Family Tree DNA New Privacy Settings

As you may or may not have noticed, Family Tree DNA recently implemented more options in the privacy and sharing section of everyone’s personal DNA page.  That’s both the good news and the bad news.

Recent queries from group participants as to why their results were not showing in projects after they joined sent me on a quest to find out why.  The answer is that the new privacy and security settings at Family Tree DNA now default to a setting on new kit purchases that causes new participants results to not show in projects.  Another symptom is that as a project administrator, you’ll be able to see the participants results in your project, but you won’t be able to see their results in other projects they have joined when trying to help them with something like understanding haplogroup project grouping assignments.

In today’s more litigious society, giving people these types of options is not only a good thing, it’s necessary.  Now the bad news.  In the past, when you joined a project, your DNA results were automatically being shared on the project page, if the project had a public page.  That was the point of joining a project and is what everyone has come to expect.

privacy and sharing not sharing

Please note that people who were already clients when these new options were added, so who had already joined projects and were sharing, were not set to the default of not sharing, and were set to the value of sharing.  So if you were previously in a project and your results were being displayed, they still are.  This only affects new kit purchases.  Based on a kit I purchased on March 31, 2015, this new feature was implemented sometime after the middle of February and before the end of March, but I don’t know exactly when.

As more and more people purchase these kits with the default option set to not sharing, more and more administrators are finding themselves being asked why results are not showing up in projects…and asking themselves this same question.  The answer is, of course, that the defaults are now set for not sharing – but no one knows that.  The participants are not ASKED this question and they have no idea THAT this is happening, that there is a problem…or that they need to DO anything to rectify the situation.

Furthermore, most administrators aren’t aware of this either.  What this means, is that kits purchased since this change was made are NOT SHARING, but no one is aware of that until they stumble over it by accident.

Therefore, as interested parties and project administrators, we need to inform our participants of this default selection and that it needs to be changed.  Please feel free to share this article to accomplish this goal.

I very much hope that Family Tree DNA will implement a stepped process with options and educational “balloon boxes” so that both new participants and people whose results are now set to “not share” will be able to make selection choices when they set their account up or when they join projects.  Testers need to understand what they are being asked to select, why, and how their selections will affect their results and experience, both today and into the future.  Defaulting to not sharing is counter-productive and I fear that new testers will inadvertently be eliminated from project matching and grouping when that wasn’t their intention at all.

So, let’s take a look at the newest Family Tree DNA privacy and sharing options and how they affect participants, projects and project administrators.

Privacy and Sharing

You reach the privacy and sharing options by clicking on the “Manage Personal Information” link in the “Your Account” box to the left of your personal page at Family Tree DNA.

privacy and sharing

By clicking on the orange link, you’ll see the following Account Settings.

privacy and sharing profile

While you’re here, you may want to update your profile information.

On all selections, don’t forget to click on SAVE, or it won’t.

privacy and sharing save

Now, let’s move on to the privacy and sharing tab, to the far right of the options on the tab at the top.  Privacy and sharing options are divided into three sections.

privacy and sharing tab2

The selections greyed out on the right are the current default settings when you purchase a new kit.  There are no instructions or step-through dialogue boxes to help participants understand how these selections will affect who can see their results, and how that will affect their experience with DNA testing.

Needless to say, the power of DNA testing is sharing ancestral and genealogical information.  Otherwise, there is truly no reason to test.  Family Tree DNA has recently implemented changes which allow participants to select various levels of sharing.

Unfortunately, the default settings are in essence “off” for project sharing, once someone joins a project, which creates a great deal of confusion for participants and project administrators alike.

Participants presume their results are being shared, just the like results of the people they match.  Project administrators have no idea that the participants results aren’t being displayed in the projects, and when they discover that little tidbit, they have no idea why the results aren’t being displayed – because they always were before.

The Privacy and Sharing options are divided into three sections, My Profile, My DNA Results and Account Access

Let’s look at these one section at a time.

My Profile

Who can view my Most Distant Ancestor?

Default Setting:  Only You

This means that no one you match can see your most distant ancestor.

Options:  Share my Most Distant Ancestor with other people in projects that I’ve joined.

Creating an exception.

It appears that you can select to share within all projects (that you’ve joined), but elect to omit some projects, or you can select to not share with all projects, but to elect to share with only select projects.

privacy and sharing most distant ancestor

Note that I manage several kits with the same surname.  The default for both existing and new accounts is “only you”.  I checked and the most distant ancestor does show in both projects and matching when the “only you” selection is selected.  I suspect this is a bug, but currently, it’s how this option is functioning.  If this options starts functioning as it appears that it is supposed to, all of a sudden, your most distant ancestor information may disappear.  If so, this is why and this option needs to be changed to “share with other people in projects.”

Of course, this entire question presumes you’ve entered your most distant ancestor information.

Please enter your most distant ancestor for both your male paternal (father’s surname) line and your matrilineal (mother’s mother’s mother’s) line on the Genealogy Tab, under Most Distant Ancestors, shown below.

privacy and sharing most distant ancestor setup

If you don’t enter this information, your “Most Distant Ancestor” won’t be listed in projects, example below, so if other people from this line are looking to see if their line has tested, that information won’t be available to them.

privacy and sharing project

Furthermore, if your information isn’t there, it can’t and won’t be displayed to your matches.  You certainly want that information from your matches, so be sure to provide it for your matches to see as well.  In the example below, the first person did not complete this information, but the second person did.  As it turns out, they both descend from the same ancestor, but the person matching them can’t tell, because one person doesn’t have their Most Distant Ancestor listed.

privacy and sharing match

Who can see me in project member lists?

Default:  Project Administrators


privacy and sharing project member list

This selection works in tandem with how the project administrators of various projects you may have joined choose to implement the project display.  In other words, if the project isn’t public, then the “anyone” option is meaningless, because the public won’t be able to see the project at all.

hap q front page

Fortunately, most projects are publicly displayed.

The next question about this option is what, exactly, and where is a project member list?

When you visit any project, you will see a front page.  On that page, you will see several options relating to that project.  In the Kvochick project, there are 5 members.  If you click on the 5 members, that should display the list of the names of project members.

kvochick dna page

The default setting is only for project administrators to see the names.  In this case, your name would not appear in this list if clicked on by anyone other than the project administrator.

The second option would be for project members only, and the third option would be for the general public.

Please note that as of the writing of this article, I tested several projects and none had clickable numbers, so this option does not appear to be implemented at this time.

My DNA Results

Who can view my ethnic breakdown in myOrigins?

Default:  Project Administrators


privacy and sharing myorigins

Your two options are to share with your matches, or not share with your matches.  Do not share is the default.

Here is an example of people who are sharing ethnic results in myOrigins.  If you are not sharing, your name would not appear on this list for your matches on the bottom left.

privacy and sharing myorigins example

Lastly, the only ethnicity that is shared with your matches is an ethnicity they have as well.  In this case, the participant only has European ethnicity, so that is the only portion of his matches ethnicity that is shown to him.

Who can view my DNA results in group projects?

This new option is the one causing havoc with administrators and projects.

Default:  Make my mtDNA and Y-DNA private.  It will only be shown to people in my project.

Options:  Make my mtDNA and Y-DNA public.

privacy and sharing group projects

I strongly, strongly suggest that you make this selection public.  Let me give you an example of why.

Let’s say I’m a female, and I want to know if my paternal line has tested.  I would check the appropriate surname project.

In this case, let’s say I’m looking to see if any descendants of John Harrold (Herrell, Harrell, Harrald) who died in 1825 in Wilkes County, NC have tested.

When people share their results, you will be able to find out if your line has tested.

You can see in the example below that my Harrold line is group 7 in the Harrell project, so I now know my line has tested, and I can see my haplogroup designation and Y markers for John’s line.

privacy and sharing Harrell

If none of these John Harrold descendants had elected to share, then I would never be able to find this information.  If you’re looking for any of your ancestral surnames, you won’t be able to find those lines either – if the people who test don’t share.  If people who are looking to test don’t see their ancestral line, they will think there is no one to compare to, and they may be discouraged from testing.  This is certainly not what we want.

The problem today is that people who purchase tests don’t know they aren’t sharing – they assume they are.  Before these new privacy options became available, by default, if you joined a project, you WERE sharing.  Now, new participants aren’t sharing – even though they joined the project – unless they change their options.

Furthermore, if you are a project member, let’s say of the Harrell project, and one of the administrators is trying to help you understand your results in a haplogroup project, the Harrell administrator can’t see your results in the haplogroup project either – so we can’t help you.


To not share this information defeats the entire purpose of DNA testing.

The most information that any project at Family Tree DNA can reveal is the kit number, surname (only) of tester, paternal (or maternal) most distant ancestor name, country of origin, haplogroup and the DNA markers (Y 12-111 and mtDNA HVR1 and HVR2 only) for which the individual has tested.  Below, a sample project is shown with the maximum amount of information categories shown (except I’ve truncated the markers shown to the right for space reasons.)

privacy and sharing most shown

To review the project setting, by default, only project members who are signed into their account and looking at the project can view your data.  Anyone who is not a project member and not signed into their account cannot see your data in the project

If you select public, anyone looking at the public project page can see your results, like the example above – assuming that the project itself is public.  This is only valid for Y and mtDNA HVR1 and HVR2 data, as mitochondrial DNA coding region and autosomal DNA results are never displayed publicly.

