, according to their June blog article, below.

hide and seek4hide and seek5

At this point, if you had not ‘opted out’ then it was assumed that you had in effect ‘opted in’ and all of your matches including your close relatives would be shown.

But then the VOX article was published in September and the proverbial stuff hit the fan.

The day of the expected default opt-in change, based on the June announcement (above), 23and Me posted a retraction of the June article, on their community forum, below.

Dear Community,

We made a change from what we promised and I want to apologize. We promised that the roughly 350,000 customers that had not consented to see Close Relatives in our DNA Relatives feature would be automatically opted in at the end of a 30 day notification period. I understand that that was extremely exciting for many of you to have so much data potentially come your way. It was unfortunately a mistake that we promised that.

I do not think it was ever the right call to promise that we would automatically opt-in those customers. Core to our philosophy is customer choice and empowerment through data. The Close Relatives features can potentially give a customer life changing information, like the existence of an unknown sibling or the knowledge that a relative is not biologically related to them. Customers need to make their own deliberate and informed decision if they want this information. It is 23andMe’s responsibility to make sure our customers have a choice and that they understand the potential implications.

The timing of the change is unfortunate and I apologize the announcement came late on a Friday night at the end of the 30 day period. The article in Vox made me and others look into the language in the consent form and that is when I learned about the proposed changes coming to the DNA Relatives community. As 23andMe has moved from being a start up to a bigger and more mature company, I am not involved in every decision. This is a decision that should have come to my attention but it did not. We will learn from that. 23andMe is hiring a Chief Privacy Officer and that too will help us avoid these types of mistakes in the future. We are also already planning to evolve the consent process to make it simpler and more clear for customers.

Going forward, we will continue to prompt the customers that have not made a choice about Close Relatives to make a choice. We understand how important that is to you. We will do a mix of emails to these customers and pop-up prompts at login to get customers to make a choice.

I apologize again for the disappointment and for not having clearly communicated the reason for reversing course. 23andMe continues to grow and pioneer the way we think about consumers exploring their DNA. While we continue to innovate we may also err along the way. We can only promise that we will always listen to and do right by you, our customer, and will never fear having to redirect our course when it is the right thing to do.

Sincerely, Anne Wojcicki

So, now it appears that unless someone has specifically ‘opted in’ to DNA Relatives as a whole, they are automatically ‘opted out,’ a 180 degree reversal.  Of course, if you were one of those 350,000 customers who received a notification about opting out, and did nothing, so that you could be opted in at the end of the 30 days referenced above, you would be thoroughly confused because you THINK you’re now opted in.

23andMe has a habit of posting information on their Forum which members must actively check, instead of sending e-mails to their customers or posting this kind of information on their blog that is sent by subscription. One of the forum followers was kind enough to point out this recent posting detailing changes that have occurred in October and the 23andMe policy moving forward.

hide and seek6hide and seek7It’s signed, Chistine on behalf of the 23andMe Product Team

I can find nothing on the current customer pages providing any information about these decisions or the match status of DNA Relatives/Close Relatives.

Furthermore, 23andMe is now asking some, but not everyone, who are opted in for DNA Relatives if they are sure. My account that was asked tested in 2010, so was not caught in the 2014 selection option confusion.

I feel that this methodology discourages many people from participation. It infers that there is something frightening that you ‘ought to be’ concerned about – especially if you are asked about the same topic several times.

In summary, here is, I think, what we know, as of October 16, 2014.

