In this episode of The Security Ledger Podcast (#258) Paul speaks with Lawrence Gentilello, the co-founder and CEO of Optery, a startup in the personal data management space. Lawrence and I talk about the growing scandal around breaches at firms like AT&T and data brokers that have exposed the sensitive data on hundreds of millions of Americans to cyber criminals, and how Optery and firms like it are looking to empower consumers to claw their data back from these porous data brokers.

[Video Podcast] | [MP3] | [Transcript]

---

If you are like me and subscribe to an identity protection service, your phone likely blew up in early August with foreboding messages that your email, Social Security Number and other information had turned up on “the dark web” – that massive constellation of sites invisible to search engines where malicious actors and stolen data congregate.

The cause? A huge breach of the data broker NationalPublicData that likely contained information on more than 130 million Americans, dead and alive, according to an estimate by Troy Hunt of HaveIBeenPwned. Hunt was quoted in a report on the breach by Brian Krebs over at Krebs on Security. NationalPublicData issued a statement on August 12th acknowledging “incidents” that it claims began with an effort to “hack into data” in December 2023, and that led to “leaks of certain data” in April 2024 and “summer 2024. (Umm…for those of us in the Northern Hemisphere, isn’t “summer 2024” now?!) .

The information breached included names, email addresses, phone numbers, social security numbers, and mailing addresses, NationalPublicData said.

And, if you’re like me, this probably isn’t the first time this year that you’ve been inundated with warnings about your personal data being at risk. Just weeks before the NationalPublicData breach came to light, there were similar warnings in the wake of a massive breach of telecommunications giant AT&T. That company acknowledged in mid July that it was the victim of a cyber attack on a third party cloud storage provider in April that disgorged records of calls and texts for nearly all AT&T cellular customers – hundreds of millions of people. That’s an almost unmatched treasure trove of information for nation state actors that could easily be used to help reconstruct their social networks, patterns of communications and even their physical locations, as the Mozilla Foundation noted in its analysis.

Houston, We’ve Got Your Data!

So, “Houston, we’ve got a problem!” Or maybe “Houston, we’ve got your data!” 🙂

Private firms have been harvesting, storing and monetizing mountains of our personal data, gleaned from our movements, behaviors and financial activity online. But – as is abundantly clear- those firms are not particularly careful about protecting that data from malicious actors. Nor are they transparent about how the data they’ve collected is being stored and used.That includes the growing ranks of data brokers – companies that exist solely for the purpose of collecting and monetizing data from individuals, companies and more. NationalPublicData, for example, sells access to databases that allow people to search for individuals by social security number, name, address and other information; peruse a database of criminal records, plumb voting records and more, TechCrunch noted.

Introducing: Personal Data Management!

One response to that has been the emergence in recent years of firms dedicated to the task of helping individuals claw back their data from data brokers, online retailers and others who would misuse it or – as recent incidents suggest – leave it easy prey to malicious actors.

Our guest for the latest Security Ledger podcast is someone who is on the front lines of that battle: Lawrence Gentilello, the CEO and co-founder of the startup Optery, which is one of the top rated firm in a market often dubbed “personal data management” (though Optery also serves businesses in addition to consumers). Founded in 2020 and based in California, Optery has a patented search tool that can break through data brokers’ efforts to frustrate crawlers intent on finding out what information they hold. It offers consumers a free service that will identify sites that are offering their data for sale. And, for a fee, Optery will file requests to remove that data and keep track of when your personal information pops up on a data broker’s site.

In this conversation from earlier in the summer (though before the NationalPublicData breach), Lawrence and I chatted about his interesting path to founding Optery, which included his experience helping to launch a proto-Facebook site at Stanford called Steam Tunnel, and a stint earlier in his career on the other side of the fence at a startup, BlueKai – acquired by Oracle – that was a pioneer in collecting consumers’ PC and smartphone data and using it to enhance ad marketing for their clients, including some of the largest Internet players.

In this conversation, Lawrence and I talk about the technical challenges facing companies that want to determine how and where companies are hoarding consumer data. We also delve into the darkening picture of consumer data privacy and security as companies like Optery seel to empower consumers to manage their data. For example, Lawrence notes that data brokers are starting to push back at data takedown requests, especially in states that lack strong consumer data privacy laws.

