In this new review of Incogni, we’re going to look at a major new type of data broker that they can now interact with to protect your privacy.
Data brokers are a major problem for anyone who values their privacy. Using multiple sources, these organizations collect information such as your name, address, marital status, Social Security Number, medical history, employment history, and financial records. Using this information, they create incredibly detailed profiles of regular people like you and me. In this Incogni review, we are going to examine a tool to mitigate this problem.
Data brokers are a big problem for the privacy conscious
How big of a problem is this? As far back as 2014, Phil Miu at giant data broker Acxiom stated,
For every consumer we have more than 5,000 attributes of customer data.
Three examples of customer attributes could be,
- You like iPhones
- You drive an SUV
- You were hospitalized for a car accident last year
Now add on another 4,997 attributes like those. That’s an awful lot of data stored about each of the millions of customers. The brokers then use those profiles themselves and/or sell them to pretty much anyone who cares to buy them.
Add in the fact that we’ve seen estimates of the number of data broker firms ranging from 500 to 4,000 companies, and you start to see the scope of the problem.
There ought to be a law…
There are laws that force data brokers in certain countries to remove your data from their database if you request it. One such law is the California Consumer Privacy Act of 2018 (CCPA). Another is the General Data Protection Regulation (GDPR), a regulation protecting privacy in the European Union (EU) and the European Economic Area (EEA).
The regulations that empower Incogni
Incogni relies on the data removal rights granted by the CCPA, GDPR, and other privacy regulations such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) to compel data brokers to, well, remove your personal data from their databases.
While these laws and regulations cover specific areas of the world, to avoid complications, data brokers often comply with them even if the person whose data they are deleting doesn’t live in one of the covered areas. Right now, Incogni serves residents of the United States, the UK, Canada, Switzerland, and the EU.
But laws and regulations aren’t the full answer
These and other laws and regulations mean that you can get your data removed from online databases. But considering that your data is how they make their money, data brokers have plenty of incentive to hang onto your personal information as long as possible by making the data removal process as slow and inconvenient as possible.
Doing things yourself
It usually takes multiple exchanges of messages, with days or even weeks between replies just to complete one data removal request and get your data removed from one broker’s database. Then recall that you’ll need to go through a similar process of sending data removal requests hundreds, possibly thousands of times, and it is clear you can’t win on your own.
Incogni battles the data brokers for you
This is where Incogni comes in. This service was developed by Surfshark, the secure, trustworthy VPN company that you’ve seen featured on this site many times. Incogni deals with data brokers on your behalf so that you don’t have to generate countless data removal requests and comply with the broker’s cumbersome data removal request processes on your own.
The data Incogni needs
You give Incogni the minimum amount of personal data necessary for data broker companies to search their database looking for records about you. The information Incogni needed previously was your:
- Email address
- Full name
- Home address
- City of residence
- Country of residence
- State/Province
- Zip code
But to get the best results with the expanded set of data brokers that Incogni now supports, they may ask you for two additional pieces of information:
- Phone number, including country code. You can find a list of country codes here.
- Date of birth
While this might seem like a lot of info, we trust Incogni that it is the minimum necessary. And things could be much worse. We’ve heard of data brokers requiring things like a copy of your ID along with a photograph of you holding your ID before they will process data removal requests from individuals.
Back when Incogni only worked with 100+ data brokers, the company estimated that it would take over 300 hours of work to send data removal requests to just those brokers. Incogni now works with over 180 data brokers, which would mean hundreds of hours more of work!
Now that you have a sense of why you might want to let this service deal with the data brokers for you, let me walk you through how to sign up and get started.
How to get started with Incogni
Getting started just takes a couple of moments. Go to Incogni.com and click the Sign up button. You’ll see the Create an account screen.
Sign up to get started screen
Enter your Email address and Password. It is important to enter the email address you usually use to register for services here, as that increases the chance data brokers will be able to find and eliminate your personal data.
Click Continue to open the Personal Information screen.
Personal information screen
Next, you need to give Incogni some personal information so it can look for that information on data broker systems.
You should fill out all the information on this Personal information screen, as well as on the Address information screen that follows. Incogni says this is the minimum amount of additional personal data (besides your email address) they need to send to the data brokers for data removal requests.
Next you will see the Authorization form screen. This replaces the Power of Attorney screen that Incogni used previously.
Authorization form screen
You need to complete this Authorization form before Incogni can contact data brokers. This document confirms to the data brokers that they are receiving official data removal requests, not some random vandalism by someone who happens to know your personal data.
Note that this authorization is limited. It grants Incogni only the specific rights listed in the document. It limits Incogni to exercising your right to get your data removed under applicable privacy legislation. You aren’t giving Incogni unlimited power over your life or anything like that.
