1. It asks you to optionally sign up for a bunch of other services like Spokeo
2. It asks for access to your email via Apple's Mail app which I don't use
3. I got a lot of 404s anyway
4. Many sites require manual intervention to work
Nice idea, but it needs a LOT of TLC to make it generally useful. I suspect that having a non-numeric "zip" code and a non-US address might be breaking a lot of the automation.
Mail isn't documented as a requirement, but the first item in the Requirements section is "macOS (uses launchd for scheduling and Messages for iMessage)".
Back in 2011 or so the Yellow Pages still delivered physical phone books to ever address in the state where we were. My city literally sent out an extra off cycle recycling truck the next day to pick them all up. Everyone threw them out.
Well my coworkers and I realized that the opt out form just needed an address. We contemplated pulling all known addresses for the entire country and automating submitting them all over several months to opt everyone out. I don’t think it ever materialized but we had a good chuckle about the emergency meeting the Yellow Pages web devs would have had and at what percentage of opt outs.
Around the same time frame, my brother rented some rooms in his house to people who had the occupation of actually delivering those phone books. (This was in a different country, but apparently the Yellow Pages existed everywhere.)
The delivery-people got overwhelmed and eventually just resorted to putting the stacks and stacks of phone books into piles and burning them. It took a long time until they got caught because nobody really misses a phone book.
Similarly I remember being at Australia Post discussing data privacy for a project and I couldn't help but make the wisecrack remark "don't y'all routinely distribute millions of individual's personal data every year and just leave the information lying about on people's doorstops for anyone to access?"
A few of these services ask you to go find your record among their lists first, so you can confirm which record you want removed using the URL of the record. So either it has to guess on that, or simply isn't doing it.
I think my browsing habits may have changed, as I rarely see captchas. However, just the other day, my son was frustrated by one that he said had taken him fifteen or more tries, and he still hadn't succeeded.
Its only Google's ReCaptcha that sucks, with its eternal gaslighting.
"Select stairs": okay, does that mean the railing too? And probably some percentage of people clicked rails, so now I have meta it and guess if that percentage is enough to throw off my guess.
"Select motorbike": okay, but you're showing me a bicycle. I'll click "skip". FAIL. TRY AGAIN. Sighs.. okay, I guess the average person is so dim-witted they will misidentify a bicycle for a motorbike.
Has anyone had any luck deleting themselves from the data brokers who sell cell data to political texters and/or survey companies? Those are the ones I really want to opt out of
Creating a Windows service is a bit harder (as Windows actually uses a real API for services rather than just relying on process spawning and scripting around that), but with task scheduler you can schedule tasks to run once a month in all kinds of ways.
The state tracking and manual fallback are the most interesting parts to me. For a tool like this, I’d really want a dry-run/audit mode that shows which fields would be submitted to which broker before anything is sent. The awkward threat model is that the tool reduces exposure, but a broken selector could also leak personal data to the wrong place.
Good point, could be a solid benchmark. Sites are adversarially built to resist automation and success is verifiable later when records actually disappear, so harder to game than WebArena.
I got tired of spammers having my information, so I built a tool that submits an up-to-date copy of my information to over 500 websites. Surely this will help.
Jokes aside, I unironically suspect the purpose of many opt-out forms is merely to record the up-to-date information.
Agreed. Any time I click an “Unsubscribe” link in an email, that takes me to a site where I have to provide my email or indeed, do anything more than click “confirm,” I leave. I assume it either resets some kind of consent trigger or sells my data to a new third-party vendor. The assumption of bad faith is now baked into my interaction with almost every corporate entity.
Sometimes the people who set up the email service just forget or don't bother to add the receivers email to the URL parameter when you click unsubscribe, so it'll ask for your email again which is always an annoying step.