Who can view my mtDNA Coding Region mutations?

Default:  Only you.


Privacy and sharing mtDNA coding

If you have tested at the mitochondrial full sequence level, you will have tested the full HVR1, HVR2 and coding regions.  While the HVR1 and HVR2 regions are not currently known to reveal medical conditions, the coding region has the potential to carry some medical information.  Therefore, your coding region is NEVER displayed publicly, in a project.  Displaying the coding region is not an option.  If you elect to share your coding region mutations privately, that is up to you.

However, in order for mitochondrial DNA project administrators to correctly group you in mitochondrial DNA projects, they must be able to see your coding region results to know where your mutations fall.

Therefore, you can authorize project administrators to view the coding region results, by project.  In the example above, the individual is only a member of one project.  In order to authorize the Estes project administrator to view the coding region, click the box and then Save.

Account Access

How much access to Project Administrators have to my account?

Default:  Limited


privacy and sharing project admin access

What do the various authorization levels allow?  Here’s the list.

privacy and sharing admin access

If you have given an administrator full access to your account, which means you have given them your kit number and password, they have full access to everything and that supercedes these options.

Who has full access to my account?

Default:  Only You

Options:  Give the administrator your kit number and password.

privacy and sharing admin full access

Obviously, if you have privately e-mailed your kit number and password to an admin or anyone, Family Tree DNA has no way of knowing or tracking that.

Genealogy Tab

You will find a few more options that affect how your Family Tree is displayed on the Genealogy tab.

privacy and sharing genealogy tab

If you have uploaded a GEDCOM file or completed a family tree online at Family Tree DNA, who can be seen in your tree, and by whom, is controlled by this setting.

Having an entirely private tree is the same as having no tree and is not useful to anyone, so I really have no idea why someone would do this.

Of course, you can always see which of your matches has a tree available and can click on the pedigree icon to view your matches tree, if they authorize matches to view their tree.  On the example below of a Y DNA matching page, the first two participants do have a family tree, as indicated by the little blue pedigree icon, and the third individual does not.

privacy and sharing pedigree

I encourage everyone to either upload your GEDCOM file or create a family tree online at Family Tree DNA.  You can do either by clicking on the Family Tree Link on your myFTDNA menu at the top left of your personal page.

privacy and sharing upload gedcom

Including a family tree makes finding a common ancestor so much easier.  Genetic genealogy is all about sharing and collaboration – and finding those ancestors!

Public Search

Family Tree DNA recently implemented a public search function that allows public searches of online trees and GEDCOMS.

Why would someone search like this?  To see if people from their genealogocal lines have tested.  In other words, people wondering if they should test.  Allowing your tree to be seen publicly is in essence, cousin bait – of course you want them to test – the more the merrier and the better chance you have of breaking down those brick walls.

privacy and sharing search box

Below is an example of how your tree privacy selection, made under the Genealogy Tab above, impacts what can be seen by a public search.

privacy and sharing search

As an example, I did a public search for my ancestor, Jotham Brown.  Sure enough, there are several people at Family Tree DNA who have good ole Jotham in their trees.  That’s great – because it means I have a chance of matching some of them using the Family Finder test.

In the results above, you can see the three options for how trees are listed:

  • Entirely private such that you need to test and will only see the tree if you match
  • Public tree noted by the name of the owner
  • Tree included but noted as private member – which just means the name of the tree owner is not displayed

You can see the actual trees of both the public and private trees that are shown with clickable links.  You cannot see the tree of the private family tree with no link.

Clicking on the trees shows you the following example, depending on the tree display options you’ve selected.  The tree below has selected to mask living people and people deceased within a hundred years.

privacy and sharing tree2

Both trees labeled with a source and private member trees are shown, but with the privacy screening you’ve selected.  The only difference I’ve been able to find between those two options is that the source tree name is given for the public trees, and is not for the private member trees.  However, there is no contact information for the public trees (or any trees), so this is not a way to contact other genealogists.  You can only contact them if you have a match through DNA testing.

The third option is that completely private trees are only shown to matches.  These are noted as a private family tree and the searcher is instructed to purchase a Family Finder test to see if they match.  That is, after all, the goal!!!

privacy and sharing search2

Hopefully this search function will encourage more people to test.  After all, other people who descend from their ancestor are in the data base!


Privacy settings have changed and we have to figure out the best way to work with the new features.

Let’s make sure our new participants understand their settings and what needs to be changed in order to have their results displayed in the manner they desire.

As always, the way to obtain the best genetic genealogy experience is by sharing.  That’s what collaborative research and crowd-sourcing is all about.  Everyone shares individually and the power of the group is what gives genetic genealogy its awesome results.

So, the 4 key elements for successful sharing are to:

  • Set your project sharing status to public, not private.
  • Enter your most distant ancestor information
  • Share your most distant ancestor information with matches and projects
  • Upload your GEDCOM file or create a family tree at Family Tree DNA

Mitochondrial DNA Projects – Full Sequence Authorization Changes

For people who administer DNA projects that include mitochondrial DNA results – and those who participate – a change in the location of settings at Family Tree DNA will necessitate updating instructions to participants to enable sharing of their full sequence results with project administrators. If the administrators can’t view the results, they can’t group participants appropriately.

This change only pertains to allowing administrators to view the results, and does not allow displaying of full sequence results.  In other words, Family Tree DNA didn’t add or take anything away – they just moved the furniture – in this case, into another room.  However, it’s a little difficult to find without a map – so that’s what I’m giving you.

Whatever a participant’s options were set to previously, they haven’t changed – just the location of those options has changed.  So if a participant has already authorized sharing (viewing) with project administrators, they don’t need to do anything.  This change only pertains to those who need to authorize administrator viewing.

Here are instructions to enable full sequence viewing utilizing the new page layout.

On your personal page, click on the Manage Personal Information link. This hasn’t changed.

full sequence1 v2

The setting to enable full sequence viewing by project used to be under Account Settings, then Match and E-Mail Settings, but now the option is located on the “Privacy and Sharing” tab, all the way to the right.

full sequence2

Look under “My DNA Results” at the question, “Who can view my mtDNA Coding Region mutations?” To the right will be either the words “Only You” or “Some Project Administrators” or “Project Administrators,” based on y our current settings.  Click on whatever words are there – in the example below, click on “some project administrators.”

full sequence3

By clicking on those words, you will display the list of projects that you have joined and you can then enable the project administrators to see your full sequence results.

full sequence4 v2

Check the box of the appropriate project(s) to enable the project administrators to view the full sequence results. Then, remember to click on the orange SAVE button to save, or it won’t.

If project administrators have included instructions on their project pages for participants to enable full sequence viewing, those instructions will need to be updated immediately. Feel free to utilize these instructions.

Hide and Seek at 23andMe, DNA Relatives Consent, Opt-In, Opt-Out and Close Relatives

To say that the matching policies at 23andMe are confusing is an understatement. Of course, that would imply that we could figure out what those policies are, this week, exactly.  What I have been able to discern is that there is widespread confusion about the entire topic.  This is my attempt to figure out which end is up, and who can see whom, under what circumstances.  I feel like this is a high-tech game of Hide and Seek, a game customers should not have to be playing.

hide and seek

On October 17, 2014, I received this e-mail for one of the 23andMe accounts that I manage. I did not receive it for any of the other accounts that I manage at 23andMe.

When I clicked on the “can’t miss it” red block in the e-mail, it did absolutely nothing. However, by clicking on the “view as a web page” link, clicking on the “Confirm your DNA Relatives participation” took me to the 23andMe signon screen.

I signed in, but was not taken to the account in question. When I switched to that account, this is what I saw – in essence, a second warning.

hide and seek2

I was not allowed to proceed further until I clicked on yes or no.

Of course, this begs the question of why my other accounts weren’t asked the same question. With the exception of one, they are sharing in DNA Relatives too.

It also made me wonder about the sharing with Close Relatives option.

I decided to check the DNA Relatives Option information in the Privacy/Consent settings, but there was nothing further.  You can visit your consent options by clicking on the down arrow by your name, shown on the upper right hand corner of the screen shot below, and selecting “account settings.”

hide and seek3

So, what the heck happened to the close relatives option?

It seems that 23andMe discontinued the “close relatives” opt-in or opt-out, according to their June blog article, below.

hide and seek4hide and seek5

At this point, if you had not ‘opted out’ then it was assumed that you had in effect ‘opted in’ and all of your matches including your close relatives would be shown.

But then the VOX article was published in September and the proverbial stuff hit the fan.

The day of the expected default opt-in change, based on the June announcement (above), 23and Me posted a retraction of the June article, on their community forum, below.

Dear Community,

We made a change from what we promised and I want to apologize. We promised that the roughly 350,000 customers that had not consented to see Close Relatives in our DNA Relatives feature would be automatically opted in at the end of a 30 day notification period. I understand that that was extremely exciting for many of you to have so much data potentially come your way. It was unfortunately a mistake that we promised that.

