• alsetmusic 8 months ago

    This sort of thing was only a matter of time. The clock is also ticking on 23andMe going bankrupt and selling their assets (your PII) to stay afloat.

    https://hoodline.com/2024/11/23andme-in-turmoil-stock-plunge...

    • akira2501 8 months ago

      > This sort of thing was only a matter of time.

      In the current single vendor model. An intermediary could accept the samples, blind identities, then provide a "one time" mechanism for retrieving results.

      Bill Burr's take was pretty good. "What.. I'm going to spit in a tube and mail it into the internet?"

      • JumpCrisscross 8 months ago

        You can download your data from 23andMe and request deletion, FYI.

        • fyver 8 months ago

          and hope they're really deleted and not just marked as deleted.

          • st-keller 8 months ago

            Sad state of affairs - this is so messed up. No trust anywhere! I’m senior Software Architect in Germany and some years ago we built an app that handles highly confidential tax-related data. And we did everything to stick to the highest standards: Strong encryption, distribution of keys and data into different datacenter operated by different companies, protocols of deletion of data, implementing every aspect of DSGVO, including Art.35 - „creation of a DSFA (Assessment Of Consequences of Data Privacy Measures)“ more than 100 pages thick. Guess what: When I tell customers that we cannot read and really delete their data - they straight up accuse me of lying!

            • AtlasBarfed 8 months ago

              Consider these statements:

              - state level actors can basically break into any computer system given enough time

              - corporate databases have a gigantic amount of information on everyon

              - states want all of that data

              I hope the conclusion is as straightforward as it seems to me.

              OK, not exactly what you are responding about Let's talk about corporate IT systems, let's get into "deleted". Is it:

              - deleted from backups? Almost universally this answer will be no.

              - deleted from each and every database and system in your presumably huge corporation, which may involve literally thousands of IT systems? I'd guess no.

              - is it deleted by moving the data to a separate "deleted data" table or database, thus sequestering the data from the "active data" rather than deleting it, just in case you want to "undo"?

              - is it deleted from all system logs?

              - is it deleted from all records systems that may have minimum retention periods legally or by policy?

              - what about data warehouses or data lakes that repackage/mirror data?

              • ashildr 8 months ago

                That’s an interesting point to add to the feature list of a future product: “Proof” of deletion that is plausible to laypeople. Of course one has to delete according to the law, too, but that plausible proof may get rid of a lot of support calls escalating to your level.

                • csomar 8 months ago

                  > When I tell customers that we cannot read and really delete their data - they straight up accuse me of lying!

                  I'd accuse you too. If you can't read their data, then the data doesn't exist? Also, if you can't read read their data, how are the customers seeing it on their dashboard?

                  • st-keller 7 months ago

                    I try to explain it shortly: The encrypted data is in a different datacenter than the keys needed to decrypt the data. The services we implemented to bring both together run in an secured environment that has no services implemented to access the servers and where physical access is restricted. Errors and monitoring data gets out, PII does not. Everything is documented and was inspected and certified by a 3rd party. If a customer requests to delete his data we instantly delete the key, a litte later we delete the (already useless) data and all backups will lose this information about a month later too.

                    And of course we did that not because we are nice people (though we belive we are). We did it, because we had the hypothesis that a reputation to handle the user-data with proofable utmost respect to security and privacy would be more valuable than having access to this data.

                    People not believing us or accusing us of lying obviously defy that hypothesis.

                    • cyberpunk 8 months ago

                      Row level encryption, yes it’s possible to break the glass but it’s code changes and that sort of thing is noticed by the org and would be reported on.

                      In the automotive space we are leaning heavily on confidential computing primitives to make it actually impossible, for example keys generated entirely inside enclaves and only attested software can run on those etc etc.

                      • ivan_gammel 8 months ago

                        Client-side encryption?

                  • AtlasBarfed 8 months ago

                    The key word in that sentence:

                    "request"

                • neuronexmachina 8 months ago

                  For reference, the company is Atlas Biomed. I remember seeing their product show up all the time on Amazon (they have a box design that looks kind of like a multicolored QR code).

                  • brikym 8 months ago

                    Yes I'm sure the valuable data has been safely deleted and definitely not sold to data brokers, insurance companies or government agencies.

                    • pvaldes 8 months ago

                      If is a Russian company is no mystery what happened. Sanctions hit the company, closing it.

                      • ginkgotree 8 months ago

                        Saw this coming years ago. 23andme is next.

                        • yeetusus 8 months ago

                          tfw all your immediate relatives did the test even after you explicitly told them not to

                          • waste_monk 8 months ago

                            That's why I swallow a pinch of cobalt-60 every day, to make sure my DNA is unrecognizable to adversaries.

