When I signed up for 23andme many years ago, it was via a friend in another country, who re-mailed it for me under a fake name and paid in cash. For some time I would log in through a locale-specific 23andme sub-domain until they eventually merged it all together.
It wasn't long before they figured out who I was and placed me within my family tree. My fake name now lives among near and distant relatives I was not aware had signed up themselves or their parents/grandparents. They know who I am, who my siblings and cousins and aunts and uncles are, etc. This was always going to happen as soon as I sent them my sample.
I never believed my anonymity trick would truly work, I just wanted to make it sufficiently difficult for when 23andme inevitably sold out, got gobbled up, or turned evil. I learned what I wanted from the service, and have only logged in once a year or so since to see if they updated any findings or disease studies.
While I truly appreciate the concept of bringing privacy and anonymity to this field, it's worth considering we are all quite easy to identify using these samples.
> While I truly appreciate the concept of bringing privacy and anonymity to this field, it's worth considering we are all quite easy to identify using these samples.
Yes, as long as they have the data. If a company would process the sample, send me a thumb drive of my information, and not retain a copy, that data can't leak because it doesn't exist.
Unfortunately this is just one step away from a blog post where the CEO apologizes for letting down their customers by keeping copies of all data in an unsecured s3 bucket that was downloaded in its entirety by a 13 year old "hacker".
If you prominently advertised that you don't retain data, but it turned out that you did and it got leaked, that's a straightforward case of fraud. Given that the services would be advertised over the internet, it probably counts as wire fraud which means the feds would get involved. On the other hand if they had permission to keep your data and they got hacked, it becomes a messy tort case where the plaintiffs has to prove that the company didn't try hard enough to secure the data. In other words, the point isn't to guarantee that your data won't be leaked/hacked, it's to make it straightforward to go after you if you decide to lie.
This is why I won't use any genome sequencing service that has a bunch of ancillary services attached (eg. analyzing your ancestry, or figuring out what diseases you're at risk for), and you have to request deletion of data. The fact they provide such services means that your data is getting automatically uploaded to the cloud, probably resulting in multiple copies to different systems/databases/vendors. Even though you can theoretically request deletion, all those copies means there's a non-negligible chance that there's a copy lying around in a decommissioned s3 bucket that they didn't delete. If they service promises sample -> sequencing machine -> lab computer -> [PGP encrypted email/mailed CD], that cuts the risk considerably.
Yes, I definitely considered that as well. Basically, I knew that 23andme data would eventually exist outside 23andme, whether that be via hack, acquisition, or eminent domain.
I accepted that and did it anyway, taking steps to at least not be directly associated with my sequence, even if my association can be inferred or derived later. My main concern is that their testing would identify something which in the future would be a "pre-existing condition" and get me denied medical care, but there is certainly a long list of other possible consequences.
At this point I don't trust any company or agency that collects and uses data, or the promises made in any privacy policy, but I also don't lose any sleep over it.
There used to be a way to request full data deletion on their website. Probably too late to do it now for people who are included in the hack, but could still be a good idea to do it asap.
I did the same, sans the cash payment. I REALLY wanted my DNA sequenced but they were the only consumer option at the time. Anonymous sequencing is the way to go. There's just too much opportunity for abuse or incompetence around my most private data.
…if you wanted full anonymity, why did you turn on DNA relative sharing? Why don’t you turn it off now? Or do you mean, you assume they could place your profile within a tree, if they wanted to?
Consider a service which promised to scan your genome, send you the data file, and delete the sample, and their copy of the file on confirmation of your receipt. This is still vulnerable to dishonesty, but only transiently.
There's nothing logically impossible about such a service, and I'd trust it modulo actual red flags. Too bad afaik nobody's offering it. Once they're archiving their copy I just don't see how they can credibly promise privacy in the longer term.
Last I looked it didn't seem really practical to just buy your own sequencer.
People are conditioned not care, but I seriously doubt that is avoid argument for not providing anonymity as a default product considering the risks when genome data is breached.
Surely, it’s not that costly to delete data? The only reason to keep this data is for ulterior motives like monetizing.
I'd pay more for credible privacy. You'd think this could support a small business, even assuming there's no angle for a grand VC-funded startup. (Yes, easy for me to say.)