I do not think it was ever the right call to promise that we would automatically opt-in those customers. Core to our philosophy is customer choice and empowerment through data. The Close Relatives features can potentially give a customer life changing information, like the existence of an unknown sibling or the knowledge that a relative is not biologically related to them. Customers need to make their own deliberate and informed decision if they want this information. It is 23andMe’s responsibility to make sure our customers have a choice and that they understand the potential implications.

The timing of the change is unfortunate and I apologize the announcement came late on a Friday night at the end of the 30 day period. The article in Vox made me and others look into the language in the consent form and that is when I learned about the proposed changes coming to the DNA Relatives community. As 23andMe has moved from being a start up to a bigger and more mature company, I am not involved in every decision. This is a decision that should have come to my attention but it did not. We will learn from that. 23andMe is hiring a Chief Privacy Officer and that too will help us avoid these types of mistakes in the future. We are also already planning to evolve the consent process to make it simpler and more clear for customers.

Going forward, we will continue to prompt the customers that have not made a choice about Close Relatives to make a choice. We understand how important that is to you. We will do a mix of emails to these customers and pop-up prompts at login to get customers to make a choice.

I apologize again for the disappointment and for not having clearly communicated the reason for reversing course. 23andMe continues to grow and pioneer the way we think about consumers exploring their DNA. While we continue to innovate we may also err along the way. We can only promise that we will always listen to and do right by you, our customer, and will never fear having to redirect our course when it is the right thing to do.

Sincerely, Anne Wojcicki

So, now it appears that unless someone has specifically ‘opted in’ to DNA Relatives as a whole, they are automatically ‘opted out,’ a 180 degree reversal.  Of course, if you were one of those 350,000 customers who received a notification about opting out, and did nothing, so that you could be opted in at the end of the 30 days referenced above, you would be thoroughly confused because you THINK you’re now opted in.

23andMe has a habit of posting information on their Forum which members must actively check, instead of sending e-mails to their customers or posting this kind of information on their blog that is sent by subscription. One of the forum followers was kind enough to point out this recent posting detailing changes that have occurred in October and the 23andMe policy moving forward.

hide and seek6hide and seek7It’s signed, Chistine on behalf of the 23andMe Product Team

I can find nothing on the current customer pages providing any information about these decisions or the match status of DNA Relatives/Close Relatives.

Furthermore, 23andMe is now asking some, but not everyone, who are opted in for DNA Relatives if they are sure. My account that was asked tested in 2010, so was not caught in the 2014 selection option confusion.

I feel that this methodology discourages many people from participation. It infers that there is something frightening that you ‘ought to be’ concerned about – especially if you are asked about the same topic several times.

In summary, here is, I think, what we know, as of October 16, 2014.

  • Everyone will have to make a specific choice to opt-in to DNA Relatives, one way or another, after testing.  If you don’t specifically opt-in, you are opted out.  Consent to test apparently doesn’t count as consent for DNA Relatives.
  • Clients prior to June 5, 2014 who were opted in to DNA Relatives but out of Close Relatives will be prompted to select an opt-in with close relatives included, or an opt-out entirely.
  • Clients prior to June 5, 2014, who did opt-in to participate in DNA Relatives, but did not have any selection to make about “Close Relatives” will be required to confirm that they want to continue in DNA Relatives before they can proceed to see their matches. This is apparently the e-mail that I received for one of my kits. It’s still a mystery why I never received it for the others who tested even earlier and clearly before the “Close Relatives” option existed.
  • Clients between June 5, 2014 and October 16, 2014 who were automatically opted in to DNA Relatives with close relatives included will also be prompted to confirm their participation in DNA Relatives and until they do confirm that option, they will not be visible nor able to view close relatives.
  • New customers will be prompted to opt-in or opt-out of DNA Relatives and opt-in will no longer be the default.
  • Participation in DNA Relatives will now include close relatives and that will not be a separate option.

I’m very glad to see that everyone who opts in to DNA Relatives includes close relatives. To do it any other way is not only confusing, it’s more than a little disingenuous, especially given that someone may not realize why their close matches aren’t showing.  I had more than one client have a panic attack when their family member wasn’t showing as a match, especially when they were expecting to see a parent or sibling.  In my opinion, having to enable the “close relatives” option caused huge problems and wholly unwarranted stress.  If it’s truly gone, never to return, I’m very glad and applaud 23andMe for that decision.

The bad news is that many of the 350,000 people referred to in the September community forum posting are still anonymous, and they many not even realize it. Many probably presumed, quite logically, that because they were taking a DNA test that included matches, that they would receive matches without having to do anything further.  Furthermore, they received the 30 day notification that they would be opted in if they did nothing, so they expected to be opted in.  But they aren’t.

Currently, at 23andMe, you have to jump through more hoops to obtain your genealogy results than you did (when they were providing health information) to obtain your health results.  I hope that the message provided to people who are making the “Opt In – Opt Out” decision can be worded a little more encouragingly and present both sides of the risk/reward coin.  I would hate for their entire response to be fear based due to the tone of the selection message and the fact that they have to answer this question repeatedly – like the dreaded Alzheimer’s health question – back when 23andMe was providing health results.

Here, let me give you an example vignette:

Hi, 23andMe, I’d like to test for genealogy matches.

Great, send me $99 and you’re on the way.


Good news, your results are back.  Do you want to opt into DNA Relatives?  You know you could find out information about your family that is upsetting to you?  It could change your family relations?

Really?  Hmmm…I think I want to see.  That’s why I tested.

Another e-mail:  Are you sure, really positive that you want to remain in DNA Relatives?  You know, you could find out really upsetting information.  You can see other close relatives and they can see you.

Geeze, I don’t know….maybe not…I’ll wait till I sign on next time to deal with this.

Signing on next time….

Do you want to opt-in to DNA Relatives?  You know, you could find out some really disturbing and upsetting things about your family?  It could change your relationship with your family members.

After repeating this warning several times, it begins to appear like 23andMe is discouraging your participation, not informing you of risks and rewards.  There is no upside mentioned, only repeated negatively framed warnings.  Given that genealogy/ancestry is the only reason for the consumer to purchase this product right now, this approach seems a bit counter-intuitive and overkill.  In the least, the warning should be given up front, during the purchase process, and then not constantly repeated.

However, given that 23andMe is still gathering your health information and utilizing it in their medical research, even if you opt-out or don’t opt-in to DNA Relatives, assuming you haven’t opted out of medical research as well, warning you up front would discourage a sale and would prevent them from collecting your genetic data.  In essence, 23andMe doesn’t care one bit whether you opt-in or opt-out of DNA Relatives, but they care a whole lot about your money and your participation in medical research.

The constant changes and hoopla are confusing people and frightening some. Others are becoming too discouraged by a lack of positive genealogical results to continue.

23andMe was first in the game with consumer autosomal testing, but their ever-changing policies have become and remain confusing. They have done nothing to clarify publicly, leaving everyone uncertain and a little reluctant.

23andMe entered the genealogy marketspace, but they seem to be focused on protecting people from genealogy matches. This seems almost like a conflict of interest, or may be better stated, a Kobayashi Maru, or no-win situation. It seems that the health testing aspect is causing 23andMe to adopt such restrictive procedures that it’s making the genealogy aspect of their product increasingly restrictive and difficult.  I’m sure this is reflective of their primary goal, which is medicine, and the fact that genealogists just happened to be interested in genetics as a tool was, for them, a happy accident that provided a source for test subjects.  Genealogy is not something 23andMe is primarily interested in.  I’m sure they aren’t making things difficult intentionally, but the net effect is far from encouraging.

I’m finding that their protections are barriers and the required steps are confusing for customers and self-defeating for genealogy, and they are, unfortunately, cumulative hurdles:

  • Having to specifically opt-in to DNA Relatives, even after consenting to test when purchasing the product which includes matching
  • Having to request to communicate with other participants
  • Having to request to “share DNA”
  • Having to confirm that yes, you really did want to ‘opt in’ to DNA Relatives
  • About a 10% communication request response rate
  • Most of the 10% of the people who do respond know little, if anything, about their genealogy, nor are they terribly interested
  • Having to utilize the 23andMe corporate message system instead of communicate with your matches via e-mail
  • Match limit at 1000 people unless you are communicating with more than that number. After 1000, matches fall off your list.
  • Their terrible trees. Yes, I realize they have recently partnered with My Heritage, but as Judy Russell says, we’ll see.
  • The misleading (health and ancestry) notation in a sharing request which frightens people as to why you want their health information, causing people to decline to share
  • Constant change about who you are/aren’t seeing as matches and why
  • Confusing and conflicting opt-in, opt-out information delivered on four different platforms; e-mail, on your personal page, their blog and their community forum.  In essence, this means that almost everyone except the most dedicated 23andMe follower misses at least part of the information.

23andMe is approaching the point where the pain level of participation is at the threshold of no longer being worthwhile except for extraordinary cases like adoptions where the participant is desperate for any possible crumb.

