The data broker industry: how to disappear from people-search sites
Your name, address, phone number, and approximate income are sitting on at least forty websites right now. Here is the supply chain that put them there, and the realistic plan for taking them down.
Type your own full name into Google, in quotes, and add the city you live in. If you are an adult in the United States, the first page of results almost certainly includes a people-search site that is happy to sell your home address, phone number, age range, list of relatives, and a partial salary estimate to anyone with a credit card and ten dollars to spare. None of this is a leak. All of it is the working-as-designed output of an industry that has existed quietly for thirty years.
The good news is that this industry can be pushed back against. The bad news is that pushing back is a maintenance task, not a one-time chore. Removed records have a way of returning, and the supply chain is set up to refill them on a schedule.
The supply chain
There are three layers, and most consumers only see the third. Understanding the first two is the difference between an opt-out that sticks and one that grows back in six weeks.
- 1Public records. County recorder filings, property tax rolls, voter registrations, court dockets, marriage and divorce indexes, and business registrations. These are legitimately public and form the bedrock of every downstream profile.
- 2Aggregators. A small number of large data brokers — Acxiom, LexisNexis, Epsilon, Oracle Data Cloud and a handful of others — buy public records in bulk, supplement them with marketing data (loyalty programmes, magazine subscriptions, online surveys), and sell enriched profiles to enterprise customers.
- 3People-search sites. Spokeo, BeenVerified, Whitepages, MyLife, Radaris, and roughly a hundred similar consumer-facing sites license slices of the aggregator data and present it as searchable profiles. They make money on subscription fees and on lead generation to background-check services.
When you opt out at layer three, you are scrubbing the public-facing rendering. The aggregator at layer two still has the underlying record, and on its next refresh — typically every 30 to 90 days — the people-search site rehydrates its profile. This is why the same opt-out has to be performed two, three, sometimes five times a year.
California's DROP, and why it matters elsewhere
California's Delete Request and Opt-out Platform — DROP — went live in January 2026 under the Delete Act. It is the first regulator-run, single-form mechanism for forcing every registered data broker in the state to delete a Californian resident's data on request. From August 2026 onwards, brokers have 90 days to comply and must re-check the deletion list every 45 days.
If you are a California resident, DROP is the highest-leverage thirty minutes you can spend on your privacy this year. Even if you are not, DROP matters: every data broker that operates in the US has to maintain California-resident processes anyway, which often results in nationwide cleanup as a side effect. Watch your home state. Texas, Oregon, and Vermont have similar registries; a federal version has been proposed but is not law.
Manual opt-outs vs paid services
Three flavours of removal exist, and the right answer is usually a mix.
- DIY. Free, slow, occasionally infuriating. Each broker has its own form, captcha, identity-verification quirks, and refresh window. Plan on 8–12 hours of focused work to cover the top fifty sites and a recurring 2-hour quarterly maintenance pass thereafter.
- Removal services like Incogni, Optery, and DeleteMe. Roughly $6.49–$15 per month or $80–$180 per year, depending on the tier. They handle the forms, track the brokers that re-collect, and re-submit on a schedule. They cover 200+ brokers each, with meaningful overlap.
- A hybrid. Run a service for breadth, and personally handle the four or five highest-stakes records yourself — typically anything that exposes your home address, your spouse's name, or your minor children. Services are good at scale; humans are better at the long tail and at sites that are deliberately hostile to automation.
Why removals do not stay removed
Three reasons. First, the aggregator layer keeps selling refreshed feeds. Second, public records are public — when you renew your driver's licence, register a new vehicle, or buy a house, the record is regenerated and trickles back into the chain within three to nine months. Third, some sites operate offshore and ignore deletion requests outright, particularly the smaller Russian and East Asian people-search clones that are increasingly common since 2024.
The honest framing is harm reduction, not abolition. You can move from "first hit on Google for your name" to "no hits on the first three pages" in about ninety days, and you can keep it that way with quarterly maintenance. You will not become invisible. You can become hard to dox casually, which is the realistic threat model for almost everyone reading this.
A practical 90-day plan
- 1Week 1: search yourself in quotes plus your city, plus an old phone number, plus an old email. Screenshot every people-search hit on the first three pages. This is your baseline.
- 2Week 2: if you live in a state with a registry (CA, TX, OR, VT as of early 2026), submit the central form. This handles most of the long tail.
- 3Weeks 3–4: subscribe to one removal service for breadth, or block out two evenings to manually opt out of the top twenty sites: Spokeo, BeenVerified, Whitepages, Radaris, MyLife, FastPeopleSearch, TruePeopleSearch, PeopleFinders, USPhoneBook, ThatsThem, and the rest of the usual suspects.
- 4Week 6: re-search yourself. Note which sites are still up. Many will have processed the request; a few will not have.
- 5Week 12: full re-audit. Re-submit anything that has reappeared. This is the cadence going forward — quarterly, ninety minutes, on the calendar.
Where a VPN fits
A VPN does not remove your data from broker sites. We are clear about that. What it does is reduce the amount of new tracking data your browsing adds to the marketing-data half of the aggregator stack — the surveys, the cookie syncs, the IP-to-household joins. Combined with a fingerprint-resistant browser and a clean opt-out cadence, the volume of fresh records you generate every quarter goes down sharply. We treat broker hygiene and network privacy as two halves of the same project. Both have to be running for either to matter.
Run PlanetProxy for seven days, on us.
Same purple tile cards you see on this page, plus the green lock and a 50 ms hop to wherever you want to be.
Start the trial →More from the dispatch
PrivacyPP · DispatchWhat a VPN actually does (and what it doesn't)Privacy · 7 minWhat a VPN actually does (and what it doesn't)
Strip away the marketing — here is what an honest VPN can promise you, and what it cannot. Spoiler: it cannot make you anonymous, and it cannot beat a court order.
- PrivacyPP · DispatchBrowser fingerprinting: how trackers find you even with a VPNPrivacy · 8 min
Browser fingerprinting: how trackers find you even with a VPN
A VPN swaps your IP. It does not change the way your browser draws a triangle, names your fonts, or pronounces a sine wave. That is the part that gives you away.
- PrivacyPP · DispatchIndia's DPDP Act: what it actually means for your personal dataPrivacy · 8 min
India's DPDP Act: what it actually means for your personal data
India's Digital Personal Data Protection Act began its phased rollout in 2025. Here is what is in force, what is not, where it sits between GDPR and CCPA, and why CERT-In quietly complicates everything.