Sign the document using your mouse or whatever pointing device works for you. Then click Next to see the Checkout screen.
Checkout screen
Now that you are all set up, it is time to pay up. You can choose between the monthly plan and the annual plan, and pay using PayPal or a credit or debit card.
If you go with the monthly plan, you can of course cancel after one month and save yourself a lot of money. However, it may still be worthwhile to go with the annual plan. If you go monthly, Incogni contacts data brokers for you as you would expect. But if you cancel after a month or two, you lose out on two things.
First, Incogni frequently adds a new data broker to the list of brokers they deal with. If you are subscribed when they do, they will automatically send an official removal request for you.
Second, if you cancel your subscription, you lose access to the Incogni Dashboard. This means you won’t be able to see the status of the official removal requests in progress.
When you are done with all that, your account will go live and you will be able to open Incogni on the Dashboard.
The Incogni Dashboard
The Dashboard tab makes it easy to see what is happening with your official removal requests. As you can see in the image below, The top section of the Dashboard shows the number of removal Requests sent, the Requests in progress, and the Requests completed.
The preceding image shows the results that Incogni has achieved over the months since our last review of the service. You can see that of 183 requests sent to data brokers, 53 of them are in progress while 125 have been completed.
This kind of result is not unusual. Brokers don’t always respond quickly to data removal requests, and apparently, some brokers simply ignore them altogether. Still, getting my data removed from more than half of the brokers that Incogni contacted helps protect my privacy.
The bottom section of the Dashboard has a pie chart of your removal request progress, along with some helpful tips.
The Dashboard gives you a big-picture view of Incogni’s progress and is pretty self-explanatory. But if you want to dig deeper, you can select the Detailed view tab.
The Detailed view
The Detailed view tab has more information than before. It not only lists the specific data brokers Incogni has contacted on your behalf, but it can separately scan private databases as well as public databases for your information. Scanning public databases can take a significant amount of time so be prepared to wait a while.
Note: In the context of Incogni, a public database is a database that sells focuses on individual rather than bulk sales. This category contains Public Search Sites. These kinds of sites are the big new addition to Incogni’s list of data brokers.
The Detailed view tab shows a list of every broker it contacted, along with their individual status. You can use the Category, Data Sensitivity, and Data Status lists to filter the list of brokers in various ways. Clicking the down arrow to the left of the name of a broker displays detailed information about that broker. Here is an example of a detailed broker report:
A detailed look at a specific broker
If you want to get down to the details for each individual broker that Incogni contacted on your behalf, this is where you do it.
A detailed report will include information such as:
- The name of the data broker
- The category the data broker belongs in
- The data sensitivity, on a scale from 1 to 10
- Whether or not your data has been removed by that data broker
- When the first data removal was sent and when the next one is scheduled to be sent
- The types of data collected
- Information about the data broker
- Information about the category the data broker belongs in
- Information about how Incogni calculates data sensitivity. For example, a broker that collects your Social Security Number (SSN) will have a higher sensitivity than one that only collects your name and address
A new category for Incogni – People Search Sites
People Search Sites appear within Incogni under the Public databases section of the Detailed view. They are those websites where anyone can go to get all sorts of information about almost any person.
Someone simply needs to enter the information they know about a person into one of these sites and the site will list people who match that information. Here’s an example of the preliminary search results for a man named Donald Trump, from New York City:
Clicking one of the View Report buttons results in an offer of a detailed report about the person, filled with information like their:
- Full contact information
- Profiles and photos from their social media sites
- Criminal records
- Personal financial information
- and much more
The person revealed in the report will likely never know, but someone has just acquired a huge amount of information about them.
Imagine what kind of harm someone could do to you with this kind of information.
As with other types of data brokerage services, Incogni will contact the major People Search Sites on your behalf and demand that information about you be deleted from their database.
I recently asked Incogni to clear my information out of People Search Sites. It took the Incogni site a few minutes to initiate the process. Then I received a slightly confusing email. It said:
Once I concluded that the email was not a scam, I clicked the Select records button. This took me to the Incogni website, where I was presented with 32 screens like this one:
I needed to select the records that actually pertained to me. In the cases where none of the records pertained to me, clicking the Skip profile selection button took me to the next screen. Once this annoying chore was complete, a box popped up telling me that removal requests had been sent to all records matching my profile.
Using Incogni
Using Incogni is simplicity itself since once you sign up (and get the People Search Sites sorted out), Incogni does almost all the work. Most of the time you just sit back and let the system do its thing, maybe checking on it once a week or waiting for a status email from Incogni to learn how many brokers have responded.
