Slashdot Mirror

An anonymous reader quotes a report from IEEE Spectrum: Over the past six months a small, publicly available genealogy database has become the go-to source for solving cold case crimes. The free online tool, called GEDmatch, is an ancestry service that allows people to submit their DNA data and search for relatives -- an open access version of AncestryDNA or 23andMe. Since April, investigators have used GEDmatch to identify victims, killers, and missing persons all over the U.S. in at least 19 cases, many of them decades old, according to authors of a report published today in Science. The authors predict that in the near future, as genetic genealogy reports gain in popularity, such tools could be used to find nearly any individual in the U.S. of European descent.

GEDmatch holds the genetic data of only about a million people. But cold case investigators have been exploiting the database using a genomic analysis technique called long-range familial search. The technique allows researchers to match an individual's DNA to distant relatives, such as third cousins. Chances are, one of those relatives will have used a genetic genealogy service. More than 17 million people have participated in these services -- a number that has grown rapidly over the last two years. AncestryDNA and 23andMe hold most of those customers. A genetic match to a distant relative can fairly quickly lead investigators to the person of interest. In a highly publicized case, GEDmatch was used earlier this year to identify the "Golden State Killer," a serial rapist and murderer who terrorized California in the 1970s and 1980s, but was never caught. In April, investigators were able to use a genealogy database to narrow down DNA data from crime scenes and identify the "Golden State Killer," a serial rapist and murderer who terrorized California in the 1970s and 1980s.

Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.

An anonymous reader writes: Hidden among the customary disclaimers about how the website intends to use the information it holds about you, ancestry.com states that it reserves the right to leverage the genotyping tests of users (who have contributed their DNA to AncestryDNA research) in order to serve back 'relevant' advertising via the site. Critics of the clause believe that the site's promise to delete a user's genome on request is devalued both by the possibility of data breaches and by the fact that data brokers and other third parties are both unlikely to honor (or even know about) removal requests, and are likely to improve at leveraging genetic information in the future.

TexTex asks: "So, I'm doing the usual looking-up-of-phone-numbers-and-addresses thing today, and I'm starting to wonder exactly how detailed some of these engines get. www.555-1212.com and www.switchboard.com are giving me different address with the same phone number, but a reverse phone lookup on www.whowhere.com spits out a third. Granted, I haven't moved around that much in the past five years...but somebody thinks I did. Certain folks who sell background checks and missing persons searches seem to have access to all the cool toys. Land purchase records, post office change-of-address cards, the works. Are these kinds of listings available on the Web?" You'd be surprised at the amount of information about yourself that exists in public records. What are the tools these searching services use, to gain access to this online and how can we (not some company making a profit) gain access to them?

"Freebie searches aside, it seems it is much much easier to find information on someone who's dead than it is on our living friends. ancestry.com does an amazing job of providing info, most of all for free, but I want more. I want more complete info and I don't wanna pay $29.95 for it from the man."