Close Menu

    Subscribe to Updates

    Get the latest creative news from infofortech

    What's Hot

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 15, 2026

    The UK Is Planning a Social Media Curfew for 16- and 17-Year-Olds

    July 15, 2026

    LA and Other Cities Are Distancing Themselves From Flock Safety

    July 14, 2026
    Facebook X (Twitter) Instagram
    InfoForTech
    • Home
    • Latest in Tech
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    Facebook X (Twitter) Instagram
    InfoForTech
    Home»Cybersecurity»Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
    Cybersecurity

    Swimming Pools, Pee, and Trying to Delete Your Data From the Internet

    InfoForTechBy InfoForTechJuly 3, 2026No Comments7 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email


    I can’t recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propagated, but since it’s often attributed back to me, I’ll relay it here regardless:

    Trying to delete yourself from the internet is like trying to take piss out of a swimming pool

    Depending on the publication, I’ll tailor the saying to be either more broadly palatable or more, uh, “Australian”, but the sentiment doesn’t change: once data spreads on the internet, you can never put a lid on it. This is important in the context of data breaches because it speaks to the immutability of our exposed personal information. It also speaks to the limited practicality of services that promise to erase your data from the internet, and it’s the constant outreach from these organisations looking for marketing opportunities on Have I Been Pwned (HIBP) that’s prompted me to write this.

    Let’s begin with those services, and because there are so many and I don’t want to throw any of them under the bus, I won’t name names. I also won’t name them because whilst they’re rather assertive in their marketing outreach, I do believe they’re well-intentioned and I don’t want to imply otherwise. And they have a role to play; it’s just much more limited than is represented. The positioning is often around “data broker removal services”, or “protect my data”, or “remove my information from the internet”. You’ll find various companies providing these services by searching for those terms, or you can search for specific organisations… and find others hijacking the search term as they pay to market their brand in front of others. Usual internet marketing shadiness, of course, but IMHO it speaks volumes about the commercialisation of the data removal business.

    These services all follow roughly the same marketing handbook:

    1. Data brokers have your personal information, which they may obtain via both legitimate and dodgy means
    2. It may be used for nefarious purposes such as identity theft, stalking, spam and other privacy violations
    3. Pay us, and we’ll ask the brokers to remove your data

    So let’s go through these points one by one, starting with the data broker claim, which is absolutely correct. Your data has value – “data is the new oil” – and there’s business in obtaining and selling it. I’ve dealt with many of them personally over the years, primarily because they’ve had data breaches. Master Deeds in South Africa was massive. National Public data a couple of years ago was many times larger. Exactis, Adapt, and many others have also been added to HIBP over the years. To the best of my knowledge, they’re legally operating services, even if they may exist on the fringe of what most of us would consider “a bit dodgy” as far as respecting our personal information goes.

    Which brings us to the second point about nefarious uses. There is a very broad spectrum of legitimacy across data brokers. Let’s pick two extremes as far as the legality of the service goes. On the “very legally operating” end of things, we have Experian, and even if you don’t like what they do, there’s no arguing the fact that they’re on the cleaner end of legitimacy and do provide valid services. At the other end, you have the likes of LeakedSource (and pretty much every other service with the word “Leak” in its name) that… well… just Google them. And there are many, many more at each end and everywhere in between. And a lot of it’s very grey: different legal jurisdictions, different means of obtaining data, and different tolerances for adhering to opt-out requests.

    But it’s the data removal piece that’s the real problem. If you pay one of the services in question to scrub you from the internet, I have no doubt they’ll have some degree of success with the legally operating services. Those services will comply with legal requests and are adequately equipped to receive and process them. But the LeakedSources of the world? Not so much. And that’s where the rub begins:

    Requests to remove personal information are only effective for services that are willing to honour them.