I thought more about this situation, and I believe that the underlying problem is a fundamental disconnect in the focus of the two groups.  23andMe’s corporate focus is and always has been health related research, compilation and manipulation of genomic “big data.”   Taking a look at their recent American Association of Human Genetics papers is a good yardstick of their corporate focus.  Not one paper mentions the genealogical aspect of their business, and even the paper that does indirectly help genealogists by reducing false positive identical-by-descent segments is presented from a medical perspective.  In essence, the genealogy community is a source for DNA for 23andMe.  They aren’t focused on genealogy or interested in serving this community.  That’s neither good nor bad…it’s just the way it is.

The genealogy community, on the other hand, is frustrated by the increasingly long list of confusing hurdles at 23andMe that people who test for genealogy must navigate before they can reap any of the potential benefits of matching for genealogical purposes.  Each successive hurdle reduces the number of people who complete the course and those who make it to the end are either the died in the wool genealogists who have tested elsewhere anyway or people with little or no knowledge of their genealogy.  Worst case, people who test at 23andMe for genealogy will leave with a bad taste in their mouth and never test again because, frankly, it’s neither easy nor fun.

We don’t know exactly how many people haven’t opted-in for DNA Relatives, but we can surmise some based on their publicly released information.  In the September retraction, 23andMe said that there were 350,000 who had not opted in, or out.  We don’t know how many have actively opted out.  In their ASHG abstract, they mention that 550,000 have consented for research.  That tells us that less than half of their clients are opted in for DNA Relatives, or about 200,000 (assuming no one opted out), or perhaps less now with the recent “are you sure” messages like I received.  Given that only 10% of the people who DO actively opt-in for DNA Relatives respond to inquiries, that’s a whole lot of people not clearing the hurdles for one reason or another.  Of their entire data base of 550,000, only about 20,000 people clear the hurdles and engage, or about 3.5%. That means that there are 530,000, or more if you include the unknown number of opt-outs, who don’t clear the hurdles.

I hope 23andMe gets their cumulative act together relative to genealogy customers. You’d think with genealogy customers being their only source of corporate revenue right now (except for government grants and venture capital), that they would be bending over backwards to make the genealogy related products and processes straightforward, accessible and easy to use.  Now would be a great time for some positive changes!

Navigating 23andMe for Genealogy

When I was young, there was a local woman who was extremely unhappy with her husband’s late night carousing.  He would come home “a bit tipsy” as well, and tried to sneak in unnoticed by leaving the lights off.  She was tired of it, so she got even, er, um, I mean, created a learning moment.

She rearranged all of the furniture and you had to walk through the living room to get to the bedroom.  About 3AM, she heard a huge crash.

Well, that’s what 23andMe did a few weeks ago.  I know they think they improved their website, but they didn’t.  And what they’ve done is cause a huge amount of work for those of us who assist others who have tested at 23andMe.  People can’t find the genealogy tools.  They both renamed them and relocated them and we didn’t even get any new features in the deal.  Where features were located wasn’t intuitive before, and they still aren’t, but now they are in different unintuitive places than they were before.  In other words, stumble, thump, crash – the lights are out and someone’s home.

So, as a matter of self-defense, I’m writing this blog about the basics of how to navigate the 23andMe site and how to utilize their genealogy tools.  It’s easy to miss opportunities if you don’t understand the nuances of their system, and they do have some great tools, by whatever name they call them.

We’re only interested in the genetic genealogy aspect, so we’re not discussing how to navigate the rest of their site.  Yes, there is more to the site than genealogy:)

The sign-on screen still looks the same.  After that, it’s all different.

First, remember that if you manage multiple kits, 23andMe decides which one is your default and you may not come up as “yourself.”  You can solve that by flying over your name in the upper right hand corner and then clicking on “switch profiles.”  I surely wish they would let you select and save your selection permanently.  You have to switch profiles every time you sign on.

Making Yourself Visible

The second thing you need to make sure of is that you ARE sharing, that people can see you.

Fly over the gear on the left hand side of the page at the top.  You’ll see the Settings option, click on that, then look through the options there, but specifically the “Privacy/Consent” tab.

nav 23andme gear

I’ve had people who could not figure out why they never received any invitations and their friends couldn’t find them, and it’s because their selections precluded sharing or did not allow people to search for them.

Here’s part of the Setting page, but you’ll want to review all of the information under your various settings tabs.

nav 23andme 1

The main page has several panel buttons across the top.  Not all are shown below.  The two we are going to be interested in are the “DNA Relatives” and the “Ancestry Composition.”

nav 23andme 2

If you want a quick overview of all of your genealogy information at 23andMe, you can click on the “My Ancestry Overview” button, but that’s not where the meat is – it’s  more like an appetizer.

nav 23andme 3

Here’s an example of the overview page.  Hint, the 4% Scandinavian showing is NOT your results, just the “cover page.”

Ancestry Composition – Ethnic Percentages

Click on Ancestry Composition.

You’ll see your own results in a circle chart.

nav 23andme 4

You can toggle the “standard” estimate to speculative or conservative in the drop down box at the upper right.  You can also change this circle to “chromosome view” which is really interesting.  The bar graph shows me that the two locations with identifiable Native American ancestry are found on my chromosomes 1 and 2.

nav 23andme 5

If you’ve been following my blog, you’ll know that I took this information and ran with it.  Here’s the link to “The Autosomal Me” series.

If you’re interested in taking this further and trying to identify your lines that match up with different ethnic admixtures, take a look at the series, especially Part 4, “The Autosomal Me, Testing Company Results.”  You’ll need to utilize some special download techniques and tools found outside of 23andMe, such as and you’ll also be utilizing as well.  What 23andMe provides you in this category is just the beginning.

Finding Matches

There are four ways to find and select people at 23andMe to invite to share their DNA with you.  23andMe is different than Family Tree DNA.  At Family Tree DNA, you are testing FOR genealogy, nothing else, so when you sign your authorization and consent for comparison, it speaks only to genealogy data, not medical data.  So everyone at Family Tree DNA is sharing unless they specifically elect not to.  23andMe also provides health information and many who tested for health traits are not interested in genealogy, so in order to share any information at 23andMe, you must invite them to share and they must agree.

Of course, 23andMe shows you a thumbnail of who you match, but there are several ways to refine and be selective about this process.

Searching for Specific People

If you know who you want to invite to match, enter their e-mail address, their name, their surname or their nickname at 23andMe in the main site search box.  If they have allowed searching and have tested at 23andMe, a link to request sharing will be shown, similar to the screen below.

Finding People with Common Surnames

First of all, to find people whose surnames include those in your family tree as well, in the general site search box, type in the surname you’re hunting for. Let’s hope it’s not Smith.

nav 23andme 6

The results of that search in all categories on the 23andMe site are shown, and you can click on any of the categories for more information.  In my case, I see that there are more than 100 people whose information includes Estes.  I can click on any of the links that say “invite so-and-so” to invite them to share with me.  I always customize the message.  Many people don’t reply to “generic” messages that don’t say why someone is asking to compare.

nav 23andme 7

Finding Genetic Matches

To see whose DNA you match, click on Family and Friends, then on DNA Relatives.

nav 23andme 8

The first person on your list, is you.  This is a good sanity check to be sure you’re comparing the right profile and not your cousins when you thought it was your own.

nav 23andme 9

Next you’ll see your closest matches.  These folks I’m most closely related to are my “Blessed Cousin Circle” who graciously provided their DNA so I could utilize it to figure how who matched whom.  Like a huge family puzzle, with no picture on the box cover.

nav 23andme 10

On down the list a ways are folks who I match but with whom I’m not yet sharing.  Geeze, guess I’d better try to fix that!

nav 23andme 11

Looking down the list, I see that few have included much information, which is sometimes an indication that they’re either not interested or don’t know a lot about their genealogy.  But look, there’s one with quite a bit of information near the bottom of the list.  Great.  But wait….oh no….I’ve already sent an invitation and never heard back.  That’s OK though, because I can send another message by clicking on “View” and then “Compose.”  Again, I always include a personal message.  Some people include links to their family trees in these messages as well.

Searching for Surnames within Genetic Matches

Let’s say I want to be more specific and I want to target people on my match list that have a specific surname.  I want to see who among my genetic matches also shares the Bolton surname in a genealogical line.

In the “search matches” box at the top of the list of names, I entered Bolton, my father’s mother’s maiden name.

The list returned is small.  The first person, Stacy, is my cousin and I know her genealogy quite well, so that surname match is expected.  But I don’t’ know the second person, Janet, and I need to investigate this further.

nav 23andme 12

Remember, this is a surname search of those who match genetically.  Even though Janet and I share a common surname and some DNA, our match may NOT be through the Bolton line.  In fact, it could be on my mother’s side instead.

So as a quick check, since I manage my Cousin Stacy’s DNA account, and she is related through my father, I’m going to see if she matches Janet too. If so, then that means the match is from my father’s line, and could well be the Bolton family.  This technique is called triangulation.

Stacy does not match Janet, so that means that more genealogy work is in order to see if the Henry Bolton (1759-1846) ancestral line is our common line. It could simply be that Stacy and Janet are too far removed from a common ancestor and Bolton is the correct genealogy line, but they don’t share a large enough segment of DNA to show up on each other’s lists.

