DEV Community: PhizChat

Data Brokers: How They Sell Your Personal Information and How to Stop Them

PhizChat — Mon, 01 Jun 2026 11:05:49 +0000

Every time you download an app, sign up for a service, or browse the web, invisible companies are watching. Data brokers -- businesses that collect, package, and sell personal information -- have built a multi-billion dollar industry around your data. In 2026, this industry faces growing scrutiny from regulators, but the threat to your privacy remains enormous.

Here is how data brokers operate, what new laws mean for you, and what concrete steps you can take to protect yourself.

What Are Data Brokers and Why Should You Care?

Data brokers are companies that collect personal information from public records, social media, purchase histories, location data, and online activity. They aggregate this data into detailed consumer profiles and sell them to advertisers, insurance companies, employers, landlords -- and sometimes scammers.

The scale is staggering. According to the FTC, the data broker industry generates over $200 billion annually in the United States alone. Companies like Acxiom, Experian, and CoreLogic hold profiles on more than 250 million Americans. These profiles can include your full name, home address, phone number, email, income level, health conditions, political affiliations, and browsing habits.

The real danger goes beyond targeted advertising. In 2024, the CFPB found that data brokers routinely sell sensitive financial and location data to bad actors -- including stalkers, scammers, and even foreign intelligence services. One FTC enforcement action revealed a broker selling real-time location data that could track individuals to specific buildings.

New Laws Fighting Back: California's DROP Act and Federal Proposals

Regulators are finally catching up. California's Delete Request Options and Protections Act (DROP Act, SB 362), which took effect on January 1, 2026, is the strictest data broker law in the United States. It allows California residents to submit a single deletion request that applies to every registered data broker in the state -- over 500 companies.

Before this law, consumers had to contact each broker individually. With hundreds of brokers operating, practical deletion was nearly impossible. The DROP Act created a centralized mechanism through the California Privacy Protection Agency, making mass deletion a one-step process.

Other states are following. Over 30 U.S. states now require data broker registration. Virginia, Colorado, Connecticut, and Texas have enacted comprehensive privacy laws with broker-specific provisions. The FTC has proposed federal rules restricting the sale of sensitive data categories -- including precise location, health, and financial information -- without explicit consumer consent.

In Europe, GDPR already provides strong protections. Brokers operating in the EU must demonstrate a lawful basis for processing and honor deletion requests within 30 days. Brazil's LGPD similarly requires explicit consent for data sharing and grants consumers the right to request deletion.

How Data Brokers Exploit Your Messaging Data

Most people do not realize that messaging metadata is a goldmine for data brokers. Even if your messages are encrypted, the metadata -- who you talk to, when, how often, and from where -- can reveal intimate details about your life.

A 2025 Stanford University study demonstrated that messaging metadata alone could predict a person's medical conditions, religious affiliations, and political beliefs with over 85% accuracy. Apps that do not protect metadata effectively hand this information to anyone willing to pay.

This is where your choice of messaging app becomes critical. Many popular messaging platforms collect extensive metadata and share it with third-party partners. Their privacy policies often include broad language permitting data sharing for "business purposes" -- a category elastic enough to include data brokers.

As we covered in our post about AI-powered phishing attacks, the more personal data available about you, the easier it becomes for attackers to craft convincing personalized scams.

How to Protect Yourself from Data Brokers

Taking control requires action on multiple fronts. First, exercise your legal rights. If you are in California, use the DROP Act deletion portal. In the EU, submit GDPR deletion requests. In Brazil, invoke your LGPD rights. Second, audit your app permissions. Revoke location access, contact sharing, and advertising identifiers wherever possible. Third, use privacy-focused tools. Switch to browsers that block trackers, use a VPN, and -- critically -- choose a secure messaging app that minimizes data collection.

Review every app's privacy policy for language about "third-party sharing" or "business partners." If the policy is vague, assume the worst.

Why PhizChat Keeps Your Data Out of Broker Hands

PhizChat was designed with a simple principle: your conversations belong to you. With end-to-end encryption as the default for every message, call, and file transfer, PhizChat ensures that no one -- not even PhizChat itself -- can read your communications.

But encryption alone is not enough. PhizChat also minimizes metadata collection, does not share user data with third parties, and does not monetize your information through advertising partnerships. There are no "business purpose" loopholes in the privacy policy. Your data stays yours.

