Last Tuesday I asked Claude to find me. Not Phil the Medium writer. The real me. Current address, two previous addresses, employer, my wife's maiden name, the school district for the kids. Fourteen seconds.
Two years ago this kind of search was a weekend of amateur detective work or a paid OSINT subscription. Today it's a tab I forgot to close. And it takes no particular skill, just an agent with web access and the right phrasing (which Claude will write for you if you ask politely).
TLDR: what Claude found on me comes from very specific kinds of sites, and there are five families of them. Only one really cleans up, and by chance it's the one used to dox you. In this article: the surface clean that calms things down, and the deep pressure-wash if you want to actually sleep at night (the four other families included).
[COVER: image]
In January 2025, some guys rang David Balland's doorbell. Cofounder of Ledger, a quiet village in central France. They took him with his wife, held them forty-eight hours, sawed off one of his fingers, sent the video to his cofounder demanding a ransom in crypto. The gendarmes got them out alive. Ledger makes hardware wallets, which is to say literal physical safes for crypto. Balland's digital security was airtight. The kidnappers didn't need his private keys. They needed his address. And that part was on sale somewhere.
Since then, CertiK has documented seventy-two physical attacks of this kind in 2025, up seventy-five percent year over year. Kidnappings jumped sixty-six percent. France alone logged nineteen, more than the United States. They're called wrench attacks, after an old xkcd meme: doesn't matter how strong your encryption is, a five dollar wrench solves the problem. The common factor across the seventy-two cases isn't the technical security level of the victims. It's their visibility. Someone knew where to ring.
Which is exactly what Claude just did for me, in fourteen seconds, for free.
14 Seconds
The prompt was eleven words long. Find everything publicly available about [my name] in [my city]. Web search on. Go.
Claude came back with a list. Current address. Two previous addresses, including the apartment I rented in 2018 and never put on social media. Employer. Wife's maiden name. The elementary school district for the kids, which I have never typed into any device that wasn't behind two-factor and a VPN. A phone number from a contract I cancelled three years ago and apparently nobody told the brokers. The estimated value of the house. My approximate age, off by one year because somebody at one of the data brokers can't subtract.
Fourteen seconds. I checked the timer twice.
Two years ago this would have been a weekend project. You'd subscribe to one of those OSINT services with a name like ThreatPivot or BreachFalcon, drop ninety bucks, learn the query syntax, run a few iterations, get bored, hire a private investigator for three hundred dollars and wait a week. The friction was the security. Not the encryption, not the privacy laws, not the broker opt-outs. The friction.
Friction is what AI agents are built to demolish. That's the entire pitch. Hand them a fuzzy goal, watch them figure out which sites to scrape, which forms to fill, in what order, with what backoff. Doxxing me is a textbook agentic task. No irony, no bug, just the demo doing exactly what it advertises.
Two years ago this was a detective's weekend. Now it's a tab I forgot to close.
"Data Broker" Is Not One Thing. It's Five.
Something the privacy industry doesn't want you to notice: the term data broker is doing a lot of dishonest work. Companies that sell removal services use the vagueness to oversell what they cover. Critics use the same vagueness to dismiss the whole category as snake oil. Both sides are wrong, in opposite directions, for the same reason.
There are five distinct categories of data brokers, and they share roughly nothing in common except the label. Different sources, different legal status, different threat models, different ways out. Treating them as one blob leads to the wrong tool every single time.
Five categories, one line each:
1. People Search Services. Spokeo, BeenVerified, WhitePages, that whole crew. The modern phonebook plus your relatives. Indexed by Google, queryable by anyone with a credit card or an AI agent.
2. Marketing and Inferred Data Brokers. Acxiom and the entire ad-tech graph behind every banner you've ever seen. They don't actually have your name. They have a profile attached to an advertising ID, which is more or less an anonymous hash that follows you around for a few years.
3. Credit Reporting Bureaus. Equifax, Experian, TransUnion. The famous three. Legally protected in the US, meaning you cannot opt out. You can freeze, you can dispute, you cannot delete. They got hacked and they still legally have your file.
4. Risk Mitigation Brokers. LexisNexis, ChoicePoint, the ones that sell background checks to landlords and HR departments. Adjacent to credit bureaus in legal protection, adjacent to people search in actual content.
5. Personal Health Data Brokers. Non-HIPAA wellness trackers, fitness apps, the smart toothbrush, the meditation app that knows you searched 'anxiety' at 3am.
This decomposition isn't mine. It comes from a video by Reject Convenience from May 2025, two million views, the best ten minutes you'll spend on this topic this year. He uses the framework to argue that removal services are misleading. He's half right. The other half is the rest of this article.
I Asked Claude to Escape All Five. Four Laughed.
So I went category by category and asked Claude to help me opt out. Same agent, same web search, one prompt per category. Here's what came back.
