Smarmy Upstart DNA Websites – Just Say NO!

Twice now in the last month or so, new websites that promise to provide customers with a different “better” view of their ethnicity, including ancient DNA, have popped up.

I’m not providing the links to these sites, because I do NOT want to drive any curiosity traffic there.

In both cases, the pages about the website or supposed “company” did not provide any information about the individuals behind the service.

Neither did a google search of their supposed name or LLC name.

In one case, the physical address given was illegitimate. In the newest case, this week, no address, not even a country, was disclosed.

A check of the website registration shows that it’s new and the owner’s ID is hidden.

In both cases, an e-mail sent to the address provided asking about who was behind the company and where they were located remains unanswered.

Please keep in mind that these omissions are violations of GDPR in Europe, yet there was no caveat about not accepting clients whose results fall under GDPR auspices which suggests these companies willfully disrespect regulations.

Of course, the first thing that happened was that people saw these new attractive-looking “tests” and uploaded their data immediately – then excitedly reported the results on Facebook, encouraging others to do the same.

Please, please, put the brakes on and think first.

Think, Please

Let’s look at this objectively.

The first thing the newest site does is require your e-mail address to sign up.

Off the bat, they’ve harvested that information.

Then, you upload your DNA file to some unknown person, in some unknown place.

Now they’ve also harvested your DNA.

What are they going to do with your DNA file, ultimately?

Is it going to China? Is it being sold to unknown entities? How would you know and what recourse would you have?

no free lunch

Seriously, what anonymous person would do this “for free, for fun”?

Without knowing who is behind this type of product, how would you as a consumer ever begin to evaluate their competence to provide this service? Why would you even begin to trust them if they hide their identity? This should be your first clue that something isn’t right.

Next, you discover that to see the “analysis” that you have to pay.

You’re sending your credit card number to someone you don’t know.

Now, they’ve harvested your credit card. So far, they have your e-mail, your DNA and your credit card information.

With that, you are entirely identifiable and scammable.

Those “Nigerian Princes” of yesteryear have stepped up their game with much better bait.

But, It’s Safe Because of the Lock…

No, a little lock in the url only means that communications to and from the site is encrypted, it’s not an endorsement or commentary on the legitimacy of what you are purchasing or the website owner.

If something goes wrong, you don’t even have a legitimate business name, address or identity of a person. You have no idea who to complain about, which is most likely the entire goal. If they are offshore, out of the reach of the law where you live, you can complain all day long and there’s nothing that can be done.

Nothing. NADA. You’re toast.

Stop.

Just stop.

Think.

Evaluate.

Before providing any information to a company, do your homework. Take a few minutes and research before jumping into the fire.

Stay with the major testing companies that are known and respected entities in the community. A new, anonymous, overnight upstart isn’t going to provide a better analysis than a company with population geneticists working to provide a quality user experience.

Any legitimate startup is going to be telling you WHO they are and WHY they are qualified – not intentionally remaining in the shade.

Unfortunately, bad experiences tend to tar good companies providing similar products with the same brush and we clearly don’t want that to happen.

Don’t set yourself up to become victimized, parted with both your money and your DNA due to your curiosity and love of genetic genealogy.

Please, stop and think.

If it sounds too good to be true, especially if it’s coming from an anonymous knight in shining armor from an unknown kingdom, it probably is.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some (but not all) of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Ancestry Displays City/State Where You Live on Map to Your DNA Matches

A new Ancestry feature, in beta mode, has been rolled out to many, if not most, users. Truthfully, I was quite surprised to discover that Ancestry is displaying the location where I currently live to my DNA matches through fourth cousins.

I never intentionally gave permission for this, meaning I never expected the location where I live to be utilized in this fashion. I’ve been an Ancestry subscriber for many years, and while I may have entered my location information originally, I certainly would never have done that today. We live in a different “privacy breach,” “identity theft” and otherwise unpleasant world than we did a few years ago.

The potential ramifications of this mapping tool are mind-boggling – both negative and positive, depending on your perspective.

For people searching for unknown parents or not terribly distant ancestors, the location information is awesome. Ancestry clearly knows this, which is why your matches to 4th cousins are shown. They are your genealogically most useful matches.

For those more concerned with privacy, this feature could open the door to a number of dangerous or at least unpleasant situations – from dangerously crazy people to family stalkers to unknown children/parent situations resulting in someone landing unexpectedly on your doorstep. I may not want to meet a previously unknown sibling, especially not at my house. And certainly not without some amount of preparation first – including a criminal background check. And yes, I’ve been there and done that, in case you were wondering.

Seeing where I live on a map, displayed to my genetic matches brought me face to face with the realization of how careful we need to be with what we choose, even inadvertently, to share. It’s also important to review your past selections to be sure they are still what you want.

So, here’s how to use the tool and how to change your location if you wish to do so.

Ancestry Matches Map

On your matches tab, beside the blue Search Matches button, click on Matches Map.

Next, you’ll see the map with what appears to only be your matches through 4th cousins, although I can’t verify that exactly. I know 4th cousin matches are included and I didn’t see any more distant.

You can see your own pin, in red.

You can click on any of these pins to view the city and state where that person lives based on the information they provided in their profile.

Here’s how to change your location.

Changing Your Location

To change the location, click on your pin on the map.

You’ll see this popup.

I tried to simply remove the information, but I was not allowed to save. A location is required in this tab, but if you go directly to your Profile, accessible from your user ID on your main page, you can remove the location entirely and save.

Before I discovered that selecting my profile directly allowed me to remove my location entirely, I entered the location where I’d love to live. I now live in Bergen, Norway:)

If you’re not comfortable with the city being displayed, but the state is fine, then you can make that modification as well. If you no longer live where you were born, your birth location might be more useful genealogically.

However, even though the new location is displayed to you on the map when you change to a new location, it is NOT CHANGED on the Ancestry map site at the same time. I signed out, signed in again, and the map pin is still displaying my previous location, even though my profile now reflects the new location. It took a few hours for the change to take effect.

Safety and Privacy Considerations

I would strongly prefer that Ancestry provide an opt-in option for people to have their location displayed to their matches, or for that matter, to anyone – especially since a location is required on the map tab when you attempt to make a change. This would avoid the surprise factor of seeing your location revealed on a map. I’m fine with ancestral locations, but not with where I currently live.

As a genealogist, I can certainly see how this feature would be useful. If you’re fine with having the city/state where you live revealed to your matches and other Ancestry users who view your profile, then this is a great tool and you don’t need to change anything.

Do be aware that your location information combined with your name and a search tool like Intellus or BeenVerified can/will reveal your address, phone, e-mail, family members names and more.

Now is a good time to review your profile. Consider what you are willing to reveal and make any changes accordingly.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

2017 – The Year of DNA

Every year for the past 17 years has been the year of DNA for me, but for many millions, 2017 has been the year of DNA. DNA testing has become a phenomenon in its own right.

It was in 2013 that Spencer Wells predicted that 2014 would be the “year of infection.” Spencer was right and in 2014 DNA joined the ranks of household words. I saw DNA in ads that year, for the first time, not related to DNA testing or health as in, “It’s in our DNA.”

In 2014, it seemed like most people had heard of DNA, even if they weren’t all testing yet. John Q. Public was becoming comfortable with DNA.

In 2017 – DNA Is Mainstream  

If you’re a genealogist, you certainly know about DNA testing, and you’re behind the times if you haven’t tested.  DNA testing is now an expected tool for genealogists, and part of a comprehensive proof statement that meets the genealogical proof standard which includes “a reasonably exhaustive search.”  If you haven’t applied DNA, you haven’t done a reasonably exhaustive search.

A paper trail is no longer sufficient alone.

When I used to speak to genealogy groups about DNA testing, back in the dark ages, in the early 2000s, and I asked how many had tested, a few would raise their hands – on a good day.

In October, when I asked that same question in Ireland, more than half the room raised their hand – and I hope the other half went right out and purchased DNA test kits!

Consequently, because the rabid genealogical market is now pretty much saturated, the DNA testing companies needed to find a way to attract new customers, and they have.

2017 – The Year of Ethnicity

I’m not positive that the methodology some of the major companies utilized to attract new consumers is ideal, but nonetheless, advertising has attracted many new people to genetic genealogy through ethnicity testing.

If you’re a seasoned genetic genealogist, I know for sure that you’re groaning now, because the questions that are asked by disappointed testers AFTER the results come back and aren’t what people expected find their way to the forums that genetic genealogists peruse daily.

I wish those testers would have searched out those forums, or read my comparative article about ethnicity tests and which one is “best” before they tested.

More ethnicity results are available from vendors and third parties alike – just about every place you look it seems.  It appears that lots of folks think ethnicity testing is a shortcut to instant genealogy. Spit, mail, wait and voila – but there is no shortcut.  Since most people don’t realize that until after they test, ethnicity testing is becoming ever more popular with more vendors emerging.

In the spring, LivingDNA began delivering ethnicity results and a few months later, MyHeritage as well.  Ethnicity is hot and companies are seizing a revenue opportunity.

Now, the good news is that perhaps some of these new ethnicity testers can be converted into genealogists.  We just have to view ethnicity testing as tempting bait, or hopefully, a gateway drug…

2017 – The Year of Explosive Growth

DNA testing has become that snowball rolling downhill that morphed into an avalanche.  More people are seeing commercials, more people are testing, and people are talking to friends and co-workers at the water cooler who decide to test. I passed a table of diners in Germany in July to overhear, in English, discussion about ethnicity-focused DNA testing.

If you haven’t heard of DTC, direct to consumer, DNA testing, you’re living under a rock or maybe in a third world country without either internet or TV.

Most of the genetic genealogy companies are fairly closed-lipped about their data base size of DNA testers, but Ancestry isn’t.  They have gone from about 2 million near the end of 2016 to 5 million in August 2017 to at least 7 million now.  They haven’t said for sure, but extrapolating from what they have said, I feel safe with 7 million as a LOW estimate and possibly as many as 10 million following the holiday sales.

Advertising obviously pays off.

MyHeritage recently announced that their data base has reached 1 million, with only about 20% of those being transfers.

Based on the industry rumble, I suspect that the other DNA testing companies have had banner years as well.

The good news is that all of these new testers means that anyone who has tested at any of the major vendors is going to get lots of matches soon. Santa, it seems, has heard about DNA testing too and test kits fit into stockings!

That’s even better news for all of us who are in multiple data bases – and even more reason to test at all of the 4 major companies who provide autosomal DNA matching for their customers: Family Tree DNA, Ancestry, MyHeritage and 23andMe.

2017 – The Year of Vendor and Industry Churn

So much happened in 2017, it’s difficult to keep up.

  • MyHeritage entered the DNA testing arena and began matching in September of 2016. Frankly, they had a mess, but they have been working in 2017 to improve the situation.  Let’s just say they still have some work to do, but at least they acknowledge that and are making progress.
  • MyHeritage has a rather extensive user base in Europe. Because of their European draw, their records collections and the ability to transfer results into their data base, they have become the 4th vendor in a field that used to be 3.
  • In March 2017, Family Tree DNA announced that they were accepting transfers of both the Ancestry V2 test, in place since May of 2016, along with the 23andMe V4 test, available since November 2013, for free. MyHeritage has since been added to that list. The Family Tree DNA announcement provided testers with another avenue for matching and advanced tools.
  • Illumina obsoleted their OmniExpress chip, forcing vendors to Illumina’s new GSA chip which also forces vendors to use imputation. I swear, imputation is a swear word. Illumina gets the lump of coal award for 2017.
  • I wrote about imputation here, but in a nutshell, the vendors are now being forced to test only about 20% of the DNA locations available on the previous Illumina chip, and impute or infer using statistics the values in the rest of the DNA locations that they previously could test.
  • Early imputation implementers include LivingDNA (ethnicity only), MyHeritage (to equalize the locations of various vendor’s different chips), DNA.Land (whose matching is far from ideal) and 23andMe, who seems, for the most part, to have done a reasonable job. Of course, the only way to tell for sure at 23andMe is to test again on the V5 chip and compare to V3 and V4 chip matches. Given that I’ve already paid 3 times to test myself at 23andMe (V2, 3 and 4), I’m not keen on paying a 4th time for the V5 version.
  • 23andMe moved to the V5 Illumina GSA chip in August which is not compatible with any earlier chip versions.
  • Needless to say, the Illumina chip change has forced vendors away from focusing on new products in order to develop imputation code in order to remain backwards compatible with their own products from an earlier chip set.
  • GedMatch introduced their sandbox area, Genesis, where people can upload files that are not compatible with the traditional vendor files.  This includes the GSA chip results (23andMe V5,) exome tests and others.  The purpose of the sandbox is so that GedMatch can figure out how to work with these files that aren’t compatible with the typical autosomal test files.  The process has been interesting and enlightening, but people either don’t understand or forget that it’s a sandbox, an experiment, for all involved – including GedMatch.  Welcome to living on the genetic frontier!

