Data brokers are still selling your home address — here's what actually works to stop them | IRCNF - Intelligent Reliable Custom Next-gen Frameworks

Somewhere right now, a company you've never heard of is selling a file on you. It contains your current home address and the last three places you lived. Your mobile number. Your email addresses — the old ones too. The names of your spouse, your parents, your adult children. Your estimated household income. Your political party registration. A map of where your phone traveled over the past several months. And it's all completely legal.

This is the data broker industry, and it operates largely in the open, fueled by public records, corporate data-sharing agreements, and the quiet sale of your digital exhaust. The companies doing this — Spokeo, Whitepages, BeenVerified, Intelius, Radaris, LexisNexis, Acxiom — aren't household names, but they know your household intimately.

What they actually know about you

The specificity is what makes this disturbing. A typical data broker profile isn't just a name and address. It includes:

Address history going back 10–20 years, pulled from property records and credit bureau data
Phone numbers — current and previous, mobile and landline
Email addresses, including old accounts you abandoned
Family members and associates, mapped from public records and social graph inference
Political party registration and sometimes donation history (public records in most states)
Estimated income and net worth, derived from property values, census data, and purchase behavior
Location patterns — where you live, work, worship, exercise, and who you visit — sold by apps that quietly monetize GPS data
Purchase history categories, sold by retailers through loyalty programs

How they get your data

Data brokers aggregate from multiple sources simultaneously:

Public records are the foundation. Voter registrations, property deeds, court filings, business licenses, and professional licenses are public in most U.S. states. Brokers scrape these continuously and automatically.

Retailer loyalty programs are a direct pipeline. When you swipe your grocery rewards card, that purchase data is frequently sold or licensed to data aggregators. The discount you get costs you something.

Apps that sell location data are an increasingly scrutinized but still active category. Weather apps, navigation apps, and free games have historically sold GPS data to location data brokers, who then sell it onward. This data is supposed to be anonymized, but repeated research has shown that location trails are trivially re-identifiable.

Social media scraping pulls public profile information, connections, and activity. Even private profiles leak metadata through mutual connections and tagged content.

Credit reporting adjacent data flows from financial transactions through complex licensing arrangements — though the major credit bureaus (Equifax, Experian, TransUnion) are regulated separately under the Fair Credit Reporting Act (FCRA) and can't sell credit data for non-permissible purposes.

Why this actually matters

The harm isn't hypothetical. Domestic violence survivors have been found and attacked after abusers purchased their location from data broker sites. Stalkers use Spokeo and similar sites as starting points. Journalists and activists in contentious situations have been doxxed using aggregated data broker information.

Even for ordinary people, the risks are real: spam calls that know your name and reference your neighborhood to sound legitimate; targeted scams that use accurate personal details to build false trust; insurance pricing that factors in neighborhood data in ways that correlate with race; and employers or landlords who informally screen using these profiles.

The legal landscape: patchwork, not protection

The United States has no comprehensive federal privacy law. The closest thing — the CCPA (California Consumer Privacy Act), strengthened by the CPRA — gives California residents the right to opt out of the sale of their personal information and to request deletion. A growing number of states have passed similar laws: Virginia, Colorado, Connecticut, Texas, and others have enacted consumer data privacy statutes as of 2024–2025.

But these laws have meaningful gaps. They cover "selling" data in specific technical definitions that brokers navigate carefully. They require residents to submit individual opt-out requests to each broker separately. They don't prohibit the collection — only the sale under certain conditions. And they don't apply to residents of states without such laws.

The EU's GDPR has more structural teeth — it requires a legal basis for processing personal data, not just an opt-out right — but enforcement has been uneven, and it doesn't help American residents.

The practical reality: your legal rights depend heavily on where you live, and even where rights exist, exercising them requires effort the brokers have made deliberately cumbersome.

What you can actually do

Manual opt-outs

Every major data broker operates an opt-out process. They are all different, all slow, and designed to maximize friction:

Spokeo: Search for your listing, copy the URL, submit it at spokeo.com/optout. Takes 3–5 days.
Whitepages: Find your profile, click "Control your info" at the bottom, submit removal. About 24 hours.
BeenVerified: Use their opt-out page at beenverified.com/opt-out/search, search your name, submit the form for each result. Several days to weeks.
Intelius: Submit at intelius.com/opt-out. Requires email confirmation. Takes 1–4 weeks.
Radaris: Find your profile, click "Control information," submit removal request. About 2 weeks.

There are hundreds of these brokers. Doing this manually across all of them takes 20–40 hours spread over weeks.

Automated opt-out services

Incogni (owned by Surfshark) charges around $7/month ($84/year, often discounted to $4–5/month on annual plans). It submits opt-out requests to 180+ data brokers on your behalf, monitors for re-listing, and resubmits when your data reappears. The interface shows which brokers have complied and which are pending.

DeleteMe charges $129/year ($10.75/month). It takes a more manual-plus-software hybrid approach — real people verify removals — and provides detailed reports showing exactly what was found and what was removed. It covers a somewhat different broker list than Incogni.

Both services have real limitations: they don't cover all brokers, they can't force removal from brokers in states without opt-out laws, and they can't prevent re-aggregation from new data sources.

Freeze your credit reports

Freezing your credit at Equifax, Experian, and TransUnion is free and blocks a specific but important vector: anyone trying to open financial accounts in your name, and brokers that rely on "soft pull" credit data for profile building. Go to each bureau's website directly; third-party "credit freeze" services are unnecessary.

Honest expectations: what removal actually achieves

Here's the part the opt-out services don't lead with: data re-appears. Brokers continuously re-aggregate from the same underlying public records and purchased data streams. A listing you removed in January may be back by April, rebuilt from a fresh voter registration scrape or a new property record. The services that charge you monthly are charging you precisely because this is an ongoing process, not a one-time fix.

What removal realistically achieves is reduced visibility, not invisibility. Casual searches become less productive. The person who Googles your name finds less. The stalker using a basic people-search site hits more dead ends. That's genuinely valuable — especially for high-risk individuals — but it's not a permanent solution and it doesn't protect against sophisticated adversaries with access to primary data sources.

Who should prioritize this

Some people should treat data broker removal as urgent:

Domestic violence survivors and people with protective orders — a data broker profile is a direct safety threat
Journalists, activists, and public figures who are targets of coordinated harassment
People in contentious legal situations (divorce proceedings, custody disputes, lawsuits)
Healthcare workers, police officers, judges whose home addresses are particularly sensitive

For the general public, the calculation is more modest. You're reducing spam, lowering the quality of information available to scammers, and making opportunistic targeting harder. That's worth something — but it's a maintenance task, not a one-time win. If you're going to do it, Incogni at ~$7/month is the most cost-efficient starting point. If you want more visibility into what's actually being found and removed, DeleteMe's reporting justifies its higher price.

The permanent opt-out doesn't exist. But reducing your profile, knowing what's out there, and making exploitation harder — that's achievable, and for a meaningful portion of people, it matters.