Use the podcast player above to listen to an audio of our talk, or check out the video version of our conversation below!

---

Video Podcast & Transcript

Video Podcast

You can watch a video of my interview with Lawrence below. Also: check out more Security Ledger podcast interviews on our YouTube channel!

Transcript

[00:00:00]

Paul: Hey everybody, welcome back to another episode of the Security Ledger podcast. I’m your host, my name’s Paul Roberts and I’m the Editor in Chief here at Security Ledger. And I’m really excited to have with us in the studio, Lawrence Gentilello, who is the CEO and founder of Optery. Optery is a company you may have heard from, if not, you probably should have.

Paul: Their mission is to give you control over your personal data that’s floating out all over the place online, as and as you probably dread, , so it’s got this really interesting automated system for opting out, and [00:01:00] retrieving your data from data brokers online yellow pages and all the different sites out there.

Paul: Really cool stuff. Lawrence and I met up at RSA and were chatting and put it on my schedule to follow up with him and have another conversation. And then in the meantime, what happened is AT& T got owned through a supplier and leaked data on hundreds of millions of AT& T customers, Ticketmaster, it just goes on and on.

Paul: So it’s, this is just such a, critical issue the AT& T thing really just got me like, oh, you know what follow up with Lawrence, man You gotta have that conversation. So Lawrence, welcome. Welcome back to security ledger podcast. Great to have you

Lawrence: Thanks, Paul. Yeah, it’s great to see you again. It was really fantastic meeting you at the RSA conference in San Francisco a few months ago, and I’m excited to pick up the conversation.

Paul: It’s a scene. It’s a scene. Yeah. No, it was really good talking to you and learning a little bit about your company We’re going to talk about Optery. Before we do that though, You’ve got a really interesting history in in tech, going back to your college days, actually at [00:02:00] Stanford.

Paul: and you among other things, I didn’t know this until I checked out your LinkedIn profile. You actually had a sort of Facebook before it was Facebook project that you did as an undergrad at Stanford. Talk about that and what your path looked like after that was called Steam Tunnel.

Lawrence: Yeah, that’s right. Yeah, I don’t talk about that much these days because it was so long ago, but there was a time when Facebook had just IPO’d that there was a lot of questions about that. I was on the homepage of Mashable because there was an article on Mashable. Right around the time that Facebook was like really all the rage.

Lawrence: I think it like 2012 or that, that time where they resurfaced that. But yeah, it was went to Stanford undergrad and I went in the late nineties. So I graduated in 2000. It was a really special time. It was at the height of the dot com boom. So I entered there in 1996 and I graduated in 2000 and it was just a really incredible time.

Lawrence: And it’s just when Yahoo was roaring and Google was just getting off the [00:03:00] ground. eBay at the time was a big thing.

Paul: God, what an incredible time to be there. Yeah.

Lawrence: yeah, it was. Yeah. And I was in a fraternity in college and I think we had this crazy stat where something like 40 million in capital was raised out of my fraternity house.

Lawrence: by just student entrepreneurs. So venture capitalists were really going down very early and investing in student entrepreneurs. And it was a lot of money that was raised out of our house. It was almost like some guys did sports and other guys did music and other guys did startups. And so I was part of that group and had started a couple of companies as an undergraduate and me and a couple of friends decided to scan all four years of the Facebook, which was like a I got all the pictures.

Lawrence: We, this was in 1999, four years before Mark Zuckerberg had started his Facebook. So we scanned all four years of the photos and there was an online student directory where you could look up students names and it would have their, phone number, address, major, all this stuff, and so we [00:04:00] actually went

Paul: Social security number.

Lawrence: Not quite that, but yeah, but we went and we actually scraped that whole site, built it all into database.

Lawrence: We restricted access to only Stanford students, but we were just your classic college entrepreneurs. We launched a site called steam tunnels and had a few different things. It had an events calendar and the comparison textbook shopper and restaurant guides for Palo Alto and for these, but the Facebook was the crown jewel of it, but it was very short lived.

Lawrence: Because the administration felt like we had ripped off the pictures and shouldn’t be posting people’s information online. Again, it was restricted to the Stanford community only. But at the time, it was in the late 90s, and you, we did not know what we were doing. In today’s day and age, this is something that data brokers do.

