Data Brokers and Removal Services

Show Notes

Data Brokers and Data Removal Services

What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies?

To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a service that automates user personal data removal from data brokers.

Darius shares from his research on data brokers and their business models, and explains what a typical data broker looks like, the most commons methods they use to collect our data, and who some of the most popular data brokers are.

This brings the conversation to the growing market for data removal services, and the two also talk about new legislative measures that might be changing the landscape these organisations operate in.

Chapters

• 0:03: Data Removal Services and Data Brokers
• 12:56: Data Brokers and Privacy Regulations
• 29:33: Future of Data Security and Privacy

Transcript

Speaker 1: 0:03

From our headquarters in Oslo, norway, and on behalf of our host, robbie Perelta, welcome to the Pneumonic Security Podcast. I have read and accept the terms and conditions. Meant. No one ever has a double-click the confirm box at the bottom of a long document, font size 7 times New Roman. We all know by now that if we aren't paying for the product, then we are the product, but for some reason it shocks us that there are thousands of companies out there selling our data Rewards programs, surveys, apps, cookies and web beacons, social media and why not? Maybe I'll enter this online contest too, yolo.

Speaker 1: 0:47

Long story short, if someone wants to know something about you, there are likely only a few clicks and a credit card away from figuring it out. And, on a serious note, consider the implications of connecting an unethical large language model with an equally unethical data broker service. And given that that's probably happening as we speak, we only have a few options Put our tinfoil hat on and carry out business as usual. Delete Facebook, stop using Google and find the old Nokia, or, as today's guests would probably advocate for, consider using a data removal service. Adios beluevas, welcome to the podcast, thank you. Thank you, robbie. Can you please say it properly for us Dairus, belairus, belai, I like your last name, I just can't say it. Maybe by the end of the conversation we'll do one more try. Welcome, where are you?

Speaker 2: 1:40

coming.

Speaker 1: 1:42

Where are you sitting at today?

Speaker 2: 1:44

In Vilnius, Lithuania.

Speaker 1: 1:46

Lovely, lovely. So I think the story behind this podcast started me. I was listening to another podcast that I listened to Cyberwire, and I believe, as one of your competitors was, please delete me. They were talking about, yeah, delete yourself from all the services that the data brokers know about you, and I thought that's interesting data brokers I haven't talked about them for a while and I looked up what was available in Norway and you popped up. So why don't you tell us a bit about yourself and the company that you work for?

Speaker 2: 2:17

Sure. So yeah, in Cogni I actually joined with a background in marketing, so when it comes to the part of target advertising and so on, so this is something I had a chance to touch hands on back in the day. And now, for the last couple of years, I'm leading in Cogni from the sort of big idea of the problem we want to solve to now. Well, according to Google Trends, most popular service when it comes to data removal- Cool when you were in marketing how?

Speaker 2: 2:48

what was your relationship to data brokers and data in general, like the acquisition of purchasing from data brokers For me personally, I was mostly working with the big platforms so Google Ads, facebook ads at the time I didn't really knew that much about data brokers on a bigger scale, and it's only when we caught the sort of feedback from the users that's okay. So what do you need more help with? And the topic of data brokers, personal data removal, started coming up. Only then we like deep dived into okay, so what's going on in here? And like then you find out that's okay, so that's a massive ecosystem and it's pretty scary.

Speaker 1: 3:33

Yeah, yeah, I was looking at it, I was googling a little bit. It says the data broker market is going from $280 billion in 2023 to $382 billion in 2030. So $100 billion increase. Gartner says that there's. They estimate that there's around 5,000 data brokers globally and there are companies like yours that are growing and the need is not going to go anywhere, I guess. So they think this is going to continue to be a thing in the future. Do you agree with that?

Speaker 2: 4:03

Yes, and this is something that we realized early on when we were sort of taking cognizant from the problem to potential solution. So what we tried is let's try to opt out from those data brokers. We found the list and, just on a sort of personal basis, let's try to send those data removal requests on our behalf, personally. And what you realize is that you need like a patience of a saint to go through the process.