The other potential issue is that either Stacy or Janet is over their 1000 match limit imposed by 23andMe, so they might actually match each other, but have fallen off the match list.  This is becoming a larger and larger issue.  I’m over that limit as are most people who have Jewish heritage and many who carry colonial American genealogy.  So far, 23andMe has declined to address this growing issue.  It makes drawing any conclusions from this type of triangulation impossible through a vendor-imposed handicap.

Composite Surnames

On the DNA Relatives Page, click on the surname link in the upper right hand corner.  What this shows you are the number of the various surnames on your list as compared to how rare they are in the general population.  This is your signal that something is up, so to speak, and it might be your lucky day.

My most “enriched” surname is Vannoy.  This means that it appears 7 times in my match list, including as one of my own historical surnames, and it’s quite rare otherwise, which is why the 98 on the enrichment bar and the fact that is it is my more prevalent rare surname.

nav 23andme 13

Looking down the list, this implies that maybe Henley is one of my family names that I’m not aware of.  Maybe I should contact the Henley matches and see if there is anything in common between them, genealogically, and if I have any dead ends where their ancestors are located.  Maybe I should see if their DNA and mine overlaps in any common location.  The easiest way to do that would be to use the downloaded spreadsheet via because then we can see everyone who matches those segments of DNA, including those who have tested at Family Tree DNA because I’ve downloaded that file into my spreadsheet as well.

You can click on the surname and your matches will be displayed, including ones you’re sharing with and ones you aren’t.  In this case, I clicked on McNeil and discovered my matches are all my cousins, so nothing new to be discovered here.

I did notice that not all my surnames are present.  For example, Estes is missing.  I’m not sure how 23andMe selects the names to include, and there is no “page help,” so I’m just glad for the ones that are present on the list.

Chromosome Comparison Tool

Ok, now that you’ve found matches and they are sharing with you, what’s next?  The next tool is the chromosome comparison tool, found under Family and Friends, then Family Traits.

This tool allows you to compare any two people on your list of matches, including the X chromosome which is inherited differently and can be a very important genealogy hint.

nav 23andme 14

Here’s  a comparison of me and my cousin, Cheryl.  Her father and my grandfather were brothers, so we share quite a bit of DNA.  And because I know where it comes from, genealogically, anyone who matches both of us on these segments shares our ancestry too.  No, you can’t do that “compare all” function at 23andMe, but your downloaded spreadsheet will handle that quite nicely.

Update:  Venice points out that Family Traits does one thing that Family Inheritance: Advanced doesn’t do – it identifies fully identical segments vs. half identical segments.  Most segments between genetic relatives are half identical, but (full) siblings will have a fair amount that’s fully identical.  Family Traits also shows the locations of the centromeres and other low-data zones.

Family Inheritance, Advanced

Under the Ancestry Tools tab, there is one more tool I want to discuss briefly.  Unfortunately, it’s not as useful as it could be because of the way it has been implemented.

This tool allows you to compare yourself with up to three other kits whom you match, except for public matches.  Unfortunately, I have several public matches and I’d love to be able to do this comparison.  For example, I’d like to compare myself to my cousin Stacy and Janet, but because Janet is a public match, she’s not available on my list:(

Update:  Kitty has found a way to allow for Public match comparisons.  “To offer to share with a public person you have to click on their name at the left to go to their profile and then click the words Invite (name) to share genomes located at the top right.”  Thank you Kitty!

Red Herring Matches

Let’s use Family Inheritance Advanced as an example of two people who match me on the same segment, but are from opposite sides of my family.  I know when we talk about this, people secretly say to themselves, “yea, but how often does that really happen, I mean, what are the chances.?”  Well, here’s the answer.  Better chances that winning the lottery, for sure, and I mean the scratch off tickets where you win a dollar!

My cousins Stacy and Cheryl are from Dad’s and Mom’s side of the family, respectively.  We know they don’t share common ancestry, but look, they both match me on four of the same segments.

nav 23andme 15

How is this possible, you ask.  Remember, I have two halves of each chromosome, one from Mom and one from Dad.  It just so happens that Cheryl and Stacy both match me on the same segment, but they are actually matching two different sides of my chromosome.

Now let’s prove this to the doubting Thomas’s out there.

nav 23andme 16

Here is the comparison of Cheryl and Stacy directly to each other.  They do have one small matching segment, 6 cM, so on the small side.  But they don’t match each other on any of the segments where I match both of them.

If they did match each other and me on the same locations, it would mean that we three have common ancestry.  This is another example of triangulation.

The fact that they match each other on one segment could also mean they have distant common ancestry, which could be from one of our common lines or a line that I don’t share with them, or it could mean they have an identical by state (IBS) segment, meaning they come from a common population someplace hundreds to thousands of years ago.

The real message here is that you can never, ever, assume.  We all know about assume, and if you do, it will.  In this case, assuming would have been easy if you didn’t have the big picture, because both of these family lines contain Millers from Ohio living in close proximity in the 1800s.  However these Miller lines have been proven not to be the same lines (via Yline testing) and therefore, any assumptions would have been incorrect, despite the suggestive location and in-common names. Furthermore, one Miller line married into my cousin Stacy’s line after our common ancestor, so is not blood related to me.  But conclusions are easy to jump to, especially for excited or inexperienced genetic genealogists.  It’s tempting even for those of us who are fairly seasoned now, but after you’ve been burned a few times, you do learn some modicum of restraint!

Downloading Your Raw Data

Downloading your raw data is not the same thing as using to download your chromosome start and stop locations for your matches.  Your raw data is just that, raw data.

It looks like this and it’s thousands and thousands of lines long. It’s your actual values at different DNA locations.  The rsid is the location on the reference human genome, followed by the chromosome number, the position address on that chromosome, and the nucleotide given to you by each of your parents.

# rsid  chromosome position    genotype

rs3094315    1        742429         AA

It’s doesn’t mean anything in this format, but after analyzing it using complex software, this information, combined, can tell you who you match, your ethnicity and more, of course.  You’ll want to do a couple of things with your raw data file.

First, use this link to download it.  They’ve hidden the link well on their site.  I can never find it, so I just keep this link handy.

Consider uploading your raw data to  It’s a donation site (meaning free but donations accepted) created for genetic genealogists by genetic genealogists and it has a lot more tools than any of the testing companies alone.  Think of it as a genetic genealogy sandbox.  One of the benefits is that people from all 3 testing companies, 23andMe, Family Tree DNA and can upload their data and compare to each other.  The down side is that many people don’t know about GedMatch and don’t utilize it.

Last, consider transferring your results to Family Tree DNA.  At Family Tree DNA, the people who test are interested in genealogy – they are genealogists or their family members.  You are much more likely to receive responses to inquiries and you don’t have to invite people and wait for acceptance.  Even when people don’t reply to your inquiries at Family Tree DNA, you can still utilize the comparison tools to compare up to any 5 of matches, seeing where they match you and each other.  I’ve utilized this tool numerous times, an example of which you can find in the Davenport article and the Autosomal Basics article.  To transfer your results to Family Tree DNA for $99, which is less than retesting, click on this link, then click on “Products.”

nav 23andme 17

Then scroll down to “Third Party” and the product you’re looking for is “Transfer Relative Finder” which used to be the name of the 23andMe products before they rearranged the furniture.nav 23andme 18

Happy swimming in the genetic genealogy pools. Let’s hope you meet some family there!

No (DNA) Bullying

No Bullying

There are hardly any hobbies that hold more passion than genealogy.  Once hooked by the bug, most people never retire and one of the things they worry about passing down to their family are their genealogy records – even if the family of today isn’t terribly interested.

So it’s easy to understand the degree of passion and enthusiasm, but sometimes this passion can kind of go astray and it crosses the line from something positive to something not nearly so nice.

Genetic genealogy is the latest tool in the genealogists’ arsenal, but it introduces some new challenges and unfortunately, with the increased number of people testing, we’re seeing some examples of what I consider bullying – for DNA, for identification and for information.

Bullying is unwelcome aggressive behavior that involves repeated threats, physical or electronic contact or a real or perceived imbalance of power.  Generally, the victim feels they can’t make it stop.  This has become especially prevalent in the cyber age.  And bullying is not just about kids.

I’m going to look at 3 types of situations.  It’s easy to see both perspectives, but bullying by any other name is still bullying, even though the bully probably doesn’t see it that way.  Guaranteed, the recipient does.

You’ve Got the DNA I Need

Let’s say that Aunt Gladys is the last person alive in a particular line who can provide DNA to represent that line.  But Aunt Gladys, for whatever reason, doesn’t want to test.  It’s fine to discuss this, to talk about her concerns, and perhaps you can find a solution to address them, like testing anonymously.

But let’s say that Aunt Gladys simply says “no,” end of story.  What then?

Yes, Aunt Gladys carries the information that you need, but it’s HER DNA that needs to be tested, and if she says no, then her decision should be respected, as difficult as it may be and as unreasonable as it may seem.  Maybe Aunt Gladys knows something you don’t – like she is adopted or some other secret that she does not wish to reveal.  Badgering Aunt Gladys from this point forward is going to do nothing other than cause hard feelings and make Aunt Gladys want to avoid you.