  • I assembled a chart of who loves who – meaning which vendors accept transfers from which other vendors.

  • I suspect but don’t know that Ancestry is doing some form of imputation between their V1 and V2 chips. About a month before their new chip implementation in May of 2016, Ancestry made a change in their matching routine that resulting in a significant shift in people’s matches.

Because of Ancestry’s use of the Timber algorithm to downweight some segments and strip out others altogether, it’s difficult to understand where matching issues may arise.  Furthermore, there is no way to know that there are matching issues unless you and another individual have transferred results to either Family Tree DNA or GedMatch, neither of which remove any matching segments.

  • Other developments of note include the fact that Family Tree DNA moved to mitochondrial DNA build V17 and updated their Y DNA to hg38 of the human reference genome – both huge undertakings requiring the reprocessing of customer data. Think of both of those updates as housekeeping. No one wants to do it, but it’s necessary.
  • 23andMe FINALLY finished transferring their customer base to the “New Experience,” but many of the older features we liked are now gone. However, customers can now opt in to open matching, which is a definite improvement. 23andMe, having been the first company to enter the genetic genealogy autosomal matching marketspace has really become lackluster.  They could have owned this space but chose not to focus on genealogy tools.  In my opinion, they are now relegated to fourth place out of a field of 4.
  • Ancestry has updated their Genetic Communities feature a couple of times this year. Genetic Communities is interesting and more helpful than ethnicity estimates, but neither are nearly as helpful as a chromosome browser would be.

  • I’m sure that the repeated requests, begging and community level tantrum throwing in an attempt to convince Ancestry to produce a chromosome browser is beyond beating a dead horse now. That dead horse is now skeletal, and no sign of a chromosome browser. Sigh:(
  • The good news is that anyone who wants a chromosome browser can transfer their results to Family Tree DNA or GedMatch (both for free) and utilize a chromosome browser and other tools at either or both of those locations. Family Tree DNA charges a one time $19 fee to access their advanced tools and GedMatch offers a monthly $10 subscription. Both are absolutely worth every dime. The bad news is, of course, that you have to convince your match or matches to transfer as well.
  • If you can convince your matches to transfer to (or test at) Family Tree DNA, their tools include phased Family Matching which utilizes a combination of user trees, the DNA of the tester combined with the DNA of family matches to indicate to the user which side, maternal or paternal (or both), a particular match stems from.

  • Sites to keep your eye on include Jonny Perl’s tools which include DNAPainter, as well as Goran Rundfeldt’s DNA Genealogy Experiment.  You may recall that in October Goran brought us the fantastic Triangulator tool to use with Family Tree DNA results.  A few community members expressed concern about triangulation relative to privacy, so the tool has been (I hope only temporarily) disabled as the involved parties work through the details. We need Goran’s triangulation tool! Goran has developed other world class tools as well, as you can see from his website, and I hope we see more of both Goran and Jonny in 2018.
  • In 2017, a number of new “free” sites that encourage you to upload your DNA have sprung up. My advice – remember, there really is no such thing as a free lunch.  Ask yourself why, what’s in it for them.  Review ALL OF THE documents and fine print relative to safety, privacy and what is going to be done with your DNA.  Think about what recourse you might or might not have. Why would you trust them?

My rule of thumb, if the company is outside of the US, I’m immediately slightly hesitant because they don’t fall under US laws. If they are outside of Europe or Canada, I’m even more hesitant.  If the company is associated with a country that is unfriendly to the US, I unequivocally refuse.  For example, riddle me this – what happens if a Chinese (or fill-in-the-blank country) company violates an agreement regarding your DNA and privacy?  What, exactly, are you going to do about it from wherever you live?

2017 – The Year of Marketplace Apps

Third party genetics apps are emerging and are beginning to make an impact.

GedMatch, as always, has continued to quietly add to their offerings for genetic genealogists, as had DNAGedcom.com. While these two aren’t exactly an “app”, per se, they are certainly primary players in the third party space. I use both and will be publishing an article early in 2018 about a very useful tool at DNAGedcom.

Another application that I don’t use due to the complex setup (which I’ve now tried twice and abandoned) is Genome Mate Pro which coordinates your autosomal results from multiple vendors.  Some people love this program.  I’ll try, again, in 2018 and see if I can make it all the way through the setup process.

The real news here are the new marketplace apps based on Exome testing.

Helix and their partners offer a number of apps that may be of interest for consumers.  Helix began offering a “test once, buy often” marketplace model where the consumer pays a nominal price for exome sequencing ($80), significantly under market pricing ($500), but then the consumer purchases DNA apps through the Helix store. The apps access the original DNA test to produce results. The consumer does NOT receive their downloadable raw data, only data through the apps, which is a departure from the expected norm. Then again, the consumer pays a drastically reduced price and downloadable exome results are available elsewhere for full price.

The Helix concept is that lots of apps will be developed, meaning that you, the consumer, will be interested and purchase often – allowing Helix to recoup their sequencing investment over time.

Looking at the Helix apps that are currently available, I’ve purchased all of the Insitome products released to date (Neanderthal, Regional Ancestry and Metabolism), because I have faith in Spencer Wells and truthfully, I was curious and they are reasonably priced.

Aside from the Insitome apps, I think that the personalized clothes are cute, if extremely overpriced. But what the heck, they’re fun and raise awareness of DNA testing – a good thing! After all, who am I to talk, I’ve made DNA quilts and have DNA clothing too.

Having said that, I’m extremely skeptical about some of the other apps, like “Wine Explorer.”  Seriously???

But then again, if you named an app “I Have More Money Than Brains,” it probably wouldn’t sell well.

Other apps, like Ancestry’s WeRelate (available for smartphones) is entertaining, but is also unfortunately EXTREMELY misleading.  WeRelate conflates multiple trees, generally incorrectly, to suggest to you and another person on your Facebook friends list are related, or that you are related to famous people.  Judy Russell reviews that app here in the article, “No, actually, we’re not related.” No.  Just no!

I feel strongly that companies that utilize our genetic data for anything have a moral responsibility for accuracy, and the WeRelate app clearly does NOT make the grade, and Ancestry knows that.  I really don’t believe that entertaining customers with half-truths (or less) is more important than accuracy – but then again, here I go just being an old-fashioned fuddy dud expecting ethics.

And then, there’s the snake oil.  You knew it was going to happen because there is always someone who can be convinced to purchase just about anything. Think midnight infomercials. The problem is that many consumers really don’t know how to tell snake oil from the rest in the emerging DNA field.

You can now purchase DNA testing for almost anything.  Dating, diet, exercise, your taste in wine and of course, vitamins and supplements. If you can think of an opportunity, someone will dream up a test.

How many of these are legitimate or valid?  Your guess is as good as mine, but I’m exceedingly suspicious of a great many, especially those where I can find no legitimate scientific studies to back what appear to be rather outrageous claims.

My main concern is that the entire DTC testing industry will be tarred by the brush of a few unethical opportunists.

2017 – The Year of Focus on Privacy and Security

With increased consumer exposure comes increased notoriety. People are taking notice of DNA testing and it seems that everyone has an opinion, informed or not.  There’s an old saying in marketing; “Talk about me good, talk about me bad, just talk about me.”

With all of the ads have come a commensurate amount of teeth gnashing and “the-sky-is-falling” type reporting.  Unfortunately, many politicians don’t understand this industry and open mouth only to insert foot – except that most people don’t realize what they’ve done.  I doubt that the politicians even understand that they are tasting toe-jam, because they haven’t taken the time to research and understand the industry. Sound bites and science don’t mix well.

The bad news is that next, the click-bait-focused press picks up on the stories and the next time you see anyone at lunch, they’re asking you if what they heard is true.  Or, let’s hope that they ask you instead of just accepting what they heard as gospel. Hopefully if we’ve learned anything in this past year, it’s to verify, verify, verify.

I’ve been an advocate for a very long time of increased transparency from the testing companies as to what is actually done with our DNA, and under what circumstances.  In other words, I want to know where my DNA is and what it’s being used for.  Period.

Family Tree DNA answered that question succinctly and unquestionably in December.

Bennett Greenspan: “We could probably make a lot of money by selling the DNA data that we’ve been collecting over the years, but we feel that the only person that should have your DNA information is you.  We don’t believe that it should be sold, traded or bartered.”

You can’t get more definitive than that.

DTC testing for genetic genealogy must be a self-regulating field, because the last thing we need is for the government to get involved, attempting to regulate something they don’t understand.  I truly believe government interference by the name of regulation would spell the end of genetic genealogy as we know it today.  DNA testing for genetic genealogy without sharing results is entirely pointless.

I’ve written about this topic in the past, but an update is warranted and I’ll be doing that sometime after the first of the year.  Mostly, I just need to be able to stay awake while slogging through the required reading (at some vendor sites) of page after page AFTER PAGE of legalese😊

Consumers really shouldn’t have to do that, and if they do, a short, concise summary should be presented to them BEFORE they purchase so that they can make a truly informed decision.

Stay tuned on this one.

2017 – The Year of Education

The fantastic news is that with all of the new people testing, a huge, HUGE need for education exists.  Even if 75% of the people who test don’t do anything with their results after that first peek, that still leaves a few million who are new to this field, want to engage and need some level of education.

In that vein, seminars are available through several groups and institutes, in person and online.  Almost all of the leadership in this industry is involved in some educational capacity.

In addition to agendas focused on genetic genealogy and utilizing DNA personally, almost every genealogy conference now includes a significant number of sessions on DNA methods and tools. I remember the days when we were lucky to be allowed one session on the agenda, and then generally not without begging!

When considering both DNA testing and education, one needs to think about the goal.  All customer goals are not the same, and neither are the approaches necessary to answer their questions in a relevant way.

New testers to the field fall into three primary groups today, and their educational needs are really quite different, because their goals, tools and approaches needed to reach those goals are different too.

Adoptees and genealogists employ two vastly different approaches utilizing a common tool, DNA, but for almost opposite purposes.  Adoptees wish to utilize tests and trees to come forward in time to identify either currently living or recently living people while genealogists are interested in reaching backward in time to confirm or identify long dead ancestors. Those are really very different goals.

I’ve illustrated this in the graphic above.  The tester in question uses their blue first cousin match to identify their unknown parent through the blue match’s known lineage, moving forward in time to identify the tester’s parent.  In this case, the grandparent is known to the blue match, but not to the yellow tester. Identifying the grandparent through the blue match is the needed lynchpin clue to identify the unknown parent.

The yellow tester who already knows their maternal parent utilizes their peach second cousin match to verify or maybe identify their maternal great-grandmother who is already known to the peach match, moving backwards in time. Two different goals, same DNA test.

