The Security Risk Behind Popular DNA Ancestry Tests
When the unsolved case of the Golden State Killer was solved via a DNA sample, given by a relative to an ancestry and heritage site, it was cause for celebration. It wasn’t the first crime solved using DNA sent to a commercial organisation, and it’s likely it won’t be the last.
Though catching criminals can only be a good thing, these breakthroughs have left people wondering exactly what has happened to their DNA after entrusting it to a site like My Heritage or Ancestry.com.
You might not expect law enforcement in the USA to have access to your genetic data if you’re posting it off from the UK. Equally, you might not expect that your DNA data could be sold to pharmaceutical development companies, or worse, that it could be lost to criminals in an attack.
Genetic testing has really taken off in the last few years, and it’s estimated that the DNA testing market worldwide will be worth more than $10 billion by 2022. Though these ‘casual’ DNA tests can help us to find out more about our ancestry, it’s important to consider the security risk that comes with posting away genetic data that is completely unique to you.
You wouldn’t give away your credit card details or your email password, because this would obviously be a risk. With that in mind, should you post away your DNA?
Popular DNA ancestry tests
You don’t have to browse Groupon or other shopping deal sites for long before you come across offers on genetic testing.
Some of the most popular brands are AncestryDNA, which gives great insight into ethnicity through detailed geographic regional splitting, MyHeritage – a top budget option – and FamilyTreeDNA, which includes YDNA and mtDNA tests for those who are serious about genealogy.
There are also options like 23andMe, for general genetic health screening, and Living DNA which is popular for anyone with roots in the British Isles.
MyHeritage and FamilyTreeDNA are open about the fact that they’ll keep your DNA on file for 25 years, while the other three options mentioned keep it indefinitely.
Who has access to that DNA data?
Who your data might be shared with varies a bit depending on the particular company you choose, so read the small print.
23andMe recently announced a partnership with the pharmaceutical company GlaxoSmithKline, allowing them access to home DNA results for their new drug research. Ancestry are fairly open about the fact that they can and will use your DNA for their own tests and research, while another company, Invitae, state that your data can be shared with public databases, laboratories and universities.
Life insurance, long-term care insurance and disability insurance companies in the US are also legally permitted to access genetic testing data if they wish, which means they can charge people higher rates for their coverage based on the results.
While some services are keen to say that will anonymise data before selling it on, critics have been quick to call out these suggestions because of the impossibility of fully anonymising such unique and personal data. As well as the risk involved in sharing your DNA, it’s also wise to consider the implications should that DNA data be connected to your online accounts and activities.
DNA data breaches
In 2018, MyHeritage suffered a major data breach. 92 million users had their email addresses and passwords stolen, giving cause for concern about what hackers could access when furnished with such information in relation to a genetic DNA account.
For those who had left breadcrumbs connecting their device’s IP address to their MyHeritage account, biological information risked being connected with address and credit card details, to name a few.
There has been outrage in recent years about the ability of tech behemoths like Google and Facebook to harvest and sell user data. But at the same time, millions of people all over the world have been not only handing over their DNA to commercial businesses, but even paying them for the privilege.
Some ancestry sites give you the option to download your detailed genetic code, while others are more limited. Though the MyHeritage breach is the one that’s made headlines, users shouldn’t assume that no other attacks have happened or succeeded – only that they have been better managed and contained.
You may be able to change your email address and/or password in the event of an ordinary data breach, but there is little that can be done when your DNA data has been compromised but to wait and see where it shows up, or what ransom is requested for its safe disposal.
How to maintain your privacy
Privacy is important both on the internet and off it, and it’s crucial to consider the connections that can be made between a leak of your DNA data and the rest of your online identity.
To keep other information private, like your phone or laptop’s IP address and your contact and payment details, a smart move is to use a VPN when you’re sending or receiving information online.
These apps add encryption to your network and spoof your location, meaning your browsing activities and interests can’t be traced back to you or joined together from one site to the next.
While VPNs are a great privacy and security tool, they can’t protect you from a data leak if your DNA is stored by another organisation.
When you join up your DNA with your email address and bank details, it becomes almost irrelevant later that you did it using a spoof IP address and secure connection. That information is stored on a third-party site, and it’s their security and adherence to privacy best practices that you’re relying on.
The DNA testing industry may be hugely popular, but realistically, the best way to ensure your DNA data isn’t sold or stolen is not to send it away in the first place.
Even when better guidelines and regulations are brought in to protect DNA test users, there is still no guarantee that any company will stay hack-free – and there’s a lot at risk if something as irreplaceable as your DNA goes AWOL.
By Tony White, HumansAreFree.com
10 thoughts on “The Security Risk Behind Popular DNA Ancestry Tests”
Wolf Street – Brick & Mortar Meltdowns Ugly Week in Record-Ugly Year by Wolf Richter.
My comment is on Wolf Richters article bottom.
Russia delivers electronic warfare systems to Iran.
It won’t be long now …. mate !!