I refuse to believe that “someone just forgot” to implement a user-friendly feature whose omission coincidentally benefits their company. It is not a coincidence, and it was not done unintentionally. The same way that it is not a coincidence that the “unsubscribe” link is always in six-point font the same color as the rest of the email footer. Code does not happen in a vacuum. Code does not get pushed to production without vetting and approval. As I say, the assumption of bad faith is baked in.
There are plenty of dark patterns in digital marketing, and you're generally right about the thinking.
But there is a (somewhat plausible) defense here: if someone forwards you an email and you hit the unsubscribe link, then it unsubscribes them; not you. Requiring the user to enter their email helps ensure you don't accidentally unsubscribe the wrong person.
That said — the most impactful thing anyone can do to punish dark pattern digital marketing behavior is to report the message as SPAM in your email client. That'll hurt their delivery rates and damage their sending reputation with email providers.
I think they’re doing it because of your exact behavior: one-click unsubscribe links are easy to do even if you’re on mobile and aren’t giving the process your full attention. Making you enter your email is a barrier.
They already know your email, I don’t see why getting it again would sell it to a new vendor. Clicking an unsubscribe link already verifies you are a real person.
Very true, the act of unsubscribing itself signifies that the email is still live; more bad faith. As to why not sell it to a new vendor, because that would allow them to check a box that says “we offer a feature that allows users to opt out of data sharing agreement with the partners defined in the TOS and onboarding process.”
Why not just comment out the macNotify() calls in watcher.js and then run it periodically? There are also a few calls to send iMessages that you should remove.
There are times where I immediately guess it, the recent mitchell post of AI psychosis was something that I recognized (which is now at 2k upvotes)
But there are other times where I am wrong too and I even comment on threads with less upvotes because the topic is so interesting yet my comment just ends up being isolated.
It's really more like a 50/50.
Even the one post of mine which had reached the front page of Hackernews was something that I absolutely knew could reach front page but then there weren't much responses for a few days but then after a few days, I saw that it was re-uploaded (I think that Hn selects a few submissions which are interesting, I forgot how that mechanism worked) and then I reached the front page of Hackernews ;)
Either way, I think people should just make what they feel is interesting but I remember reading some article once which said a few things which this article follows:
1. I built XYZ... gets more frontpage than we built XYZ...
2. having (Open source) in the title increases the chances too
This article has both of them so its definitely interesting to see it on front page, either way its an really interesting project :-D
The mention of states is because (besides the author likely being located in the States) many of the opt out forms are US only and filter on US state. You could probably just use an uncommon state or territory like Guam and try it, it would still submit opt outs for matching records on sites that are international. For example https://www.familytreenow.com/optout is listed in the broker list, and that seems to work for international profiles.
I got tired spam calls and text, so I built a script that automates the opt-out process across 500+ data brokers on a monthly schedule.
Where I need help:
The heuristic approach misses a lot. Many of the generic sites have unique flows the four generic strategies don't catch. I'm looking for people who want to:
- Verify which generic sites are actually succeeding vs. silently failing
- Add explicit broker definitions for high-value sites that are currently on the generic path
- Test on non-macOS (launchd scheduling is macOS-only; cron fallback would help Linux/Windows users)
- Handle email verification flows (script submits the form but can't click confirmation links in your inbox)
Repo: https://github.com/stephenlthorn/auto-identity-remove
No personal data in the repo — setup script prompts for your info locally and keeps it gitignored.
Does this current approach succeed for many sites? I see that this repo was clearly vibe coded or at least heavily used AI to write it. That can be fine, it just makes it more difficult to follow how much was done already and how much is left to get this properly working. As for email verification, a stopgap solution could be to just tell me to click confirm on the emails and which senders to look out for. Properly reading the actual inbox on record across providers could be difficult, it requires an actual email client. Also, forgive me if I'm off base on this one, but your comment appears to be AI generated. If so, that violates site guidelines.
> Don't post generated comments or AI-edited comments. HN is for conversation between humans.