The three types of testers are:

  • Curious ethnicity testers who may not even realize that at least some of the vendors offer matching and other tools and services.
  • Genealogists who use close relatives to prove which sides of trees matches come from, and to triangulate matching segments to specific ancestors. In other words, working from the present back in time. The peach match and line above.
  • Adoptees and parent searches where testers hope to find a parent or siblings, but failing that, close relatives whose trees overlap with each other – pointing to a descendant as a candidate for a parent. These people work forward in time and aren’t interested in triangulation or proving ancestors and really don’t care about any of those types of tools, at least not until they identify their parent.  This is the blue match above.

What these various groups of testers want and need, and therefore their priorities are different in terms of their recommendations and comments in online forums and their input to vendors. Therefore, you find Facebook groups dedicated to Adoptees, for example, but you also find adoptees in more general genetic genealogy groups where genealogists are sometimes surprised when people focused on parent searches downplay or dismiss tools such as Y DNA, mitochondrial DNA and chromosome browsers that form the bedrock foundation of what genealogists need and require.

Fortunately, there’s room for everyone in this emerging field.

The great news is that educational opportunities are abundant now. I’m listing a few of the educational opportunities for all three groups of testers, in addition to my blog of course.😊

Remember that this blog is fully searchable by keyword or phrase in the little search box in the upper right hand corner.  I see so many questions online that I’ve already answered!

Please feel free to share links of my blog postings with anyone who might benefit!

Note that these recommendations below overlap and people may well be interested in opportunities from each group – or all!!

Ethnicity

Adoptees or Parent Search

Genetic Genealogists

2018 – What’s Ahead? 

About midyear 2018, this blog will reach 1000 published articles. This is article number 939.  That’s amazing even to me!  When I created this blog in July of 2012, I wasn’t sure I’d have enough to write about.  That certainly has changed.

Beginning shortly, the tsunami of kits that were purchased during the holidays will begin producing matches, be it through DNA upgrades at Family Tree DNA, Big Y tests which were hot at year end, or new purchases through any of the vendors.  I can hardly wait, and I have my list of brick walls that need to fall.

Family Tree DNA will be providing additional STR markers extracted from the Big Y test. These won’t replace any of the 111 markers offered separately today, because the extraction through NGS testing is not as reliable as direct STR testing for those markers, but the Big Y will offer genealogists a few hundred more STRs to utilize. Yes, I said a few hundred. The exact number has not yet been finalized.

Family Tree DNA says they will also be introducing new “qualify of life improvements” along with new privacy and consent settings.  Let’s hope this means new features and tools will be released too.

MyHeritage says that they are introducing new “Discoveries” pages and a chromosome browser in January.  They have also indicated that they are working on their matching issues.  The chromosome browser is particularly good news, but matching must work accurately or the chromosome browser will show erroneous information.  Let’s hope January brings all three features.

LivingDNA indicates that they will be introducing matching in 2018.

2018 – What Can You Do?

What can you do in 2018 to improve your odds of solving genealogy questions?

  • Test relatives
  • Transfer your results to as many data bases as possible (among the ones discussed above, after reading the terms and conditions, of course)
  • If you have transferred a version of your DNA that does not produce full results, such as the Ancestry V2 or 23andMe V4 test to Family Tree DNA, consider testing on the vendor’s own chip in order to obtain all matches, not just the closest matches available from an incompatible test transfer.
  • Test Y and mitochondrial DNA at Family Tree DNA.
  • Find ways to share the stories of your ancestors.  Stories are cousin bait.  My 52 Ancestors series is living proof.  People find the stories and often have additional facts, information or even photos. Some contacts qualify for DNA testing for Y or mtDNA lines. The GREAT NEWS is that Amy Johnson Crow is resuming the #52Ancestors project for 2018, providing hints and tips each week! Who knows what you might discover by sharing?! Here’s how to start a blog if you need some assistance.  It’s easy – really!
  • Focus on the brick walls that you want to crumble and then put together both a test and analysis plan. That plan could include such things as:

o   Find out if a male representing a Y line in your tree has tested, and if not, search through autosomal results to see if a male from that paternal surname line has tested and would be amenable to an upgrade.

o   Mitochondrial DNA test people who descend through all females from various female ancestors in order to determine their origins. Y and mtDNA tests are an important part of a complete genealogy story – meaning the reasonably exhaustive search!

o   Autosomal DNA test family members from various lines with the hope that matches will match you and them both.

o   Test family members in order to confirm a particular ancestor – preferably people who descend from another child of that ancestor.

o   Making sure your own DNA is in all 4 of the major vendors’ data bases, plus GedMatch. Look at it this way, everyone who is at GedMatch or at a third party (non-testing) site had to have tested at one of the major 4 vendors – so if you are in all of the vendor’s data bases, plus GedMatch, you’re covered.

Have a wonderful New Year and let’s make 2018 the year of newly discovered ancestors and solved mysteries!

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Genealogy, Identity Theft and Equifax Update

Yesterday, I wrote about the Equifax breach and how genealogy can be tied to that breach in the article, Equifax Data Breach, Genealogy and You.

It appears that some folks may not realize how the combination of the Equifax breach AND your genealogy info can be tied together to compromise your online and financial security. I should have given a specific example. This is really, really important, so I’m writing an update today.

This situation is WAY MORE IMPORTANT than your genealogy itself.

I cannot believe those words just came out of my mouth.

It has also come to my attention that banks and other institutions may not use the same types of security smeasures around the world, so people outside of the US may not be familiar with how we do business here.  However, in the past day, this breach has extended beyond the US, so please, read on no matter where you live, even if you read yesterday’s article carefully.  There’s more you need to know today.

This breach doesn’t just relate to existing credit card accounts and establishing new accounts, but relates to your bank accounts, tax refunds and government services that you might apply for in the future, including Social Security and Medicare benefits. You don’t want some crook stealing your identity, filing for your taxes and applying for benefits, which means you can’t.

The Perfect Storm

Here’s an example of how this breach creates the “perfect storm,” for the crooks anyway, which is your worse nightmare come true.

In just three steps, made much easier by Equifax (thanks), your money can be gone.

Step 1 – In the Equifax breach, your social security number and address (along with other personal information like account numbers) was part of the information that was stolen.

Step 2 – Let’s say that at your bank, you use your social security number or your old street address as your password. Through the Equifax breach, the crooks now have that info, so they try both of those and voila, now they have progressed to your security questions, because the bank was smart enough to realize that the sign-in request was not coming from your home computer.

Step 3 – Let’s say you have established two security questions at the bank. Your questions are your mother’s maiden name, which is freely available in your family tree, and your grandmother’s birth location, which is also available in the same source.

Poof – the crook is in and your money is gone.

Yesterday, when setting up a credit freeze at one of the three credit reporting sites, six of the 8 security questions I could select from were genealogy related and readily available in online trees – surnames, middle names and birth locations.  Obviously, they don’t know about online trees and how easy it is to obtain that information – and they need to fix that security loophole. Even if you don’t have an online tree, you may well be in someone else’s.

Security Questions

In some cases, security questions can be selected by you. Don’t just pick the easy ones you can remember. Pick something that absolutely CANNOT be found online in any way associated with you. Your first pet’s name, for example.

However, if your first pet was a goldfish named Goldie that you accidentally flushed down the toilet and you published a blog article about that traumatic event – that’s not a good choice either.

Your first boyfriend’s name? Did you marry him or someone with the same first name? Then not that either.

So, what to do if you don’t get to select your security question and it’s something like your mother’s maiden name?

Lie.

Yep, tell a lie. It’s OK. Your children will thank you when you don’t have to live with them when you’re old and impoverished because your money was all stolen and your social security benefits too.

Make something up – but remember your lie or write it down someplace safe (i.e. not on a yellow sticky postit in the bottom of your keyboard at work) – because your access to your own account is tied to that information.

Passwords

There’s all kinds of advice on password selection. Strong passwords require a lengthy string including upper and lower case of both alpha and numeric characters.

Of course, you can’t possibly remember these passwords, so you will write them down and that too can be stolen. But, chances are that password in your house is less likely to be compromised than information associated with you available online – at least in my house.

Password cracker software runs through thousands of possibilities in the blink of an eye. That’s why most sites today lock your account after some number of erroneous tries. Bummer if you’ve just made a mistake.

Don’t use the same password for multiple sites either. If a crook compromises one location, the first thing they are going to try is a second location.

Storing your password list in your cell phone probably isn’t such a good idea either. Someone asked about password “safes” offered by some vendors. I’ve never used them. Think about how attractive those would be for hackers. Use at your own risk.

Worse yet, personally identifying information, like what was obtained from the Equifax breach, is used to reset passwords, so you can easily see how a crook could use info they have obtained from Equifax to reset your passwords.

If your bank and brokerage accounts offer something called two factor authentication, that might be a good option. Two factor authentication requires information plus something you physically have, generally meaning your phone. Access to your account then requires both the password and pin or token issued from something physically in your possession. Yes, I know this is a huge pain. But having your identity stolen is a bigger pain that never ends and thanks to Equifax, more than half of the country is now at a much higher risk than ever before.

Back to the Equifax Breach

In addition to what I wrote in yesterday’s article, you need to know the following things:

  • Even if the Equifax site tells you that your data has “probably” not been breached, don’t believe them.  It has been discovered and reported by multiple news agencies (along with my personal experience) that if you enter the same data, exactly the same way, multiple times, the Equifax story changes relative to whether or not your data was breached. Do not take comfort if the site tells you that your data has not been breached. I don’t think they actually have a clue. Assume that it has been breached and take appropriate measures.
  • Even if your credit has supposedly not been breached but your spouses has, much of your account information is the same, so consider your account breached too.
  • Equifax says that this breach now extends to some people in the UK and Canada, but no further information has been provided. For safety’s sake, assume you are one of these people whose accounts have been breached.
  • Equifax originally required you to waive your rights to join a class action suit in order to take advantage of their free credit monitoring for a year if they tell you your data has been breached. They have now recanted that position and their website now says the following as of noon today:

Options for Protecting Yourself

Because the Equifax breach has such long-term and permanent ramifications, meaning that while you can change things like your e-mail address and close a credit card account, you can’t easily change things like your name, address and social security number. Those are much more difficult and together, readily identify you as you – or the crook as you.

So, you need to accomplish multiple goals:

  • Know if fraudulent activity has taken place
  • Monitor to know if fraudulent activity is taking place
  • Prevent crooks from obtaining credit in your name by using the credit reporting services
  • Prevent bank accounts and other financial accounts from being compromised
  • Protect your assets like tax returns, social security and other benefits for which you may today or someday be eligible

The bad news – there is no one single way to do all of this, so you’re going to have to make some decisions and take multiple steps.

I’ve compiled information in the following chart. Please keep in mind, I’m not a lawyer nor a CPA – so please educate yourself and only use this as a guideline – not gospel. Plus, things change and right now, Equifax is changing their story daily – and it takes days to sign up for their credit monitoring service. I was able to freeze my account yesterday.

In the article, Equifax Data Breach, Genealogy and You, I discussed Credit Monitoring Services, Credit Reports, Fraud Alerts and Credit freezes, sometimes called security freezes. The chart below represents my understanding of how these services work together to protect consumers.