  • Everyone will have to make a specific choice to opt-in to DNA Relatives, one way or another, after testing.  If you don’t specifically opt-in, you are opted out.  Consent to test apparently doesn’t count as consent for DNA Relatives.
  • Clients prior to June 5, 2014 who were opted in to DNA Relatives but out of Close Relatives will be prompted to select an opt-in with close relatives included, or an opt-out entirely.
  • Clients prior to June 5, 2014, who did opt-in to participate in DNA Relatives, but did not have any selection to make about “Close Relatives” will be required to confirm that they want to continue in DNA Relatives before they can proceed to see their matches. This is apparently the e-mail that I received for one of my kits. It’s still a mystery why I never received it for the others who tested even earlier and clearly before the “Close Relatives” option existed.
  • Clients between June 5, 2014 and October 16, 2014 who were automatically opted in to DNA Relatives with close relatives included will also be prompted to confirm their participation in DNA Relatives and until they do confirm that option, they will not be visible nor able to view close relatives.
  • New customers will be prompted to opt-in or opt-out of DNA Relatives and opt-in will no longer be the default.
  • Participation in DNA Relatives will now include close relatives and that will not be a separate option.

I’m very glad to see that everyone who opts in to DNA Relatives includes close relatives. To do it any other way is not only confusing, it’s more than a little disingenuous, especially given that someone may not realize why their close matches aren’t showing.  I had more than one client have a panic attack when their family member wasn’t showing as a match, especially when they were expecting to see a parent or sibling.  In my opinion, having to enable the “close relatives” option caused huge problems and wholly unwarranted stress.  If it’s truly gone, never to return, I’m very glad and applaud 23andMe for that decision.

The bad news is that many of the 350,000 people referred to in the September community forum posting are still anonymous, and they many not even realize it. Many probably presumed, quite logically, that because they were taking a DNA test that included matches, that they would receive matches without having to do anything further.  Furthermore, they received the 30 day notification that they would be opted in if they did nothing, so they expected to be opted in.  But they aren’t.

Currently, at 23andMe, you have to jump through more hoops to obtain your genealogy results than you did (when they were providing health information) to obtain your health results.  I hope that the message provided to people who are making the “Opt In – Opt Out” decision can be worded a little more encouragingly and present both sides of the risk/reward coin.  I would hate for their entire response to be fear based due to the tone of the selection message and the fact that they have to answer this question repeatedly – like the dreaded Alzheimer’s health question – back when 23andMe was providing health results.

Here, let me give you an example vignette:

Hi, 23andMe, I’d like to test for genealogy matches.

Great, send me $99 and you’re on the way.

Spit…mail….waiting…waiting…

Good news, your results are back.  Do you want to opt into DNA Relatives?  You know you could find out information about your family that is upsetting to you?  It could change your family relations?

Really?  Hmmm…I think I want to see.  That’s why I tested.

Another e-mail:  Are you sure, really positive that you want to remain in DNA Relatives?  You know, you could find out really upsetting information.  You can see other close relatives and they can see you.

Geeze, I don’t know….maybe not…I’ll wait till I sign on next time to deal with this.

Signing on next time….

Do you want to opt-in to DNA Relatives?  You know, you could find out some really disturbing and upsetting things about your family?  It could change your relationship with your family members.

After repeating this warning several times, it begins to appear like 23andMe is discouraging your participation, not informing you of risks and rewards.  There is no upside mentioned, only repeated negatively framed warnings.  Given that genealogy/ancestry is the only reason for the consumer to purchase this product right now, this approach seems a bit counter-intuitive and overkill.  In the least, the warning should be given up front, during the purchase process, and then not constantly repeated.

However, given that 23andMe is still gathering your health information and utilizing it in their medical research, even if you opt-out or don’t opt-in to DNA Relatives, assuming you haven’t opted out of medical research as well, warning you up front would discourage a sale and would prevent them from collecting your genetic data.  In essence, 23andMe doesn’t care one bit whether you opt-in or opt-out of DNA Relatives, but they care a whole lot about your money and your participation in medical research.

The constant changes and hoopla are confusing people and frightening some. Others are becoming too discouraged by a lack of positive genealogical results to continue.

23andMe was first in the game with consumer autosomal testing, but their ever-changing policies have become and remain confusing. They have done nothing to clarify publicly, leaving everyone uncertain and a little reluctant.