That said, there are a few more things you should know about the way Incogni works. You might even have to do some additional work to keep things moving along as I did. You should know that:
Incogni doesn’t deal with all the data brokers
While Incogni deals with an ever-increasing number of data brokers, they do not come close to 100% coverage. The number of data brokers they work with at this time is somewhere around 200, while the number of brokers in existence is somewhere between a few hundred and a few thousand. And new data brokers appear all the time to get themselves a piece of the user data gravy train.
It is highly unlikely that Incogni will ever be able to achieve anything close to full coverage. Still, removing your data from dozens of data brokers is certainly better than nothing!
Incogni doesn’t know which brokers have your data
Incogni has no practical way to know which brokers have your data in their databases. Interestingly, they don’t simply blast data removal requests to every company for every person who signs up for the service. According to their website, Incogni has an internal algorithm that figures out which databases are likely to contain your data and sends requests only to those brokers. We don’t have any idea how this algorithm works. All we can do is hope that it makes the whole process more efficient and doesn’t result in a lot of likely databases being missed.
Incogni doesn’t know if a broker has actually removed your data
Because Incogni doesn’t have direct access to the databases of data brokers, they cannot directly confirm that a broker has removed your data. They instead rely on the fact that there are legal penalties for not removing someone’s data after it has been requested.
You can only enter one email address (for now)
As of March, 2023, Incogni only supports a single email address for each of their users. According to the Incogni FAQ, they will be adding support for multiple email addresses, but they do not specify a date by which this will happen.
Dealing with emails from data brokers
You may receive emails from some of the companies contacted by Incogni. We received several in the course of our testing.
There are several types of messages, each of which requires a different type of handling. Here is one example:
My first inclination with this message was to say that the job was done and forget about it. But email messages you receive from the brokers (including this one) usually require some action on your part. Explaining what to do with each type is outside the scope of this Incogni review.
If you receive an email from a broker or their agent, refer to this broker email support page for specific instructions.
Incogni FAQ
Here are some of the most common questions about Incogni:
Yes, we are confident that Incogni is legit. This service was built by Surfshark, the same people that brought us the widely respected Surfshark VPN.
Incogni acts on your behalf to compel data brokers to remove your data from their databases. They contact data brokers with official data removal requests and rely on the CCPA and GDPR data-protection regulations to compel the data brokers to comply.
Incogni is very user-friendly. It is easy to set up, and the dashboard is well organized. It will take just a few moments to get set up. The time is mainly needed to enter the minimum set of personal information Incogni needs to give to data brokers so they can identify you in their database, or confirm that they do not have your personal data.
The dashboard lets you tell at a glance what kind of progress Incogni is making in getting your data deleted.
At the time of this Incogni review, the service is only available for residents of the US, UK, Canada, Switzerland, and EU.
Since Incogni is going to send data removal requests on your behalf, the data brokers need some way to know that the requests are legitimate. The Authorization form proves that Incogni is authorized to request data removal on your behalf.
These are regulations governing the use and protection of your data online. CCPA is the California Consumer Privacy Act, and GDPR is the General Data Protection Regulation which applies to all the countries that are part of the EU (European Union).
Incogni Review Conclusion
Incogni is an easy-to-use, yet powerful tool for getting your personal data removed from at least some of the data brokerage firms that are springing up all over the place. It is not the only product that aims to help you deal with this problem, but it comes with a reasonable price tag and the pro-privacy pedigree of the Surfshark family.
If you want a low-hassle way to reduce your data footprint on and off the internet, you’ll like Incogni.
This article was last updated on March 7, 2023 to reflect design changes on the Incogni website.
Is it possible to get a sponsor for incogni .
Hi Sven and Heinrich,
Great article!
I hope the following questions are not in any part unwelcome. Please don’t post this if that is the case.
I certainly don’t intend to be to beyond ‘the line,’ I am just courious.
If RP testers used there own real identities in the testing of Incogni, were you surprised by the results returned, and if a mean data point is available (e.g. “Incogni says on average this or that is what we find for customers on average” how did your result compare to that mean?
I ask this question because I imagine RP writers have best practise in privacy hygeine and this could be very useful as a baseline for comparison.
It would be very interesting to know how the use of best practise privacy hygeine impacts data collection?
Respectfully,
Hi BoBeX, Heinrich was the one who took this on with a real identity, not me, and I know it turned up quite a few results, despite him having lived outside the US as an expat for many years.
Hi Sven, thanks for the reply. That is quiet concerning given Heinrich’s expertise and dedication to the privacy cause. As stated in the article, these processes undertaken by Incogni take time, an update on the results / outcomes over time would be interesting.
Which Privacy Service do you think is better. Incogni or DeleteMe?