Safety Goals Credit Report Credit Monitoring Service Fraud Alert Credit Freeze Comment
Has fraudulent activity already taken place? Free once yearly for all 3 services, Equifax, Experian and Transunion Typically a paid service that provides credit reports to you periodically. Sometimes provided for free when your data is known to have been involved in a breach. Does not report past events Does not report past events
Monitor to know if fraudulent activity is taking place No, only deals with events that have already taken place No, only deals with events that have already taken place Free service for 90 days that requires a lender to contact you to verify your identity before issuing credit in your name.   You must renew every 90 days. Allows consumers to freeze their credit.   Consumer must unfreeze when they are applying for new credit, then refreeze. You must freeze at all 3 agencies for this to be effective.
Prevent crooks from obtaining credit in your name through credit reporting services No, only deals with events that have already taken place No, only deals with events that have already taken place Yes, but expires and consumer must renew every 90 days Yes, doesn’t expire but you have to remove freeze when you want new credit.  Must freeze at all 3 agencies to be effective.
Prevent bank accounts and other financial accounts from being compromised Not related to bank accounts Not related to bank accounts Not related to bank accounts Not related to bank accounts Use strong passwords, change passwords often, do not use  security questions where answers can be found publicly or in credit reports, read the links below to know what to look for
Protect your assets like tax returns, social security, etc. Not related to this type of protection Not related to this type of protection Not related to this type of protection Not related to this type of protection Stay hyper-vigilant, file as soon as possible, read the links below to know what to look for

Additional Resources

You can read what the IRS says about identity protection at this link:

https://www.irs.gov/identity-theft-fraud-scams/identity-protection

Here’s what the Social Security Administrations says about identity theft:

https://www.ssa.gov/pubs/EN-05-10064.pdf

God forbid you ever really do need to change your social security number:

https://www.consumer.ftc.gov/articles/0248-do-you-need-new-social-security-number

Here’s the FTC’s document about identity theft, what to do, how to report identity theft and a recovery plan.

https://identitytheft.gov/

From the FTC, signs and signals of identity theft.

https://www.consumer.ftc.gov/topics/identity-theft

Again from the FTC, a scam alerts site.

https://www.consumer.ftc.gov/scam-alerts

Please note that this situation is fluid. Educate yourself and follow this in a credible news source for developments that may change your remediation plans.

Thank you to people commenting on the original article and providing additional, useful information.

Grandma’s Legacy

I apologize to my readers for this diversion these past few days with identity theft combined with genealogy. Unfortunately, because genealogists do share and as humans, we are inclined to use information we readily know, that means we’re vulnerable to the crooks – because our genealogy information is near and dear to us, and we remember it easily.

Fortunately, this is easy to fix by not utilizing our genealogy information that we so readily know.

I do love genealogy, particularly genetic genealogy, and I have absolutely no intention of giving it up. I am, however, now more vigilant. I’ve changed my personal security questions, or the answers, so that my family tree and blog articles don’t give me away.

I will be making sure that information from the past hundred years is marked as private. It not only puts me at risk, it puts anyone else in that same line of descent at risk too.

Keep in mind, there’s nothing you can do about someone else’s tree online that may include your grandmother’s birth location. This means that my preventative measure of making the last hundred years private in my tree may amount to closing the barn door after the cow has left.

I’ve frozen my credit, meaning I’ll have to unfreeze it when I apply for a loan someday for a new car. Maybe that means because of the inconvenience I’ll spend less. Hey, there has to be a silver lining someplace.

Here’s what I don’t want, for either you or me. I don’t want my legacy to be the grandma who had everything stolen and had to go and sleep on the park bench….you get the drift.

I hope you’ve found this helpful, and I sincerely hope I never feel compelled to write about something this serious again.

Let’s do everything we can to prevent that so we can get back to genetic genealogy. All of this bother is interrupting my research time!

Caveat

Again, I’m not a lawyer or a CPA. I have no ties to the financial industry except for being a consumer. Use at your own discretion. Educate yourself. Consider this a resource, not gospel.  Follow this developing story and make course corrections as needed. Changes are occurring rapidly. Presume the worst. It’s better than presuming the best and being wrong.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Equifax Data Breach, Genealogy and You

What, you may be asking, does the Equifax data breach this week have to do with genealogy?

The answer is actually twofold.

  1. Everyone who works with genealogy now lives in a technology world – or you wouldn’t be reading this.
  2. People tend to use pieces of information to secure accounts – like their mother’s maiden name, their address, birth location and other pieces of data that they can remember. Don’t. Just Don’t. I’m begging you!

And please, please read this article, even though it’s not specifically about genealogy. I spent 30 years in the technology industry, and believe me, if your identity is stolen or your finances compromised, it WILL interfere with your genealogy research, big time.

The Breach

I don’t normally discuss news items, but this security issue is mammoth, the largest breach ever, and could potentially destroy your credit and compromise your identity, either or both.

What’s worse yet, the breach itself occurred mid-May through July, Equifax discovered it on July 29th, but consumers weren’t notified until September 7th, 5 weeks and 5 days later, and then only in the news, not personally. That means that the crooks have had between 6 weeks and 4 months to use or to sell, or just hold your information to sell later.

You can read more about the breach here and here as well as a New York Times article with an update and additional instructions this morning, here.

Please do read those articles to understand the magnitude of this issue. The breach affects more than 143 million people, mostly Americans, with an additional 209,000 credit card numbers stolen as well, along with 182,000 “dispute documents” with additional information.

The US has about 260 million adults, so roughly 55% of the adult population has been affected by this breach. In other words, there is more than a 50% chance that your personal information, enough to file a tax return on your behalf and claim your return, among other things, is among thieves right now, on the black market.

And no, I’m not exaggerating.

Not. One. Bit!

AND, that’s just how many account records are known to be compromised. Equifax may not know the full extent of the breach.

If your spouse’s records are compromised, and yours aren’t, you may think one of you is safe.  But guess again – because your life, credit and resulting misery is inextricably linked together.

If one is breached, both are breached. Period. So the actual breach numbers may actually be closer to 100%, based on “breach by marriage.”

My husband and I have been working on this issue all day today (and no, we didn’t have anything better to do, thank you for asking) and discovered that our shared account numbers are listed, with both names, of course.  My accounts are his, and vice versa. Initially, only one of our Equifax accounts was reported as breached, which would have provided a false sense of security for one of us, until we looked closely.

However, later today, both accounts were reported as breached.

What Was Taken?

Equifax and other credit reporting agencies routinely track your credit history, including account numbers, as well as identifying personal information.

Information about consumers stolen from Equifax includes or may include:

  • Name and Addresses (current and old)
  • Credit History including balances and balance available
  • Account Numbers
  • Social security numbers (the hottest most desirable piece of your information for crooks)
  • Birth dates
  • Driver’s license numbers

The aspect that make this breach so serious is that it includes multiple pieces of information that should be unique to identifying you – such as your birthdate and social security number.  You can’t change those or get new ones to protect yourself – and the crooks know that.

Additional information in your file that Equifax has not said was or was not compromised includes:

  • Employer and position (current and former)
  • Employment dates
  • Phone numbers
  • Spouses name

I would presume that this too was compromised.

If you think your information isn’t at Equifax, you’re wrong, because Equifax, as well as the other credit reporting services, routinely gather identifying and financial information about everyone.

How Do I Find Out About My Information?

Equifax has set up both a telephone hotline (that is, *surprise*, entirely jammed) and a website for you to enter a partial social security number along with your surname to determine if your account was compromised.

https://www.equifaxsecurity2017.com/

Click on the tab at the top of the page that says “Potential Impact.”

If your data is not known to be part of the breach, you see a notice to that affect, but note that the wording is not definitive. It says:

“Based on the information provided, we believe that your personal information was not impacted by this incident.”

However, and this is a HUGE HOWEVER, when I tried this a second time, to be sure of the wording for this article, I got the opposite result for the same person, which said,

“Based on the information provided, we believe that your personal information may have been impacted by this incident.”

Bottom line, I don’t think Equifax knows for sure and their system appears to be flawed, so ASSUME YOUR DATA HAS BEEN BREACHED.

If your information is known to be part of the breach, you are given the option for free credit monitoring, BUT, you must remember to return to the site on a specific date to begin credit monitoring. Personally, I think they should be required to provide this service AT A MINIMUM for everyone, but they are not. Neither are they making it easy.

Equifax provides you with a date that you must return to their website to set up credit monitoring service. Mine was September 11th. You have to remember. They aren’t going to remind you. This credit monitoring service is initially free, but becomes a chargeable service at some point in the future AND you have to relinquish your right to sue in order to obtain this free service. So yes, strings are attached.

Furthermore, a free year of monitoring won’t help you in the future, beyond year 1, when the crooks still have your data. The crooks know this and may simply wait for a year to begin using the information. You must assume your data base been breached permanently and act accordingly.

Worse yet, a free year of monitoring at Equifax, or even permanent monitoring at Equifax won’t help you at the other reporting agencies.  The crooks can and will take your valuable information and simply use it elsewhere.

What Is Credit Reporting and Monitoring?

Credit reporting companies like Equifax gather information about you and your credit, including open and closed accounts, so that when you apply for a loan, the loan originator (the bank for example) only has to call one of three credit reporting services to obtain your information and verify that you are a good credit risk – instead of calling each of your current and past creditors individually.

Equifax is one of those services, along with Experian and Transunion.

A credit monitoring service, offered by a credit reporting company life Equifax, reports activity to you when it occurs on your account. That means if someone applies for a new credit card in your name, you are notified. That does NOT mean that the transaction is prevented. This also does nothing to stop other fraudulent activities, such as filing for your tax refund, running up medical bills in your name or charging items on an existing credit card.

Or, worse yet, using your information in your stolen Equifax account information to attempt to hack your passwords at banks, Paypal, etc.

There are other options for consumers, in addition to or instead of a credit monitoring service, such as a credit freeze or a fraud alert, which we’ll discuss just as soon as we talk about passwords and security questions.

Don’t Use Familiar Records as Part of Your Password or Security

Using information about you that is publicly available, or available in your credit report allows the crooks to crack your passwords much easier. And yes I’m referring here to passwords for financial accounts like bank accounts, retirement and investment accounts and Paypal.

DO NOT USE:

• Your mother’s maiden name
• Your address
• Your previous address
• A pet’s or child’s name or any name that can be found publicly, on any service like Intellus or social media platform like Facebook
• A hobby that is discussed publicly in any way (so genealogy, DNA, genetic genealogy, quilting and gardening words are all out for me)
• The name of a school that you attended
• Your, your parents’ or grandparents’ birth locations
• A date such as a birthday or an anniversary
• Pretty much anything you can remember easily

Let’s look at steps you need to take to protect yourself.

Twelve Fourteen Steps to Protect Yourself Right NOW!!!

Yes, I added two more steps because it’s critical to protect yourself and your family, now. Please complete ALL of these steps to secure yourself.

First, check the Equifax site to see if your information is known to be breached. Regardless of their answer, assume that it has been.

https://www.equifaxsecurity2017.com/

Click on the Potential Impact tab.

Second, order a free credit report, which you can do once yearly, from Annual Credit Report at the link below. Do NOT fall for scam sites that offer free reporting or your credit score.

https://www.annualcreditreport.com/index.action

Order a report from all 3 credit reporting companies to be sure that no fraudulent activity has taken place to date and that your report is accurate.

Unfortunately, and somewhat maddeningly, when we attempted to order our free credit report online for Equifax, the process has changed and we now have to fill out a form.  Yes, I know their system is probably overwhelmed by this, BUT, making receiving a free credit report to which the consumer is entitled at a time like this difficult is reprehensible.  Do whatever you have to do to obtain your reports, because this breach is incredibly serious.  Do not be deterred.

Third, while credit monitoring only tells you what has already taken place, placing a fraud alert on your account means that a lender must contact you to verify your identity before issuing credit in your name. However, this can only be done for 90 days when it expires. You must renew it every 90 days at Equifax, Transunion and Experian, all three. Again, the results of this breach will be very real for years, so 90 days isn’t going to help you if you forget to call and put the alert on your account every 90 days.

Fourth, put a credit freeze on your account. A credit freeze actually freezes your account at the credit reporting agencies, meaning that if you are going to apply for credit, you have to go into your credit account and unlock your account with your pin to unfreeze the account, then refreeze it when you are done applying for new credit. The credit freeze service isn’t free in every state, but typically costs under $10, if anything, and is a whole lot less than the headaches you could have otherwise. Be sure to freeze your credit at all 3 credit reporting companies. This is what I’m doing. You can read more about this process here.

Fifth, many credit cards have an option to notify you when charges are made on your account through text messaging before the end of the month when your bill is sent. Visit your credit card provider to see if this option is available, enabling you to catch fraudulent credit card activity immediately instead of later when your bill arrives.