Speaker 2: 4:34

Like just a few days in you have full inbox of email threads of back and forbs and you realize, okay, so this is a problem. Like you have those tools, but in practice to actually delete, trying to delete yourself, it's a massive undertaking.

Speaker 1: 4:53

Yeah, because I don't think I've ever actually done that myself, but you can technically, I guess, go to an individual data broker or you can go to a person that's holding your data and ask them to delete your data, and that usually for a person like me would go over email. So you're basically doing that on a huge scale and I would assume I would hope for your sake that it was automated right.

Speaker 2: 5:16

How many different data?

Speaker 1: 5:17

brokers are there, would you have to send that request to?

Speaker 2: 5:20

So for us right now we covered just over 150 something, but that number is ever changing. But the problem is that there are some limitation and exceptions, so not all companies that actually collect and sell your data need to register, so there is quite a bit of work in trying to find them to then understand what kind of data they collect. So for us we deal with personal inter-file build data, so that can be address, email name, but a big chunk of those are, for example, ad tech companies that they might have some identifier a cookie, ad or something like that and they know that you're having shopping for electronics for the last few days, but they don't know that you're like John Smith or whoever.

Speaker 1: 6:09

Yeah, so some data brokers have to buy data with other data brokers and put it all together, right, yeah?

Speaker 2: 6:16

I think this part is Both very interesting but at the same time, what brings a lot of complex to the market. Because it's not a problem with like a particular company or even a set of particular companies, because Someone might collect your data from I don't know dApps you're using, I don't know a calculator asking for your location data and stuff like that, but because there's a whole ecosystem of trading that that information you might you end up with companies you've never heard about that actually have a lot of data points about you and it's almost impossible to sort of figure out like what was the original data source for like a particular data point.

Speaker 1: 7:03

So, like, if I have apps on my phone, right, you could see like what they're, they're always out. You have to give them permission and those companies they are selling that your data to other people that you've never heard of and it's hard to know when it came from, right.

Speaker 2: 7:18

I'm very much so and perhaps is just one of the sort of sources and when you have like a free app that's Seems to be pretty well built, that they don't have like Obvious business models so it's not a subscription, it's like not some in-app purchases you have to think like where's the money coming from? Because building and supporting those apps is expensive. So One thing you can do is like go to their privacy policy, to go to their terms of service, and then the interesting things start to show up when they Start writing down that, yes, we collect like this and this information and we might be sharing with our sort of affiliates and partners and something like that. Yeah, and then you, then you know.

Speaker 1: 8:04

So as a sales guy, right, I get a bunch of Email, sometimes from companies like I've never heard of them. And this comes from a Gmail address Like hey, I can give you a list of Splunk users or a list of IBM curate our users, that's. That's their data break as well.

Speaker 2: 8:18

So it's not just like a my problem, it's like a company problem as well, or so of course, like inbox filling up, it can be annoying, but looking from the sort of cyber security perspective, what I'd be more worried about is that if your employees personal information is out there, it's a lot easier to then use that information for targeted fishing attacks. So this is something I'd be a bit more concerned. And when it comes to those emails, what's sometimes interesting to do is If they're not coming from a Gmail bar, from what looks like a legit company is, you can write back and hey, how did you acquire your email address? And it's interesting to see that that's quite often. Some of those things are not Quite often. This is some of those same services.

Speaker 1: 9:09

Okay, so they're. They don't really. Wow, it's interesting. I'm gonna do that next time. Let's see if they answer me, but then they're gonna expect me to buy something. So we talked a little about, like, how they're getting our data. You said it's from apps. Yeah, just to be covered up one more time so how our data brokers actually getting my data? Like what are the most common methods of acquiring that data besides apps?