23andMe entered the genealogy marketspace, but they seem to be focused on protecting people from genealogy matches. This seems almost like a conflict of interest, or may be better stated, a Kobayashi Maru, or no-win situation. It seems that the health testing aspect is causing 23andMe to adopt such restrictive procedures that it’s making the genealogy aspect of their product increasingly restrictive and difficult.  I’m sure this is reflective of their primary goal, which is medicine, and the fact that genealogists just happened to be interested in genetics as a tool was, for them, a happy accident that provided a source for test subjects.  Genealogy is not something 23andMe is primarily interested in.  I’m sure they aren’t making things difficult intentionally, but the net effect is far from encouraging.

I’m finding that their protections are barriers and the required steps are confusing for customers and self-defeating for genealogy, and they are, unfortunately, cumulative hurdles:

  • Having to specifically opt-in to DNA Relatives, even after consenting to test when purchasing the product which includes matching
  • Having to request to communicate with other participants
  • Having to request to “share DNA”
  • Having to confirm that yes, you really did want to ‘opt in’ to DNA Relatives
  • About a 10% communication request response rate
  • Most of the 10% of the people who do respond know little, if anything, about their genealogy, nor are they terribly interested
  • Having to utilize the 23andMe corporate message system instead of communicate with your matches via e-mail
  • Match limit at 1000 people unless you are communicating with more than that number. After 1000, matches fall off your list.
  • Their terrible trees. Yes, I realize they have recently partnered with My Heritage, but as Judy Russell says, we’ll see.
  • The misleading (health and ancestry) notation in a sharing request which frightens people as to why you want their health information, causing people to decline to share
  • Constant change about who you are/aren’t seeing as matches and why
  • Confusing and conflicting opt-in, opt-out information delivered on four different platforms; e-mail, on your personal page, their blog and their community forum.  In essence, this means that almost everyone except the most dedicated 23andMe follower misses at least part of the information.

23andMe is approaching the point where the pain level of participation is at the threshold of no longer being worthwhile except for extraordinary cases like adoptions where the participant is desperate for any possible crumb.

I thought more about this situation, and I believe that the underlying problem is a fundamental disconnect in the focus of the two groups.  23andMe’s corporate focus is and always has been health related research, compilation and manipulation of genomic “big data.”   Taking a look at their recent American Association of Human Genetics papers is a good yardstick of their corporate focus.  Not one paper mentions the genealogical aspect of their business, and even the paper that does indirectly help genealogists by reducing false positive identical-by-descent segments is presented from a medical perspective.  In essence, the genealogy community is a source for DNA for 23andMe.  They aren’t focused on genealogy or interested in serving this community.  That’s neither good nor bad…it’s just the way it is.

The genealogy community, on the other hand, is frustrated by the increasingly long list of confusing hurdles at 23andMe that people who test for genealogy must navigate before they can reap any of the potential benefits of matching for genealogical purposes.  Each successive hurdle reduces the number of people who complete the course and those who make it to the end are either the died in the wool genealogists who have tested elsewhere anyway or people with little or no knowledge of their genealogy.  Worst case, people who test at 23andMe for genealogy will leave with a bad taste in their mouth and never test again because, frankly, it’s neither easy nor fun.

We don’t know exactly how many people haven’t opted-in for DNA Relatives, but we can surmise some based on their publicly released information.  In the September retraction, 23andMe said that there were 350,000 who had not opted in, or out.  We don’t know how many have actively opted out.  In their ASHG abstract, they mention that 550,000 have consented for research.  That tells us that less than half of their clients are opted in for DNA Relatives, or about 200,000 (assuming no one opted out), or perhaps less now with the recent “are you sure” messages like I received.  Given that only 10% of the people who DO actively opt-in for DNA Relatives respond to inquiries, that’s a whole lot of people not clearing the hurdles for one reason or another.  Of their entire data base of 550,000, only about 20,000 people clear the hurdles and engage, or about 3.5%. That means that there are 530,000, or more if you include the unknown number of opt-outs, who don’t clear the hurdles.