Sixth, monitor your credit card bills closely. Look back over your accounts since April. You might want to close any accounts you don’t need or use anymore.

Seventh, change your passwords on existing accounts, everyplace, just in case, especially any that include any piece of information that even MIGHT be held in a credit report or public location.

DO NOT use any type of identifying information such as your place of birth, mother or grandmother’s maiden name, or anything else that is in any way publicly available on a social media site, your tree at a genealogy site or anything else that can in any way be associated with you.

Eighth, at tax time, file your return immediately, as soon as possible. Guaranteed, if the crooks target you, they’ll file as soon as they can and you won’t find out you’ve been scammed until the IRS tells you that they already processed your refund and it’s long gone.

Ninth, be sure, absolutely positive, that your spouse takes these steps too, because if they are exposed, so are you!

Tenth, help family members that are not technologically savvy to be sure they are protected. The elderly are often targets.

Eleventh, this could not have happened at a worse time with hurricane Harvey in Houston and Irma positioned to strike Florida. Be sure family members in those locations who are distracted presently are aware that this security issue occurred, that their data may well have been breached, and that they need to take action – sooner rather than later.

Twelfth, take action NOW. Delay may well mean money – yours – gone – in someone else’s hands.

• Thirteenth, check your children’s names and social security numbers at the credit agencies.  Social security numbers of children are considered high value items, because they last so much longer. Young children shouldn’t be in the system, but teenagers, you never know and much better safe than sorry.

Fourtheenth, never ignore what seems like a “mistake” on a credit report, such as a misspelled name or an extraneous address.  On my husband’s report, his name was misspelled, only slightly, in one “odd” entry and it turns out that someone had run up bills in his name in another state.  When the creditor attempted to collect by contacting my husband, that’s when my husband discovered the issue. This also pertains to reported unpaid medical bills on your credit report.  I know of someone who supposedly had a baby and was billed by the hospital for an exorbitant amount after her identity was stolen.

You can visit the Federal Trade Commission site to learn more about identity theft and how to protect yourself.

https://www.consumer.ftc.gov/features/feature-0014-identity-theft

Ok, when you’re done with all that, feel free to resume genealogy research!

However, from here forward, you can never be complacent or really rest easy, because your identity truly is in jeopardy, forever.

Please note that these actions may not be the only actions you’ll need to take to keep yourself safe, now, or over time.  This story and the ramifications are still developing.  Please educate yourself and follow credible news sources.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Hide and Seek at 23andMe, DNA Relatives Consent, Opt-In, Opt-Out and Close Relatives

To say that the matching policies at 23andMe are confusing is an understatement. Of course, that would imply that we could figure out what those policies are, this week, exactly.  What I have been able to discern is that there is widespread confusion about the entire topic.  This is my attempt to figure out which end is up, and who can see whom, under what circumstances.  I feel like this is a high-tech game of Hide and Seek, a game customers should not have to be playing.

hide and seek

On October 17, 2014, I received this e-mail for one of the 23andMe accounts that I manage. I did not receive it for any of the other accounts that I manage at 23andMe.

When I clicked on the “can’t miss it” red block in the e-mail, it did absolutely nothing. However, by clicking on the “view as a web page” link, clicking on the “Confirm your DNA Relatives participation” took me to the 23andMe signon screen.

I signed in, but was not taken to the account in question. When I switched to that account, this is what I saw – in essence, a second warning.

hide and seek2

I was not allowed to proceed further until I clicked on yes or no.

Of course, this begs the question of why my other accounts weren’t asked the same question. With the exception of one, they are sharing in DNA Relatives too.

It also made me wonder about the sharing with Close Relatives option.

I decided to check the DNA Relatives Option information in the Privacy/Consent settings, but there was nothing further.  You can visit your consent options by clicking on the down arrow by your name, shown on the upper right hand corner of the screen shot below, and selecting “account settings.”

hide and seek3

So, what the heck happened to the close relatives option?

It seems that 23andMe discontinued the “close relatives” opt-in or opt-out, according to their June blog article, below.

hide and seek4hide and seek5

At this point, if you had not ‘opted out’ then it was assumed that you had in effect ‘opted in’ and all of your matches including your close relatives would be shown.

But then the VOX article was published in September and the proverbial stuff hit the fan.

The day of the expected default opt-in change, based on the June announcement (above), 23and Me posted a retraction of the June article, on their community forum, below.

Dear Community,

We made a change from what we promised and I want to apologize. We promised that the roughly 350,000 customers that had not consented to see Close Relatives in our DNA Relatives feature would be automatically opted in at the end of a 30 day notification period. I understand that that was extremely exciting for many of you to have so much data potentially come your way. It was unfortunately a mistake that we promised that.

I do not think it was ever the right call to promise that we would automatically opt-in those customers. Core to our philosophy is customer choice and empowerment through data. The Close Relatives features can potentially give a customer life changing information, like the existence of an unknown sibling or the knowledge that a relative is not biologically related to them. Customers need to make their own deliberate and informed decision if they want this information. It is 23andMe’s responsibility to make sure our customers have a choice and that they understand the potential implications.

The timing of the change is unfortunate and I apologize the announcement came late on a Friday night at the end of the 30 day period. The article in Vox made me and others look into the language in the consent form and that is when I learned about the proposed changes coming to the DNA Relatives community. As 23andMe has moved from being a start up to a bigger and more mature company, I am not involved in every decision. This is a decision that should have come to my attention but it did not. We will learn from that. 23andMe is hiring a Chief Privacy Officer and that too will help us avoid these types of mistakes in the future. We are also already planning to evolve the consent process to make it simpler and more clear for customers.

Going forward, we will continue to prompt the customers that have not made a choice about Close Relatives to make a choice. We understand how important that is to you. We will do a mix of emails to these customers and pop-up prompts at login to get customers to make a choice.

I apologize again for the disappointment and for not having clearly communicated the reason for reversing course. 23andMe continues to grow and pioneer the way we think about consumers exploring their DNA. While we continue to innovate we may also err along the way. We can only promise that we will always listen to and do right by you, our customer, and will never fear having to redirect our course when it is the right thing to do.

Sincerely, Anne Wojcicki

So, now it appears that unless someone has specifically ‘opted in’ to DNA Relatives as a whole, they are automatically ‘opted out,’ a 180 degree reversal.  Of course, if you were one of those 350,000 customers who received a notification about opting out, and did nothing, so that you could be opted in at the end of the 30 days referenced above, you would be thoroughly confused because you THINK you’re now opted in.

23andMe has a habit of posting information on their Forum which members must actively check, instead of sending e-mails to their customers or posting this kind of information on their blog that is sent by subscription. One of the forum followers was kind enough to point out this recent posting detailing changes that have occurred in October and the 23andMe policy moving forward.

hide and seek6hide and seek7It’s signed, Chistine on behalf of the 23andMe Product Team

I can find nothing on the current customer pages providing any information about these decisions or the match status of DNA Relatives/Close Relatives.

Furthermore, 23andMe is now asking some, but not everyone, who are opted in for DNA Relatives if they are sure. My account that was asked tested in 2010, so was not caught in the 2014 selection option confusion.

I feel that this methodology discourages many people from participation. It infers that there is something frightening that you ‘ought to be’ concerned about – especially if you are asked about the same topic several times.

In summary, here is, I think, what we know, as of October 16, 2014.

  • Everyone will have to make a specific choice to opt-in to DNA Relatives, one way or another, after testing.  If you don’t specifically opt-in, you are opted out.  Consent to test apparently doesn’t count as consent for DNA Relatives.
  • Clients prior to June 5, 2014 who were opted in to DNA Relatives but out of Close Relatives will be prompted to select an opt-in with close relatives included, or an opt-out entirely.
  • Clients prior to June 5, 2014, who did opt-in to participate in DNA Relatives, but did not have any selection to make about “Close Relatives” will be required to confirm that they want to continue in DNA Relatives before they can proceed to see their matches. This is apparently the e-mail that I received for one of my kits. It’s still a mystery why I never received it for the others who tested even earlier and clearly before the “Close Relatives” option existed.
  • Clients between June 5, 2014 and October 16, 2014 who were automatically opted in to DNA Relatives with close relatives included will also be prompted to confirm their participation in DNA Relatives and until they do confirm that option, they will not be visible nor able to view close relatives.
  • New customers will be prompted to opt-in or opt-out of DNA Relatives and opt-in will no longer be the default.
  • Participation in DNA Relatives will now include close relatives and that will not be a separate option.

I’m very glad to see that everyone who opts in to DNA Relatives includes close relatives. To do it any other way is not only confusing, it’s more than a little disingenuous, especially given that someone may not realize why their close matches aren’t showing.  I had more than one client have a panic attack when their family member wasn’t showing as a match, especially when they were expecting to see a parent or sibling.  In my opinion, having to enable the “close relatives” option caused huge problems and wholly unwarranted stress.  If it’s truly gone, never to return, I’m very glad and applaud 23andMe for that decision.

The bad news is that many of the 350,000 people referred to in the September community forum posting are still anonymous, and they many not even realize it. Many probably presumed, quite logically, that because they were taking a DNA test that included matches, that they would receive matches without having to do anything further.  Furthermore, they received the 30 day notification that they would be opted in if they did nothing, so they expected to be opted in.  But they aren’t.

Currently, at 23andMe, you have to jump through more hoops to obtain your genealogy results than you did (when they were providing health information) to obtain your health results.  I hope that the message provided to people who are making the “Opt In – Opt Out” decision can be worded a little more encouragingly and present both sides of the risk/reward coin.  I would hate for their entire response to be fear based due to the tone of the selection message and the fact that they have to answer this question repeatedly – like the dreaded Alzheimer’s health question – back when 23andMe was providing health results.

Here, let me give you an example vignette:

Hi, 23andMe, I’d like to test for genealogy matches.

Great, send me $99 and you’re on the way.

Spit…mail….waiting…waiting…

Good news, your results are back.  Do you want to opt into DNA Relatives?  You know you could find out information about your family that is upsetting to you?  It could change your family relations?

Really?  Hmmm…I think I want to see.  That’s why I tested.

Another e-mail:  Are you sure, really positive that you want to remain in DNA Relatives?  You know, you could find out really upsetting information.  You can see other close relatives and they can see you.

Geeze, I don’t know….maybe not…I’ll wait till I sign on next time to deal with this.

Signing on next time….

Do you want to opt-in to DNA Relatives?  You know, you could find out some really disturbing and upsetting things about your family?  It could change your relationship with your family members.

After repeating this warning several times, it begins to appear like 23andMe is discouraging your participation, not informing you of risks and rewards.  There is no upside mentioned, only repeated negatively framed warnings.  Given that genealogy/ancestry is the only reason for the consumer to purchase this product right now, this approach seems a bit counter-intuitive and overkill.  In the least, the warning should be given up front, during the purchase process, and then not constantly repeated.

However, given that 23andMe is still gathering your health information and utilizing it in their medical research, even if you opt-out or don’t opt-in to DNA Relatives, assuming you haven’t opted out of medical research as well, warning you up front would discourage a sale and would prevent them from collecting your genetic data.  In essence, 23andMe doesn’t care one bit whether you opt-in or opt-out of DNA Relatives, but they care a whole lot about your money and your participation in medical research.

The constant changes and hoopla are confusing people and frightening some. Others are becoming too discouraged by a lack of positive genealogical results to continue.

23andMe was first in the game with consumer autosomal testing, but their ever-changing policies have become and remain confusing. They have done nothing to clarify publicly, leaving everyone uncertain and a little reluctant.