                            • kylehotchkiss 8 months ago

                              What an interesting thing to microdose. How’s your productivity on it?

                              • ashoeafoot 8 months ago

                                No insurance on you and your family

                                • bossyTeacher 8 months ago

                                  isn't cobalt-60 radioactive?

                                  • financetechbro 8 months ago

                                    I believe that is the point

                                • brikym 8 months ago

                                  [flagged]

                                • analog31 8 months ago

                                  ... and from what I can tell, most people just wanted to know their nationality.

                                  • 0_____0 8 months ago

                                    I found out my nationality by looking at the front of my passport.

                                    • csomar 8 months ago

                                      I think he meant ethnicity.

                                      • bossyTeacher 8 months ago

                                        Did he? People change ethnicity over time so the ethnicity of your ancestors isn't necessarily the same as yours. I am always curious as to what people being by ethnicity. Maybe ethnic ancestry would be a better way of putting it as that's what those tests would get you a glimpse of

                                        • analog31 8 months ago

                                          Actually I wasn't thinking much about the distinction. People seem to want some kind of assurance about their identity. Also why they take personality tests.

                                          People get DNA tests for their dogs.

                                        • ginkgotree 8 months ago

                                          This also works.

                                        • ginkgotree 8 months ago

                                          yep. I found this by simply visiting my local municipalities and easily dug up 3 generations of ancestors and immigration records. It was fun, I learned far more, and cost me $0.

                                          • wbl 8 months ago

                                            I imagine the Germans didn't leave them in a mass grave and burn the entire village down in 1943. That's the reality for a whole bunch of people and the International Tracing Service only did so much.

                                          • Buttons840 8 months ago

                                            With ancestry and similar sites you can probably learn your origin down to the street address of your great great great grandparents.

                                            • smt88 8 months ago

                                              My ex has a doctorate in genetics (specifically studying evolution through genetic data) and described such tests as "genetic astrology" because of limitations in the data.

                                              • bossyTeacher 8 months ago

                                                That is what I always suspected as the lack of genetic data is an obvious issue.

                                                • dekhn 8 months ago

                                                  No, identity by descent works extremely well.

                                                  • smt88 8 months ago

                                                    No it doesn't. We don't have DNA from 100 or even 50 years ago. These genetic tests are essentially geographical.

                                                    For example, there are tens of millions of people in Africa and Latin America who unknowingly have mixed ancestry and will be labeled in the data set as being "from X country."

                                                    That will mean the dataset thinks European genes might indicate Latin American descent or vice versa.

                                                    • dekhn 8 months ago

                                                      They aren't truly geographical- they're based on population structure in the genome. This is a pretty well-studied area of science that has been established for some time now; are you coming from a "I am a scientist who works with the data and understand the issues well", or a "I don't like 23&Me, so I'm complaining", or something else? I don't want to get in arguments with folks who aren't knowledgeable about population genetics. Above you said "ex has a doctorate in genetics".

                                                      • smt88 8 months ago

                                                        > They aren't truly geographical- they're based on population structure in the genome.

                                                        Determining whether people are genetically similar is indeed well-studied. The problem is saying with certainty that you know where their ancestors lived.

                                                        There are a few ways the results end up being inaccurate, and they apply to all the companies.

                                                        The first and most important is that the data is from where people live now or in the very recent past (as I alluded earlier). That means they can only tell you how closely-related you are to people in a certain geographic area, whether those people have been there for 100 years or 1,000 years.

                                                        The second is that the data sets are filled with mostly European data, so anyone with even a bit of non-European ancestry is going to have less-accurate results[1] presented to them with a misleading degree of confidence.

                                                        The third is that there isn't an objectively "correct" algorithm for determining if someone is from one place or another. Every company has their own, which is why people get (sometimes wildly) different results from different companies.[2][3]

                                                        And the fourth is that the data collection doesn't seem to be especially accurate, perhaps related to the quantity or variety of SNPs that the testing company collects data about.

                                                        > Above you said "ex has a doctorate in genetics".

                                                        Correct. And the same way I take climate scientists' word for it that climate change is happening, instead of getting 10 degrees in different fields and gathering data myself, I understood her explanation and trust her expertise. Being a science consumer is always about trusting other people who have done the research, not about learning it all yourself and gathering your own data.

                                                        If you can find someone with a doctorate in genetics who has no affiliation with testing companies and believes these tests accurately tell someone where their ancestors were from, I'd be happy to consider the counterpoint. I have never seen such a thing in my research.

                                                        Regardless, all of the commercial operations have given twins differing results, so we can be fairly certain that any accurate way of determining genealogy from DNA has not been commercialized.