Nebula actually did use to let you download your data and tell them to delete it. When I was looking last year, though, they'd moved to some new model (which I assume this post was about).
Paying anonymously does not resolve the problem of identity by descent / genetic relatedness for a service that retains your genetic data. As relatives sign up with any identifiable bit of information, your anonymity erodes.
I find this fascinating. I once was considering getting my whole genome sequenced from Nebula but then I realized that their sequencing was being done by Beijing Genomics Institute (BGI). The quality of sequencing from BGI is very high, but the reality is it has some fairly established ties to the PLA (to the extent that it's considered for sanctions by lawmakers). There's been concern in the bioinformatics community for years that the CCP/PLA, through BGI, has been amassing substantial genomics data on people (most notably pregnant women). Unclear why, but – given the authoritarianism – the mind can go places. That's the thing with running any genomics-oriented organization; at minimum, pretty sordid optics can emerge if you're not careful.
I bring this up because Nebula is clearly making a play for anonymity which, in my mind, is strange. Perhaps deceitful. The thing about genetic data, especially WGS, is that it's hopelessly not anonymous. Sure, it can be protected, but given the world we live in (hacks, data brokers, etc.), it's the type of data that will likely get out into the wild. This past week at 23 and Me is a case in point. The comment from another poster here about whether they delete it or not is an important one. I suspect they don't; for a while Nebula was touting a setup where they held onto your data and you could license it for use by pharmaceutical companies or researchers and receive payment. Not sure if that's still a thing. Either way, I find the notion of "anonymity" here very dubious, even if you pay with Monero or similar, use a PO box, etc. But that's kinda the reality – these genomics companies aren't especially open about a several key facts when you get your genome sequence. Another example is that they don't make clear that when you get your genome sequenced you are effectively unmasking the genome of your extended family.
> As the understanding of genomics advances, you can stay up-to-date on your genome with the Nebula Library.
Then to the privacy policy:
> Nebula will store your Personal Information as long as your Account is open, unless you make a request for us to delete all or any of your Personal Information prior to the closing of your Account as described in this Policy. If you decide to close your Account, then Nebula will automatically destroy all Personal Information related to your account, including User Data, Survey Data, and Genetic Data.
So, my reading of all of this is aligned with how you and vatys have read it, too.
Yeah, I'd also be curious why they can't simply send it over to a company which "just so happened" to buy anonymous data, before Nebula "happened" to process your deletion request.
Yes, it's a bit hard to take them seriously as a US company. (I wonder would it matter if they were CA based instead of NY? Does the CCPA provide some better effective data protection - at least awareness, similar to the GDPR? And does NY have something similar?)
That of course is an option. It's in their privacy policy. Tbh that you could demand they delete your data when you were done with them is the entire reason I actually used them. There are definitely benefits to keeping your data with them though. The research they contribute to is useful and the relevance is easy to interpret through their client.
I'll probably delete everything off their site in the event it looks like they might get sold but for now I figure it's fairly well guarded and they keep most of it offline anyways.
Neat that they're crafting this kind of product. But, given how easily such full sequences can plot your exact relations with any other unblinded records, this may be largely "DNA Security Theater" against the threat of their malfeasance or compromise.
Also, I can't find anywhere in the Nebula materials describing the chain-of-custody of submitted DNA, & jurisdiction(s) of the sequencing labs.
For example, if provided samples are sent outside the US for sequencing – are they? – I'd have even less confidence they'll be kept secret from local authorities.
That’s outrageous. Paying for a service should not mean concurrent subscription to populating police databases. I’m a bit surprised California would permit this.
Do you have a reference documenting this requirement?
I've not seen it reported, & when I last checked (long ago), 23andme seemed to allow a customer to decide whether their sample was retained beyond the current round of tests.
And, if it were a current requirement, wouldn't this Nebula offering be prohibited in California?
Thanks, but: neither of those links say it's a California requirement, nor that it's stored with PII, nor that it's necessarily/always kept for 10 years (your original claim).
Instead, it's said to be kept for at most 10 years, & even that is in a paragraph describing what happens if a customer specifically chooses optional storage!
Further, if you're referencing 23andme's own privacy/terms documents, those also repeatedly pledge that samples are irreversibly destroyed upon request.
So while I can still believe your original claim might be true – California requires many dumb & anti-privacy things, sometimes in dishonest ways! – the links you've forwarded provide more grounds to doubt your claim than support it.