In a world where data brokers profit from every digital interaction, choosing a secure messaging app that respects your privacy is not optional -- it is essential. PhizChat gives you that protection without compromising the features you need for daily communication.

FAQ

What is a data broker and how do they get my information?
A data broker is a company that collects personal information from public records, online activity, purchase histories, and app data. They aggregate this into profiles and sell them to businesses, advertisers, and sometimes malicious actors.

Can I delete my data from data brokers?
Yes. California's DROP Act (2026) allows one-step deletion from all registered brokers. GDPR and LGPD also provide deletion rights. However, brokers can re-collect data, so ongoing vigilance is necessary.

How does a secure messaging app protect me from data brokers?
A secure messaging app with end-to-end encryption and minimal metadata collection -- like PhizChat -- prevents brokers from accessing your conversation data, contact patterns, and location information.

Are data brokers legal?
Data brokers operate legally in most jurisdictions, though regulations are tightening. Over 30 U.S. states require broker registration, and federal rules restricting sensitive data sales are under consideration.

Synthetic Identity Fraud: How It Works and How to Protect Yourself

PhizChat — Mon, 25 May 2026 11:06:49 +0000

Imagine someone opening a credit card, renting an apartment, or applying for a loan -- all using an identity that does not belong to any real person. That is synthetic identity fraud, and it is now the fastest-growing type of financial crime in the world. Unlike traditional identity theft, where a criminal steals your existing identity, synthetic identity fraud creates an entirely new person by combining fragments of real and fabricated data.

According to the Association of Certified Fraud Examiners (ACFE), global financial fraud losses are projected to surge 153%, from $23 billion in 2025 to $58.3 billion by 2030 -- driven primarily by synthetic identity techniques. In the United States alone, estimated annual losses from synthetic identity fraud could reach $30 to $35 billion, according to Coinlaw research published in 2026. These are not abstract numbers. They represent real victims whose personal data was stolen and weaponized without their knowledge.

What Is Synthetic Identity Fraud?

Synthetic identity fraud works by blending real personally identifiable information (PII) -- such as a Social Security number, date of birth, or phone number -- with fabricated details. A criminal might pair a real child's Social Security number with a fake name, a generated address, and a fabricated employment history. The resulting "person" passes automated verification checks and can build a credit profile over months or even years before cashing out.

The process typically follows these stages:

Data harvesting: Criminals obtain real PII from data breaches, dark web marketplaces, or social media scraping. Leaked phone numbers, email addresses, and dates of birth are all valuable raw materials.
Identity assembly: Fraudsters combine stolen data with fabricated information to create a new identity profile. AI tools now automate this step, generating realistic documents and background details in seconds.
Credit nurturing: The synthetic identity applies for small credit lines, gets denied, but establishes a file with credit bureaus. Over time, it becomes an authorized user on legitimate accounts to build credit history.
Bust-out: Once the credit score is high enough, the fraudster maxes out all available credit lines and disappears. The "person" never existed, so there is no one to pursue.

Why It Is Exploding in 2026

Generative AI has supercharged synthetic identity fraud. Vectra AI reported in March 2026 that generative AI-enabled fraud surged 1,210% in 2025. Criminals now use AI to generate realistic identity documents, fabricate social media profiles, and even create deepfake images that pass facial verification systems. The Entrust 2026 Identity Fraud Report found that organizations implementing robust identity verification save an average of $8 million per year in fraud-related costs -- yet most businesses still rely on outdated verification methods.

The World Economic Forum published a 2026 report specifically addressing how deepfakes undermine digital identity verification. KYC (know your customer) processes that once relied on video selfies and document uploads are now vulnerable to AI-generated content that is nearly indistinguishable from legitimate submissions.

How Your Messaging Data Feeds This Crime

What many people overlook is how much personal data leaks through everyday messaging. When you share your date of birth in a group chat, send a photo of your ID to a friend, or discuss financial details over an unencrypted platform, that data becomes a potential asset for identity criminals. Credential stuffing attacks often provide the initial data that feeds synthetic identity assembly.

Messaging platforms without strong end-to-end encryption store your conversations on servers that can be breached. Metadata -- who you talk to, when, and how often -- provides additional data points that criminals use to make synthetic identities more convincing.