23andMe entered the genealogy marketspace, but they seem to be focused on protecting people from genealogy matches. This seems almost like a conflict of interest, or may be better stated, a Kobayashi Maru, or no-win situation. It seems that the health testing aspect is causing 23andMe to adopt such restrictive procedures that it’s making the genealogy aspect of their product increasingly restrictive and difficult.  I’m sure this is reflective of their primary goal, which is medicine, and the fact that genealogists just happened to be interested in genetics as a tool was, for them, a happy accident that provided a source for test subjects.  Genealogy is not something 23andMe is primarily interested in.  I’m sure they aren’t making things difficult intentionally, but the net effect is far from encouraging.

I’m finding that their protections are barriers and the required steps are confusing for customers and self-defeating for genealogy, and they are, unfortunately, cumulative hurdles:

  • Having to specifically opt-in to DNA Relatives, even after consenting to test when purchasing the product which includes matching
  • Having to request to communicate with other participants
  • Having to request to “share DNA”
  • Having to confirm that yes, you really did want to ‘opt in’ to DNA Relatives
  • About a 10% communication request response rate
  • Most of the 10% of the people who do respond know little, if anything, about their genealogy, nor are they terribly interested
  • Having to utilize the 23andMe corporate message system instead of communicate with your matches via e-mail
  • Match limit at 1000 people unless you are communicating with more than that number. After 1000, matches fall off your list.
  • Their terrible trees. Yes, I realize they have recently partnered with My Heritage, but as Judy Russell says, we’ll see.
  • The misleading (health and ancestry) notation in a sharing request which frightens people as to why you want their health information, causing people to decline to share
  • Constant change about who you are/aren’t seeing as matches and why
  • Confusing and conflicting opt-in, opt-out information delivered on four different platforms; e-mail, on your personal page, their blog and their community forum.  In essence, this means that almost everyone except the most dedicated 23andMe follower misses at least part of the information.

23andMe is approaching the point where the pain level of participation is at the threshold of no longer being worthwhile except for extraordinary cases like adoptions where the participant is desperate for any possible crumb.

I thought more about this situation, and I believe that the underlying problem is a fundamental disconnect in the focus of the two groups.  23andMe’s corporate focus is and always has been health related research, compilation and manipulation of genomic “big data.”   Taking a look at their recent American Association of Human Genetics papers is a good yardstick of their corporate focus.  Not one paper mentions the genealogical aspect of their business, and even the paper that does indirectly help genealogists by reducing false positive identical-by-descent segments is presented from a medical perspective.  In essence, the genealogy community is a source for DNA for 23andMe.  They aren’t focused on genealogy or interested in serving this community.  That’s neither good nor bad…it’s just the way it is.

The genealogy community, on the other hand, is frustrated by the increasingly long list of confusing hurdles at 23andMe that people who test for genealogy must navigate before they can reap any of the potential benefits of matching for genealogical purposes.  Each successive hurdle reduces the number of people who complete the course and those who make it to the end are either the died in the wool genealogists who have tested elsewhere anyway or people with little or no knowledge of their genealogy.  Worst case, people who test at 23andMe for genealogy will leave with a bad taste in their mouth and never test again because, frankly, it’s neither easy nor fun.

We don’t know exactly how many people haven’t opted-in for DNA Relatives, but we can surmise some based on their publicly released information.  In the September retraction, 23andMe said that there were 350,000 who had not opted in, or out.  We don’t know how many have actively opted out.  In their ASHG abstract, they mention that 550,000 have consented for research.  That tells us that less than half of their clients are opted in for DNA Relatives, or about 200,000 (assuming no one opted out), or perhaps less now with the recent “are you sure” messages like I received.  Given that only 10% of the people who DO actively opt-in for DNA Relatives respond to inquiries, that’s a whole lot of people not clearing the hurdles for one reason or another.  Of their entire data base of 550,000, only about 20,000 people clear the hurdles and engage, or about 3.5%. That means that there are 530,000, or more if you include the unknown number of opt-outs, who don’t clear the hurdles.

I hope 23andMe gets their cumulative act together relative to genealogy customers. You’d think with genealogy customers being their only source of corporate revenue right now (except for government grants and venture capital), that they would be bending over backwards to make the genealogy related products and processes straightforward, accessible and easy to use.  Now would be a great time for some positive changes!

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

No (DNA) Bullying

No Bullying

There are hardly any hobbies that hold more passion than genealogy.  Once hooked by the bug, most people never retire and one of the things they worry about passing down to their family are their genealogy records – even if the family of today isn’t terribly interested.

So it’s easy to understand the degree of passion and enthusiasm, but sometimes this passion can kind of go astray and it crosses the line from something positive to something not nearly so nice.

Genetic genealogy is the latest tool in the genealogists’ arsenal, but it introduces some new challenges and unfortunately, with the increased number of people testing, we’re seeing some examples of what I consider bullying – for DNA, for identification and for information.

Bullying is unwelcome aggressive behavior that involves repeated threats, physical or electronic contact or a real or perceived imbalance of power.  Generally, the victim feels they can’t make it stop.  This has become especially prevalent in the cyber age.  And bullying is not just about kids.

I’m going to look at 3 types of situations.  It’s easy to see both perspectives, but bullying by any other name is still bullying, even though the bully probably doesn’t see it that way.  Guaranteed, the recipient does.

You’ve Got the DNA I Need

Let’s say that Aunt Gladys is the last person alive in a particular line who can provide DNA to represent that line.  But Aunt Gladys, for whatever reason, doesn’t want to test.  It’s fine to discuss this, to talk about her concerns, and perhaps you can find a solution to address them, like testing anonymously.

But let’s say that Aunt Gladys simply says “no,” end of story.  What then?

Yes, Aunt Gladys carries the information that you need, but it’s HER DNA that needs to be tested, and if she says no, then her decision should be respected, as difficult as it may be and as unreasonable as it may seem.  Maybe Aunt Gladys knows something you don’t – like she is adopted or some other secret that she does not wish to reveal.  Badgering Aunt Gladys from this point forward is going to do nothing other than cause hard feelings and make Aunt Gladys want to avoid you.

You may think you’re “just discussing” but from her perspective, you may be bullying.  Now, it’s OK to beg and cry once, but if you’re slipped into the realm of “if you don’t test, I’ll tell Uncle Harvey that you scratched his car back in 1953,” you’ve stepped over that line.

Won’t Answer E-Mails

I can’t tell you how often I hear this story.  “I match with person XYZ and they won’t share their information.”  Most of the time, they won’t answer e-mails.  And the question follows, of course, as to why they tested in the first place.

These tests have been around for a number of years now.  Many people have died or moved or the purpose of the test was fulfilled and they aren’t interested beyond that.  Think of your Aunt Gladys.  If you did convince her to test, it wouldn’t be for her, but for you and she certainly would not be interested in answering random e-mails.

There could be a number of reasons, depending on the testing company used, that someone might not answer.  In particular, many people test at 23andMe for health reasons.  It doesn’t matter to them if you’re a first cousin or any other relation, they simply aren’t interested or don’t have the answers for you.

It’s alright to send 2 or 3 e-mails to someone.  E-mails do get lost sometimes.  But beyond that, you’ve put yourself into the nuisance category.  But you can be even worse than a nuisance.

I know of one case where someone googled the e-mail of their contact, discovered the person was a doctor, and called them at the office.  That is over the line into cyber-stalking.  If they wanted to answer the e-mail, they would have.  If they don’t want to, their decision needs to be respected.

I Know You Know

This situation can get even uglier.  I’ve heard of two or three situations recently.  One was at Ancestry where someone had a DNA match and their trees matched as well.  At first the contact was cordial, but then it deteriorated into one person insisting that the other person had information they weren’t divulging and from there it deteriorated even further.

This is a hobby.  It’s supposed to be fun.  This is not 7th grade.

Adoptions

However, there are other situations much more volatile and potentially serious. In some cases, often in adoptions, people don’t want contact.  Sometimes it’s the parent and sometimes it’s the adoptee.  But those aren’t the only people involved.  There are sometimes half-siblings that are found or cousins.

For the adoptees and the parents, there are laws in each state that govern the release of their legal paperwork to protect both parties.  Either party can opt out at any time.

But for inadvertently discovered family connections, this isn’t true.  Think of the person who doesn’t know they are adopted, for example, who discovers a half-sibling and through that half sibling their biological mother.  Neither person may welcome or be prepared for this discovery or contact.

Imagine this at the dinner table with the family gathered, “Hey guess what, I got a half-sibling match today on my DNA.  I wonder if that’s some kind of mistake.  How could that be?”

So if you match someone as a half sibling or a cousin, and they don’t want to continue the conversation, be kind and respectful, and leave the door open to them if they change their mind in the future.  Pushing them can only be hurtful and nonproductive.

Dirty Old (and Formerly Young) Men

And then, there’s the case of the family pervert.  Every family seems to have one.  But it’s not always who you think it is.  By the very nature of being a pervert, they hide their actions – and they can be very, very good at it.  Practice makes perfect.

Let’s say that Jane likes genealogy, but she was molested as a child by Cousin Fred.  Some of the family knows about this, and some don’t believe it.  The family was split by this incident, but it was years in the past now.  Jane wants nothing to do with Fred’s side of the family.

(By the way, if you think this doesn’t happen, it does.  About 20% of woman have been raped, 30% of them by family members (incest), many more molested, and children often by relatives or close family friends.  15% of sexual assault victims are under the age of 12.  Many childhood cases are never prosecuted because the children are too young to testify.  Perverts and pedophiles don’t wear t-shirts announcing such or have a “P” tattooed on their forehead.  Often family members find it hard to believe and don’t, regardless of the evidence, casting the victimized child in the position of being a liar and “troublemaker.”  Need convincing?  Think of what Ariel Castro’s family said and how well he hid his dark side and the Boston bombers’ family comments about their innocence in the face of overwhelming evidence to the contrary.)

Jane’s an adult now and DNA tests.  She has a match and discovers that it’s on Fred’s side of the family.  Jane tells the person that she doesn’t want anything to do with that side of the family, has no genealogy information and wants no contact.  The match doesn’t believe Jane and then becomes insistent, then demanding, then accusatory, then threatening.

This is clearly over the line.  Jane said she didn’t want any continued contact.  That should have been the end of the discussion.

But let’s say this one gets worse.  Let’s say that because of this, Cousin Fred wakes up and decides that Jane is interesting again and begins to stalk Jane, and her children……

Does this make you shake in your shoes?  It should.  Criminals not only aren’t always playing with a full deck, but don’t play by any of the same rules as the rest of us.  Cousin Fred might just be very grateful for that information about Jane and view it as a wonderful “opportunity,” provided by his “supportive” family member who has now endangered both Jane and her children.

Who’s Yer Daddy?

In another recent situation, John discovered by DNA testing that he is not the biological child of his father.  He subsequently discovered that his mother was raped by another male, married to another close family member.  When John discovered that information, he promptly lost interest in genealogy altogether.

A year or so later, John matched someone closely who was insistent that he provide them with how he was related to them.  John knew, but he did not feel that it was any of their business and he certainly did not want to explain any of the situation to the perpetrator’s family member, who, by the way, had already mentioned what a good person the perpetrator was.  However, the person continued to harass and badger John until he changed his e-mail address.

I so wanted to ask these people, “What part of “NO” don’t you understand?”

Mama’s Baby, Daddy’s Maybe

In one final example, adoptees often make contact with their birth mother first, and then, if at all, with their birth father.  Sometimes the birth mothers are not cooperative with the (now adult) child about the identity of their father.  Often, this is horribly frustrating to the adoptee.  In at least one case, I know of a birth mother who would never tell, leaving the child an envelope when she died.  The child was just sure the father’s name was in the envelope, but it was not.  I can only imagine that level of disappointment.

Why would someone be so reticent to divulge this information?  The primary reasons seem to be that either the mother doesn’t know due to a variety of circumstances that can range from intoxication to rape, the woman never told the father that she had a baby and placed the child for adoption, the father was abusive and the mother was/is afraid of him/his family, the father was married, or the father was a relative, which means not only might the father still be alive, the mother may still have a relationship of some type with him.  The mother may have lied for years to protect herself, and in doing so, protected the father as well.