Speaker 2: 9:34

So, putting apps aside, I think it's worth mentioning If you're I don't know registered for a loyalty program or something like that. Again, if you would open up the terms of service we actually did some research on this before that the amount you're saving on that I don't know $15 purchase might be a lot less than they actually will be earning from you, because with this you agree that, hey, we will share your shopping habits with our friends and family. And that aside, scraping in general like is a big, relatively easy, I would say, way to get this information. And again, this can be from some public government sites that need to disclose some sort of information. Social media like LinkedIn, facebook, etc. Again, everything you post online in In more often than not, can be scraped.

Speaker 2: 10:32

And when you do this at large scale, you can collect quite significant data sets. And what's interesting afterwards is that you can add another layer on top is that you have, I don't know, some employment data from LinkedIn. We have some location data you can start in pointing Well, maybe someone more affluent is living in that zip code or that area, so you can sort of predict economic status, you can predict ethnicities and so on and so forth.

Speaker 1: 11:09

It would be interesting to have a data broker on to see how they work, because it seems like they have, they scrape, they get some free stuff and then they put that in a big database, a smart database, ai powered database, and then they probably buy some data from other people and put it all together and that's their business model.

Speaker 2: 11:25

Interesting.

Speaker 1: 11:26

Have you ever spoken to anybody that works for a data broker that was able to, like that wanted to, you know, leak an insider from a data broker?

Speaker 2: 11:37

Actually I talk with data brokers quite a lot because, again, I think one thing to sort of understand and clarify is that when talking about data brokers, we kind of paint it with this dark brush.

Speaker 2: 11:50

But the way I like to think about it, it's like those are companies, in most cases under a legal business model for their jurisdiction and, from our experience, they kind of fall into the spectrum.

Speaker 2: 12:06

On one end, you have companies that use every trick in the book to try to refuse compliance. They use dark patterns and even they might limit how you can opt out. For example, under CCPA they have this right to offer, if I recall correctly, two different methods. And then you get an email saying okay, now you need to call this number to verify yourself and you can do it between that and that hour or something like that. Or we will try to call you on your phone number and if you don't respond we will assume that this request is canceled. So, like, these are real responses we've seen. So this is on one end, but on the other end there are a lot of legit companies that actually want to comply and they do their best to comply in an ordinary manner. So yeah, we have talked quite a lot. Nobody shared their dark secrets, but I think that's to be expected.

Speaker 1: 13:07

Yeah, that makes sense. You're like taking money out of their pocket, I guess, at the end of the day. So at the spectrum. Right, you said there's a spectrum and I would classify Google and Meta as data brokers, right?

Speaker 2: 13:21

Or yeah, yeah. Well, I would say I would expect that they would classify the subsets advertising platforms, but to support it they need a ton of personal information for their targeting. So yeah, I've never encountered that you could go to Google and say, hey, sell me like a list of users and send me an Excel sheet.

Speaker 1: 13:45

So I think they are more closed door in that regard, but yeah, yeah, there's a difference between data brokers and advertisers, but I guess advertisers are much better at their job if they have data brokers that feed up into their services.

Speaker 2: 14:01

Yeah, Again, not knowing the internal workings, I think it's fair to assume that a lot of it's what powers the databases, the data that they can collect themselves. They can just purchase it from the outside.

Speaker 1: 14:17

Right, right. And then, just out of interest, like Google and Meta I can name, can you name, like some of the biggest data brokers that you know of, just so both myself and the listeners can like oh, I've never heard of them, or maybe they have heard of them.

Speaker 2: 14:31

Sure, yeah, the fall pure ones in this regard. So Axiom, Lexus, Nexus and Talius. What's interesting for me when we're researching was that how open they are about sharing. And hey, we have personal information of hundreds of millions of people and we average 1,500 data points per user and stuff like that. And okay, how is this okay?

Speaker 1: 15:06

Those are salespeople with no bad conscience, I guess. What do we know about, like the protection mechanisms that are in place Is, like I know, in the States. Is there any regulation in the States protecting like this sort of trade of information or what's like the status of legislation around EU and the States?