Category 1, People Search. Claude wrote me a working filter and an email-drafting workflow in about three minutes. I'll get to that one in the next section. For now: yes, this is the only category where the agent looked at me like oh, this is a real task, let's go.
Category 2, Marketing and Inferred. Claude refused to draft an opt-out email. Not because of safety guardrails. Because there is nobody to send it to. The data isn't filed under "Phil". It's filed under an advertising ID I can rotate myself in my phone settings. Claude pointed me at the Android setting, the iOS setting, and a one-paragraph explanation of why clearing cookies and switching to a privacy-respecting browser is the actual lever. Polite, factual, and quietly devastating: there is no opt-out from a database that doesn't know your name.
Category 3, Credit Bureaus. Claude pulled the relevant Fair Credit Reporting Act language and concluded, in slightly more diplomatic words, that I was wasting my own time. You cannot opt out of a US credit bureau. The law mandates that credit data exists and that the bureaus hold it. You can freeze new credit, you can dispute errors, you cannot delete. Equifax got breached in 2017, leaked the personal data of half the country, and is still legally required to keep a file on me. I read this twice. Then a third time. Claude kept being right.
Category 4, Risk Mitigation. Claude found opt-out endpoints for the big ones. Most were designed for businesses disputing background checks they had paid for, not consumers asking to be erased. I tried one of the consumer-facing forms. It returned a PDF I was supposed to print, sign, and fax. Fax. In 2026. I don't own a fax machine. I don't know anyone who does. Pretty sure my grandmother sold her last one in 2003.
Category 5, Personal Health. Claude pulled the privacy policies of a few wellness apps and trackers I'd accumulated over the years. None of them legally required deletion. Some offered it "at the company's discretion". A few had a deletion form that explicitly excluded data already shared with "analytics partners". One didn't even pretend.
Four out of five, the agent shrugged. To be fair, Claude wasn't broken on those four. The law is absent. That's a different kind of problem with a different shape, and no prompt is going to legislate it away.
The One Category Where Claude Is a Weapon
The prompt I ended up with, after about six iterations because the early ones kept doing dumb things:
Context: I want to remove my personal information from People
Search Services. Below is a starting list of brokers known to
publish public-records aggregations.
Brokers: Spokeo, BeenVerified, WhitePages, Intelius, PeopleFinder,
TruePeopleSearch, FastPeopleSearch, Radaris, MyLife, USSearch,
PublicRecordsNow, InstantCheckmate, BackgroundAlert, ZabaSearch,
Pipl.
For each broker, do the following in order:
1. Use web search to verify whether a profile matching the
following identifiers exists in their public results:
Name: [FULL NAME]
City: [CITY], [STATE]
Approximate age: [AGE]
2. If no matching profile is found, mark as SKIP and move on.
Do not generate an opt-out request for brokers that don't
have data on me.
3. If a profile is found, identify the broker's specific
opt-out flow (email, web form, ID verification, postal
mail, fax) and report it.
4. For brokers accepting email opt-outs, draft the email in
a separate code block, addressed to their listed privacy
contact, requesting removal under the relevant state law
(CCPA for California, equivalent for other states).
5. Output a summary listing: broker, status (HAS DATA / SKIP),
opt-out method, action required from me.
Do not send anything. I will review every email before sending.
The skip step matters. Without it Claude will cheerfully draft fifteen identical emails to brokers that have nothing on you, which is both noisy and slightly suspicious from the broker's side. The "do not send anything" line matters more. You're about to send real emails in your real legal name to companies that may demand a copy of your driver's license to process the request. Read every draft. Twice. I framed the whole thing with the same scope-locking discipline I learned the hard way when letting Claude touch real systems without a proper prompt contract.
Running this took about four hours the first time. Most of that wasn't Claude. It was me reading what each broker actually wanted and deciding which requests to send, which forms to fill by hand, and which brokers I wasn't going to give a copy of my passport to no matter how nicely they asked. (Three of them asked. I declined all three. They have my name and address already, they don't get my passport.)
Within ten days, most of the people-search exposure I'd seen in the original Claude doxxing test was gone. Some came back. About six weeks in, I checked, and a few brokers had repopulated from upstream sources. Which brings us to the next section.
Claude vs RemoveMe: The Honest Comparison
The repopulation problem is the entire reason removal services exist. You opt out, the broker re-scrapes from a different upstream source six weeks later, your data is back, you're back to square one. Doing this manually with Claude every six weeks works, but it's the kind of recurring task I personally guarantee I will forget about within two cycles.
Which is where services like RemoveMe, DeleteMe, and Incogni come in. Same scope, different model.
What Claude does well: it's free, it's flexible, you control every email, you learn the landscape, you can rerun whenever. The prompt above is now in my notes and will probably stay there for years. You can also read the actual drafts, which is genuinely reassuring when you're sending legal-ish requests in your own name.