I hope 23andMe gets their cumulative act together relative to genealogy customers. You’d think with genealogy customers being their only source of corporate revenue right now (except for government grants and venture capital), that they would be bending over backwards to make the genealogy related products and processes straightforward, accessible and easy to use.  Now would be a great time for some positive changes!

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

No (DNA) Bullying

Posted on by
52

No Bullying

There are hardly any hobbies that hold more passion than genealogy.  Once hooked by the bug, most people never retire and one of the things they worry about passing down to their family are their genealogy records – even if the family of today isn’t terribly interested.

So it’s easy to understand the degree of passion and enthusiasm, but sometimes this passion can kind of go astray and it crosses the line from something positive to something not nearly so nice.

Genetic genealogy is the latest tool in the genealogists’ arsenal, but it introduces some new challenges and unfortunately, with the increased number of people testing, we’re seeing some examples of what I consider bullying – for DNA, for identification and for information.

Bullying is unwelcome aggressive behavior that involves repeated threats, physical or electronic contact or a real or perceived imbalance of power.  Generally, the victim feels they can’t make it stop.  This has become especially prevalent in the cyber age.  And bullying is not just about kids.

I’m going to look at 3 types of situations.  It’s easy to see both perspectives, but bullying by any other name is still bullying, even though the bully probably doesn’t see it that way.  Guaranteed, the recipient does.

You’ve Got the DNA I Need

Let’s say that Aunt Gladys is the last person alive in a particular line who can provide DNA to represent that line.  But Aunt Gladys, for whatever reason, doesn’t want to test.  It’s fine to discuss this, to talk about her concerns, and perhaps you can find a solution to address them, like testing anonymously.

But let’s say that Aunt Gladys simply says “no,” end of story.  What then?

Yes, Aunt Gladys carries the information that you need, but it’s HER DNA that needs to be tested, and if she says no, then her decision should be respected, as difficult as it may be and as unreasonable as it may seem.  Maybe Aunt Gladys knows something you don’t – like she is adopted or some other secret that she does not wish to reveal.  Badgering Aunt Gladys from this point forward is going to do nothing other than cause hard feelings and make Aunt Gladys want to avoid you.

You may think you’re “just discussing” but from her perspective, you may be bullying.  Now, it’s OK to beg and cry once, but if you’re slipped into the realm of “if you don’t test, I’ll tell Uncle Harvey that you scratched his car back in 1953,” you’ve stepped over that line.

Won’t Answer E-Mails

I can’t tell you how often I hear this story.  “I match with person XYZ and they won’t share their information.”  Most of the time, they won’t answer e-mails.  And the question follows, of course, as to why they tested in the first place.

These tests have been around for a number of years now.  Many people have died or moved or the purpose of the test was fulfilled and they aren’t interested beyond that.  Think of your Aunt Gladys.  If you did convince her to test, it wouldn’t be for her, but for you and she certainly would not be interested in answering random e-mails.

There could be a number of reasons, depending on the testing company used, that someone might not answer.  In particular, many people test at 23andMe for health reasons.  It doesn’t matter to them if you’re a first cousin or any other relation, they simply aren’t interested or don’t have the answers for you.

It’s alright to send 2 or 3 e-mails to someone.  E-mails do get lost sometimes.  But beyond that, you’ve put yourself into the nuisance category.  But you can be even worse than a nuisance.

I know of one case where someone googled the e-mail of their contact, discovered the person was a doctor, and called them at the office.  That is over the line into cyber-stalking.  If they wanted to answer the e-mail, they would have.  If they don’t want to, their decision needs to be respected.

I Know You Know

This situation can get even uglier.  I’ve heard of two or three situations recently.  One was at Ancestry where someone had a DNA match and their trees matched as well.  At first the contact was cordial, but then it deteriorated into one person insisting that the other person had information they weren’t divulging and from there it deteriorated even further.

This is a hobby.  It’s supposed to be fun.  This is not 7th grade.

Adoptions

However, there are other situations much more volatile and potentially serious. In some cases, often in adoptions, people don’t want contact.  Sometimes it’s the parent and sometimes it’s the adoptee.  But those aren’t the only people involved.  There are sometimes half-siblings that are found or cousins.