Lawrence: And Optree, our crusade, is to make that stop. It’s interesting how these Kind of dots connect, but at the time it was short lived. It was live for a couple of months, and then the university knocked on our doors and said, hey, [00:05:00] you need to take the site down. And so we ended up taking it down and pivoting the company into a college magazine, which we actually grew it to the largest college magazine in the country.

Lawrence: I think we had a circulation of 2 million a week. But ultimately the company failed at a classic kind of dot com flame out, but that was my first real entrepreneurial experience. And in retrospect, we should have just pivoted not into a college magazine, but pivoted into getting permission and from people’s, from the students to get their information up.

Lawrence: The other thing is at the time it was pre digital cameras. So now we take it for granted that you got a phone, everyone’s got a camera in their home and their phone. And by the time there was, there were no, there was not any digital cameras. Like there, there were a few, a few people had them.

Lawrence: So it wasn’t like people had a lot of digital images of themselves. So it was like, didn’t exist. It’s just back still film camera. So we thought at the time that it was just insurmountable to get all the students to submit pictures of themselves. And lo and behold when Mark Zuckerberg launched Facebook, the timing was perfect.

Lawrence: That was right [00:06:00] when, camera phones and digital cameras became mainstream. But that was the first, my first foray into entrepreneurship.

Paul: Yeah, because the digital cameras also fuel the content that’s being posted on the site, right? So it’s almost like you don’t think about Facebook and mobile as being so intertwined, but they were, and in some ways you were a little bit ahead of, just slightly ahead of that. So interesting.

Paul: Now let me ask you, are there steam tunnels at Stanford? I don’t know this. Like, is that a thing?

Lawrence: Yeah, that was the name of, that was where the name came from. So underneath Stanford, there is steam tunnels that routes heat to the different buildings and dorms. I don’t know if they’re still in use or not. And it might be honestly a relic from a hundred years ago when the university started to get built up.

Lawrence: But there, there was a kind of like an underground, Activity where people would go spelunking in the steam tunnels and would go down and pop up into different places. I never did that, but it was a popular thing that people did. And we labeled the site as Stanford’s [00:07:00] underground. And so that was, we had this Facebook and we had, events calendar and that kind of thing.

Lawrence: So it’s really exciting. It was really fun. And the time in general, like I remember I was using Google and it was google. stanford. edu. It was before it was google. com. And I remember there was a career fair and I remember it was just Larry and Sergei were at a table and I went up and was talking with them and they were I was an economics major and they were like we’re just looking for engineers.

Lawrence: so I was actually, it was like a job fair and I was talking with them, but there was this very early, there was a lot of, big companies that, that came out of like crop of entrepreneurs at Stanford.

Paul: Move forward in your career. You, lo and behold, you went into the tech sector. Talk to us a little bit about that, that middle part of your career working for companies while you work for a startup that got acquired by Oracle and you worked for Accenture.

Paul: What types of stuff were you doing?

Lawrence: Yeah, so At the tail end of that was when I really had the realization that data was being weaponized and used against people. I ended up going to work at a company called BlueKai. was acquired by Oracle. It is what became the [00:08:00] Oracle Data Cloud. And then what became Oracle Advertising, which they just are in the process of end of lifing right now. And again, when I joined BlueKai, again, it was from a little more of an innocent perspective at the time. Google was all the rage with, targeted advertising.

Lawrence: And what BlueKai did was had partnerships with, big online, commerce types of companies. So partnerships with Expedia. com, Kayak. com, eBay. com, Cars. com, Hotels. com. And would cookie users, when they were performing searches on those sites for products, and then BlueKai would store that intent data matched up to a cookie ID.

Lawrence: So if your web browser or your phone browser would go search for a flight from San Francisco to New York, they would permission BlueKai, and BlueKai would drop a cookie and then say, okay, this person is looking for a flight from San Francisco to New York. And then we would sell that data. So it was a data broker.

Lawrence: It was all around for [00:09:00] advertising. Our customer, our biggest customer was Google, second biggest customer, Microsoft, third biggest customer, Yahoo, AOL. And so it was really about in the height of retargeting when you, certainly early in the web, it was, you’d go to online, you’d ads for punch the monkey and refi your home.