Speaker 2: 15:26

Sure. So EU and GDPR is still ahead. California is spearheading with CCPA and what's really interesting is that they recently it had a new law DELETE Act so it should be coming in 2026. One of the ideas there is to have one place, one system for California citizens to opt out from data brokers. It's an interesting trend and would be interesting to see how they will be able to hold this vision and push back because, again, it's a very big business. So I'm quite sure they won't be taking this lying down.

Speaker 1: 16:16

Do you think they have lobbyists working in Washington to keep them alive? Do you imagine that?

Speaker 2: 16:23

Of course I mean again when we're talking about billions and billions of dollars industries. They have quite a bit of a stake.

Speaker 1: 16:34

Of course. Do you know anything about how do they get paid? Is it subscription models? I imagine they're API houses, that just. Do you know anything about that?

Speaker 2: 16:46

So when it comes to those traditional data brokers, it's generally going to be either pricing per dataset so I don't know.

Speaker 2: 16:55

You want people over 50 who live in this and that location, who are interested in something or took out a loan or got married and so on, so you get a dataset of thousands or hundreds of thousands of entries and you pay for the dataset. Licensing deals is another way. So where you, as you mentioned, so you get access to the database full database or particular segment of the database via API and you just pay a sort of fee per year, per month, whatever is agreed. What's interesting in US specifically is the people find their sites where essentially you can go and type in someone's name, city or state and essentially anyone with a credit card can purchase the person's usually half of a home address, sometimes phone number, usually relative information, sometimes background information and so on. So for me, this one is the one I'm probably most uncomfortable with, because there had been cases where a judge gets shot because someone has been waiting near their house. So this goes beyond cybersecurity, becomes like sort of physical threats.

Speaker 1: 18:23

And speaking of those sort of threats, I think there was one piece of legislation that's already on the way, or something had to happen because some data broker saw it was selling data about US troop movements or they were selling data about some sort of military thing. I'm not sure if you remember that story, but how are the bad guys using this information? I'm thinking about government type of groups, apts.

Speaker 2: 18:48

I think with the government it's always tricky because you can only see what's been sort of leaked or shows up. For example, there was a case years back, but essentially in Middle East, us government bought information about people's location from like Quran prayer app. So, like what you mentioned with that, I think with location data specifically, like we use different, like trackers for health, with fitness and so on, and like, oh, I ran like 10 kilometers today, but we don't realize that we potentially shared like all our routes.

Speaker 1: 19:30

Yeah, yeah, well, yeah, I remember the US is no better than anybody else in that regard. Like they're using. I think I remember correctly now they were buying data from data brokers because they weren't allowed to collect it themselves. They would just go buy it and collecting it themselves is probably more expensive than buying it from somebody else because they have purchasing power, which is really interesting In Cogni, right. So sales pitch time, like how to, if I go on your product and I say, remove me, like what's the process that actually goes on from your side?

Speaker 2: 20:02

Right, so you join us. So we will ask some personal information.

Speaker 1: 20:07

We try to minimize it as much as possible.

Speaker 2: 20:10

Yeah, oh god. I think it's important to understand, like one of the limitations if you would like do it yourself, a lot of the data brokers. They come back and say, okay, we can do it, but we need to verify you and please send us. I don't know your ID, your utility bills, your like you think God, I don't want you to have like my name and email and you're asking for my ID. So these are the kind of topics that we fight them on, because it's one of those sort of gray areas in the like GDPR and CCPA is that the law says that request needs like verification, request needs to be proportional, and we say that no ID is not proportional, like you're not supposed to have it in the first place, so like just remove my information. So we use those three data piers, like email, name and address, as a sort of verification method for the user, so we don't need to like send anything more sensitive to them.

Speaker 1: 21:21

That's really funny that they asked for that, though it's like, okay, fine, but just give us a few more things to sell first, and then we'll Then we'll delete you.

Speaker 2: 21:29

Yeah, the irony is, the server is there.

