I’ve posted here before about dealing with an offshore data aggregator website that was publicly displaying detailed personal data (age, address, education, relatives, even an unlisted cell number) without an opt-out process or any means of contacting them. In this case, the site registrar appears to have a long history of creating aggregator/scraper sites and then extorting people (charging them several hundred dollars and asking for copies of their ID cards) to have their information taken down. In some cases he apparently took the money and never removed the data, and even used the ID cards to bolster his database.
I was able to finally get my details off this site, and I wanted to share how I did it, in case anyone else runs into this situation. FYI I am in the USA and the site is in South Africa.
- I started with a WHOIS search of the domain to get the contact details for the site owner/registrar. I then attempted to contact him directly (no response, of course, but this helps to build a case with other consumer agencies that you made a best effort to contact them.)
- I googled the name and email address of the registrar and found numerous postings on consumer forums about the behavior I mentioned above. I added comments to these sites and used this information to boost my case when I made contacted consumer agencies.
- The WHOIS search gives you the site domain registration company, which will have an “abuse” email address to contact with the info above. (If they hadn’t responded, my next step would have been to file a BBB complaint against them, assuming they were based in the USA, and then a complaint with the State Attorney General if they still didn’t respond).
- In this case the domain registrar passed me on to the proxy service, which also had an “abuse” email address to contact.
- The proxy service eventually pointed me toward the site’s hosting service, where I again contacted the “abuse” email address.
- The hosting service stated that the site in question was “not violating their terms of service” so they could do nothing. However, their legal team became more accommodating when I presented them with the record of additional complaints I had opened against the aggregator site: a. The ticket number of a complaint placed with Federal Communications Commission. b. The ticket number of a complaint placed with the Federal Trade Commission c. The ticket number of a BBB complaint I had made against the aggregator’s US affiliate site (which led that site to terminate their relationship with the South African site) d. Details about three separate filings I had made with consumer agencies in South Africa – FYI this site is good for discovering international consumer protection agencies: http://archiv.dsb.gv.at/site/6280/default.aspx e. Details about a report I had filed with Google Search via https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en pointing to the consumer complaint history about this site. (It’s possible this would be enough to have the site removed from Google Search).
- Presented with this information, the hosting service said that they would contact the site owner themselves and ask them to remove my data. Within 24 hours it was gone.
Hopefully some of these approaches will be useful if you ever run into the same situation… good luck.