Lawrence: But then all of a sudden you started seeing ads for the shoes that you had looked at Nordstrom. com, the day before, or the new backpack that you had looked at, that, that morning and BlueKai was a major player in that space and it was really around ads and you might have like Marriott that say, okay, we’re going to buy that data and now we can advertise for hotels in New York because we know that you’re You know, flying to New York and we know the dates that you’re looking to fly. So again, also from an, more of an innocent perspective, it’s like ads, targeted ads, and then. When I got into that space in 2011, again, it was just more innocent. And then over time you had Cambridge Analytica, you started having data breaches, you started influencing elections. And then you had increasing [00:10:00] sophistication of attackers.

Lawrence: Whereas attackers before were looking for backdoor access. And now attackers are turning into, data analysts and utilizing data to make attacks and it had moved on to Accenture and it was at that time where I said, wow, like the rose colored glasses were off and the naivety of getting into the space. I realized, whoa, like this can be used not just for some like ads, but for a lot more powerful and dangerous things. And that was when the idea was to leave and to start this company.

Paul: You could target an advertisement, make it highly relevant and attractive. You do the same thing with a targeted attack, right? And then you found yourself actually on the wrong side of a identity theft scheme, actually, as did I talk just a little bit about that and how that changed your thinking,

Lawrence: Yeah, definitely. So I after Oracle, I worked at Oracle for about two and a half years in product. And then I went to Accenture. I led Accenture’s data management platforms practice for about three and [00:11:00] a half years. And so it’s the tail end of that experience. A number of things started happening that ultimately led me to start this company.

Lawrence: And so one was these new privacy laws that were getting passed. Today, I think we have 10 or 11 already in action. Texas is live, Oregon’s live, Connecticut’s live, Colorado’s live. But at the time, there were zero, but California had just been the first one. So these new privacy laws were starting to get passed.

Lawrence: Which was like amazing because it gave consumers these rights. Two was just the awareness that, hey, this data is not being used just for targeted ads, but it’s being used in more dangerous things. And three, the third thing was I was a victim of identity theft. And so there was all these like confluence of factors.

Lawrence: That just really drew me in to the space of cybersecurity and data privacy and data rights and the identity theft, becoming a victim of identity theft was one of those three factors. And so for me, what happened was I use Verizon and one day Verizon, I got an email that said like a purchase [00:12:00] confirmation for two new cell phones and two new, plans.

Lawrence: And I was like, Nope, that’s, that wasn’t me. And so I didn’t click on the email or actually contacted Verizon directly. Cause I thought maybe it’s phishing, maybe it’s a social engineering tech trying to get me to give a password or credentials, unpacked the whole thing. And somebody had profiled myself and my wife and created fake IDs.

Lawrence: In both of our names, and a man and a woman had walked into a Verizon store in San Francisco and said, Hey, here’s who we are. Here’s our phone numbers. We want two new iPhones. We’ve got old iPhones. We want new ones. And I talked with the store manager who, or employee that performed the sale is everything checked out.

Lawrence: There’s an ID. They knew your number. They had your home address, your, city. They had all the information. And so at the time, this was all like a complete shock to me. And as I spent time kind of digging in researching, learning more. It [00:13:00] became clear that it would be very obvious for someone to profile me or us and then start using data brokers to fill in the details.

Lawrence: Take that phone number, run it through a data broker where you can put a phone number in and get out like a name, an address, City, state, where somebody lives, family members names, and, to basically get that data, piece together a story, piece together profile, and then perform that attack.

Lawrence: That was almost like the final straw. And there was like this kind of inside knowledge from having worked at BlueKai and Oracle, these laws, becoming a victim, and, left to start the company that we have now.

Paul: Do you think it was this arbitrary? Do you think that, you’ve had articles written about you and stuff like that. Do you think they were targeting you specifically or just randomly?

Lawrence: I think it probably was a little bit random. My guess is that the, what I know is if it wasn’t, this wasn’t somebody in a different country. It wasn’t somebody from Asia or

Paul: No. Yeah. They were physically there.

Lawrence: San [00:14:00] Francisco. We don’t know. It could have been that was like a foot soldier and maybe there was somebody from a different country who was.

Lawrence: doing the data analysts, data analysis and, and then they were aligned with a foot soldier. I don’t really know, but somewhere along the line, someone had the sophistication to profile us. I would estimate at the time I worked at Accenture, I would estimate they were looking for, urban professionals, that would be my guess in the Bay Area.