For the adoptees and the parents, there are laws in each state that govern the release of their legal paperwork to protect both parties.  Either party can opt out at any time.

But for inadvertently discovered family connections, this isn’t true.  Think of the person who doesn’t know they are adopted, for example, who discovers a half-sibling and through that half sibling their biological mother.  Neither person may welcome or be prepared for this discovery or contact.

Imagine this at the dinner table with the family gathered, “Hey guess what, I got a half-sibling match today on my DNA.  I wonder if that’s some kind of mistake.  How could that be?”

So if you match someone as a half sibling or a cousin, and they don’t want to continue the conversation, be kind and respectful, and leave the door open to them if they change their mind in the future.  Pushing them can only be hurtful and nonproductive.

Dirty Old (and Formerly Young) Men

And then, there’s the case of the family pervert.  Every family seems to have one.  But it’s not always who you think it is.  By the very nature of being a pervert, they hide their actions – and they can be very, very good at it.  Practice makes perfect.

Let’s say that Jane likes genealogy, but she was molested as a child by Cousin Fred.  Some of the family knows about this, and some don’t believe it.  The family was split by this incident, but it was years in the past now.  Jane wants nothing to do with Fred’s side of the family.

(By the way, if you think this doesn’t happen, it does.  About 20% of woman have been raped, 30% of them by family members (incest), many more molested, and children often by relatives or close family friends.  15% of sexual assault victims are under the age of 12.  Many childhood cases are never prosecuted because the children are too young to testify.  Perverts and pedophiles don’t wear t-shirts announcing such or have a “P” tattooed on their forehead.  Often family members find it hard to believe and don’t, regardless of the evidence, casting the victimized child in the position of being a liar and “troublemaker.”  Need convincing?  Think of what Ariel Castro’s family said and how well he hid his dark side and the Boston bombers’ family comments about their innocence in the face of overwhelming evidence to the contrary.)

Jane’s an adult now and DNA tests.  She has a match and discovers that it’s on Fred’s side of the family.  Jane tells the person that she doesn’t want anything to do with that side of the family, has no genealogy information and wants no contact.  The match doesn’t believe Jane and then becomes insistent, then demanding, then accusatory, then threatening.

This is clearly over the line.  Jane said she didn’t want any continued contact.  That should have been the end of the discussion.

But let’s say this one gets worse.  Let’s say that because of this, Cousin Fred wakes up and decides that Jane is interesting again and begins to stalk Jane, and her children……

Does this make you shake in your shoes?  It should.  Criminals not only aren’t always playing with a full deck, but don’t play by any of the same rules as the rest of us.  Cousin Fred might just be very grateful for that information about Jane and view it as a wonderful “opportunity,” provided by his “supportive” family member who has now endangered both Jane and her children.

Who’s Yer Daddy?

In another recent situation, John discovered by DNA testing that he is not the biological child of his father.  He subsequently discovered that his mother was raped by another male, married to another close family member.  When John discovered that information, he promptly lost interest in genealogy altogether.

A year or so later, John matched someone closely who was insistent that he provide them with how he was related to them.  John knew, but he did not feel that it was any of their business and he certainly did not want to explain any of the situation to the perpetrator’s family member, who, by the way, had already mentioned what a good person the perpetrator was.  However, the person continued to harass and badger John until he changed his e-mail address.

I so wanted to ask these people, “What part of “NO” don’t you understand?”

Mama’s Baby, Daddy’s Maybe

In one final example, adoptees often make contact with their birth mother first, and then, if at all, with their birth father.  Sometimes the birth mothers are not cooperative with the (now adult) child about the identity of their father.  Often, this is horribly frustrating to the adoptee.  In at least one case, I know of a birth mother who would never tell, leaving the child an envelope when she died.  The child was just sure the father’s name was in the envelope, but it was not.  I can only imagine that level of disappointment.

