Full Report
Incogni and DeleteMe are data removal services that can help you lock down your data, but they specialize in different areas. Read on to discover which service will suit you best.
Analysis Summary
# Main Topic
Comparative analysis of two primary data removal services, Incogni and DeleteMe, detailing their focus areas, operational differences, and security postures to help consumers choose the best service for locking down Personally Identifiable Information (PII) exposed by data brokers.
## Key Points
- Data removal services emerged about 15 years ago due to the realization that personal data is a valuable, exploitable currency lacking strong consumer privacy legislation.
- Both services primarily focus on sending removal requests to data brokers and people-finder websites to delete consumer PII.
- **Incogni's Focus:** Primarily centers on maximizing data removal from data brokers and people search companies using automated processes (API integrations, email, online forms). Requests are perpetually re-sent every 60 to 90 days.
- **DeleteMe's Focus:** Offers distinct specialization in emerging areas like vehicle data privacy, specifically managing the linkage of vehicles, registration plates, and drivers being sold to third parties (e.g., insurance companies).
- **Data Encryption:** Both utilize AES-256 encryption.
- **Auditing:** Incogni is undergoing Deloitte Assurance and SOC 2 audit processes. DeleteMe uses a third-party CPA for SOC 2 and is also pursuing ISO 27001.
- **Future Plans (DeleteMe):** Includes Dark Web monitoring, expanded international coverage (Brazil, Spain, Philippines), improved Google Street View blurring, and real estate removal listings.
- **DIY Option (DeleteMe):** Offers extensive do-it-yourself data removal guides for opting out of specific companies like WorkNumber and Experian, providing an alternative to subscription.
## Threat Actors
- The implicit threat actors are generic **Data Brokers** and **People Finder Companies** who store, share, and sell consumer PII for profit.
- *Note: No specific malicious threat actor groups (e.g., ransomware gangs) or APTs were mentioned in relation to these defensive services.*
## TTPs
- **Data Broker Exploitation:** The underlying "threat" exploited is the aggregation and sale of PII by data brokers.
- **Data Removal TTPs (Incogni):** Automated removal requests via API integrations, email processes, and online forms, with re-sending every 60-90 days.
- **Emerging PII Tracking (DeleteMe):** Monitoring and removal tactics related to vehicle data (license plate linkage to drivers).
## Affected Systems
- **Scope:** Primarily US residents, though DeleteMe is expanding internationally.
- **Data Sources:** Data brokers, people finder websites, and systems tracking automotive PII (vehicle registration/license plate data).
- **Specific Brokers Cited (Incogni):** Acxiom, Equifax.
- **Specific DIY Targets Cited (DeleteMe):** WorkNumber, Experian, Meltwater, MightRep.
## Mitigations
The primary mitigation discussed is utilizing the respective data removal services:
- **For Broker Focus:** Use Incogni to automatically manage continuous data broker removal requests.
- **For Vehicle Privacy:** Use DeleteMe for specialized handling of vehicle/license plate data linkages being circulated by brokers.
- **For DIY Control:** Utilize DeleteMe's do-it-yourself guides if an immediate subscription is not desired.
- **General Security Enhancements (DeleteMe future plans):** Enhanced identity masking to prevent PII submissions initially.
## Conclusion
Incogni and DeleteMe offer comparable foundational data removal capabilities, suitable for consumers concerned about PII exposure. However, the choice depends on specialization: Incogni is positioned as a relentless broker removal engine, while DeleteMe provides crucial coverage for emerging privacy vectors like vehicle data tracking and offers a robust DIY resource pool. Consumers should assess which vector of leakage (general broker exposure vs. automotive data linkage) is of greater immediate concern.