root@delete-it:~$
Your data is for sale.
Take it back.
Data brokers package your home address, phone number, family members, and habits — then sell them to anyone with a credit card. This is a free, no-bullshit guide to wiping yourself off their lists.
# why this matters
The problem
Data brokers compile dossiers on virtually every adult in the US. A typical profile contains your full name, current and past addresses, phone numbers, email addresses, relatives, employer, estimated income, political leanings, and shopping habits.
That data is sold to marketers, debt collectors, scammers, stalkers, and anyone running a "people search" website. It gets re-aggregated, re-sold, and indexed by Google.
Real consequences
- Doxxing & harassment — addresses pulled from broker sites are the #1 source.
- Phishing & scams — personalized scams ("Hi [name], about your car warranty at [address]...") use broker data.
- Identity theft — answers to "security questions" (mother's maiden name, prior address) are a Google search away.
- Physical safety — for survivors of domestic abuse, journalists, healthcare workers, and public-facing folks, exposed addresses are dangerous.
# how to take action
There are three layers. Do them in order. Don't skip layer one because it feels small — it's the foundation.
Audit
Find out what's actually out there about you. Search yourself the way an attacker would. We'll show you how in the self-audit section.
Remove
Submit opt-out requests to the major brokers. Use our legal email templates for sites that don't have an automated opt-out flow.
Harden
Lock down what produces new data: leaky accounts, weak passwords, unnecessary services. See securing personal data.
# step-by-step
-
Make a "burner" email for opt-outs
Many brokers require an email to confirm removal. Don't use your primary address — create one (e.g. ProtonMail, Tutanota, or a Gmail alias) just for this purpose. You'll get spam back.
-
Build your "personal data sheet"
In a local text file (not the cloud), list: full legal name, common nicknames, all current and past addresses (last 10 years), all phone numbers (current and old), and all email addresses. You'll paste from this when filling forms.
-
Search yourself
Use the techniques in the self-audit section. Note every site that returns a profile of you. Screenshot the URL of your profile page — many opt-out forms require it.
-
Submit opt-outs
Work through the top 10 list. Set aside ~2 hours. Each one takes 5–15 minutes. Keep a spreadsheet: broker name, date submitted, confirmation email, expected removal date.
-
Send legal removal requests
For brokers without an opt-out form (or for ones that ignore you), send the legal email template. Cite your state's privacy law if applicable (CCPA, CPA, VCDPA, etc.).
-
Wait, then verify
Most removals take 7–45 days. Re-search yourself after 6 weeks. Anything still up? Resubmit and escalate.
-
Repeat every 6 months
Brokers re-add you. This is not one-and-done. Set a calendar reminder twice a year.
# top 10 data brokers — opt out
These are the highest-traffic people-search sites. Removing yourself from these wipes you from a huge chunk of the indexed-by-Google surface area.
Spokeo
Aggregates name, age, relatives, addresses, phone numbers, social profiles. Very high Google ranking.
Opt out →WhitePages
Phone numbers, addresses, household members, age range. One of the oldest people-search sites.
Opt out →BeenVerified
Background-check style profiles: addresses, relatives, possible criminal records, social profiles.
Opt out →Intelius
Owned by PeopleConnect (same parent as Instant Checkmate, TruthFinder). Removal here helps with several sites.
Opt out →MyLife
Notorious for "reputation scores" and aggressive SEO. Often requires a phone call to fully remove.
Opt out →Radaris
Profiles include relatives, neighbors, and inferred income. Requires account creation to remove — use the burner email.
Opt out →TruePeopleSearch
Free, fast, indexed by Google. One of the most-used sources for doxxing. Opt-out is straightforward.
Opt out →PeekYou
Aggregates social media accounts, usernames, and public web mentions tied to your name.
Opt out →Verify each link before submitting personal info — broker URLs change. If a link is dead, search "[broker name] opt out" and look for a result on the broker's own domain.
# legal email templates
Use these when a broker has no self-serve opt-out, ignores your form submission, or you live in a state with a privacy law you can invoke.