If it's truly a state legal requirement that overrides a user's explicit discard request for a full 10 years, that should be easy to document with a clear and authoritative link, shouldn't it?
I am trying to google this but not finding much, do you have any sources or references I can read? I would really love to learn more about this if that's true..
As noted in my other reply (https://news.ycombinator.com/item?id=38604877), this link doesn't actually support the strong claims made: "California requires", "with name and PII", "for 10 years", & that you "cannot request for this to be deleted or destroyed by law".
Those all seem to be misinformation without support from, and even in contradiction of, public/authoritative references
– despite the assertion that these are a matter of "law".
I had my genome sequenced by Nebula. Honestly I know I shouldn't have from a privacy standpoint (especially since I signed up with my real name and details) but the idea of having my entire genome stored on my hard drive was too tempting for me, and now that's what I have. I have started looking into the software to analyze it, and I'm happy that it's a purchase that will be valid my entire life.
I was the same way. I have a genetic condition in my family of unknown origin and the risk of anything happening. My genetics outweighed the possibility, and what turned out to be the evidence of what my even partial genome could uncover.
Unfortunately, I was the only one in my family who understood this and the rest were too afraid to get the test done even though people in my family have died of this disease.
A few years ago I tried to get my full genome from nebula but they messed up my order really badly and it took over a year to get my money back. But it looks like they might be cleaning up their act and the $250 price is really tempting.
Since our disorder is polygenic, there’s still a lot of questions I have so I’m probably going to get a nebula run as well.
It's all command line tools, one is called samtools and another is called picard, there might be another one I'm forgetting.
The interesting this with the data is that it isn't your raw genome, it's the entire data from all the sequencing runs of 30 or whatever base pairs (I got my scan done at the 30x level which is supposed to mean that on average every base pair is read 30 times). So it's not like you can just read your DNA directly in one string (not sure why I want to do that but I like the idea of a single file containing just all my nucleotides in sequence). The next step for me, when I go back to it, is to get on the forums for those above tools and ask how to do the things I want, there are a LOT of subcommands.
IGV is very nice for viewing sequence data. I've never loaded anything into it that wasn't already prepared to be loaded into it, but this is probably fairly easy to do. It's really nice for viewing three-frame translation to look at the proteins encoded by DNA, but for eukaryotes you have to pay attention to mRNA splicing even if you know the boundaries of the protein coding sequences.
Just looked at the team and it's founded by George Church, professor at Harvard/MIT. There's certainly been some great research to come from his labs, but this guy is on the board of almost every biotech company to emerge from the Boston area. His wikipedia says he cofounded 50 biotech companies, lol. There's a few of these 'rockstar' professors that collect companies like infinity stones from all the students to pass through their labs.
I wonder how many of these companies were just his name tacked on for credibility vs him being deeply involved in the product development of direction of the company.
I’m pretty sure he has been involved. A friend of mine started a company where Church was an advisor, said he was a huge help. The same friend also was the one who recommended Nebula to me, and I was happy with the service.
Why do they build this Rube Goldberg system? Do consumers demand that they can access their data from everywhere so keeping it on some server is necessary? Do they need the data from everyone to do statistics on them? Is it related to selling the analysis software as a subscription?
All in comparison to the obvious solution, send in a sample, receive the resulting data. Plus some offline analysis software that you can buy a license for and maybe update from time to time.
One of the services they provide is giving you reports on new genetic studies and how it relates to your DNA. Another is online genome browser. Both require access to your genome. If you only want to sequence your DNA you can do that, download your files and delete your account. They promise to delete your genome once you close your account.
It's interesting to imagine how this would've worked in 1995 or something, if the sequencing was possible. You'd have done the sample, and in response they'd send you three CD-ROMs. The first is the visualizer program which you'd install as an executable. The other discs are your genome*. If your spouse or kid got their genome sequenced, you'd get two more discs.
Every year the company would print an update to the disease database on more CDs, and make them available for a relatively small price, probably exclusively by mail.
Obviously there's some aspects of this that suck, but it's interesting to see how it's so much better for privacy, because data hoarding wasn't viable at scale or as a business.
* Two, because a genome is > 700MB, so it won't fit on a single disc. How annoying the size limit of a CD would've been if you had to solve this problem at work!
