Adventures in Technology

Back
Wed May 14, 2025, 3:11 AM

Why I don't pay for data protection services

privacytechnologybusiness
Delete button imagery

I’ve built privacy tools, worked in big tech on operating system and privacy teams, and spent years thinking deeply about protecting and managing data. So it might surprise you to hear I don’t use services like Icogni, DeleteMe, or Optery.
Why not? Because most of these services are solving the wrong problem, in the wrong way.

Warning: cynicism abounds, though I believe it's justified.

What these services tend to claim

These services typically promise to scan the web and data broker databases, file data deletion requests on your behalf, and help scrub search results tied to your personal information.

That all sounds proactive—and to be fair, it's not entirely smoke and mirrors. But the reality is, these are mostly low-effort, repetitive tasks wrapped in a premium subscription. Some charge upwards of $25/month for what amounts to a glorified email automation tool.

Now, here’s the catch—your legal rights vary wildly based on where you live. Outside the EU or a handful of U.S. states, companies are under little to no obligation to delete your data, though many do anyway, just to avoid the hassle of figuring out where you're from.

Additionally, many of these services ask you to hand over even more of your personal information—so they can use that to look for your data. Yes, really. You give your info to find your info... by sharing it with the very brokers you’re trying to hide from. 🤦

Why I don't think they add much value

These services mostly follow through on what they claim to do—but does that meaningfully improve your privacy? That's where things get tricky.

When a deletion request is submitted, there's rarely immediate action. Some companies delete data right away (awesome!), others rely on scheduled jobs to scrub it from systems (reasonable), and some drag their feet with delays that still fall within the letter—if not the spirit—of GDPR and similar laws (ugh!)

In practice, companies often interpret legislation (if it even exists in your region) to actually delete data up to one, two, even three months after a request lands. That leaves a window where your data is still live and usable—long after you've asked for it to be wiped. The app may pretend it’s gone and no longer show it to you, but the backend hasn’t caught up.

This might come as a surprise if you're not in the industry, but it’s a most definitely a practice. And it's a really convenient one if your business profits from using personal data before the deletion clock runs out.

Why this matters: Recency is king

Fresh data is the gold standard. If I'm shopping for a new refrigerator, that intent is most valuable in the days leading up to my purchase—when ads can still sway my decision.

The sweet spot? I'd say two weeks. After that, the usefulness of that data drops off a cliff. And that’s the loophole that undermines the entire premise of data deletion services.

Even if you file a deletion request the same day the data is collected, it could still stick around for 4, 8, even 16 weeks—plenty of time to squeeze value out of it before it's actually deleted.

Are we paying companies to delete data that's already stale?

Probably. These privacy services often have behind-the-scenes arrangements with data brokers. Sometimes actual money changes hands—meaning a chunk of your subscription might end up with the very brokers you're trying to escape. And by the time they delete your data, it's already lost its real-world value.

The broker gets paid to search through and remove info they were probably going to purge anyway. The privacy service gets to claim a win. And you? You get a receipt and some peace of mind.

Everybody wins! Except, of course, the person who paid for it...

The really problematic entities ignore these requests

It's counterintuitive, but the companies that comply with deletion requests aren't the ones you should lose sleep over. They're the easy targets for these services, and many of them bulk out their numbers sending requests to state and federal datasets that are mostly harmless. The real privacy offenders are the ones that ignore these requests entirely—or never offered a way to delete your data in the first place.

Do these services alert you when a company ghosts them and your request? Are they incentivized to tell you their service is useless against the worst actors? Doubtful. That would ruin the narrative—and the subscription model.

Malicious compliance

Some companies push this logic to its limit: if users would request deletion the moment their data is collected, why bother surfacing that data at all? Why deal with transparency, exports, or consent windows when you can just pretend everything is already in the deletion pipeline?

Data Deletion Process Flow

It’s a tidy way to sidestep regulation and incredibly difficult to detect—just assume the user wants it gone and quietly do what you want with it in the meantime. After all, it’s already "queued" for deletion... eventually.

What you can do to improve your privacy

  • Use a password manager (1Password)
  • Turn on privacy protections in your browser of choice
  • Use a trustworthy VPN when traveling or on public Wi-Fi (always Mullvad)
  • Don’t give your time or money to companies that don’t respect your privacy (most important!)

That’s it, really. It’s frustrating, but many privacy tools end up being security theater—expensive, flashy, and not nearly as effective as advertised. I wish that weren’t the case. I’m working on improving this, but only time will tell.

None of these are sponsored—just tools I personally trust and use.

I'm a privacy nerd by all accounts. I've built , I invested a large portion of my professional career trying to improve privacy in big tech firms, and working on some truly groundbreaking services that saw their end far too soon (miss you Skype)

But I don't subscribe or utilize Icogni, DeleteMe, Optery or any of their ilk while I do use a password manager aggresively (*1Password), and a VPN when warranted (*Mulvad). Why?

Warning: cynicism abounds, though I do think it accurate.

No products are sponsored, they are just ones I love.

Disclosure: AI assistance was used to help edit and improve this post, but all drafts are written entirely by me.
Next Post: Building Your Intelligence and Expertise →

© 2025 Benjamin Poiesz. All rights reserved.