Protect your genetic privacy
Choose Anonymous Genetic Testing
You’re already familiar with the importance of safeguarding your online identity to protect against credit card fraud, identity theft, or other criminal activity. This includes limiting the personal information you share with the websites, apps and other services you interact with online. In the same way you can protect your genetic privacy by taking AncestryDNA or 23andMe anonymously.
Consumer genetic test providers such as 23andMe and AncestryDNA collect an especially large amount of information about you. But the privacy risks they create are far greater than simple credit card fraud. Your genetic information offers unprecedented insight into your (and your families’) health, longevity and family history, and perhaps also sexual orientation, intelligence and behavioral tendencies. What legal and illegal uses might be invented? Genetic information is already used for insurance and law enforcement decisions, what about employability? Targeted marketing? Blackmail?
Despite assurances of security, routine privacy breaches are an ongoing problem for companies of all size and type – and protecting genetic privacy is fundamentally MORE difficult and MORE vital. Best practices for protecting genetic privacy do not yet exist, and unlike banking information, your genetic identity can’t be changed nor your genetic privacy restored.
DNASquirrel advocates for ANONYMOUS genetic testing. In a nutshell, this means signing up for 23andMe, AncestryDNA or other consumer genetic test without revealing any personally identifying information. As a result, only YOU benefit from your DNA. To the rest of the world your genetic information remains disconnected from you, like unidentifiable DNA found at a crime scene.
How to Protect your genetic privacy With Anonymous 23andMe OR AncestryDNA testing
Decide on your preferred level of genetic privacy, and then follow the ‘do-it-yourself ‘ (DIY) steps below to enjoy more anonymous genetic testing.
- DIYLow
- DIYMedium
- DIYSquirrel!
DIY Low | DIY Medium | DIY Squirrel! | |
(Free & easy!) | (Cost & effort) | (> Cost & effort) | |
| 1. Choose your level of protection: | Protection against privacy breaches allowed by third-party partners with whom your data is shared. | Good protection against hackers and accidental privacy breaches. | Great protection against hackers, accidental AND intentional privacy breaches. |
| 2. Do you want to adhere to test providers' 'Terms of Service' with respect to disclosing your identity? Service providers have the right to deny you service and/or a refund if you do not share your legal identity with them. | Yes I do | Nope | Nope |
| 3. Follow these steps: | |||
| (GOOD) Purchase sample collection kit through Amazon rather than directly from the test provider This partially masks your identity including name and address. While Amazon makes all purchaser information available to sellers, it is rather unlikely that these companies can or do connect kit registration numbers to amazon purchasers, nor compare purchaser information to customer registration information. In part this is because kits are routinely purchased as gifts. | N/A | ||
| (BETTER) Purchase kit at a retail store, and pay required secondary lab fee on provider's website using pre-paid debit card. This masks your identity including name and address, particularly if bought with cash. Kits purchased in-store require a secondary lab fee to be paid directly to the provider via their website. This must also be masked. Using a "non-reloadable" pre-paid debit card will work and can be purchased using your alternative identity. | |||
| (BEST) Purchase and ship kit from Amazon through a third-party intermediary to mask billing and shipping information. | |||
| Use a VPN to access provider's website A Virtual Private Network masks your IP address and therefore also your location. Use a VPN to access the provider's website for all interactions where you are logged into your account, such as registration and results retrieval. | |||
| Use a pseudonym (not your legal name) Use of a pseudonym may mean that you cannot take full advantage of Ancestry's tools for finding family historical records. | |||
| Use an alternative home address Such as your work address, a friend's address, or other address. For higher levels of security chose an address located >100 miles from your home. Test providers will not mail materials to your address. | |||
| (GOOD) Use an email address that does not include your first or last name | N/A | ||
| (BEST) Use an anonymous email address An email address created without using any personal information including name and phone number. | |||
| Opt out of "sharing for research" This is optional for Squirrel-level security since your DNA is anonymous. | Optional | ||
| Opt out of having your DNA stored This is optional for Squirrel-level security since your DNA is anonymous. However, it is still best practice to not store your DNA. As genetic re-identification methods improve, your complete genome may one day offer too many clues about your identity. | Optional | ||
| Close account with service provider Closing your account will result in the disposal of your DNA sample and deletion of SOME of your personal information. Your genetic profile and personal information sufficient to identify you will remain with the company indefinitely. Closing your account prevents you from benefiting from any future genetic analysis they may offer. With squirrel-grade precautions closing your account is optional since your DNA is anonymous. | Optional | ||
| Do not fill out optional survey information Service providers routinely request optional personal information. Each piece of information you offer reduces your anonymity. | Want Help? |
Have a family member who is interested in taking a genetic test? Help protect their (and your) genetic privacy:
Buying Through Amazon?