Assumption that people use Apple services by default is wild
Well my coworkers and I realized that the opt out form just needed an address. We contemplated pulling all known addresses for the entire country and automating submitting them all over several months to opt everyone out. I don’t think it ever materialized but we had a good chuckle about the emergency meeting the Yellow Pages web devs would have had and at what percentage of opt outs.
The delivery-people got overwhelmed and eventually just resorted to putting the stacks and stacks of phone books into piles and burning them. It took a long time until they got caught because nobody really misses a phone book.
i think we got a season pass to 6 flags out of it, but i'm not positive
A few of these services ask you to go find your record among their lists first, so you can confirm which record you want removed using the URL of the record. So either it has to guess on that, or simply isn't doing it.
Right, so my suspicion was correct: I'm the only one being inconvenienced by the same old captchas.
The reCAPTCHA v3 Enterprise version and MtCaptcha cost a whopping 3x as much ($3 per 1000 solves). Seems like they're the best CAPTCHAs to go for.
"Select stairs": okay, does that mean the railing too? And probably some percentage of people clicked rails, so now I have meta it and guess if that percentage is enough to throw off my guess.
"Select motorbike": okay, but you're showing me a bicycle. I'll click "skip". FAIL. TRY AGAIN. Sighs.. okay, I guess the average person is so dim-witted they will misidentify a bicycle for a motorbike.
Supporting Systemd should be easy. Not sure what windows uses.
Would interesting to see the success rate for Claude Cowork or Codex’s equivalent feature.
Does this work for anyone outside the US as well? e.g. Will it work for an Australian?
Jokes aside, I unironically suspect the purpose of many opt-out forms is merely to record the up-to-date information.
I’m not in the business of fixing their mistakes for free.
I will click the unsubscribe link and that’s it.
But there is a (somewhat plausible) defense here: if someone forwards you an email and you hit the unsubscribe link, then it unsubscribes them; not you. Requiring the user to enter their email helps ensure you don't accidentally unsubscribe the wrong person.
That said — the most impactful thing anyone can do to punish dark pattern digital marketing behavior is to report the message as SPAM in your email client. That'll hurt their delivery rates and damage their sending reputation with email providers.
They already know your email, I don’t see why getting it again would sell it to a new vendor. Clicking an unsubscribe link already verifies you are a real person.
How many require you to make an account or confirm your email address/phone?
But there are other times where I am wrong too and I even comment on threads with less upvotes because the topic is so interesting yet my comment just ends up being isolated.
It's really more like a 50/50.
Even the one post of mine which had reached the front page of Hackernews was something that I absolutely knew could reach front page but then there weren't much responses for a few days but then after a few days, I saw that it was re-uploaded (I think that Hn selects a few submissions which are interesting, I forgot how that mechanism worked) and then I reached the front page of Hackernews ;)
Either way, I think people should just make what they feel is interesting but I remember reading some article once which said a few things which this article follows:
1. I built XYZ... gets more frontpage than we built XYZ...
2. having (Open source) in the title increases the chances too
This article has both of them so its definitely interesting to see it on front page, either way its an really interesting project :-D
> Searches each data broker site for your name + state
Is this US only or would it also work for international profiles (and if so what would be the "state" equivalent)?
Where I need help: The heuristic approach misses a lot. Many of the generic sites have unique flows the four generic strategies don't catch. I'm looking for people who want to:
- Verify which generic sites are actually succeeding vs. silently failing - Add explicit broker definitions for high-value sites that are currently on the generic path - Test on non-macOS (launchd scheduling is macOS-only; cron fallback would help Linux/Windows users) - Handle email verification flows (script submits the form but can't click confirmation links in your inbox) Repo: https://github.com/stephenlthorn/auto-identity-remove No personal data in the repo — setup script prompts for your info locally and keeps it gitignored.
> Don't post generated comments or AI-edited comments. HN is for conversation between humans.
https://news.ycombinator.com/newsguidelines.html#generated
Requirements
macOS (uses launchd for scheduling and Messages for iMessage)
Node.js 18+
Playwright browsers installed