You can read more about our study in our recent PETS’25 paper, available at: arxiv.org/pdf/2505.06989 [8/8]
arxiv.org
July 11, 2025 at 11:41 AM
You can read more about our study in our recent PETS’25 paper, available at: arxiv.org/pdf/2505.06989 [8/8]
Overall, Optery’s removal is significantly faster, with all removals occurring within the first 32 hours of the subscription. While Incogni removed 72.2% records in the first 32 hours, and Kanary only removed 19.2% of record within the first 32 hours.[7/8]
July 11, 2025 at 11:41 AM
Overall, Optery’s removal is significantly faster, with all removals occurring within the first 32 hours of the subscription. While Incogni removed 72.2% records in the first 32 hours, and Kanary only removed 19.2% of record within the first 32 hours.[7/8]
There is a significant difference in removal times across services. This may be due to the fact that different data brokers have different levels of removal difficulty.
July 11, 2025 at 11:40 AM
There is a significant difference in removal times across services. This may be due to the fact that different data brokers have different levels of removal difficulty.
The four removal services are relatively ineffective, with an average removal success rate of 48.2%. Incogni is the best performer at 76.6%, while Kanary is the worst at 23.4%. [6/8]
July 11, 2025 at 11:40 AM
The four removal services are relatively ineffective, with an average removal success rate of 48.2%. Incogni is the best performer at 76.6%, while Kanary is the worst at 23.4%. [6/8]
The service’s record retrieval accuracy is only 41.1%. This indicates that many removed records do not actually belong to the subscribed users. Thus, this would not reduce the risk of PII exposure for the paid subscription users, and lead users to wrongly believe their data has been removed. [5/8]
July 11, 2025 at 11:40 AM
The service’s record retrieval accuracy is only 41.1%. This indicates that many removed records do not actually belong to the subscribed users. Thus, this would not reduce the risk of PII exposure for the paid subscription users, and lead users to wrongly believe their data has been removed. [5/8]
However, the four PII removal services show significant variation in record discovery performance. Kanary performs the worst — it covers 317 brokers, yet it only discovers an average of 14.6 records per user. [4/8]
July 11, 2025 at 11:39 AM
However, the four PII removal services show significant variation in record discovery performance. Kanary performs the worst — it covers 317 brokers, yet it only discovers an average of 14.6 records per user. [4/8]
We recruited users to use four of these removal services to evaluate their ability to accurately find and remove user records in the data broker.
July 11, 2025 at 11:38 AM
We recruited users to use four of these removal services to evaluate their ability to accurately find and remove user records in the data broker.
Under the CCPA and GDPR laws, data brokers are required to register with local government authorities to ensure operational transparency. However, we found that 71.1% of data brokers are not registered, highlighting the current lack of regulation. [3/8]
July 11, 2025 at 11:37 AM
Under the CCPA and GDPR laws, data brokers are required to register with local government authorities to ensure operational transparency. However, we found that 71.1% of data brokers are not registered, highlighting the current lack of regulation. [3/8]
The Jaccard similarity of data brokers between services (right figure) also confirms this, with an average Jaccard similarity of only 0.21. [2/8]
July 11, 2025 at 11:37 AM
The Jaccard similarity of data brokers between services (right figure) also confirms this, with an average Jaccard similarity of only 0.21. [2/8]
We explored 10 PII removal services and collected the 2024 data brokers they covered.The data brokers covered by the removal service (left figure) are very different, and users need to use multiple services to achieve more data broker coverage.
July 11, 2025 at 11:36 AM
We explored 10 PII removal services and collected the 2024 data brokers they covered.The data brokers covered by the removal service (left figure) are very different, and users need to use multiple services to achieve more data broker coverage.
Hi @jcsalterego.bsky.social , I must admit that I am not familiar with the atproto API. I still not find how to grab all feeds list from XRPC endpoints, can you give more hints?
February 9, 2024 at 8:05 AM
Hi @jcsalterego.bsky.social , I must admit that I am not familiar with the atproto API. I still not find how to grab all feeds list from XRPC endpoints, can you give more hints?
Awsome! Many thanks Jerry!
February 9, 2024 at 5:55 AM
Awsome! Many thanks Jerry!