Lawrence: And I would imagine they were just, I was profiled as just a number of professional professionals. And then that’d be mine,

Paul: yeah. My wife and I had somebody file a tax return in our names, for a refund. This was back, I don’t know, pre pandemic. when we went to file our tax returns and was like, you’ve already filed and was like no, we haven’t. And it took a long time to get that resolved.

Paul: It is not easy.

Lawrence: same thing happened to my parents. that’s one of the, one of the incentives each year is just get that tax return in as quickly as possible before someone else beats you to [00:15:00] it. I think that the IRS has started to put in some more safeguards around PINs and, you have to put in your driver’s license number now.

Lawrence: And not that would be impossible to get either, but, I don’t know. But yeah, I have, my parents had the same thing happen to them.

Paul: You, landed on this idea optory as a way to empower consumers and businesses as well to take some control over their data. it’s such a massive problem. So what. What was your approach to it when you started? Because obviously there are other companies out there that I guess help you manage personal data and stuff like that.

Paul: So what did you see as the opportunity in the marketplace?

Lawrence: Yeah, definitely. We’re definitely not the only company that does personal data removal. So that’s the category that we say what Optree does is personal data removal. So there’s hundreds of these data broker sites. Some of them sell your data, but it’s Behind the scenes, others sell your data out on the open web, where they’ll [00:16:00] actually publish profiles of you on the open web.

Lawrence: And there’s other companies that we compete against that do this, where they basically send object requests and data dilution requests and say, delete my data, do not sell my data. And so I felt like there needed to be, a lot more automation and a lot more of a software based approach. At the time, the approaches were a little bit more manual.

Lawrence: And, my co founders and I had come from the data space. I had spent, close to 10 years in the data space. And so we felt like a new approach that was more data centric was warranted. And, we launched it in June of 2021.

Lawrence: And then what was interesting, and we was like a really big thrill for us. Was, I think it was in February of 2022. So less than a year later, PCMag has a lead analyst for security that does reviews of all the products they did a fresh set of reviews of all the products in the industry and awarded us the editor’s choice as the most outstanding product in the market.

Lawrence: And if you were to read the review, he is wowed and amazed by all these new [00:17:00] things that we were doing that no one else had done before. And so one of the things was. scanning hundreds of data broker websites, using matching algorithms to see if our customer’s profile is there or not. And then taking a screenshot of that and then sending that report to our users so they could see all the places that they’ve been found.

Lawrence: And so that was just, nobody else did that. So there’s a lot of things that we had done. We just took a fresh look at the space, a fresh look at the problem. And we really broke down the problem into. a search problem as well. What we have is a search engine. So Optree is half search engine and it’s half opt out software.

Lawrence: And I think the other solutions out there, I don’t think that they conceived of themselves as search engine, but we do. We have two patents that are search patents. They’re search for search technology. And so we said, we’ll break down the problem into a search problem. What information is out there?

Lawrence: You can’t remove what you can’t find. Or, how do you know what to remove? Maybe you should search for it. And so that was one of the unique things that we did. And [00:18:00] even to this day, we make us a free scan, just open to the public. And so every day, People just sign up for free and we send them a free scan.

Lawrence: And usually we found about a hundred screenshot exposures. And what we even do is encourage customers of our competitors to sign up to see what they’ve missed. And usually even customers that use a competing service will send them a report and it’ll usually show 40, 50, exposures that others have missed.

Lawrence: So that was just like a really unique thing. And it’s one of the reasons why we had won the PCMag Editor’s Choice the last three years in a row in 2022, 2023, and 2024.

Paul: There’s something very powerful also about seeing the screenshot of your profile on a website, I think, for the customer as well, be like, oh, crap, what’s that site doing with my information, I’ve never been to that site, so why, I think that psychologically that has a big impact.

Lawrence: Yeah. Even like the early privacy tools was like an ad blocker or a tracker [00:19:00] blocker, And then basically it would block third party cookies from getting dropped on you. So most ad blockers have this baked in the brave browser. Mozilla, Firefox, Safari do this by default where they block the third party trackers.

Lawrence: That was my old world. That was BlueKai. That was Oracle. and then there’s a lot of others out there like that. But that was like, a lot of people use them, but the problem was just invisible to people. There’s just this stuff that was happening behind the scenes in your browser. You go to cnn.