Why would someone be so reticent to divulge this information?  The primary reasons seem to be that either the mother doesn’t know due to a variety of circumstances that can range from intoxication to rape, the woman never told the father that she had a baby and placed the child for adoption, the father was abusive and the mother was/is afraid of him/his family, the father was married, or the father was a relative, which means not only might the father still be alive, the mother may still have a relationship of some type with him.  The mother may have lied for years to protect herself, and in doing so, protected the father as well.

Clearly, this situation has a lot of potential to “shift” a lot of lives and not always in positive ways.  One woman didn’t want to make contact with her child other than one time because she had never told her husband of 30 years that she had a child before their marriage.  One woman made contact, but did not want to divulge that the child’s father was her older brother, still alive.  Victims often keep the secrets of their attackers out of misplaced shame and guilt.  Think Oprah here.  Mother may not be simply being stubborn, but acting like the victim she is and trying to preserve whatever shreds of dignity are left to her.  She may also be embarrassed by a lapse in judgment.  One adoptee realized when counting forward from her birth date that she was conceived right at New Years and when she realized that, she figured out that her mother, who drank heavily when she was younger, probably did not know who her father was, and didn’t want to admit that.

As frustrating as this is for the adoptee, the birth mother does have the right not to have her life turned upside down.  Badgering her will only result in losing the potential for a relationship from the current time forward.  Being respectful, understanding and gentle may open the door for future information.

R-E-S-P-E-C-T

I can hear Aretha now.

If you haven’t walked a mile in their moccasins, so to speak, you can’t possibly know the situation of the person on the other end of your request for DNA or information.  Don’t make the mistake of stepping over the line from excitement into bully behavior.

Think of the potential situations the person on the other end may be dealing with.  Ultimately, if they say no, then no it is and no should be enough without an explanation of why.  Generally bullying doesn’t work anyway, because someone who feels like you are threatening them or being too aggressive will clam right up and it will be that proverbial cold day in Hades before they tell you anything.  It’s important to keep communications from sounding like you’re demanding or entitled.  My mother always said “you’ll catch more flies with honey than with vinegar.”  I always found that very irritating, probably because I needed to hear it just then – but regardless – it’s true.

Keep in mind, genetic genealogy is about genealogy.  It’s a hobby.   It’s fun.  If it becomes otherwise and puts people at jeopardy, then we need to take a step back and take a deep breath.

Most people don’t mean to cross the line into bullying.  They just get excited and sometimes desperate.  Hopefully this discussion will help us all be more aware of where the polite line is in communicating with our family members and matches.

If you are the victim of information bullying, cyber-stalking or someone puts you in an uncomfortable situation, there are steps you can take to remedy the situation.  Most bullying sites are directed at adolescents, but the advice still applies.

If you know you don’t want contact initially, then make your accounts anonymous or don’t respond to requests.  If you realize that you don’t want contact after the initial contact, for whatever reason, say so.  After that, do not engage in communications with someone who is attempting to bully you.  If they threaten you or threaten to reveal information or your identity if you don’t give them information or do something, that action falls into the blackmail realm, which a crime.  Complying with a threat to protect yourself or your family generally only results in more of the same.  You are not dealing with a nice person.  At this point, you are way beyond genealogy and your own internal “danger” sign should be flashing bright neon red.

If disengaging does not take care of the problem, save all messages/contacts and contact your attorney who may advise you to contact the police or the FBI if the problem crosses state lines.  Depending on what state you/they live in and exactly what they have done, you may have a variety of options if they won’t stop, especially if they do something that does in fact manage to turn your life upside down and/or a crime is involved, like blackmail.  Of course, this is akin to closing the barn door after the cow leaves.  Hopefully, the person causing the problem is simply an over-zealous genealogist, means you no harm, realizes what they have done or are doing, and will get a grip and compose themselves long before this point.

Bullying of course is not because of DNA or unique to genetic genealogy, but the new products introduce new social situations that we have not previously had tools to discover nor the opportunity to address in quite the same way.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research