Clearly, this situation has a lot of potential to “shift” a lot of lives and not always in positive ways.  One woman didn’t want to make contact with her child other than one time because she had never told her husband of 30 years that she had a child before their marriage.  One woman made contact, but did not want to divulge that the child’s father was her older brother, still alive.  Victims often keep the secrets of their attackers out of misplaced shame and guilt.  Think Oprah here.  Mother may not be simply being stubborn, but acting like the victim she is and trying to preserve whatever shreds of dignity are left to her.  She may also be embarrassed by a lapse in judgment.  One adoptee realized when counting forward from her birth date that she was conceived right at New Years and when she realized that, she figured out that her mother, who drank heavily when she was younger, probably did not know who her father was, and didn’t want to admit that.

As frustrating as this is for the adoptee, the birth mother does have the right not to have her life turned upside down.  Badgering her will only result in losing the potential for a relationship from the current time forward.  Being respectful, understanding and gentle may open the door for future information.

R-E-S-P-E-C-T

I can hear Aretha now.

If you haven’t walked a mile in their moccasins, so to speak, you can’t possibly know the situation of the person on the other end of your request for DNA or information.  Don’t make the mistake of stepping over the line from excitement into bully behavior.

Think of the potential situations the person on the other end may be dealing with.  Ultimately, if they say no, then no it is and no should be enough without an explanation of why.  Generally bullying doesn’t work anyway, because someone who feels like you are threatening them or being too aggressive will clam right up and it will be that proverbial cold day in Hades before they tell you anything.  It’s important to keep communications from sounding like you’re demanding or entitled.  My mother always said “you’ll catch more flies with honey than with vinegar.”  I always found that very irritating, probably because I needed to hear it just then – but regardless – it’s true.

Keep in mind, genetic genealogy is about genealogy.  It’s a hobby.   It’s fun.  If it becomes otherwise and puts people at jeopardy, then we need to take a step back and take a deep breath.

Most people don’t mean to cross the line into bullying.  They just get excited and sometimes desperate.  Hopefully this discussion will help us all be more aware of where the polite line is in communicating with our family members and matches.

If you are the victim of information bullying, cyber-stalking or someone puts you in an uncomfortable situation, there are steps you can take to remedy the situation.  Most bullying sites are directed at adolescents, but the advice still applies.

If you know you don’t want contact initially, then make your accounts anonymous or don’t respond to requests.  If you realize that you don’t want contact after the initial contact, for whatever reason, say so.  After that, do not engage in communications with someone who is attempting to bully you.  If they threaten you or threaten to reveal information or your identity if you don’t give them information or do something, that action falls into the blackmail realm, which a crime.  Complying with a threat to protect yourself or your family generally only results in more of the same.  You are not dealing with a nice person.  At this point, you are way beyond genealogy and your own internal “danger” sign should be flashing bright neon red.

If disengaging does not take care of the problem, save all messages/contacts and contact your attorney who may advise you to contact the police or the FBI if the problem crosses state lines.  Depending on what state you/they live in and exactly what they have done, you may have a variety of options if they won’t stop, especially if they do something that does in fact manage to turn your life upside down and/or a crime is involved, like blackmail.  Of course, this is akin to closing the barn door after the cow leaves.  Hopefully, the person causing the problem is simply an over-zealous genealogist, means you no harm, realizes what they have done or are doing, and will get a grip and compose themselves long before this point.

Bullying of course is not because of DNA or unique to genetic genealogy, but the new products introduce new social situations that we have not previously had tools to discover nor the opportunity to address in quite the same way.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Email Hacking, Hijacking, Spamming and Internet Safety

Today’s blog is off-topic.  It’s not about DNA, but it’s about something every bit as pervasive and something every person who accesses the internet needs to be aware of and understand.  Today, we’re going to talk about how e-mail accounts get hacked and hijacked, what the difference is, how those spamy one link e-mails are sent, and both as a person whose e-mail has been compromised and as an e-mail receiver, what you can and should do to protect yourself. If you haven’t already been a victim on one end of this scheme or the other, you likely will be.  If you received one of these types of e-mails from me today, you know why I’m writing this article.

So I’m finally taking a few days off.  I’m at a retreat.  I wake up this morning to a gloriously beautiful spring day and lay there in bed thinking how lucky I am as the sun streams in the window.  I reach over to the bedside for my iPhone to see what kind of e-mails have come in overnight, and there is a series of e-mails with the word “Hacked” in their titles, addressed to me.  I can tell right there, it’s not going to be a good day.

Yes, the people in one of my address books were receiving those nasty one-line-link e-mails.  This one happened to be for Viagra.  Worse yet, some of them had clicked on the link, and then when they saw the topic, they realized the e-mail was not really from me, even though the e-mail “from” address was mine, and e-mailed me to tell me so – including my husband who happened to think the Viagra link was hilarious.  Good thing he has a sense of humor.  Let’s just say I was much less amused.

Hacking vs Hijacking

As it turns out my e-mail address had been hacked.  It had not been hijacked.  What is the difference you ask?  A lot.

A hack job means your password has been compromised and the villain (that’s what we’ll call the hacker) has actually signed on to your account, read any e-mails coming in, looked through your inbox, your saved folders, especially any banking type of folders or one that you’ve named, God forbid, “passwords.”  It also generally means that the villain may have also changed your password and then your security questions so now you don’t and can’t get access to your own account.

If you’re lucky, they only send those spamy e-mails.  If you’re not lucky, the villain then changes your password and sets about to use you and your account to defraud people.  The best example I can think of is the e-mail that almost everyone has received at one time or another that goes something like this:

“Dear Joe,  I write you with tears in my eyes.  I’m at a hotel in London (or fill in the blank any other city out of the country) and my billfold was stolen.  I have no id or any money to pay the bill and I cannot leave the country without paying the hotel bill.  Can you please advance me some funds and I will pay you back immediately upon returning home.”

Well, obviously, anyone who replies to “you” is really talking to the villain now, and anyone who DOES advance “you” money is giving it to the villain who lives someplace far from here and is not traceable nor accountable in the US – generally in Russia.  Now you would think that this scheme, being as old as mud, would fail miserably, but it doesn’t because there are still naïve people out there who want to help.

If this happens to you and your password has been changed, contact your e-mail provider immediately for assistance as that is the only way you can resolve this situation.  Time is of the essence here – so do not delay.

Here’s a link that further discusses this phenomenon and recent Yahoo e-mail compromises.

Ok, that’s hacking.

What Is E-mail Hijacking?

Hijacking is when the villain uses your e-mail address, but not your address book to send spammy or virus filled e-mails to random people who you don’t know and have never communicated with.  Basically, they use your e-mail address to “fill in the blank” of the “sending” address.  They do not have to gain access to your account to do this. It’s also known as “spoofing” for obvious reasons.

Often, the first symptom you’ll see of this is lots of bounced e-mails that you didn’t send.  Many times, these links contain viruses that take over computers, steal the address books from non-cloud-based e-mail systems and worse if the recipient clicks on them.  Sometimes, out of curiosity, you’ll click on them in the bounced e-mail too, to see what “you” sent.  Don’t do it, no matter how curious you are.

The good news is that with a hijacked e-mail address, the villain has not compromised your actual account.  If they have sent the spamy e-mails to your contacts, then your account has been compromised, hacked, but changing your e-mail password (and making sure they have not set up a second or alternate e-mail address under your account) generally takes care of it.

The bad news is that once hijackers have your e-mail address as fodder, there is virtually nothing you can do to stop this type of activity.  Frustrating?  Indeed.  At this point, it’s up to the recipients to be savvy enough to recognize this type of e-mail and to not click on the links, which spread the virus further.

As a recipient of one of these e-mails, one clue that indicates a hacked account versus a highjacked account is to look at the list of recipients.  If they are in alphabetical order, meaning that your e-mail address begins with r and you are in the middle of a group of r addresses, and you know the sender, it’s probably a hacked account and the spammer is going through the contact list but only sending to small numbers of recipients at a time so that they will not be caught in the service providers’ spam traps.  You need to notify the sender who account has been hacked.  If the message looks spammy, but you don’t know the sender and there is no list of recipients, then it’s probably a hijacked e-mail address.

This is much worse with cloud-based e-mail systems.

What Is The Cloud? 

A cloud-based system is any system that you sign on to the internet to use and you use online such as Yahoo, Gmail, etc.  In other words, not on your own PC.  Cloud based systems can be accessed by cell phone or other device that is not a computer.

By contrast, I have a combination of two types of systems.  When I’m at home, I use Microsoft Outlook on my desktop system.  Outlook downloads all of my e-mails from my internet e-mail provider, Yahoo, in this case, onto my desktop system.  This means that all of my customer contacts, thankfully, are only on my desktop system which runs behind a full commercial hardware and software firewall and has the latest and greatest anti-virus/malware software (Norton Internet Security) which is run daily with any updates.  Plus my system uploads all of Microsoft’s patches as well, daily, and installs them.  Microsoft patches known security holes.  Villains exploit these known holes, especially on systems not kept current.

However, when I travel, I can’t get to my home system, of course, so I use Yahoo’s cloud based service where I sign onto their system and read my e-mails online.  I can reply and such just like in Outlook.  For convenience, I’ve saved the e-mail addresses I use frequently in my online address book.  Those are the addresses that were compromised, and only those.

So I know the compromise was not from my system at home, which was turned off in my absence, but from the Yahoo cloud-based e-mail side of things, using my Yahoo address book.  If you don’t store any addresses in your address book, there is nothing for the villain to steal.  Now, they may still harvest your e-mail address to use in spamming others.  Here’s another link about the recent Yahoo attacks along with links from Yahoo about how to protect yourself and steps to take if you have been compromised.

Rich Pasco wrote a great article about both hacking and hijacking, also known as spoofing.

How Did This Happen?

Having spent years in the technology industry, I pretty much stick to the books.  I know the rules and abide by them.  However, no one is immune, and ultimately, this is like a common cold, it will happen to everyone.

My password was not common, no “real words” but was only 8 letters/numbers.  This is, by today’s standards, a mediocre password.  There are tools out there called password crackers that can run against your password until it’s cracked, and they are very effective.  The only way my password could have been obtained was either utilizing a password cracker, captured using some type of capture software from a public (like hotel) network, or via a Yahoo security breach.  It could not have been guessed.  Password crackers are free on the internet.  More sophisticated ones aren’t free, but for the villain, they are worth every penny.  Yahoo’s security issues are discussed in the links above.  And yes, I was staying at a hotel.

I had a hard time believing my account had been breached, but it had.  I signed on to view my recent logins, and sure enough, look at what happened at 1:19 this morning…from Russia.  I assure you, that’s not where I was visiting on my retreat.  Now since Yahoo knew enough to flag this activity, as you can see below, it would have been very nice if they had notified me.

Password hack

It’s important to regularly change passwords and to utilize strong passwords.  Check this link for further discussion about password strength and vulnerabilities along with how to protect yourself.