Template 1 — General removal request
Subject: Request for Removal of Personal Information To Whom It May Concern, I am writing to request the immediate removal of all personal information related to me from your website, databases, and any affiliated services you operate or share data with. My information appears at the following URL(s): [paste URLs of your profile pages] Identifying information for the record(s) to be removed: - Full name: [your name] - City/State: [your city, state] - Date of birth (year only, optional): [YYYY] I do not consent to the collection, sale, sharing, or display of my personal information by your service. Please confirm in writing within 15 business days that: 1. The above record(s) have been removed, 2. My information will not be re-listed, 3. My data has not been sold or shared with third parties since the date of this request. Thank you, [Your name] [Burner email address]
Template 2 — CCPA / state privacy law (US)
Subject: Consumer Rights Request — Deletion and Opt-Out of Sale To the Privacy Officer, Pursuant to the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) [or substitute your applicable state law: Colorado CPA, Virginia VCDPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA], I am exercising my rights as a consumer to: 1. Request deletion of all personal information you have collected about me. 2. Opt out of the sale and sharing of my personal information. 3. Receive confirmation of the categories of personal information collected, the sources, the business purpose, and the categories of third parties with whom it has been shared. My information: - Full name: [your name] - Email: [burner email] - State of residence: [your state] - Profile URL(s) on your site: [paste URLs] Please respond within the timeframe required by the applicable statute (typically 45 days). I am not required to create an account on your service to exercise these rights, and any attempt to require one is itself a violation. Sincerely, [Your name]
Template 3 — GDPR (if you are in or a citizen of the EU/UK)
Subject: GDPR Article 17 — Right to Erasure Request To the Data Protection Officer, Under Article 17 of the General Data Protection Regulation (GDPR) [or UK GDPR], I am formally requesting the erasure of all personal data you hold relating to me, on the following grounds: - The personal data is no longer necessary for the purposes for which it was collected. - I withdraw consent and there is no other legal basis for processing. - I object to the processing under Article 21(1). My information: - Full name: [your name] - Country of residence: [your country] - URL(s) where my data appears: [paste URLs] Per Article 12(3), please confirm completion within one calendar month. Per Article 19, please also notify any third parties to whom my data has been disclosed. If you do not comply, I reserve the right to lodge a complaint with the relevant supervisory authority. Regards, [Your name]
Template 4 — Escalation (broker ignored you)
Subject: Second Notice — Failure to Honor Removal Request To Whom It May Concern, On [date of original request] I submitted a request for the removal of my personal information from your service. As of today, [current date], the information remains visible at: [paste URLs] This is my second and final notice before I: - File a complaint with my state Attorney General's consumer protection division, - File a complaint with the Federal Trade Commission (reportfraud.ftc.gov), - Where applicable, file with the relevant data protection authority (e.g., California Privacy Protection Agency, ICO, EDPB), - Pursue any private right of action available under applicable law. Please confirm removal within 7 business days. [Your name] [Burner email]
These templates are educational and not legal advice. For high-stakes situations (stalking, harassment, court orders), consult an attorney or a survivor-support organization.
# self-audit (OSINT on yourself)
OSINT = Open-Source Intelligence. The same techniques an attacker uses to find you, you can use to find what's exposed. Search yourself before you start removing, and again 6 weeks after.
1. Google dorks
Run these searches in Google. Replace placeholders. Use quotes — they matter.
"First Last" "First Last" "City, State" "First Last" "your phone number" "your.email@example.com" "username you use everywhere" "First Last" site:spokeo.com "First Last" site:whitepages.com "First Last" filetype:pdf "your street address"
2. Reverse image search yourself
Upload your profile photos to Google Images, TinEye, and Yandex Images. Yandex is unusually good at faces. You may find your photo on dating profiles, scraper sites, or news articles you forgot about.
3. Username enumeration
Check whether your usernames are tied across accounts. Use WhatsMyName or Namechk. If your gamer handle from 2009 is the same as your professional Twitter handle, that's a thread someone can pull.
4. Email breach lookup
Check HaveIBeenPwned for every email address you've used. Each breach = passwords, security questions, and personal details that may be circulating in dump sites.
5. Phone number lookup
Search your phone number in quotes on Google, on TrueCaller's web search, and on the broker sites listed above. Old numbers (from 5+ years ago) are often more exposed than current ones.
6. Address lookup
Search your address in quotes. Check Zillow, Redfin, and county property records — these often expose your full name, purchase price, and a photo of the house.
7. Document what you find
Build an "exposure inventory": one row per leak (URL, what it shows, how to remove it). This becomes your removal checklist.
⚠ Use these techniques on yourself, with your own data. Searching for someone else's personal information without consent is, depending on intent and jurisdiction, harassment, stalking, or a crime.
# securing personal data
Removal is reactive. Hardening is proactive. Without this layer, you'll be back on broker sites within months.
Account hygiene
- Use a password manager (Bitwarden, 1Password, KeePassXC). Unique password per site, no exceptions.
- Turn on 2FA everywhere — prefer an authenticator app or hardware key (YubiKey) over SMS.
- Audit old accounts: delete what you don't use. JustDeleteMe rates how hard each service makes deletion.
- Use email aliases (SimpleLogin, Apple Hide My Email, Firefox Relay) so each service gets a different address. Burns the link between accounts.
Reduce data leakage
- Set social media to private. Strip location, employer, and birthday from public profiles.
- Remove EXIF metadata from photos before posting (most platforms strip it; not all do).
- Freeze your credit at all three bureaus (Equifax, Experian, TransUnion). Free, reversible, blocks most identity theft.
- Opt out of pre-screened credit offers at optoutprescreen.com. This dries up a major data-broker input.
- Register for the DMA (now ANA) mail preference service to reduce junk mail.
Network & device
- Use a privacy-respecting browser (Firefox with hardening, Brave, or Mullvad Browser).
- Run uBlock Origin. Trackers feed broker pipelines.
- Switch DNS to a no-log resolver (NextDNS, Quad9). Blocks tracker domains at the network level.
- Encrypt your phone and laptop. They are the single biggest data leak risks.
- Be cautious with "free Wi-Fi"; use a reputable VPN on untrusted networks.
Going forward
- Don't fill out "free quote" forms — they're broker funnels.
- When a service asks for a phone number, give a VoIP number (Google Voice, MySudo) instead of your real one.
- For shipping, consider a PO box or a Commercial Mail Receiving Agency (CMRA) for non-essential packages.
- Re-run the self-audit twice a year. Brokers re-add you.