Speaker 1: 21:32

Yeah, yeah, yeah.

Speaker 2: 21:35

And, yeah, moving forward.

Speaker 2: 21:37

So right now the service is slightly different depending on whether you're from Europe or from US. So in both cases we will send out data removal requests to those we call them private database data brokers, which essentially, like you, don't really know what they have up front so you can check their privacy policies also, you have a sort of good idea, but it's not publicly available that information. So we will send those requests to data brokers if needed to follow up and essentially do the hard work for it. When it comes to US, like the people find, their category of data brokers are there and it's a big problem. So with them, one of the things you've processed the easier is that you can actually go to those sites and check like okay, so is John Smith from Missouri there, and I should probably use like more unique name as an example. But yeah, you can go and you can find the personal profile and then you can request to remove that profile. So this is a problem specifically for US and so that's why it's slightly different in terms of the service.

Speaker 1: 22:55

So there's actually a lot of like manual work that you have to do on your side to actually make this happen.

Speaker 2: 23:01

There is a lot of automation, there is machine learning and so on and so forth, but at the same time, when dealing with data brokers, not everyone is super excited to be compliant. So like the next worker comes there.

Speaker 1: 23:16

Yeah, but are you using like you're automatically answering their response with something on your side as well, Because it'd be annoying to have your? Okay, you actually have to sit there with a real employee and answer it.

Speaker 2: 23:30

So, when it comes to problematic data brokers, so it's generally not going to be an issue with like a specific request, but we're talking with them on a more as a whole level. Like well, you're not fitting it to like GDPR's timeline, so what can we do about it? So for us, what this means is that we need to escalate. We need to go to their, like, chief legal officers, some type of CEOs and so on, and try to find a way for them to comply.

Speaker 1: 23:58

Interesting, so you okay. So is it so that you're trying to like, negotiate with them, to like, okay, any requests coming from us? Like, first of all, we don't like your business, but whatever, fine, you exist. Second of all, at least if we send you a request, you just delete it, and let's find like an automated way to do that. If we ask you, you delete it. Is that kind of the conversations you're having?

Speaker 2: 24:18

It's more in lies. There's a law you need to comply. Let's make it happen.

Speaker 1: 24:24

Yeah, yeah, exactly Interesting, but then I could see those being interesting conversations. Are you involved in those personally?

Speaker 2: 24:34

Sometimes, again, we have a team who deal with data broker relationships. But, yeah, sometimes I need to be involved, and especially early on. I was in the every call and they tend to be very different In some cases, like you sit down and figure out, in some cases it starts with like a screaming match from one end and then you're okay, now relax, let's talk.

Speaker 1: 24:59

Are those people actually willing to go on video or on video meetings, or is it all just like a black wall that you meet on the screen?

Speaker 2: 25:08

I would say it's more like you go on video.

Speaker 1: 25:11

Proper business, yeah.

Speaker 2: 25:14

Yeah, yeah, usually it's not one person joining, usually it's someone from legal, someone from operations, someone else. So one of few people might have like the camera turned off, but in general I think we had more productive calls than we had those very difficult ones.

Speaker 1: 25:35

Yeah, well, that's good to hear, at least Before I leave that topic. Like a typical data broker, is it like 10 employees, 20 employees, 30 employees, like in your experience?

Speaker 2: 25:47

No, I mean, as you mentioned, we're talking about hundreds of billions worth of industries. So you have companies from 2000 employees. There are some more boutique data brokers that will have like dozens of employees, but I would say it's very much a combination.

Speaker 1: 26:11

That means they have a lot of like data scientists, a lot of good people working for a questionable cause. That's interesting. Data scientists and lawyers, data scientists and lawyers yeah, interesting company party. So the before and after scenario for, like, when I signed up for your service. After this call, like, what's the before and after scenario for me? That's going to be your client one day.

