Dangerous Liaisons: How Family and Friends Pass on Our Secrets


Modern technologies increasingly contribute to making our secrets public. Sometimes this happens as part of massive leaks of personal data , resulting in private (or even intimate) photos and messages appearing on the internet.

Let’s skip the countless documents of every citizen stored in government databases or commercial structures – instead, let’s naively assume that this data is adequately protected from prying eyes (although we all know it is not ). Let’s also forget that we lose flash drives and are attacked by hackers. We will only consider what users upload to the internet.

The solution may seem simple – if something is private, we don’t publish it. However, people do not have complete control over all their private data; sensitive information about them can be shared by friends or family members, and sometimes it happens without the consent of the interested parties.

Publicly available genes

Information that becomes public can be very personal. For example, a DNA code may appear on the Internet without your knowledge. Online services related to genetics and genealogy, such as 23andMe, Ancestry.com, GEDmatch and MyHeritage, have been gaining popularity recently (by the way, MyHeritage has recently leaked, but this is a topic for a separate post ). Users voluntarily provide these services with a sample of material (saliva or secretion from the inside of the cheek), on the basis of which their genetic profile is determined in the laboratory. It can be used, for example, to check a person’s background or to establish a genetic predisposition for certain diseases.

There is no question of confidentiality. Genealogy services work by matching the profile you create with those already in the database (otherwise your family members would not be found). But it also works the other way around: in this way, users voluntarily disclose information about themselves so that relatives who also use the service can find it as well. However, there is one nuance here: customers of such services simultaneously publish genealogical information about their family members who share the same genes. And these relatives may not want anyone to be able to find them, especially from their DNA code.

The benefits of genealogy services are undeniable; thanks to them many whole families were found. However, it should not be forgotten that publicly available gene databases may be misused.

Brother’s love

At first glance, the problem of storing genetic information in public databases may not be surprising, because it is difficult to imagine the practical consequences of this situation. However, the truth is that genealogy services and biometric samples (a piece of skin, nails, hair, blood, saliva, etc.) can, under certain circumstances, help you identify a person without having a picture of them.

A study  published in October in the journal Science showed the real dimension of the threat . One of the authors, Yaniv Erlich, knows the secrets of this industry very well; works for MyHeritage, which provides DNA analysis and family tree building services.

According to the study, as many as 15 million people (so far) have performed a genetic test and created their profile via an electronic form (other data indicates that MyHeritage alone has over 92 million users ). In the United States alone, researchers predicted that publicly available genetic data would soon be able to identify any American of European descent (who make up a large percentage of those tested to date) from their DNA code. It is worth adding that it makes no difference whether the test was initiated by a given person or by a relative who is curious about the results.

As Nature magazine writes , to show how easy it is to identify from the DNA code, Erlich’s team used the genetic profile of a member of a genome research project, put it in the GEDmatch database, and obtained the name of the owner of the DNA sample within 24 hours.

The method has also proved to be useful for legal authorities that have solved several death cases through online genealogy services.

How the DNA chain exposed the criminal

Last spring, after 44 years of fruitless searches, a 72-year-old boy suspected of committing a series of murders, rapes and robberies was arrested. It was found on the basis of genealogical information available on the Internet.

Laboratory analysis of the biomaterial found at the crime scene produced a genetic profile that met the requirements of public genealogy services. Spies impersonating regular users launched a file in the GEDmatch database and compiled a list of possible relatives of the criminal.

All the people found – and there were a dozen of them – were rather distant relatives (no closer than 2nd degree cousins). In other words, at the beginning of the 19th century, these people were of the same origin as the criminal. As reported in The Washington Post , five genealogists with access to census archives, newspaper obituaries, and other data used them to trace relatives of these ancestors, gradually filling the gaps in the family tree.

The result was a huge circle of distant but still living relatives of the perpetrator. By discarding those who did not fit the age or gender criteria, investigators finally selected a suspect. A group of detectives followed him as he held an item with his own DNA sample, then compared it to material found at a crime scene many years earlier. It turned out that the DNA code in both samples was the same, and 72-year-old Joseph James DeAngelo was arrested.

This case highlighted the greatest advantage of publicly available genealogy services on the internet: it can be matched with law enforcement DNA databases. The latter database only stores information about criminals, while the former is full of ordinary users who accuse their relatives in a virtual network.

Imagine that a person is not wanted by law, but by a criminal group – perhaps as an accidental witness or potential victim. These services are publicly available so anyone can use them. And it’s not that good at all.

Bothersome markings

Searching by DNA code using public services is still relatively niche. Friends and relatives who don’t have bad intentions may inadvertently reveal your whereabouts to criminals, law enforcement and the rest of the world by tagging photos, videos and social media posts so often.

These tags can contribute to awkward situations. Suppose a careless lab technician decided to send photos of a staff party and tagged everyone, including a prominent professor. These photos immediately automatically appear on the professor’s website as well, undermining his authority in the eyes of the students.

A mindlessly published post may well lead to dismissal or cause other trouble for the named person. By the way, it is worth emphasizing that any information shared on social networks can easily create a missing link in the above-described search using public databases of genealogy services.

How to set up tagging

Social networks enable users to control the situations in which they are tagged and mentioned. For example, Facebook  allows you to remove tags from photos posted by others and limit the circle of people who can tag you or view material where someone has tagged us. Facebook users can hide the  photos they upload from the friends of the marked people.

Interestingly, Facebook not only encourages users to tag friends with prompts generated by face recognition technology (this feature can be turned off in account settings ), but also helps them control their privacy: the social network sends a notification if said technology identifies you in someone else’s photo .

In the case of Instagram, the situation looks like this: in their photos and videos, you can be tagged by everyone except those we have blocked ourselves. In other words, this network allows you to decide whether the photos in which you have been tagged appear on your profile automatically or only after approval. You can also choose who can see these posts  on your profile.

Despite the fact that these functions offer you some control over where and when your image appears, there are many risks involved in this situation. Even if you block people tagging you in photos, your name (and link to the page) may still be mentioned in the photo description or comment. This means the photo will still be associated with you and it is almost impossible to track such leaks.

Real-life cases

Your secrets can be revealed not only by friends and family members. For example, the technologies themselves can do this through the recommendation system.

For example, the Facebook algorithm is very active in finding potential friends , sometimes prompting colleagues from a given group or community (school, university, organization). In addition, the friend selection process uses users' contact information sent to Facebook from mobile devices. However, Facebook doesn’t reveal all the criteria by which its algorithm selects potential friends, and sometimes it’s really surprising how it knows about your network of friends.

How does this relate to privacy? Here is an example. It once happened that this system prompted a mutual understanding of the patients of a psychiatrist  – one of them realized what they had in common. Data related to health, especially psychiatry, are among the most sensitive. Not everyone would voluntarily agree to have them stored on social media.

Similar cases were mentioned in a Facebook call by the US Senate committee for a hearing in April 2018 on the privacy of Facebook users. In its response, the company did not comment on the cases of displaying patients as potential friends and only informed that their friend suggestion algorithm uses the above-mentioned sources of information.

What’s next?

The internet already stores much more information related to our communities or biology than we can imagine. We cannot completely control this situation for one reason: we don’t know much about it. It is very likely that with the advancement of new technologies, the concept of „private data” will go down in history – our real and online identities are more and more intertwined, and every secret on the Internet will sooner or later become obsolete.

However, online privacy is increasingly being discussed in governments around the world, so we may still be able to find a way to protect ourselves from prying eyes.