Depending on format your genome can be upwards of 100 GB. Granted they probably don't use full sequencing for analysis. They probably use just genetic variants, which is about 300 MB, so would fit a single CD.
I imagine a couple of floppies a year might've been cheaper in 1995 than a CD.
Those things you can do locally as well, you might just need an update from time to time to make new analyses available. At least unless they require doing statistics or whatnot on all the genomes they have.
Depending on format full sequencing can be larger than 100 GB. It's possible to keep that locally on most devices but it's a sizeable chunk of storage for relatively rarely used data.
They do use statistics in their reports. One of the numbers they give with each report is where you are in the population for that particular report. E.g. 85th percentile for this thing in the population.
At some point, I would love to setup something like this but then completely local and open-source. This could e.g. include a sequencing kit (Nanopore MinION sequencer (<$ 1,000) plus necessary consumables), protocols, and in silico workflows for basecalling, SNP calling, and interpretation.
You can snatch a 30x full genome sequence from Nebula at $100-150 on sales they do a few times a year. Open-source is cool but prob not economically feasible unless you’ll be using it for all your extended family or something.
My point is not about having the cheapest solution. I just don't trust anyone else with my genomic information, even if they say it's anonymous. (I'm a biotech engineer, from Europe; maybe that explains my reservation ;-))
I took a sample of my own blood for a mail-order blood test recently and it was stupidly difficult. One reason Theranos was so exciting that people lost their minds over it was basically that it made at-home blood samples feasible for the regular population.
They insist that they have a genome sequencing company but when I attempted to use them it became apparent that any success happens despite their equipment and processes, rather than because of it. Months of waiting led to admonitions that no valid samples could be found, which then precipitated further waiting for test kits to be re-sent and new tests to be run. Although they eventually refunded my fee (after about a year in total of waiting), that only happened despite their customer service. I was left with the impression that they were selling something that sometimes might work but hoping that you'd be willing to hang around for months or years until you win the lottery and their process actually generates genomic data. Avoid.
I tried Nebula's kit but refunded after two attempts. They took on average 3 months to attempt to sequence my sample (due to sample batching) and they both failed. It costs me a fair bit to send the sample to Georgia (US) every time so the cost and wait times were too much.
It's a matter of luck whether your sequencing fails though so I will try again when they offer truly anonymous sequencing (my last attempts were eponymous).
Their website has been saying for at least two years that Anonymous Sequencing is coming. So take their product launch timeline with a grain of salt. In any case true anonymity and the price of 175usd are really impressive if they iron out the logistics.
If you have a publicly available photo of yourself (e.g. public social media), it's possible to match that to your genomic sequence. I.e. you already have to be anonymous online to have a chance that a private company cannot reidentify you.
Seems like the technique only works in highly controlled scenarios (e.g. you have tens of phenotypes and images and want to have a better than random chance of assigning one to the other):
> Nevertheless, re-identification risk in the wild does not appear to be especially high. While we observe a success rate as high as 25%, this is only achieved when the genomic dataset is extremely small, on the order of 10 individuals. In contrast, success rate for top 1 matching drops quickly and is negligible for populations of more than 100 individuals. Moreover, it should be kept in mind that this result assumes that we can predict the phenotypes perfectly.
That's a good catch. This study uses images for reidentification. I wonder which other factors, not contained in an image could be used for reidentifying someone and by how much that would increase the reidentification accuracy.
Reading their blurb, well intentioned or not, it becomes apparent the service will be a boon to someone other than yourself, possibly nefariously, sending your specimen and receiving your details.
I see zero reason that I should need to pay them a subscription when all I want is a one-off product. Sure, I can see the use in being alerted when new genetic diseases are discovered, but that should be my choice. It's frustrating that everything is becoming subscription based these days.
You don't need to keep paying, you can just get a one-month subscription and download your genome once it's sequenced. The subscription is just for the alerting.
A life-time membership costs 12 - 23 times more than the monthly subscription fee depending which package you choose. I'm not sure that paying a huge lump sum for a subscription I don't want is a good alternative to taking a monthly subscription that I don't want.
Generally agree with this, though they do frequent sales that bring the lifetime price down substantially. For myself, I thought that the bundled sequencing plus lifetime membership ($400) was fair just for the sequencing itself, so I didn't mind too much.