Lawrence: com or fox. com. News. com. And in the background, you’ve got 50 different ad tech vendors that are dropping cookies, ID swapping, all these names, ad networks, demand side platforms, supply side platforms, data exchanges. This is this whole big ad tech world. It’s all happening invisibly. And so the people that are really up to speed on this stuff, they have tracker blockers, they’re using Safari or Brave or Firefox because they know what’s happening behind the scenes.

Lawrence: Transcribed But most people, the general public, yeah, exactly. It’s small. The general [00:20:00] public has no idea. It’s just it just happens that they don’t do anything about it. And so that was one of the problems that we identified. And we said how can we make this problem more real for people? We said if we give away a free scan, we can go scan.

Lawrence: And people might not know. That actually there’s a hundred different websites out there that listing your family members names, your spouse’s name, your kids names, your parents names, your address, your email, your phone number. And that really opened the eyes for people to say, Whoa, here’s all of this stuff that’s out there for me.

Lawrence: This problem is more real than I thought. And that was our niche. There’s even within cybersecurity, there’s, hundreds of different categories and privacy. This is our niche. Our niche is. Finding and removing, profile information from data brokers.

Paul: And is that where most people’s data is being coughed up is just via e commerce sites and other sites that they may visit and have an account with or even not, but that right. Data is getting captured, getting aggregated and resold.

Lawrence: Yeah, I think there’s like [00:21:00] sort of two, two big buckets. One is dark web and there’s information in the dark web and yeah. And that’s out there. It can be bots and as it can be retrieved for free. And then there’s the data broker world, which is the data brokers have a lot of different sources. So any one data broker might have.

Lawrence: 50, 100, 20 different sources and their sources are oftentimes public records databases, other data brokers, scraping the web, just like what information is out there on the web that you’ve left out there. Maybe, You’re on an about us page of a website, or maybe LinkedIn. LinkedIn has often been like a major target data brokers to scrape, to get your, what company do you work for?

Lawrence: What companies did you used to work for? What is your job title? Are you a data analyst? Are you, a salesperson? and so they’re basically, their whole job is to get as much data as they can, organize that, make it. accessible and then merchandise it. They’re selling it to the [00:22:00] government, they’re selling it to companies, and they’re selling it to people.

Lawrence: , so those are like the two big buckets. It’s the dark web and then the data broker world. And there’s no, it’s just a vast, like a big, constellation of sources. It’s a very tough problem. It’s a very complicated space.

Paul: So one Optree does, like you said, is it scans all these sites. It presents a list to you of here’s all the data we found on you. Very common. You have a list of the sites that you monitor, which is really extensive. including all these state level arrest sites that I didn’t even know existed, but clearly it’s a thing.

Paul: If you get arrested and have a mugshot, I guess they end up on one of these sites, right? but the other thing that you do for folks who are like, Paying members, premium members, is do removals from these sites. So how does that work? That seems like it would require a human being, but I don’t know, is there a way to automate that?

Lawrence: Yeah, so there’s different again, there’s different products out there. The approach that we take, we refer to as humans plus machines. and even Optree itself, we have a [00:23:00] free tier, which gives you free scans every 90 days. And then we can see where you’re exposed and then self service tools where we have opt out guides were step by step instructions.

Lawrence: And that, there’s a lot of DIY do it yourself people who say, Hey, I’m not going to pay for this. I’m going to do it myself. Michael Basil for example, another big cybersecurity podcaster, he advocates doing it yourself. But a lot of people say, Hey, I don’t have the time for that. I don’t have the expertise for that, but some people do.

Lawrence: So there’s these do it yourself tools that we make for free. And then we have three paid tiers. We have our, it’s called Core, Extended and Ultimate. There’s different prices and the Ultimate tier uses a humans plus machines approach. So we have our automated scanning, automated removals, but then we also have a human privacy agent that’s assigned to each customer account.

Lawrence: That’s doing additional QA, additional reviews, handling something we call custom removals. Custom removals says, Hey, is there a data broker that you found that we don’t cover yet? We’ll submit that to us. And we’ll make a [00:24:00] best effort to submit the request to get it removed. And that’s how we productize the new data brokers that we’re gonna, that we’re always adding.