You may think you’re “just discussing” but from her perspective, you may be bullying.  Now, it’s OK to beg and cry once, but if you’re slipped into the realm of “if you don’t test, I’ll tell Uncle Harvey that you scratched his car back in 1953,” you’ve stepped over that line.

Won’t Answer E-Mails

I can’t tell you how often I hear this story.  “I match with person XYZ and they won’t share their information.”  Most of the time, they won’t answer e-mails.  And the question follows, of course, as to why they tested in the first place.

These tests have been around for a number of years now.  Many people have died or moved or the purpose of the test was fulfilled and they aren’t interested beyond that.  Think of your Aunt Gladys.  If you did convince her to test, it wouldn’t be for her, but for you and she certainly would not be interested in answering random e-mails.

There could be a number of reasons, depending on the testing company used, that someone might not answer.  In particular, many people test at 23andMe for health reasons.  It doesn’t matter to them if you’re a first cousin or any other relation, they simply aren’t interested or don’t have the answers for you.

It’s alright to send 2 or 3 e-mails to someone.  E-mails do get lost sometimes.  But beyond that, you’ve put yourself into the nuisance category.  But you can be even worse than a nuisance.

I know of one case where someone googled the e-mail of their contact, discovered the person was a doctor, and called them at the office.  That is over the line into cyber-stalking.  If they wanted to answer the e-mail, they would have.  If they don’t want to, their decision needs to be respected.

I Know You Know

This situation can get even uglier.  I’ve heard of two or three situations recently.  One was at Ancestry where someone had a DNA match and their trees matched as well.  At first the contact was cordial, but then it deteriorated into one person insisting that the other person had information they weren’t divulging and from there it deteriorated even further.

This is a hobby.  It’s supposed to be fun.  This is not 7th grade.


However, there are other situations much more volatile and potentially serious. In some cases, often in adoptions, people don’t want contact.  Sometimes it’s the parent and sometimes it’s the adoptee.  But those aren’t the only people involved.  There are sometimes half-siblings that are found or cousins.

For the adoptees and the parents, there are laws in each state that govern the release of their legal paperwork to protect both parties.  Either party can opt out at any time.

But for inadvertently discovered family connections, this isn’t true.  Think of the person who doesn’t know they are adopted, for example, who discovers a half-sibling and through that half sibling their biological mother.  Neither person may welcome or be prepared for this discovery or contact.

Imagine this at the dinner table with the family gathered, “Hey guess what, I got a half-sibling match today on my DNA.  I wonder if that’s some kind of mistake.  How could that be?”

So if you match someone as a half sibling or a cousin, and they don’t want to continue the conversation, be kind and respectful, and leave the door open to them if they change their mind in the future.  Pushing them can only be hurtful and nonproductive.

Dirty Old (and Formerly Young) Men

And then, there’s the case of the family pervert.  Every family seems to have one.  But it’s not always who you think it is.  By the very nature of being a pervert, they hide their actions – and they can be very, very good at it.  Practice makes perfect.

Let’s say that Jane likes genealogy, but she was molested as a child by Cousin Fred.  Some of the family knows about this, and some don’t believe it.  The family was split by this incident, but it was years in the past now.  Jane wants nothing to do with Fred’s side of the family.

(By the way, if you think this doesn’t happen, it does.  About 20% of woman have been raped, 30% of them by family members (incest), many more molested, and children often by relatives or close family friends.  15% of sexual assault victims are under the age of 12.  Many childhood cases are never prosecuted because the children are too young to testify.  Perverts and pedophiles don’t wear t-shirts announcing such or have a “P” tattooed on their forehead.  Often family members find it hard to believe and don’t, regardless of the evidence, casting the victimized child in the position of being a liar and “troublemaker.”  Need convincing?  Think of what Ariel Castro’s family said and how well he hid his dark side and the Boston bombers’ family comments about their innocence in the face of overwhelming evidence to the contrary.)

Jane’s an adult now and DNA tests.  She has a match and discovers that it’s on Fred’s side of the family.  Jane tells the person that she doesn’t want anything to do with that side of the family, has no genealogy information and wants no contact.  The match doesn’t believe Jane and then becomes insistent, then demanding, then accusatory, then threatening.

This is clearly over the line.  Jane said she didn’t want any continued contact.  That should have been the end of the discussion.

But let’s say this one gets worse.  Let’s say that because of this, Cousin Fred wakes up and decides that Jane is interesting again and begins to stalk Jane, and her children……

Does this make you shake in your shoes?  It should.  Criminals not only aren’t always playing with a full deck, but don’t play by any of the same rules as the rest of us.  Cousin Fred might just be very grateful for that information about Jane and view it as a wonderful “opportunity,” provided by his “supportive” family member who has now endangered both Jane and her children.

Who’s Yer Daddy?

In another recent situation, John discovered by DNA testing that he is not the biological child of his father.  He subsequently discovered that his mother was raped by another male, married to another close family member.  When John discovered that information, he promptly lost interest in genealogy altogether.

A year or so later, John matched someone closely who was insistent that he provide them with how he was related to them.  John knew, but he did not feel that it was any of their business and he certainly did not want to explain any of the situation to the perpetrator’s family member, who, by the way, had already mentioned what a good person the perpetrator was.  However, the person continued to harass and badger John until he changed his e-mail address.

I so wanted to ask these people, “What part of “NO” don’t you understand?”

Mama’s Baby, Daddy’s Maybe

In one final example, adoptees often make contact with their birth mother first, and then, if at all, with their birth father.  Sometimes the birth mothers are not cooperative with the (now adult) child about the identity of their father.  Often, this is horribly frustrating to the adoptee.  In at least one case, I know of a birth mother who would never tell, leaving the child an envelope when she died.  The child was just sure the father’s name was in the envelope, but it was not.  I can only imagine that level of disappointment.

Why would someone be so reticent to divulge this information?  The primary reasons seem to be that either the mother doesn’t know due to a variety of circumstances that can range from intoxication to rape, the woman never told the father that she had a baby and placed the child for adoption, the father was abusive and the mother was/is afraid of him/his family, the father was married, or the father was a relative, which means not only might the father still be alive, the mother may still have a relationship of some type with him.  The mother may have lied for years to protect herself, and in doing so, protected the father as well.

Clearly, this situation has a lot of potential to “shift” a lot of lives and not always in positive ways.  One woman didn’t want to make contact with her child other than one time because she had never told her husband of 30 years that she had a child before their marriage.  One woman made contact, but did not want to divulge that the child’s father was her older brother, still alive.  Victims often keep the secrets of their attackers out of misplaced shame and guilt.  Think Oprah here.  Mother may not be simply being stubborn, but acting like the victim she is and trying to preserve whatever shreds of dignity are left to her.  She may also be embarrassed by a lapse in judgment.  One adoptee realized when counting forward from her birth date that she was conceived right at New Years and when she realized that, she figured out that her mother, who drank heavily when she was younger, probably did not know who her father was, and didn’t want to admit that.

As frustrating as this is for the adoptee, the birth mother does have the right not to have her life turned upside down.  Badgering her will only result in losing the potential for a relationship from the current time forward.  Being respectful, understanding and gentle may open the door for future information.


I can hear Aretha now.

If you haven’t walked a mile in their moccasins, so to speak, you can’t possibly know the situation of the person on the other end of your request for DNA or information.  Don’t make the mistake of stepping over the line from excitement into bully behavior.

Think of the potential situations the person on the other end may be dealing with.  Ultimately, if they say no, then no it is and no should be enough without an explanation of why.  Generally bullying doesn’t work anyway, because someone who feels like you are threatening them or being too aggressive will clam right up and it will be that proverbial cold day in Hades before they tell you anything.  It’s important to keep communications from sounding like you’re demanding or entitled.  My mother always said “you’ll catch more flies with honey than with vinegar.”  I always found that very irritating, probably because I needed to hear it just then – but regardless – it’s true.

Keep in mind, genetic genealogy is about genealogy.  It’s a hobby.   It’s fun.  If it becomes otherwise and puts people at jeopardy, then we need to take a step back and take a deep breath.

Most people don’t mean to cross the line into bullying.  They just get excited and sometimes desperate.  Hopefully this discussion will help us all be more aware of where the polite line is in communicating with our family members and matches.

If you are the victim of information bullying, cyber-stalking or someone puts you in an uncomfortable situation, there are steps you can take to remedy the situation.  Most bullying sites are directed at adolescents, but the advice still applies.

If you know you don’t want contact initially, then make your accounts anonymous or don’t respond to requests.  If you realize that you don’t want contact after the initial contact, for whatever reason, say so.  After that, do not engage in communications with someone who is attempting to bully you.  If they threaten you or threaten to reveal information or your identity if you don’t give them information or do something, that action falls into the blackmail realm, which a crime.  Complying with a threat to protect yourself or your family generally only results in more of the same.  You are not dealing with a nice person.  At this point, you are way beyond genealogy and your own internal “danger” sign should be flashing bright neon red.