Speaker 2: 26:35

Realistically speaking, I think at any given point, we have at least a few problematic data brokers that we need to deal with, and this is something that unfortunately sometimes takes months and so on. But normally like, if you use the service for at least a few months, you will notice that new data brokers are coming up. So this is again something I'm going up for us to go find and identify a screen.

Speaker 1: 27:04

Threaten you.

Speaker 2: 27:08

No, we're trying to like, try to be professional.

Speaker 1: 27:12

Of course yeah.

Speaker 2: 27:15

So if you, after a few months, we will repeat the request. Some of the data brokers they do have a suppression list, so with them it's once they remove it they leave a sub-identifier not to read you, but that's still in the sort of minority. So we do need to repeat those requests and this is something that we're optimizing on to find the sort of sweet spot like not to send out those requests too often but at the same time the goal is to keep your information from those databases as completely as possible.

Speaker 1: 27:49

How much is like an individual plan?

Speaker 2: 27:53

Yeah, so it's about 70 euros per annual plan and I think we're at 13 for a month then.

Speaker 1: 28:01

Yeah, okay, yeah, yeah, I was thinking about it. I was like, hey, it's not, like it's not too expensive, because I knew that there was a lot of work on your side that had to be done, and I was saying that there could be a lot of manual work too. But, like the people that are actually going for those services, what can you say about your customers? Like number one, they're paranoid, they're security people. You know, like if you have any stats around, who your customers are.

Speaker 2: 28:24

I think the word I would use is frustrated because, again, especially when it comes to United States, like scam calls, spam calls, spam in general has become such a major issue that, like people are like building a habit of not answering the phone if, like, there's a no number.

Speaker 1: 28:53

It's your neighbor.

Speaker 2: 28:54

For me, that's very very yeah for me it's very strange, like what I'm personally most happy about is that when People use the service and they go to trust pilot, they come in and share feedback and say, hey, I used in Kongni for a few months, like my, my spam calls decreased the dread drastically, or I'm not getting it anymore. So, like when it comes to security and privacy, no news is good news. So what this means of that data breach happened somewhere, so you're not on it, so that that's like the good part. But at the same time for us, we always wanted to get like so good at tailoring those data move requests, so that's people can actually feel the benefit in their day-to-day life. So for me, like that's that's the use case and that's the benefits, that's what I'm very happy about.

Speaker 1: 29:51

Yeah, sounds cool. I mean, we don't really have that. Yeah, we do have spam calls. No, we actually I didn't think that was the use case Like, do you have any? Like, would you you provide your customers like some dash, some stats or some dashboards about, about the progress of?

Speaker 2: 30:04

of course. So there's a dashboard, there's activity log, just to know, like, what's changing, and we do have a sort of detailed view to look at the individual level. So what's going on with how many requests we send, and so?

Speaker 1: 30:19

So my crystal ball question moving forward what are?

Speaker 2: 30:22

you.

Speaker 1: 30:23

What are you like? What's on your roadmap? What are you thinking about the future of this industry? What concerns you and what makes you happy? All right, let's go from the back nine questions, you can figure out what's what you want to answer.

Speaker 2: 30:38

Yeah. So for me, I Am happy about, and I'm optimistic about that, privacy loss, not just in the United States, but the clock across the globe. They do get well. Some countries that didn't have it now have it, has those the to get more comprehensive. So this is sort of sort of Optimistic faith in humanity restored kind of thing.

Speaker 2: 31:03

What generally worries me is the evolution of AI agents and what's how this can translate into cybersecurity threats, because when you have AI engines, you can connect them with the targeted data sets of a lot of personal information, and now we have a machine for phishing, attacks and scams on a Probably unprecedented level and you can do it at scale.

Speaker 2: 31:36

You can, you can automate it, and it's something that I have been thinking a lot about, like so how do you protect yourself? Like combine this with the deepfakes, like we're having our conversation. It wouldn't be rocket science for them to take and use our voices, and I really hope that on the security side we will be able to sort of match the pace of evolution. But the one thing that for me comes up in terms of like future proofing is, well, to minimize the data out there, and it's not just I don't know what we're posting on social media but very much about those private databases, because they have a lot more data points that and then we publish on LinkedIn or like Facebook and then hopefully, when those Agents need to choose, like, who to target for the phishing attack, they will probably Target someone that where they have like 1000 data points, instead of someone where they have like that data points.