Lawrence: So we take a humans plus machines approach and the ultimate plan has humans plus machines. The core plan is just machines. It’s just all automated. There’s no humans associated with that. So some of our competitors are just fully automated. They don’t have humans involved. And others of our competitors are just humans.

Lawrence: Where they don’t have, automation or very little of it. And we employ both approaches depending on the plan. and so that’s one. And it’s definitely like a very it’s just a, it’s an ongoing difficult problem. This constantly changes. There’s data brokers that are getting acquired by other data brokers.

Lawrence: Where one week, there’s an opt out process on their website. But then a month later, they’ve been acquired or merged into another company. And now to opt out, it has a new. opt out procedure. And so we keep track of all that. for as an individual, today we cover around 320 data brokers and we’re days away from launching coverage for another [00:25:00] 400.

Lawrence: We’re about to launch 700 plus. As an individual to keep track of the opt out processes of 700 different It’s just impossible. We have a team, of six or seven people. This is all they do. All they do is constantly testing new data brokers, keeping track of if data brokers processes have changed.

Lawrence: if we’re getting blocked, reaching out to their privacy departments, filing complaints with the FTC, filing complaints with the California, privacy protection agency, filing complaints with attorney generals. This is like our whole world. And it’s just to do it yourself. It’s like almost impossible.

Paul: It’s a constantly shifting landscape. How do you maintain your orientation, right?

Paul: really interesting. I think one of the things you hear sometimes is people, particularly in the United States are apathetic about this. They just assume that the, everybody’s stealing, taking their data, all these, e commerce vendors and other people, and they’re just shrug about it.

Paul: what would be the argument as to why not to be complete? I’m not sure I actually believe [00:26:00] that people are complacent about it. I think it’s more just that they don’t know to do, to but what are the dangers that you face, in just having all this data about you floating out there?

Lawrence: there’s definitely one. I think a lot of people just can throw their hands up in frustration and say this is an impossible problem. I’m not going to even try and address it. It’s a whack a mole problem. Stuff pops back up. All the removal services, we’re not a hundred percent, it’s not like we just, we can guarantee you a hundred percent of it will be gone.

Lawrence: In some cases, our customers, we get a hundred percent of it. In other cases, there’s stuff that just because we have a really hard time getting down. And think one that the sort of have to everyone has their own threat model and their own preferences. And some people just say, hey, look, I’m not going to do anything.

Lawrence: I’m either going to do it or I’m either going to go all in or I’m going to do nothing. That’s fine. Other people just say, hey, I’m going to, I’m going to do the best I can and try and reduce my surface area of attack. It’s even if you have, a strategy for securing your home.

Lawrence: At a very basic level, it’s just lock your doors and your windows, and [00:27:00] then from there, maybe it’s just a motion detector light, a floodlight that just, somebody walks by, it just goes off. We’re not even talking video yet. We’re just talking a motion detector light where that light might scare people away.

Lawrence: Maybe putting up signs like a sign that this home is protected by a like service. Then you’ve got videos. Do you have one camera in front? Do you have cameras like, on all sides of your home? Do you have internal motion detectors? Then it’s like your windows. Do you have, sensors that monitor if a window has been broken or not?

Lawrence: You can just keep going further and further. Then do you have a shelter? Like maybe an underground lair where if somebody does get into your home, you can get you down. So you just keep going successively to protect yourself more and more. And even for us, if you look at our different like products, you have some people that use us core tier, which is just some basic coverage and others that use the ultimate, which is the more extensive coverage.

Lawrence: And so ultimately, you’re trying to get this information out of circulation, making it harder and harder for people to get that get to that information. Making it so that people can’t just go and do some quick Google searches or some quick searches on some of these databroker websites to [00:28:00] quickly find it.

Lawrence: and then, the more and more information that you take out of circulation, the lower your chances surface area of attack is. And so if you remove more and more information, you make it harder and harder. And maybe what happens is the attacker is going to move on to the next person, and you’re less likely to be attacked.

Lawrence: Also, it’s a bit of a signal to attackers that, oh, this person actually cares enough about their security. So why don’t I start here? One, it’s hard to find information about them online. That means they’re probably doing something to protect that. That probably means they’re also the type of person that’s going to use.

