Same here. I know that a fair bit of the data they have on me is inaccurate. Yet, to delete that, along with accurate data, I’m being asked to enrich their data with even more accurate data. It feels like the old “click here to unsubscribe” scam that actually just confirms a real person behind an email.
I would love to know who sold them my data though. That would allow me to stop the flow more effectively before I felt okay deleting at the terminal data broker.
I've started to give services domain-specific email addresses as a sort of reverse-tracking identifier. So I give google@mydomain.com and apple@mydomain.com and so on. I figure I'm using a password manager for all of my passwords anyway. It obviously won't work in all situations, but it might provide some leads.
I've done the same thing for years (yikes-- 20 as of last year-- I'm old!), albeit sometimes I use an opaque identifier for the username portion (because some sites treat addresses with their own domain name in then funnily and I've had humans question it). As a bonus I've identified and reported two previously unknown data breaches by reporting the date I started receiving spam to a one-off address.
Previously I was using service@service.myname.com, and I realized that's leaking a bit too much info.
So, I bought genericname.com and switched to using service@service.genericname.com
Slightly less leakage, although I really doubt anyone is looking. I still have occasional issues with companies rejecting emails with their name in them, but that's easy to work around.
It's great in stores when they ask you to sign up for something and you give them an email that's obviously their name. Raises some eyebrows but most people working the checkout really don't care. A few just comment that it's cool, most are skeptical.
It's all hosted on fastmail and routes via wildcards to my central inbox anyway.
Unless mydomain[.]com is used by more people than just you and maybe your family, doesn’t the domain itself serve as a unique(ish) identifier? I think public aliasing services offer better anonymity, but they’re also blocked by some services.
For humans who are paying attention, sure. In practice, not really, because it's all done by scripts without an easy way to query "is this domain shared".
The way to determine who sold them the data is a service and agent I've envisioned for a long time, but never had the wherewithal to produce. (I won't go into all the hurdles.)
Everyone should have their own email domain, and an agent that also serves as your email client will generate a proper looking (for some definition of that) email address within your domain for every new correspondent.
Now, whenever you see your identity (email address) associated with anything at all you can determine the original source.
Maybe the data is sold from some of the apps on our smartphones. Also, pretty sure most of the payment providers folk e-shops use on their checkouts sell the data to Google (and I am dead certain Google were bragging about knowing about almost any transaction which happens on the on the web). That is a part in the chain which not even most online shops would even be aware of.
Yup, I often speculate that for me, perhaps for many others, apps (and the Android/iOS platforms) are the source.
I’ve been slowly switching to web/desktop based alternatives- those too have their issues (eg correlating all the traffic out of my single home NAT’d IP address.
Mulling deleting apps off my phone as well, but many non-app “mobile” experiences are completely unusable.
I would love to know who sold them my data though. That would allow me to stop the flow more effectively before I felt okay deleting at the terminal data broker.