If disengaging does not take care of the problem, save all messages/contacts and contact your attorney who may advise you to contact the police or the FBI if the problem crosses state lines.  Depending on what state you/they live in and exactly what they have done, you may have a variety of options if they won’t stop, especially if they do something that does in fact manage to turn your life upside down and/or a crime is involved, like blackmail.  Of course, this is akin to closing the barn door after the cow leaves.  Hopefully, the person causing the problem is simply an over-zealous genealogist, means you no harm, realizes what they have done or are doing, and will get a grip and compose themselves long before this point.

Bullying of course is not because of DNA or unique to genetic genealogy, but the new products introduce new social situations that we have not previously had tools to discover nor the opportunity to address in quite the same way.

Email Hacking, Hijacking, Spamming and Internet Safety

Today’s blog is off-topic.  It’s not about DNA, but it’s about something every bit as pervasive and something every person who accesses the internet needs to be aware of and understand.  Today, we’re going to talk about how e-mail accounts get hacked and hijacked, what the difference is, how those spamy one link e-mails are sent, and both as a person whose e-mail has been compromised and as an e-mail receiver, what you can and should do to protect yourself. If you haven’t already been a victim on one end of this scheme or the other, you likely will be.  If you received one of these types of e-mails from me today, you know why I’m writing this article.

So I’m finally taking a few days off.  I’m at a retreat.  I wake up this morning to a gloriously beautiful spring day and lay there in bed thinking how lucky I am as the sun streams in the window.  I reach over to the bedside for my iPhone to see what kind of e-mails have come in overnight, and there is a series of e-mails with the word “Hacked” in their titles, addressed to me.  I can tell right there, it’s not going to be a good day.

Yes, the people in one of my address books were receiving those nasty one-line-link e-mails.  This one happened to be for Viagra.  Worse yet, some of them had clicked on the link, and then when they saw the topic, they realized the e-mail was not really from me, even though the e-mail “from” address was mine, and e-mailed me to tell me so – including my husband who happened to think the Viagra link was hilarious.  Good thing he has a sense of humor.  Let’s just say I was much less amused.

Hacking vs Hijacking

As it turns out my e-mail address had been hacked.  It had not been hijacked.  What is the difference you ask?  A lot.

A hack job means your password has been compromised and the villain (that’s what we’ll call the hacker) has actually signed on to your account, read any e-mails coming in, looked through your inbox, your saved folders, especially any banking type of folders or one that you’ve named, God forbid, “passwords.”  It also generally means that the villain may have also changed your password and then your security questions so now you don’t and can’t get access to your own account.

If you’re lucky, they only send those spamy e-mails.  If you’re not lucky, the villain then changes your password and sets about to use you and your account to defraud people.  The best example I can think of is the e-mail that almost everyone has received at one time or another that goes something like this:

“Dear Joe,  I write you with tears in my eyes.  I’m at a hotel in London (or fill in the blank any other city out of the country) and my billfold was stolen.  I have no id or any money to pay the bill and I cannot leave the country without paying the hotel bill.  Can you please advance me some funds and I will pay you back immediately upon returning home.”

Well, obviously, anyone who replies to “you” is really talking to the villain now, and anyone who DOES advance “you” money is giving it to the villain who lives someplace far from here and is not traceable nor accountable in the US – generally in Russia.  Now you would think that this scheme, being as old as mud, would fail miserably, but it doesn’t because there are still naïve people out there who want to help.

If this happens to you and your password has been changed, contact your e-mail provider immediately for assistance as that is the only way you can resolve this situation.  Time is of the essence here – so do not delay.

Here’s a link that further discusses this phenomenon and recent Yahoo e-mail compromises.

Ok, that’s hacking.

What Is E-mail Hijacking?

Hijacking is when the villain uses your e-mail address, but not your address book to send spammy or virus filled e-mails to random people who you don’t know and have never communicated with.  Basically, they use your e-mail address to “fill in the blank” of the “sending” address.  They do not have to gain access to your account to do this. It’s also known as “spoofing” for obvious reasons.

Often, the first symptom you’ll see of this is lots of bounced e-mails that you didn’t send.  Many times, these links contain viruses that take over computers, steal the address books from non-cloud-based e-mail systems and worse if the recipient clicks on them.  Sometimes, out of curiosity, you’ll click on them in the bounced e-mail too, to see what “you” sent.  Don’t do it, no matter how curious you are.

The good news is that with a hijacked e-mail address, the villain has not compromised your actual account.  If they have sent the spamy e-mails to your contacts, then your account has been compromised, hacked, but changing your e-mail password (and making sure they have not set up a second or alternate e-mail address under your account) generally takes care of it.

The bad news is that once hijackers have your e-mail address as fodder, there is virtually nothing you can do to stop this type of activity.  Frustrating?  Indeed.  At this point, it’s up to the recipients to be savvy enough to recognize this type of e-mail and to not click on the links, which spread the virus further.

As a recipient of one of these e-mails, one clue that indicates a hacked account versus a highjacked account is to look at the list of recipients.  If they are in alphabetical order, meaning that your e-mail address begins with r and you are in the middle of a group of r addresses, and you know the sender, it’s probably a hacked account and the spammer is going through the contact list but only sending to small numbers of recipients at a time so that they will not be caught in the service providers’ spam traps.  You need to notify the sender who account has been hacked.  If the message looks spammy, but you don’t know the sender and there is no list of recipients, then it’s probably a hijacked e-mail address.

This is much worse with cloud-based e-mail systems.

What Is The Cloud? 

A cloud-based system is any system that you sign on to the internet to use and you use online such as Yahoo, Gmail, etc.  In other words, not on your own PC.  Cloud based systems can be accessed by cell phone or other device that is not a computer.

By contrast, I have a combination of two types of systems.  When I’m at home, I use Microsoft Outlook on my desktop system.  Outlook downloads all of my e-mails from my internet e-mail provider, Yahoo, in this case, onto my desktop system.  This means that all of my customer contacts, thankfully, are only on my desktop system which runs behind a full commercial hardware and software firewall and has the latest and greatest anti-virus/malware software (Norton Internet Security) which is run daily with any updates.  Plus my system uploads all of Microsoft’s patches as well, daily, and installs them.  Microsoft patches known security holes.  Villains exploit these known holes, especially on systems not kept current.

However, when I travel, I can’t get to my home system, of course, so I use Yahoo’s cloud based service where I sign onto their system and read my e-mails online.  I can reply and such just like in Outlook.  For convenience, I’ve saved the e-mail addresses I use frequently in my online address book.  Those are the addresses that were compromised, and only those.

So I know the compromise was not from my system at home, which was turned off in my absence, but from the Yahoo cloud-based e-mail side of things, using my Yahoo address book.  If you don’t store any addresses in your address book, there is nothing for the villain to steal.  Now, they may still harvest your e-mail address to use in spamming others.  Here’s another link about the recent Yahoo attacks along with links from Yahoo about how to protect yourself and steps to take if you have been compromised.

Rich Pasco wrote a great article about both hacking and hijacking, also known as spoofing.

How Did This Happen?

Having spent years in the technology industry, I pretty much stick to the books.  I know the rules and abide by them.  However, no one is immune, and ultimately, this is like a common cold, it will happen to everyone.

My password was not common, no “real words” but was only 8 letters/numbers.  This is, by today’s standards, a mediocre password.  There are tools out there called password crackers that can run against your password until it’s cracked, and they are very effective.  The only way my password could have been obtained was either utilizing a password cracker, captured using some type of capture software from a public (like hotel) network, or via a Yahoo security breach.  It could not have been guessed.  Password crackers are free on the internet.  More sophisticated ones aren’t free, but for the villain, they are worth every penny.  Yahoo’s security issues are discussed in the links above.  And yes, I was staying at a hotel.

I had a hard time believing my account had been breached, but it had.  I signed on to view my recent logins, and sure enough, look at what happened at 1:19 this morning…from Russia.  I assure you, that’s not where I was visiting on my retreat.  Now since Yahoo knew enough to flag this activity, as you can see below, it would have been very nice if they had notified me.

Password hack

It’s important to regularly change passwords and to utilize strong passwords.  Check this link for further discussion about password strength and vulnerabilities along with how to protect yourself.

10 Ways To Protect Yourself

  1. Utilize strong  passwords – meaning ones that are not your pet, your address, etc.  Use nonsense words and numbers combined with capitals and non alpha  characters, like sdfg7531+?.  Pain in the butt?  Yes.  More painful than having your account compromised?  Nope.
  2. Never use the same password for multiple accounts.  If they can get into one, then you’ve given them a free ticket for all of your accounts.  Facebook, Twitter, your bank…what else?
  3. Don’t keep password or financial information in any e-mail folders.  Period.  No exceptions.  Preferably don’t keep any of that on your computer at all.
  4. Don’t store e-mail addresses in cloud based e-mail systems.  Pain in the butt?  Yes.  But hackers can only steal what is in your address book or otherwise available to them.  By and large, they aren’t going to go through your e-mails individually to obtain addresses.  They may, however, delete your entire address book and all of your e-mails, if they are feeling particularly malicious.
  5. Always keep both anti-virus and mal-ware software up to date on your system.  If you clicked on a link that wasn’t what you expected or took you someplace you didn’t plan, run the software immediately.
  6. Never, NEVER, ever click on a one-line link e-mail no matter who it comes from.  It if looks suspicious, reply to the e-mail and ask the person if they really sent it and what it’s about.  If you don’t click on it, the worse that will happen is that you’ll miss an e-mail.  If you do click on it, you may well infect yourself and others will horrible viruses that can wreak havoc you can only imagine – or maybe can’t even imagine.  Conversely, when you send e-mails to people, always put enough verbiage that they know it’s really you.  This habit helps people identify messages that might be bogus.
  7. Don’t use public computers to check e-mail.  Be exceedingly careful about using hotel or public wifi sites as well.  If you do, change your password afterwards.
  8. Be extremely vigilant.  If something seems wrong or “funny,” it probably is.
  9. Back your system up regularly.  If your system were to be destroyed, you could recover essential items.
  10. Change your password often.  Pain in the patoot?  Yep.  Better than the alternative?  If you’ve ever been on either end of being compromised, you’ll know that it is!