Israel is the size of a postage stamp / four times the size of Hiroshima …
Boom Baby Boom
It will be over in a flash or two & Israel will be wiped off the face of the earth.
Here is a good one
Aletho News – To Avoid US Big Tech’s Wiretapping Users Should Shift to Chinese Software & Devices – Cyber Expert.
I’ll ask my Corporate Hot Shot Fiberoptics Son Andrew – he’s coming tomorrow.
Having been transported by ambulance each time –
Exactly which morning was I in Emergency at The Royal Eye & Ear Hospital in Gisborne St
A week later I was in there again & there were no patients BUT ME.
Each time I was seen by young doctors
Or where they young trainee doctors without supervision ??
There does not seem to be any more senior doctors working at the Royal Eye & Ear Hospital on Gisborne St
I am not the only patient who has noticed that there are no senior doctors at the E&E Hospital Gisborne St.
Who is dealing with serious cases ??
Has surgery stopped altogether at the E&E Gisborne St altogether ??
This cannot be allowed to be the case.
What the FUCK is going on down there ??
Has everyone gone mad !!
If this is the case the hospital may as well be shut down completely.
And the last time I HAD to force the two female ambulance attendants to take me to the E&E Gisborne St
Literally FORCE them to take me.
Is this hospital not staffed & why ??
If, okay, if it is the case that the more senior doctors are refusing to work – OUT OF BUSINESS HOURS ,,, being 9am-4pm – And only 2 or 3 days per week
SACK THE LAZY CUNTS.
Australia has three to four times the medical professionals that we need.
There are THOUSANDS of other eye & ear doctors to choose from.
I am not interested in the Victorian government being loyal to familiar & well known medical layabout skanks bludging off the Hard Earned Taxpayer Dollar while the Victorian public go without medical services.
Thanks just the same.
1. My case worker was told that the Cardio Registrar at ST Vinnies was away on leave & therefore unavailable to her.
2. I rang an old friend on the 4th floor & in conversation, asked how HIS/Phil’s sore foot was doing & she replied that he was fine. “Oh, when did you see him last,” …”This morning,” she replied.
So much for being on leave – hey.
* But this is the better story –
I rang the mobile no: of a cardio-intensive disease nurse to organise contact with the view to beginning my programm for a bypass surgery.
First her answering machine tells me she only works from X to X hours & not at all on Friday ……. I may or may not hear from her in the next few weeks.
WHY DOES THIS ARROGANT & LAZY BITCH HAVE A JOB WHEN THERE ARE SO MANY UNEMPLOYED POTENTIALS WHO WOULD KILL FOR A JOB.
Is it that she blows nice dick at work ??
I will ring her twice every day for the next week & put that question to her in message form.
How could I forget this one –
What is wrong with me – hey !!
The pacemaker that was implanted into the TOP of my LEFT BREAST
Instead of UNDER my collar bone.
It has told to me by – now – three medical professionals
THAT I HAVE BEEN SEXUALLY MUTILATED
Yes – that\’s right folks the clever surgeon who popped it into my body is said to have performed a SEXUAL MUTILATION on me.
I wondered why he vanished so IMMEDIATELY after the surgery …
Why it was to gratify his mastry with masterbation of course.
He went out to have a nice wank.
* we have watched the TV shows & know the MO – right !!
His colleagues referred to him as LAUGHING FAT BOY in his absence / but he has a real name & it\’s on my Pacemaker ID Card.
I shall look forward in seeking him out to congratulate his handy work .
I\’m going to be so busy .. my, my.
2 more things –
Chlorsig eye drops & ointment:
I was on several eye drops & at the care facility so I could not do an elimination.
I was SERIOUSLY HALLUCINATING = visually only – but it was slowly becoming emotionally = you lose sense of reality & get lost in the fake images.
The junior Dr. at the E&E Hospital Gisborne St said eye drops cannot & do not efect any other part of the body….. SHE NEEDS TO BE ON THE DOLE YESTERDAY.
She suggested I ask my GP to refer me to a neurologist.
I did elimination these last two weeks.
It is the Chlorsig eye drops & ointments.
It takes up to three week to set in & 2 weeks to get rid of.
It is also recommended for CHILDREN …. DANGER WARNING HERE.
In his love affair with TRANSURBAN – Daniel Andrews is spending fast & loose on road works –
WHERE IS ALL THIS MONEY COMING FROM ??
TOLL ROADS DO NOT EVER MAKE A PROFIT.
Where is the money coming from to repay these massive loans.
They are telling us that the borrowed monies are interest free.
THIS IS HORSE SHIT.
Much of the real estate in & around the city CBD is state owned as I stated before –
AND DON’T YOU BET THAT THE LOANSHARKES WHO ARE LENDING TO DANIEL ANDREWS KNOW THIS ONLY TOO WELL.
LOVE YOU GUYS MUCH xxx
Keep Talking Greece –
NEW DEMOCRACY ABOLISH BASIC RIGHTS FOR LABORERS PROTECTION.
for the grubby skank one size fits all.