                                                        These tests, however, are good for finding relatives or determining how closely-related two people are.

                                                        1. https://www.nih.gov/news-events/previous-genetic-association...

                                                        2. https://www.livescience.com/63997-dna-ancestry-test-results-...

                                                        3. https://www.vox.com/science-and-health/2019/1/28/18194560/an...

                                                        • dekhn 8 months ago

                                                          My doctorate is in biophysics with deep experience in genomics. I've attended talks from the world's leading experts (as well as scientists/researchers/engineers) who work in this field, and read papers. From my inspection of the data, identity by descent does exactly what the researchers say, with a level of accuracy that is consistent with our current understanding of population structure and its changes in the past.

                                                          BTW, the main reason african genomic inference is so complicated is not the lack of genomic data, but rather that africa itself has far higher genetic diversity than any other continent, due to populations (whose genomes we can infer!) moving and interbreeding for a long time before humans left africa and spread out to the rest of the world.

                                                          (Article #1 is correct, there are definitely populations for which our current models are inaccurate due to bias and underlying complexity. I am not disagreeing with any of that).

                                                          (Article #2, where an individual compared the results, shows that the results are nearly identical, and well within the expected accuracy of the tests)

                                                          (Article #3 isn't interesting- yes, 23&Me and other companies have marketed truly terrible ideas. That doesn't mean IBD is scientifically invalid. The article also strawmans many of the realities underlying the nature of the tests and their relationship to disease prediction, or any other phenotype of interest).

                                                          • smt88 8 months ago

                                                            We seem to be talking past each other.

                                                            You're saying it's possible to accurately determine how closely related individuals (and even groups) are.

                                                            I agree.

                                                            But you can't determine where those individuals' ancestors lived at any given time unless you also have historical data. Land does not imprint upon DNA.

                                                            So these companies can tell me that I have many distant cousins in, say, Brazil and Portugal, and we can make an inference that I'm of Portuguese descent. But clear-cut situations like that are extremely rare unless good genealogy records are kept as well and can be combined with genetic testing.

                                                            • dekhn 8 months ago

                                                              Land definitely imprints on DNA (in genomic time intervals). I don't think people using IBD are claiming they can explain the fine structure of population movements. I didn't claim it, it seems unique to your contributions to this thread.

                                                      • optionalsquid 8 months ago

                                                        But we do have "DNA from 100 or even 50 years ago". In fact, we have DNA from much, much longer ago. Ancient DNA as a field is heavily invested in exploring past human populations, so there quite a lot of data available at this point

                                                        • bossyTeacher 8 months ago

                                                          But we probably don't have DNA from 100 years ago from most of the human population though. And that's the problem with these tests. You kinda need that if you are offering a commercial product to everyone

                                                        • InitialLastName 8 months ago

                                                          I think their point with "Ancestry by descent" is that tracing your ancestry through birth/death records is pretty reliable (relative to your noted imprecision with genetic testing).

                                                          • trogdor 8 months ago

                                                            Not always. For example, my birth certificate has my father’s name on it. I am in my 30’s, and it was only a few months ago that I learned that I was conceived via IVF, and that my biological father was a sperm donor.

                                                            In my case, my mother told me. But I could have also learned that from a DNA test. (Which I have since taken. As a result, I now know the identity of my biological father.)

                                                            It is not uncommon for DNA tests to reveal misattributed parentage — something you could almost-never learn from records-based genealogical research.

                                                            • InitialLastName 8 months ago

                                                              Which bit of ancestry means more to who you are?

                                                              • trogdor 8 months ago

                                                                The family that raised me surely had more of an impact on my identity, but both parts of my ancestry are independently significant to me.

                                                                My point, though, was that using birth and death records to trace your ancestry is not always reliable.

                                                    • cgarrigue 8 months ago

                                                      In some countries the archives can be browsed online so no need for such sites in this case.

                                                      But those services can still be useful to find an unknown branch of relatives when the ancestor who had emigrated in a different country didn't let any info regarding their previous life.

                                                • ivan_gammel 8 months ago

                                                  Looks still alive, probably just closed their UK branch.

                                                  https://atlas.ru/about

                                                  They are subject to FZ 152, Russian equivalent of GDPR, as well as DNA-specific regulations which AFAIR are more strict. Not sure though if they care about foreign users.

                                                  • gnabgib 8 months ago
                                                    • dang 8 months ago

                                                      (It's best to only link to these if there are interesting comments there. That's the convention on HN, and we get complaints when people click on the link and there's no there there.)

                                                      (But links to where there are interesting comments are super valuable, so please don't stop with those!)