Purchase through one of the links below and we’ll earn a small commission to help feed the squirrel:
23andMe
Health + Ancestry + Traits
AncestryDNA
Ancestry + Traits
FAQ
One reason why these companies request accurate customer information is to satisfy their own requirement for collecting and storing accurate information on any human biological sample that they collect and evaluate. This is a Clinical Laboratory Improvement Amendments (CLIA) federal regulatory requirement that applies to clinical laboratories, and has no bearing on you as an individual.
Your personal information is also valuable to them. The more they know about you, the better their algorithms get at identifying family trees and predicting the physical characteristics of people (ie. how you look), and the better they become at identifying and predicting health and longevity (for companies like 23andMe who also offer health reports). If you also opt-in to sharing your data with their third-party partners for research, these companies will profit from these arrangements and/or from any products derived from these arrangements. Third-party partners may also wish to contact you to participate in clinical trials.
Finally, the more complete and detailed their database, the more value it has for applications they have not yet invented (or do not yet offer), and the more valuable it is should they decide to one day sell their database and/or their company.
No. However, by signing up with one of these companies you are agreeing to their terms of service, which states that you are required to provide your legal name and address otherwise the company has the right to stop providing service to you, and to not offer you a refund.
Genetic test providers store millions of customer accounts. While they likely suspect that a small portion of them contain inaccurate or ‘fake’ information, this is obviously to be expected for any online service provider. To our knowledge these companies have not identified inaccurate client information as a serious concern for them.
Creating a suitably plausible alias will help ensure that your account is never flagged. Should the company suspect that your account does not contain accurate information about you, they may request more information, and/or decide to close your account and destroy your DNA sample. Since you should have already received your results and downloaded your raw data, losing your account would only impact you if you wished to keep your account with them open in order to receive any additional reports that the company might offer in the future.
What if I’ve already signed up for 23andMe, AncestryDNA or other direct-to-consumer genetic testing service?
You can still achieve some privacy protection by choosing the “Low” privacy option above: opt out of sharing (this is not retroactive – you can only opt out of future sharing), ask that your DNA be destroyed, delete any optional survey information you have filled out, and consider closing your account with the service provider to reduce the amount of information they have about you.
Squirrel-level security can offer you an almost completely anonymous genetic testing experience. If executed correctly, this level of security should easily protect you from foreseeable commercial and illegal uses/abuses of your genetic privacy.
Why ‘almost’? Because IF your genetic information falls into the hands of someone who wants to use it for their purposes, AND they suspect that your account information is incorrect, AND they decide to invest significant resources into finding someone who does not want to be found, they may be able to get close. This is because your genetic profile alone contains information about your gender, some indication of what you look like and how old you are, and crucially, information about your relatives (assuming like most people that you have at least one distant relative who has DNA sitting in their database) – all of which could be used to narrow down (but not confirm) your identity. Some law enforcement agencies have the resources to take an ‘anonymous’ genetic profile such as this and compare it to public or non-public genetic databases to identify family relatives. Combined with other information and public resources, this may enable them to narrow down your identity, and then combined with more routine law-enforcement tactics, to eventually confirm your identity.
Unless you are wanted by a major law enforcement agency, the biggest threat to your genetic privacy with squirrel-level security is you. Did you effectively follow the steps to mask your identity? When you downloaded your raw data, did you decide to upload it to any other website or service provider?
What are your thoughts on Color Genomics that are now partnering with large companies (Apple, Salesforce) to offer their employees free genomic testing kits. Would the same Squirrel level steps apply here as well?
The same genetic privacy concerns exist, and perhaps even more so. I would especially be concerned with respect to the companies that you mention since these are incredibly large data-driven companies who operate at the margins of privacy and information laws.
Really useful info. Thanks
Hi Ryan,
Thank you for this website, I came back to look at it again after some months but it looks like its changed and no longer has the steps for the Medium and Squirrel! levels of privacy? Is this some bug or did you remove the Medium and Squirrel! levels?
It certainly was a bug, caused by a plugin update. It should work now. Thanks for letting us know.
Hello Ryan,
Fellow Canadian checking in here from the west coast.
The website, at least for me, seems to show only 1 option for privacy; low/DIY.
Are there other options for anonymous ancestry testing that DNA Squirrel facilitates?
Thanks,
Hi Gary, there was a bug in the website and the other options weren’t showing. They should be showing now. Thanks for alerting us.
Glad I found this site – I want the 23andme kit for my wife as a xmas gift – and will do it at the same time – but I want to be completely anon for both of our results. I would like to purchase these kits with a pre-paid gift card/cash ideally – but not sure do retail stores sell these kits?
I don’t believe you can find these kits in retail stores anymore, but I can’t say with certainty. Instead, you might consider is asking a friend to purchase it on Amazon for you (or purchasing it there yourself depending on the assuredness you are going for). While Amazon purchaser data is available to 23andMe, these kits are often bought on Amazon as gifts, so shipping information is not likely to be considered trustworthy information to them, instead they will rely on the information offered to them when you register the kits on their website. Once again, it depends on how anonymous you wish to be. Best of luck!
Have you had the opportunity to review Nebula Genomics and their anonymous offering? I’d be curious what your take on their claims are.