How to Protect Yourself

Protecting against synthetic identity fraud requires a layered approach:

Freeze your credit: Place a credit freeze with all three major bureaus (Equifax, Experian, TransUnion). This prevents anyone from opening new accounts using your information.
Monitor children and elderly family members: These groups are the most targeted because their credit files are rarely checked. Request credit reports annually.
Never share PII over insecure channels: Do not send photos of IDs, Social Security numbers, or financial documents through platforms that lack end-to-end encryption.
Use a secure messaging app: Switch to a platform that encrypts every message, call, and file by default -- ensuring your personal data cannot be harvested from server breaches.
Enable two-factor authentication everywhere: Use authenticator apps rather than SMS codes, which are vulnerable to SIM swap attacks.
Review your digital footprint: Search for your name, phone number, and email on data broker sites. Request removal where possible.

Why PhizChat Is Your First Line of Defense

PhizChat was built for exactly this threat landscape. Every message, voice call, and file shared on PhizChat is protected with end-to-end encryption by default -- no settings to toggle, no premium tier required. Unlike mainstream platforms that mine metadata for advertising, PhizChat collects minimal data and stores nothing on centralized servers that could become targets for mass data harvesting.

When criminals cannot intercept your conversations or scrape your personal details from server breaches, the raw materials for synthetic identity fraud simply do not exist. PhizChat removes you from the supply chain of stolen data that powers this $35 billion criminal industry.

In a world where your chat history can become someone else's fake identity, choosing a secure messaging app is not a luxury -- it is a necessity.

FAQ

What is synthetic identity fraud?
Synthetic identity fraud is a type of financial crime where criminals combine real personal data (like a Social Security number) with fabricated information to create a new, fake identity that can pass verification checks and build credit.

How does messaging data contribute to identity fraud?
When you share personal information like dates of birth, ID photos, or financial details through unencrypted messaging platforms, that data can be intercepted or harvested from server breaches and used to build synthetic identities.

How can end-to-end encryption prevent synthetic identity fraud?
End-to-end encryption ensures that only you and your recipient can read your messages. Even if servers are breached, encrypted data is unreadable -- removing a key source of personal information that criminals use to assemble fake identities.

Who is most at risk for synthetic identity fraud?
Children and elderly individuals are the most targeted because their credit files are rarely monitored. However, anyone whose personal data has been exposed in a data breach is potentially at risk.

PhizChat: The Brazilian Messaging App That Puts Your Data Where It Belongs

PhizChat — Thu, 21 May 2026 11:40:07 +0000

WhatsApp has 160+ million users in Brazil. But there's a problem most people don't think about: all their data sits on American servers, subject to the US CLOUD Act.

Enter PhizChat -- the first 100% Brazilian messaging super app that changes the game.

Why PhizChat Exists

Every day in Brazil, thousands fall victim to messaging scams. In 2025 alone, over 1.8 million Brazilians were scammed via messaging apps (Brazilian Central Bank data). The root cause? Anyone can create a fake profile with a prepaid SIM card.

PhizChat was built to fix this with three core principles:

1. Mandatory Identity Verification (CPF/CNPJ)

Every PhizChat user verifies their real identity. No exceptions. This makes it impossible to create fake profiles, clone accounts, or run social engineering scams.

2. Mandatory End-to-End Encryption

On WhatsApp, backup encryption is optional (and off by default). On PhizChat, every conversation, voice call, video call, and file transfer is end-to-end encrypted. Always.

3. Data Stays in Brazil

All PhizChat servers are in Brazilian territory, fully compliant with LGPD (Brazil's data protection law). Your data never leaves the country.

PhizChat vs WhatsApp

Feature	PhizChat	WhatsApp
Data stored in Brazil	Yes	No (USA)
Identity verification	CPF/CNPJ	None
Mandatory encryption	Always	Partial
Subject to CLOUD Act	No	Yes
Price	Free	Free
Super app features	Yes	No

More Than Messaging

PhizChat is a super app: PhizTV (live streaming), digital wallet, games, and marketplace. All with the same security guarantees.

What Users Say

PhizChat has a 4.8/5 rating across Google Play and App Store.

"I migrated from WhatsApp and don't regret it. Encryption is mandatory and my data stays in Brazil." -- Carlos Eduardo, RJ

"As a lawyer, I need confidentiality. PhizChat is the only app I trust for client conversations." -- Fernanda Moreira, BSB

Try It Free

100% free. No ads. No data selling.

What messaging app do you trust with your data?