Ok, back to DNA in the next article, I promise!

Hackers and Your Genetic Secrets

Did that title get your attention?  Well, it was meant to, just like it was meant to in this NBC article titled “Scientists Demonstrate How Hackers Could Unlock Your Genetic Secrets.”  Or how about this one in the New York Times, “Web Hunt for DNA Sequences Leaves Privacy Compromised?”  Sensationalism sells….and so does fear.  Don’t panic, the sky is not falling.

I’ve had several people forward me a variety of links to several articles about this expressing concern.  Most people didn’t really understand what was going on…and since “family tree databases” were mentioned in the first paragraph, it frightened them.

This article says that the “security cracking trick relies on the availability of genetic information linked to surnames in a variety of public family-tree databases.”  Well, that’s sort of true, but not exactly true.  The issue is not the family tree databases, it’s the fact that the researchers in The Thousand Genomes Project, while keeping the names of those 1000 people “anonymous,” provided enough information that these scientific researchers, not hackers, were able to data mine the 1000 Genomes participants information to determine their Y-DNA marker values, then compared those haplotypes (marker values) just like we do in databases such as Ysearch and Sorenson.  And yes, they likely had matches to several surnames, like most of us do.

Individuals in the 1000 Genomes Project signed a release indicating that they knew that their data was to be used publicly, although their identity would not be revealed but that researchers could not guarantee their privacy.  The 1000 Genomes Project, unfortunately, posted the ages of the participants, which at the time seemed innocuous enough, and it was common knowledge within the scientific community that they all lived in Utah.  With these three pieces of information, their age, their location, and from the scientists data mining, a possible surname, the scientists were then able, if the surname wasn’t something like Smith or Jones, to use publicly available Google and “white pages” types of searches to find people in that state, of that age, by that surname, and then using obituaries and such, connect them through online family trees to their more distant families.  They did this with Craig Venter, for example.

This technique is nothing new to genealogists, as we’ve been finding cousins that way for years – the difference being of course that we didn’t data mine, otherwise in this case more aptly referred to as “scientific hacking,” the 1000 Genomes Project in order to find their Y-line DNA markers to determine a possible surname for them.  That is the issue and the point of this article and ironically, it’s scientists who did it, then published the “how-to” manual.

Any genetic genealogist knows, especially anyone dealing with adoptees, that you can only reveal a biological surname about 30% of the time.  In fact the scientists success rate was lower, 12%.  But that’s actually irrelevant in the bigger context of the article.  Their point was that they succeeded at all.

This is sort of like putting personal information on the internet, except your name, and then being surprised that someone could connect the dots and put the pieces together.  No one would be surprised today if that were to happen.  In fact, I’m sure we all have received cautions and warnings about putting too much info on Facebook because burglars were robbing homes when people were vacationing.  Many people have their hometown, their high school and their birthday and year publicly available on Facebook.  Now how many “security questions” does that answer right there?  Combine that with your dog’s name and your mother’s maiden name and you’ve got almost all of the common ones.

Aside from the fear-mongering, I have three issues with these reports as a whole.

1.  Statements like “they traced those three family tree pedigrees to find other connections between relatives and sensitive genetic data.”  Whoa, stop right there.  Just because you share a surname or even if you are a direct and immediate relative, that says nothing, absolutely nothing, about whether or not you inherited some genetically disposed health issue.  Remember, children inherit half of their DNA from each parent.  So unless they are finding identical twins or parents, one cannot infer that an entire family tree of people share frightening health traits.  It’s irresponsible to suggest otherwise.

2.  “For years, experts have worried that sensitive genetic data could be used to discriminate against patients, potential employees or would-be insurance customers.  Such discrimination is illegal when it comes to employment or health insurance, but the law doesn’t’ cover life insurance, disability insurance or long-term care insurance.  Theoretically an insurer could search through genetic records and turn you down because you have a genetic predisposition to, say, Alzheimer’s disease.”

Discrimination is an issue, and laws have been put in place to prohibit discrimination in the workplace.  But insurers aren’t going to sift through genetic data like a private investigator.  Suggesting this is unnecessary fear-mongering.  Insurers don’t do that, they simply tell you that a blood test is a pre-requisite of obtaining insurance.  I know, I bought life insurance and they sent a nurse to my house to verify my identity and take a blood sample.  At that time, they were looking for diabetes, AIDs and probably a whole lot more.  Today, they might be looking for genetic pre-dispositions.  I don’t know, but I do know they have a direct method of obtaining that information and it’s not spending untold hours sifting through someone else’s data that likely isn’t relevant to you anyway.

3.  This “research” project was inspired at Whitehead Institute, an affiliate of MIT, a publicly funded institution.  When Yaniv Erlich dreamed up this new hacking technique, he said he couldn’t resist trying it, so instead of simply discovering a potential issue and privately and quietly working with the proper people to resolve the issue, he decided to exploit it publicly, obtaining, I suppose, his 15 minutes of fame.  So yes, your tax dollars did indeed likely pay for some or all of this “research.”

In one of the articles,  Dr. Jeffrey R. Botkin, associate vice president for research integrity at the University of Utah, which collected the genetic information of some research participants whose identities were breached, cautioned about overreacting. “Genetic data from hundreds of thousands of people have been freely available online,” he said, “yet there has not been a single report of someone being illicitly identified.”  He added that “it is hard to imagine what would motivate anyone to undertake this sort of privacy attack in the real world.” But he said he had serious concerns about publishing a formula to breach subjects’ privacy. By publishing, he said, the investigators “exacerbate the very risks they are concerned about.”

Well, it’s obvious that these folks at Whitehead institute don’t live in the real world and clearly don’t have enough real scientific research to do.

So, what is the take home of all of this?

  • You are not at risk of having anything exposed in this incident unless you are one of the 1000 people in the 1000 Genomes Project.  If you are part of the 1000 Genomes Project, and male, there is a 12% risk that they figured out your last name and using other tools, possibly who you are, along with your family.  If you are related to someone in the 1000 Genomes Project, the researchers might have figured out that you are related to them.  So now the risk is that they’ll do what with that information???  Guaranteed, someone will figure out the same information and much more quickly, without your DNA and without government funding if you simply stop paying your bills.
  • If you participate in a research project, such as the 1000 Genomes Project, where your full results are made publicly available, you sign a release, and that release indicates that your privacy may not be able to be protected.  You are aware of the risks before you begin.
  • We, as a community, have been warned for years not to put information that might be medically informative on the internet, such as full sequence mitochondrial DNA information.  Anyone who does so, does it at their own risk.  The people in the 1000 Genomes Project knowingly took that risk.
  • If you stay within the confines of the genealogy and DTC mainstream testing companies, you are fairly well protected.  Having said that, reading the consent forms of any of the companies makes it clear that your identity is never entirely protected.  We’re genealogists after all.  What good is genealogical testing if you can’t contact people you match?
  • Inferred health risks are not the issue they are being portrayed to be in these articles.  Your cousins health risks are not necessarily yours.  Genetic inheritance is a complex and individual event.  If you want proof of that, test your family at and look at the differences in health risks for various diseases.
  • Insurers who can use health information to restrict or deny insurance are simply going to request a blood sample.  They are not going to act like a blood hound on the scent of a rabbit and sort through tons of information for inferences.  Why would they when they can obtain the information they seek, directly and much less expensively?
  • For those researchers involved with information made publicly available, such at the 1000 Genomes Project, this is a wake-up call that perhaps less information available publicly is better.  Some information, such as ages and location should perhaps be available only to legitimate researchers, which would still have included the Whitehead Institute people, but would have taken away much of their thunder.  I understand this change has already been implemented, but that doesn’t entirely mitigate the issue of genetic data mining publicly available full genomic sequence information for identity, only makes it a little more difficult and less likely to succeed.
  • I clearly understand why hackers want my bank account information, and why identity thieves want my personal information, but why, in the real world, not at Whitehead institute, would anyone ever spend the time and effort to do this?  The motivation for these researchers was clearly to publish, but I can think of no reason other than that or simply “because they could” to spend the time doing something like this.  Who would want to and for what purpose?
  • The sky is not falling

It’s behind a paywall, but you can access the scientific article here that started all of this hubbub.