Comment by mquander

Comment by mquander 2 days ago

5 replies

View on Hacker News

I was interested to read this because some time ago I had my genome sequenced by Nebula. If you look at the lawsuit you can see that what Nebula did was use off-the-shelf third-party analytics products on their website, including recording analytics pings when users buy a kit, and pings when users use the Nebula website to browse Nebula's high-level analysis of their traits (leaking that the user has those traits to the analytics provider.)

This behavior represents a contemptible lack of respect for users' privacy, but it's important to distinguish it from Nebula selling access to users' genomes.

https://www.classaction.org/media/portillov-nebula-genomics-...

zaptheimpaler 2 days ago

That's a good clarification. I read through some of that link, and it does look relatively benign - Meta & Google pixels might see when you buy a kit but nothing more, but on page 21 they directly leaked genetic information to Microsoft via their Clarity tracker. Not intentionally maybe, questionable if it can be linked to a person specifically instead of just an advertising ID but they did leak that. I think the lawsuit says that even disclosing whether a person has undergone genetic testing is in violation of GIPA, so the information they sent to all 3 is enough to violate that.

I don't have any evidence they're selling anything but that lawsuit shows pretty sloppy behaviour for a company that should be thinking very deeply about privacy. I guess that's about what you said though :)

Reply View 0 replies
vintermann 2 days ago

Another point is that Wojicki's big idea that all this genetic data would be useful to sell to business, didn't work out so well. For an advertiser, it's a lot more useful to know if you're a smoker, than to know that you have a 40% higher chance of being a smoker.

Reply View 0 replies
busterarm 2 days ago

The point isn't what they are doing with your data now, but that they retain your data and what might happen in the future. Someone with malicious designs on your DNA might buy Nebula tomorrow and there's nothing you can do about it.

Reply View 2 replies
  • mquander 2 days ago

    Actually, the main reason I used Nebula was that they advertised a credible-to-me promise that you could download and permanently delete your data upon request. That was some years ago, so I don't know if I would trust them today. But that was their claim, and I have no reason to believe they didn't delete my data.

    Reply View 1 reply
    • vintermann 2 days ago

      That's a legal requirement in the EU and many US states. Some of the genetic genealogy companies actually play fast and loose with it though - not the deletion, which I trust, but the data portability and reasons to store PI parts.

      Reply View 0 replies