What Claude does badly: it's a one-shot. There is no monitoring loop. The brokers don't email you when they re-add your data. You have to remember to rerun the whole thing, and you won't, because nobody does. Also, every email goes out under your name and your responsibility. Any mistake in the draft, any bad address, any phrasing a broker decides to interpret weirdly, that's on you.
What RemoveMe does well: continuous monitoring, automatic resubmission, broader coverage than the list I'd build by hand, and somebody whose actual job is to chase brokers when they ignore the first request. Around thirty bucks for three months at the time of writing. (Disclosure: that's an affiliate link. I get a small cut if you sign up. The cut doesn't change my opinion, but you should know.)
What RemoveMe does badly: same scope as Claude. Category 1 only. They don't, and can't, do anything about the other four. Which is fine, as long as you know it going in. The other thing worth sitting with for a second: you're handing your personal information to a company in order to remove your personal information from other companies. The trust transfer is real. Read the privacy policy. Decide.
Who picks what: if you have four hours this weekend and you like the project, run the Claude prompt, set a calendar reminder for six weeks out, save yourself a hundred and twenty dollars a year. If your reaction to "set a calendar reminder for six weeks out" is the same as mine (the reminder will fire, you will snooze it, this will go on for a year), pay the thirty bucks and stop thinking about category 1 forever.
Both options solve the same problem. The difference is whether you want it solved once or solved continuously.
What You Actually Do for the Other Four
The part nobody wants to write because it doesn't fit in a subscription. The four other categories don't have a service. They have habits. None of them are hard. All of them are free. Most of them take one weekend and then never again.
Marketing and inferred (category 2). Reset your advertising ID. On Android: Settings → Privacy → Ads → Reset advertising ID, then turn on "Delete advertising ID" if you have it. On iOS: Settings → Privacy & Security → Tracking → off, plus Apple Advertising → off. Switch to Brave, or Firefox with strict mode. Disable third-party cookies everywhere. The inferred profile won't be deleted, it'll be degraded, and degraded is the actual ceiling here. Stop chasing perfect.
Credit bureaus (category 3). Free credit freeze on all three: Equifax, Experian, TransUnion. Each one takes about ten minutes online. Doesn't delete your data, blocks new credit lines from being opened in your name, which is the threat model that actually matters. Pull your free annual report at annualcreditreport.com (the only legit site, not the one with the catchy jingle, that one's a paid service in disguise). Dispute every error you find. Be petty about it.
Risk mitigation (category 4). Once a year, request your own background check report from LexisNexis and the bigger consumer reporting agencies. They legally have to give it to you. Read it. Dispute the wrong stuff. If you're not actively job-hunting or apartment-shopping, freeze the report so nobody can pull it.
Personal health (category 5). Stop assuming HIPAA covers consumer wellness apps. It doesn't. HIPAA covers your doctor and your insurance company. The fitness tracker, the meditation app, the smart scale, the period tracker, the smart toothbrush (sorry to keep coming back to the toothbrush, it's just such a perfect villain), all of those are unregulated. Audit privacy policies before you buy. After you buy, it's mostly too late.
I ran the whole category 1 workflow as a CLI command from my terminal because for a one-shot administrative task with no recurring state, wiring up an MCP server is overkill for the job. None of this fits in a subscription. Most of it is one weekend and never thinking about it again.
The Asymmetry Nobody's Pricing In
The attack-defense ratio for personal data has never been worse, and almost nobody is pricing it in.
Fourteen seconds for an agent to find me. Months of opt-outs to remove a fraction of what it found. One category out of five removable at all. The other four protected by friction the law never meant to provide, and that AI agents are designed to dissolve.
As more people clean their category 1, the doxxers won't stop. They'll descend a level. Marketing brokers have inferred profiles you can't fully erase. Risk mitigation brokers have your background. Credit bureaus have your financial life. None of it is searchable today by a casual attacker with a Google query. All of it is correlatable by an agent that can read a breach dump, cross-reference a LinkedIn, scrape a few public records, and reconstruct you in an afternoon. Security researchers have been pointing this out since the Ledger breach last year: LLMs make breach times broker times people-search trivially correlatable, for anyone willing to ask.
I'm not predicting this. I'm describing this month.
Fourteen seconds for an agent to find me. Months and a small budget to remove me from the one category that lets itself be removed.
If everyone cleans category 1, the doxxers descend a level. Four other categories no service in the world can help with, and an agent that will do the correlation for them while you sleep.
The problem isn't getting solved. It's moving.
Sources
- What DeleteMe and Incogni aren't telling you — Reject Convenience, May 2025. The five-category framework comes from this video.
- CertiK 2025 Wrench Attacks Report, summarized here. Seventy-two physical attacks on crypto holders in 2025, up seventy-five percent year over year.
- annualcreditreport.com — the actual free annual credit report site mandated by federal law in the US.
This article contains affiliate links. I may earn a small commission if you purchase through them.
(*) The cover is AI-generated. No data brokers were harmed in its creation.
Top comments (0)