IMHO this stuff is not necessary. My DNA and that of my wife will be public. The rest of my family will volunteer theirs soon. And I am looking to expand the amount of public DNA from my ethnic group.
Given sufficient time, this information will be useful for the progress of science.
In some sense, this is part of a genetic adaptive mechanism. With a sufficiently tight-band public genetic release with full health history, it is possible that future science will bias to my genes.
Perhaps some of mine will be ones people desire and others not. But they will optimize to the ones that are studied. That means my genes will live on slightly preferentially.
Which, of course, means that I should encourage everyone else to keep theirs private.
Amusing thought. But I think we will all be for the better with our genomes public. It's okay if others won't submit theirs. We will submit ours and may humanity benefit from it.
They are not the first to offer this. Maybe in the US but you can do this easily with minimal effort in Germany. And I think they don’t have that much time till it will be „mainstream „ for every patient.
Genome sequencing has become so cheap in recent years (and will be much cheaper in the next few years) that everyone who wants it will simply get it. Against the background of personalized medicine, this is also very useful. (My background: CEO of a company for personalized cancer therapy through WGS)
Yeah, another round of these "anonymous" services.
It's better than having your name slapped into it, but let's be honest here unless you have all your material and tools inside your home with no Internet connection, all these things are NOT anonymous by definition.
Reading the recent New Yorker article about genomic sleuthing[1] caused me to conclude that there is no such thing as anonymous genomic analysis - at least not the type that analyzes your genome to identify risks and commonalities.
All it takes are a few related (even distantly related) samples and a skilled observer can quickly narrow down where on a genetic tree a sample came from - without knowing anything about the person at all.
I wonder if there’s a way to physically encrypt the DNA before sending it off for sequencing—e.g. randomly permute the base pairs, send jumbled DNA to sequencing company, get digital results back, then decrypt them. Of course generating the physical “private key” and then turning it into something usable to decrypt the results would have to be much simpler/cheaper than the sequencing itself, otherwise you’re back at square one…
1) You aren't sending them naked DNA which can be modified in a test tube, you're sending them epithelial cells that they extract the DNA from.
2) Any changes you make would mostly not be complete, and they're generating your reference genome from a consensus (to account for sequencing errors and DNA damage). This increases the odds that any randomization you do is basically swamped by the consensus algorithm. If the changes are not swamped then your decryption depends on knowing exactly which changes are from your encryption algorithm, and exactly which are from their consensus algorithm.
3) Bisulfite conversion, methyltransferases, general deamination, and the like make known changes to your genome that can easily be fully accounted for during analysis. There's no easily done "random" cryptographic technology that you can do on your DNA. And even if there was, it probably wouldn't be doable without already knowing your specific sequence.
Yeah that one bullet point destroyed any trust I might have otherwise given this service. I was excited to try it until they mentioned blockchain.
There’s no plausible reason to use a blockchain instead of a traditional database, and many possible risks/downsides. So either the company is incompetent, or they’re not really using a blockchain and their marketing is misleading, but either way it leaves a bad taste in my mouth.
I’d be very interested to see if you send two samples in fully anonymously to see how much they differ. I don’t trust the accuracy of these low cost, high throughput methods.
It took scientists ~18 years to sequence the first genome, I know that was ~15 years ago but they did have huge budgets.
I was curious about this I think we can offer more sophisticated (but more computing intensive) anonymity using homomorphic encryption. For example, using RISC Zero [1].
Great! Now I can sequence the dna of women I’m creepily interested in, coworkers, bosses, and any celebrities i can manage to get a sample from by pouring thru their trash at 2am. Thanks, Nebula!
It wasn't long before they figured out who I was and placed me within my family tree. My fake name now lives among near and distant relatives I was not aware had signed up themselves or their parents/grandparents. They know who I am, who my siblings and cousins and aunts and uncles are, etc. This was always going to happen as soon as I sent them my sample.
I never believed my anonymity trick would truly work, I just wanted to make it sufficiently difficult for when 23andme inevitably sold out, got gobbled up, or turned evil. I learned what I wanted from the service, and have only logged in once a year or so since to see if they updated any findings or disease studies.
While I truly appreciate the concept of bringing privacy and anonymity to this field, it's worth considering we are all quite easy to identify using these samples.