10 Ways To Protect Yourself

  1. Utilize strong  passwords – meaning ones that are not your pet, your address, etc.  Use nonsense words and numbers combined with capitals and non alpha  characters, like sdfg7531+?.  Pain in the butt?  Yes.  More painful than having your account compromised?  Nope.
  2. Never use the same password for multiple accounts.  If they can get into one, then you’ve given them a free ticket for all of your accounts.  Facebook, Twitter, your bank…what else?
  3. Don’t keep password or financial information in any e-mail folders.  Period.  No exceptions.  Preferably don’t keep any of that on your computer at all.
  4. Don’t store e-mail addresses in cloud based e-mail systems.  Pain in the butt?  Yes.  But hackers can only steal what is in your address book or otherwise available to them.  By and large, they aren’t going to go through your e-mails individually to obtain addresses.  They may, however, delete your entire address book and all of your e-mails, if they are feeling particularly malicious.
  5. Always keep both anti-virus and mal-ware software up to date on your system.  If you clicked on a link that wasn’t what you expected or took you someplace you didn’t plan, run the software immediately.
  6. Never, NEVER, ever click on a one-line link e-mail no matter who it comes from.  It if looks suspicious, reply to the e-mail and ask the person if they really sent it and what it’s about.  If you don’t click on it, the worse that will happen is that you’ll miss an e-mail.  If you do click on it, you may well infect yourself and others will horrible viruses that can wreak havoc you can only imagine – or maybe can’t even imagine.  Conversely, when you send e-mails to people, always put enough verbiage that they know it’s really you.  This habit helps people identify messages that might be bogus.
  7. Don’t use public computers to check e-mail.  Be exceedingly careful about using hotel or public wifi sites as well.  If you do, change your password afterwards.
  8. Be extremely vigilant.  If something seems wrong or “funny,” it probably is.
  9. Back your system up regularly.  If your system were to be destroyed, you could recover essential items.
  10. Change your password often.  Pain in the patoot?  Yep.  Better than the alternative?  If you’ve ever been on either end of being compromised, you’ll know that it is!

Ok, back to DNA in the next article, I promise!

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Hackers and Your Genetic Secrets

Did that title get your attention?  Well, it was meant to, just like it was meant to in this NBC article titled “Scientists Demonstrate How Hackers Could Unlock Your Genetic Secrets.”  Or how about this one in the New York Times, “Web Hunt for DNA Sequences Leaves Privacy Compromised?”  Sensationalism sells….and so does fear.  Don’t panic, the sky is not falling.

I’ve had several people forward me a variety of links to several articles about this expressing concern.  Most people didn’t really understand what was going on…and since “family tree databases” were mentioned in the first paragraph, it frightened them.

This article says that the “security cracking trick relies on the availability of genetic information linked to surnames in a variety of public family-tree databases.”  Well, that’s sort of true, but not exactly true.  The issue is not the family tree databases, it’s the fact that the researchers in The Thousand Genomes Project, while keeping the names of those 1000 people “anonymous,” provided enough information that these scientific researchers, not hackers, were able to data mine the 1000 Genomes participants information to determine their Y-DNA marker values, then compared those haplotypes (marker values) just like we do in databases such as Ysearch and Sorenson.  And yes, they likely had matches to several surnames, like most of us do.

Individuals in the 1000 Genomes Project signed a release indicating that they knew that their data was to be used publicly, although their identity would not be revealed but that researchers could not guarantee their privacy.  The 1000 Genomes Project, unfortunately, posted the ages of the participants, which at the time seemed innocuous enough, and it was common knowledge within the scientific community that they all lived in Utah.  With these three pieces of information, their age, their location, and from the scientists data mining, a possible surname, the scientists were then able, if the surname wasn’t something like Smith or Jones, to use publicly available Google and “white pages” types of searches to find people in that state, of that age, by that surname, and then using obituaries and such, connect them through online family trees to their more distant families.  They did this with Craig Venter, for example.

This technique is nothing new to genealogists, as we’ve been finding cousins that way for years – the difference being of course that we didn’t data mine, otherwise in this case more aptly referred to as “scientific hacking,” the 1000 Genomes Project in order to find their Y-line DNA markers to determine a possible surname for them.  That is the issue and the point of this article and ironically, it’s scientists who did it, then published the “how-to” manual.

Any genetic genealogist knows, especially anyone dealing with adoptees, that you can only reveal a biological surname about 30% of the time.  In fact the scientists success rate was lower, 12%.  But that’s actually irrelevant in the bigger context of the article.  Their point was that they succeeded at all.

This is sort of like putting personal information on the internet, except your name, and then being surprised that someone could connect the dots and put the pieces together.  No one would be surprised today if that were to happen.  In fact, I’m sure we all have received cautions and warnings about putting too much info on Facebook because burglars were robbing homes when people were vacationing.  Many people have their hometown, their high school and their birthday and year publicly available on Facebook.  Now how many “security questions” does that answer right there?  Combine that with your dog’s name and your mother’s maiden name and you’ve got almost all of the common ones.

Aside from the fear-mongering, I have three issues with these reports as a whole.

1.  Statements like “they traced those three family tree pedigrees to find other connections between relatives and sensitive genetic data.”  Whoa, stop right there.  Just because you share a surname or even if you are a direct and immediate relative, that says nothing, absolutely nothing, about whether or not you inherited some genetically disposed health issue.  Remember, children inherit half of their DNA from each parent.  So unless they are finding identical twins or parents, one cannot infer that an entire family tree of people share frightening health traits.  It’s irresponsible to suggest otherwise.

2.  “For years, experts have worried that sensitive genetic data could be used to discriminate against patients, potential employees or would-be insurance customers.  Such discrimination is illegal when it comes to employment or health insurance, but the law doesn’t’ cover life insurance, disability insurance or long-term care insurance.  Theoretically an insurer could search through genetic records and turn you down because you have a genetic predisposition to, say, Alzheimer’s disease.”

Discrimination is an issue, and laws have been put in place to prohibit discrimination in the workplace.  But insurers aren’t going to sift through genetic data like a private investigator.  Suggesting this is unnecessary fear-mongering.  Insurers don’t do that, they simply tell you that a blood test is a pre-requisite of obtaining insurance.  I know, I bought life insurance and they sent a nurse to my house to verify my identity and take a blood sample.  At that time, they were looking for diabetes, AIDs and probably a whole lot more.  Today, they might be looking for genetic pre-dispositions.  I don’t know, but I do know they have a direct method of obtaining that information and it’s not spending untold hours sifting through someone else’s data that likely isn’t relevant to you anyway.

3.  This “research” project was inspired at Whitehead Institute, an affiliate of MIT, a publicly funded institution.  When Yaniv Erlich dreamed up this new hacking technique, he said he couldn’t resist trying it, so instead of simply discovering a potential issue and privately and quietly working with the proper people to resolve the issue, he decided to exploit it publicly, obtaining, I suppose, his 15 minutes of fame.  So yes, your tax dollars did indeed likely pay for some or all of this “research.”

In one of the articles,  Dr. Jeffrey R. Botkin, associate vice president for research integrity at the University of Utah, which collected the genetic information of some research participants whose identities were breached, cautioned about overreacting. “Genetic data from hundreds of thousands of people have been freely available online,” he said, “yet there has not been a single report of someone being illicitly identified.”  He added that “it is hard to imagine what would motivate anyone to undertake this sort of privacy attack in the real world.” But he said he had serious concerns about publishing a formula to breach subjects’ privacy. By publishing, he said, the investigators “exacerbate the very risks they are concerned about.”

Well, it’s obvious that these folks at Whitehead institute don’t live in the real world and clearly don’t have enough real scientific research to do.

So, what is the take home of all of this?

  • You are not at risk of having anything exposed in this incident unless you are one of the 1000 people in the 1000 Genomes Project.  If you are part of the 1000 Genomes Project, and male, there is a 12% risk that they figured out your last name and using other tools, possibly who you are, along with your family.  If you are related to someone in the 1000 Genomes Project, the researchers might have figured out that you are related to them.  So now the risk is that they’ll do what with that information???  Guaranteed, someone will figure out the same information and much more quickly, without your DNA and without government funding if you simply stop paying your bills.
  • If you participate in a research project, such as the 1000 Genomes Project, where your full results are made publicly available, you sign a release, and that release indicates that your privacy may not be able to be protected.  You are aware of the risks before you begin.
  • We, as a community, have been warned for years not to put information that might be medically informative on the internet, such as full sequence mitochondrial DNA information.  Anyone who does so, does it at their own risk.  The people in the 1000 Genomes Project knowingly took that risk.
  • If you stay within the confines of the genealogy and DTC mainstream testing companies, you are fairly well protected.  Having said that, reading the consent forms of any of the companies makes it clear that your identity is never entirely protected.  We’re genealogists after all.  What good is genealogical testing if you can’t contact people you match?
  • Inferred health risks are not the issue they are being portrayed to be in these articles.  Your cousins health risks are not necessarily yours.  Genetic inheritance is a complex and individual event.
  • Insurers who can use health information to restrict or deny insurance are simply going to request a blood sample.  They are not going to act like a blood hound on the scent of a rabbit and sort through tons of information for inferences.  Why would they when they can obtain the information they seek, directly and much less expensively?
  • For those researchers involved with information made publicly available, such at the 1000 Genomes Project, this is a wake-up call that perhaps less information available publicly is better.  Some information, such as ages and location should perhaps be available only to legitimate researchers, which would still have included the Whitehead Institute people, but would have taken away much of their thunder.  I understand this change has already been implemented, but that doesn’t entirely mitigate the issue of genetic data mining publicly available full genomic sequence information for identity, only makes it a little more difficult and less likely to succeed.
  • I clearly understand why hackers want my bank account information, and why identity thieves want my personal information, but why, in the real world, not at Whitehead institute, would anyone ever spend the time and effort to do this?  The motivation for these researchers was clearly to publish, but I can think of no reason other than that or simply “because they could” to spend the time doing something like this.  Who would want to and for what purpose?
  • The sky is not falling

It’s behind a paywall, but you can access the scientific article here that started all of this hubbub.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

Security and Privacy

Did you really mean to say that you didn’t want to see your matches????  Have you accidentally done this?

At Family Tree DNA, you may notice that some of your matches, especially at the 12 marker or HVR1 levels, particularly if you have a lot of matches, may be marked “private” and greyed out, with no contact or other information. What does this mean and why would someone take a DNA test for genealogy, then mark their results as private?

Those are great questions and there are several answers. First, some people don’t realize that the selection they make in their “Account Settings” tab affects how their results are displayed, or not displayed, to their matches.  They also don’t realize that it can suppress those matches for them as well.

Security 1

You can see that for both Y-line and mitochondrial DNA, you can disable matches and e-mail notification. This means that you won’t receive match notifications for 12 marker matches, if you disable that level, nor will any of your information be shown to your matches. Furthermore, you won’t see those matches either. They will not appear on your match list.  In fact, you won’t have a match list for the level you disable.

Some people only test at 12 markers, for example, so if you disable 12 marker matches, be absolutely sure that you really don’t want to be notified if you match someone with the same surname at 12 markers that did not test at a higher level. If you disable these notifications and matches, this is what your matches will see:

security 2security 3

As you can see, your match will be able to see your surname only, how many mutations difference there is between you and them, no “most distant ancestor,” no haplogroup information and more importantly, no way to contact you. This is typically not what people mean to do, but this is the result.

In one case, a man was distraught because he had no matches, but had disabled matches at all levels of testing, so of course, none showed. He had matches, he just couldn’t see them and he didn’t notice the message that said he had disabled matching at that level. He thought that the only function he had disabled was the e-mail match messages, but that wasn’t the case. It’s all or nothing at each level.  You can’t disable the messages without disabling the matches too.

There are other security options you can select as well. Some, are found under “Personal Profile” settings, others under “Account Settings,” and finally, a beneficiary designation in case something should happen to you. This is the only person that Family Tree DNA will allow to access your account. Please take a little time to click through these options so that you personalize your experience in such a way that best fits your testing goals.

Aside from your matches and project displays, the only other people who can see your information are the volunteer group administrators of the groups you join. You can control, by your selections, how much they can view. There are several items they can view, but not change, such as your e-mail address, for example.  Group administrators have a set of guidelines that they must follow.

In the case of mitochondrial DNA, if you have tested at the full sequence level, the project administrators of haplogroup projects cannot see your full sequence level which is necessary to categorize your results into subgroups unless you specifically change your setting to allow them to view your mitochondrial full sequence results. This is found under “Account Settings” then “Results Display Settings.” Change the answer to yes for the appropriate projects.

security 4

The key, of course, to privacy and security is to have as much privacy as you wish, without actually hurting your chances of making genealogical connections, and contacts, which is, after all, the entire reason that you tested in the first place.

______________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research