Speaker 2: 32:37

That's true, yeah so yeah, so that that that part is a bit scary.

Speaker 1: 32:41

I'm just thinking like Besides buying your service right, what else can I do to like reduce my attack service? Today I'd be doing and I already do this today like I have a, I have like an alter ego, I have a fake name and I have a proton male addressed with it and I I had this experience where I just started using my fake name everywhere and I I bought like a ski membership here in Oslo and I used my fake name and I had my picture.

Speaker 1: 33:06

And then I they were like, hey, let me see your ID. And I was like, fuck, it's not my real name, right, but has a picture, but it's my fake name. I had to like convince them that, like, this is fake, but it's on purpose fake. It's actually me and I paid it, so let me in, you know. So there there are downsides to having like a fake alter ego.

Speaker 2: 33:23

Yeah, I didn't think it's a really good idea and one thing it's sort of alternative to removing a personal information is to kind of polluting the data sets. So you can use like the data sets, so you can use like the different names, different emails, different browser agents and so on and just try to mess up with the data.

Speaker 1: 33:46

Yeah, yeah, but that's also. Then you have to have a password manager and you're gonna go through these awkward situations. I guess you don't do that. Do you personally?

Speaker 2: 33:57

Using email masking and film masking.

Speaker 1: 33:59

Yeah, just faking making people yeah.

Speaker 2: 34:02

I Do use like temporary emails if I need to For any service. I know that doesn't actually require my full name, so I will not use it and yeah, yeah, I'm getting a bit paranoid than that.

Speaker 1: 34:20

Welcome to industry. Last thing I know it's got a hard answer about like you're talking about this AI thing, right and like there there are You've heard a chat GPT Gemini, right there there are evil versions of those worm, worm GPT, fraud, gpt. There's like all those things out there. It wouldn't, would? It wouldn't surprise me at least, if they, if those GPTs were actually one day or that somebody's gonna make a tour. They just make agreements with all these data brokers and they get sucked up in like this evil AI. That that must be like around the corner, like very soon, do you agree?

Speaker 2: 34:53

I'm actually curious if the Sort of good versions don't get trained on some of those data sets. But I don't know, just thinking about here in general. Again, when it comes to like those AI tools, again for me the bigger concern is like Can can they think off and create attacks In terms of, like, say, security using the data? And if you, if you feed to those tools I don't know a data set up like hundred million people with I don't know 500 to 1000 data points and you asked them to, okay, so how do I create an attack? What, what they would come up with?

Speaker 1: 35:37

Yeah, I mean, yeah, they could just be like okay, they Robbie Pelt, he works here. We see from his Google Maps that he's on the way there. Like, I mean, that's not even that many data points and you could do something scary then you know. So, yeah, yeah, Well, I must say I'm very impressed with your, even though you work for a company that, like, is going up again, up against the data brokers. You've been very professional. You haven't said anything like bad about them, so I respect that and it's really fun having this conversation with you. So, thank you so much for your time.

Speaker 2: 36:04

Yeah, that had a pleasure and thank you for inviting me.

Speaker 1: 36:09

Of course I'm gonna go see if I can get get a data broker on the podcast after this to defend themselves, but I don't think they're gonna answer that call.

Speaker 2: 36:17

It would be interesting and I would love to listen to the last conversation.

Speaker 1: 36:21

All right, thanks. Thank you so much for your time. Take care, all right, thank you. Well, that's all for today. Folks, thank you for tuning in to the mnemonic security podcast. If you have any concepts or ideas that you'd like us to discuss on future episodes, please feel free to hit me up on LinkedIn or to send us a mail to podcast at mnemonicnl. Thank you for listening and we'll see you next time.