I think it’s shameful that the United States as a country and that the vast majority of the States in the United States aren’t even making a concerted effort to come up with any kind of privacy laws to equal the GDPR or the CCPA.
I think services like Incogni are weak (haven’t tried the others) as they only provide a passing shot across the bow, so to speak, of 100+ vendors vs 4k+ vendors and don’t get the biggies at all. The fact that they can’t search on a telephone number or across multiple e-mail addresses might be good for joe or jane average but anyone on this forum? I bet we all number in the tens if not dozens of e-mail addresses so what good is searching on one.
And, like one commenter, here or elsewhere, posted – what’s to stop the data aggregator from merely stating that they’ve removed your data and doing nothing; especially if you don’t live in a protected area like the EU or California or even Canada.
I think I’m going to keep my own privacy measures in place, take any singular measures I can take that are good known methods, and wait for the legislation to come to fruition that will back me up legally.
It’s really a messed up world when a VPN takes on rolls and your info down (money too), to do more than the encryption function it’s built on. As in the first place and purpose claimed of most VPN’s is not to know you or any of your online business involvements. (only places you go-not what you do)
Data in the digital realm will live on much longer than our physical bodies. We have the data brokers (multi-billion dollar businesses), because of the web02. Where that of big tech and ad networks worked by conversion of the free to a pay platform system. If not singular but group formulated, and modified the medium as to trap the big data circulated therein. Data which includes our use of the internet. An internet where as used today being woven into life as it was never meant to be, by doing more than a sharing of free information as it was intended. That as early web01 was built with no privacy and little to no security came the web02 forth and the monopoly being born. 1st you have to drop social networking period and thank people in person or personally another way than social bee-hive networking.
I’d fight on two paths but not in throwing good money after bad of some eraser service. Your not cutting off the source (head) just the after math records which will repopulate guaranteed.
Support the feds and states for their union in the latest draft of the American Data Privacy Protection Act, or the ADPPA. Right now it’s weak and everybody just needs to get loud to your states and DC reps to give all USA consumers fundamental rights and control related with our personal data in this electronic era.
https://www.eff.org/deeplinks/2022/07/americans-deserve-more-current-american-data-privacy-protection-act
The Federal Trade Commission job will be the enforcer, so be loud to them for every consumers privacy rights.
This is the storage part of businesses with our consumers private data. The Safeguards Rule (known fully as “Standards for Safeguarding Customer Information”) is one of three major guidelines that comprise the Federal Trade Commissions’s Gramm-Leach-Bliley Act (GBLA). It mandates organizations defined as “financial institutions” to implement safeguards that prepare and protect customer data from breaches and security incidents. Customer data in this case is defined as any nonpublic personal information a customer gives to an organization. Regardless of where any organization falls on the rules scale, it’s prompted all to have actions in place as compliant by December 9th, 2022.
In the latest amendment, the FTC changed the definition of “financial institution” to include a host of new businesses. The Rule lists out who is now obligated to comply, including:
auto dealerships,
mortgage brokers,
tax preparers,
payday lenders,
collection agencies,
non-federally insured credit unions,
“finders,”
and any other business that significantly participates in financial activities, or affects people’s ability to access financial products or financial services.
The purpose of making these changes to the FTC Safeguards Rule is to maintain protection of customer data in a world with increasingly sophisticated cyber attacks.
Only takes your involvement and helps all consumers as one, not each consumer against the monopoly at a monetary fee.
INCOGNI- does not work, at least for me … I checked, I paid twice because it’s already using the service for 2 months and what … almost nothing.
After 45 days from 93, progress 23, 70 is waiting, so I send a refund e-mail , and I got it, but only for 1 month, because it’s over 30 days, well, yes, but Incogni makes you wait 45 days, that’s how long it takes-give to others companies time to delete your data.
Great work/never again!
I’ve personally used Incogni, DeleteMe, and Optery, and out of all three I highly recommend Optery.
Have you done any reviews for competing services? I couldn’t find a category for this type service on your site. Great information. Thanks
Hi Greg, this is an emerging market and we plan on reviewing other similar services, such as DeleteMe, in the coming months. But right now, this is the only data removal tool we have reviewed.
Thanks for an excellent article. I would like to comment on this statement: “While these laws and regulations cover specific areas of the world, to avoid complications, data brokers often comply with them even if the person whose data they are deleting doesn’t live in one of the covered areas.”
Seems like a real gap. If you don’t live in the EU or California, then there’s no legal requirement to back it up and it’s a shot in the dark to make the request. So why pay for a shot in the dark? If, on the other hand, there’s some agreement between Incogni and the data brokers to assure the deletion (like a revenue sharing agreement that includes contractual requirements to delete data), then it may be worth it for people in excluded regions.