    That should sound profoundly obvious to anyone reading this now, but it doesn’t really feature when you read the marketing material on data removal services. But I’m only just warming up…

    Imagine trying to remove your data from here:

    πŸš¨πŸ‡ΊπŸ‡Έ ShinyHunters has leaked the data of multiple companies…

    πŸ‡ΊπŸ‡Έ American Tower Corporation

    πŸ‡ΊπŸ‡Έ JCPenney & subsidiaries under Catalyst Brands & Authentic Brands Group

    πŸ‡ΊπŸ‡Έ Madison Square Garden Sports Corp.

    πŸ‡ΊπŸ‡Έ Ralph Lauren

    πŸ‡ΊπŸ‡Έ https://t.co/08IaUnp1sx pic.twitter.com/TvqanSTO1Y

    β€” Dark Web Informer (@DarkWebInformer) June 16, 2026

    That’s a small snippet of the ShinyHunters website from a couple of weeks ago. At the time of writing, a bunch more data has been dumped, including only about 15 minutes before putting these words down in the draft blog post. These breaches have impacted tens of millions of people, including my wife courtesy of her having previously shopped at Canada Goose. Now, let’s see how you go about scrubbing her data from that incident. For all the data broker removal services I’ll direct to this post later, how do you do that? Clearly, you can’t. The pee is now in the pool, and you’re not taking it back out. And it’s not just “on the dark web” either, their Tor site links through to a clear web site hosting all the data:

    And that’s just the beginning. Because we’re talking about digitised data posted publicly, it replicates like crazy. There will be tens of thousands of copies of my wife’s personal info floating around between personal stashes, Telegram channels and public hacking forums. That genie is never going back in the bottle, not unless we’re talking about the narrow scope of a legally operating data broker, which raises another issue:

    What legally operating broker is enriching their corpus from data breaches?! That’s just not where the legitimate ones source info from. The data comes from surveys, exchanges with other services where you ticked the box to agree to the terms and conditions for exchanging data with “partners”, public business directories, and even arrest records. Legal services, legal sources, legal processes. In one of the emails from a company looking for product placement, they described their plan as follows (bold is mine):

    a plan which allows you to remove your personal information from any URL (where it’s legal) you find your personal information on

    So what we’re left with is data removal services being effective for legally operating brokers who honour legitimate requests, whilst being completely useless against the worst kinds of sites that replicate and abuse your data. In other words, you may be able to opt out of some marketing material or content that’s way too specifically targeted to you, but you can’t stop the bad guys trying to steal your identity or extort you because “we caught you watching porn on your PC via the malware we installed”. It’s a little like the court injunctions being the thoughts and prayers of data breach response I wrote about in October: I can’t touch the Qantas data breach because I’m a law-abiding Australian who knows about the injunction, but there’s absolutely nothing stopping the genuinely bad actors from abusing that data.

    And therein lies the core of why I don’t want to entertain partnerships with these organisations: not because I disagree with the service or because it will cause any harm, rather because when someone uses HIBP to search for their email address and finds it in the Canada Gooses of the world, these services can’t do anything about it. They’re merely skimming the leaves off the top of the pool, and no amount of skimming is going to remove what we all know still lies beneath.

    Security
    Have I Been Pwned



    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    InfoForTech
    • Website

    Related Posts

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 15, 2026

    U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    July 14, 2026

    CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

    July 13, 2026

    Rokarolla Android Malware, How to Protect Your Banking Apps

    July 13, 2026

    Europe Must Sell Intelligence, Not Electrons

    July 13, 2026

    Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

    July 12, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views

    This is the tech that makes Volvo’s latest EV a major step forward

    January 24, 202616 Views
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Advertisement
    About Us
    About Us

    Our mission is to deliver clear, reliable, and up-to-date information about the technologies shaping the modern world. We focus on breaking down complex topics into easy-to-understand insights for professionals, enthusiasts, and everyday readers alike.

    We're accepting new partnerships right now.

    Facebook X (Twitter) YouTube
    Most Popular

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views
    Categories
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    • Latest in Tech
    © 2026 All Rights Reserved InfoForTech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.