Hello Indy,
Great question. Nebula Genomics certainly talks the talk, but do they walk the walk? Unfortunately we don’t know too much about them beyond their pedigree (George Church is a well respected and prolific scientist) and what their website and press releases say.
A few things to keep in mind:
1. Offering full-genome sequencing for only $299 leaves little to no room for generating a profit. So where does their profit come from? Ongoing subscriptions? Mining the “anonymized” genomic data of their customers? Other? We believe all companies, in particular companies operating in this space, should be more forthright with their business plan.
2. Full-genome sequencing is obviously the gold-standard when it comes to getting as much information as possible out of your DNA. But if you are interested in searching for specific genetic mutations for medical purposes, their “30X” standard sequencing product for $299 would likely not cut it, because according to them, it isn’t accurate enough. You would need to pay for their more expensive “100x” product. Just FYI.
3. However, having more genetic information doesn’t mean that you will learn more about yourself (either medical, ethnicity-related, or family history), because interpreting the information is MUCH more difficult than simply getting a list of SNPs or nucleotides. Consumer genetics companies are figuring out in real-time what they can and cannot tell about their customers from their genetic code. They are using their enormous and growing datasets to do just this. And some types of information they uncover (medical information) can only be conveyed to their customers legally if they first get FDA approval to do so. This is a long and expensive and difficult process. Not surprisingly, Nebula has partnered with other companies including FamilyTreeDNA so that they can help provide their customers with information about ethnicity and family history. But what about information of a more medical nature? They don’t appear to have a partnership with 23andMe (the leader in this space), so presumably they will not be able to tell you much at all. Will they instead sell you a subscription to their reports so that a few years from now when they get FDA approval they can begin offering you the same information that 23andMe can offer you now? I’m speculating, of course.
Nebula is selling the idea of full-genome sequencing (which is amazing) with a privacy focus that includes (eventually?) block-chain custody of your genetic code so that you will know with certainty who has had access to it (which is amazing). Assuming they deliver on these first two features of their service, you still need that information interpreted in a meaningful way – otherwise, why did you have it done in the first place?
If anyone has experience using their service, please comment below.
I have been exploring how to get a 23andMe or Ancestry genetic test as anonymously as possible, and was grateful to come upon your site. However, it seems a bit outdated at this point. What are your recommendations now that the only way to get a 23andMe kits is directly through the company or via the “23andMe Store” on Amazon (no third party sellers). I am doing this for medical purposes and would appreciate any information on how your approach may have been updated in response to this situation. Thank you.
Hello R,
Yes, we are aware that there are no third-party sellers of the test on Amazon (there have never been third-party sellers), we are recommending that people purchase it from 23andMe but through Amazon instead of directly through the 23andMe website. This still adds a layer of identity masking – although Amazon passes customer sales information on to 23andMe, this information would have to be linked to the specific kit’s barcode in order for it to be meaningful, and even if purchaser information was tied to a specific barcode, 23andMe is less likely to track and rely on purchase information since these kits are often purchased as gifts for other people. Instead, they rely on what is entered when a kit is registered on the 23andMe website.
Thanks so much for your comment, I think this might help clarify things for other people as well.
Hi,
What exactly is DNA Squirrel offering? Are you helping people who undertake DNA testing to remain anonymous? If yes, it isn’t very clear in your presentation.
Thanks!
And how about DNAFit (based in the UK)? Why haven’t you included them in your website? Is it because their services are “anonymous enough”?
Thanks for your comment. No, DNAFit is not “anonymous enough” already. In fact, I would view them as higher risk for a number of reasons: being a much smaller company they are naturally less exposed to public and regulatory scrutiny; more apt to be lacking in terms of external and internal security safeguards; more likely to need to seek out higher-risk business partners; and also more likely to be sold to another business.
We haven’t included discussion of DNAFit nor many other small players in this space. The service of DNAFit (and other similar providers) is far less scientifically sound due to a massively smaller customer genetic database, far less experience and scientific resources, and far less public and regulatory scrutiny. Browsing through their website, it’s clear that they are playing very fast and loose with what they claim their test can do – ie – they are suggesting benefits that lack sufficient clinical evidence.
I hope this helps!
Ryan
Hi Philip, I can see from your choice of email address that you’re concerned about online privacy Good for you.
To answer your question, first and foremost we want to encourage consumer awareness of genetic privacy. Secondly, we are encouraging consumers to purchase these tests in a way that preserves their genetic privacy as best as possible – namely, by signing up as anonymously as possible. You can follow along in the above table to learn how do this.
But we also understand that following the above instructions could be onerous or challenging for many people, some of whom might prefer to have someone obsessive about privacy to take care of it for them. That is what we are exploring offering in our beta service. If you click on the “Want Help” button, it will take you to a sign-up form. Roughly speaking, this means having us run through the above anonymization steps for you. We are not offering a genetic testing service, and we would not handle your saliva sample – you would still send it directly to your selected provider.
Hope this helps, Ryan