Lawrence: MFA or not recycle passwords or be more on the up and up to identifying things, but if you just show to the world that you’re doing nothing, you might say, okay, this is someone who’s probably less. There’s probably other deeper problems. They’re less likely to, have security procedures and in place in other ways.

Lawrence: areas. it’s, there’s definitely a lot that you can benefit from getting this information off the web, taking it out of [00:29:00] circulation.

Paul: You mentioned, whatever, 10 or 11 states that have passed data privacy and data security laws. Obviously, in the EU, there’s GDPR and a variety of other, EU regulations protecting data privacy. do those help a company like Optery? You mentioned filing complaints and stuff like that.

Paul: Do they give you more leverage? And have you seen any impact? Because, obviously, We don’t have a federal data privacy law, at least not yet. are they having any impact out there in terms of practices and behaviors that you’re seeing from these data brokers?

Lawrence: They help tremendously. People in states that have comprehensive data privacy laws should be very grateful to their lawmakers that have gotten them passed. People in states without data privacy laws should be very, feel very cheated. and

Paul: Bang on the door if you’re a local rep, get it done.

Lawrence: we are on the front lines and we see the difference.[00:30:00]

Lawrence: They are they are very powerful. They are very effective and they are very needed. and not just for us, but for the consumers themselves, we’ve reached a point now where some of the bigger data brokers are rejecting opt out requests. If you are not in a state That has a privacy law because if you look back five, six years ago, our industry is growing very rapidly.

Lawrence: I saw some stat that said we’re, our industry is doubling year over year. our business, we’ve been tripling year over year in terms of revenue and users and everything. So we’re, our business is growing very rapidly and our industry is growing very rapidly. And it’s going to continue to grow rapidly.

Lawrence: And so if you go back, several years ago. there just weren’t as many opt out requests. And so the data brokers were like just processing them. But the volume of requests is increasing. You have companies like Optery, other companies that are submitting these things, we’re in a lot of conversations with some really big companies.

Lawrence: We have an API where a lot of companies will white label. our [00:31:00] solution and we power scanning and removals for other companies. So the volume of requests that’s getting sent to data brokers is increasing a lot to where they’re now at the point where some of them are saying, Hey, if you’re not in a state that doesn’t have a law, they’re actually not required to remove you.

Lawrence: They are maybe if you’re like a judge. We have police officer, but if you’re just a regular person, they’re not. And so we’re now at the point where some data brokers are saying, Hey, you’re in Montana. Sorry you don’t have the right and we’re not going to do it for you. But if they’re in Texas or Oregon or California or Colorado, they honor it.

Lawrence: So it’s a big effect and, for all things. It’s, they’re very beneficial.

Paul: And for a company like Optery, if they just say, nope, you’re not in a protected state then is that kind of the end of the road for you? Or are there other means at your disposal?

Lawrence: No, it’s not. And that’s one of the reasons why to use someone like Optery is if the problem is the data broker removal and the opt out, we hit it from a lot of different angles. there’s a lot of different ways to [00:32:00] submit an opt out. And so this is like why we exist.

Lawrence: We hit it from different angles and won’t go into too much of a, You know, methodologies, but you could think any different data broker, you might have, they might have an email address, they might have a web form. Some of them require, like a Gmail address. Some of them require a text message verification.

Lawrence: Others require an email verification. So we have a lot of different methodologies that we use, and we rotate through these different methodologies. We have a team that’s constantly testing new things. We’re able to get, unblocked. There’s a lot of times where our customers come to us and they say, Hey, we’ve been trying, we have, can’t get it.

Lawrence: And then they send us this big, thank you. Like I’ve been trying to get removed from this data broker for months and I haven’t been able to do it. And we used you and you were able to do it. that’s not to say that we get a hundred percent of it, and sometimes we might be blocked for a few months, but what it is to say is that this is our expertise.

Lawrence: It’s our core competency. We’re hitting it from lots of different angles. And we’re usually able to get breakthroughs, not always, but in general, [00:33:00] definitely far better than any individual could.

Paul: Okay. Final question. For our listeners, who might be saying, wow, I gotta get on top of this problem what’s your advice, to start? Obviously I would say probably go sign up for a free, scan it off to read ’cause it’s free. what else?

Lawrence: Yeah, I think one I would definitely look at the problem one problem, which is securing yourself and protecting yourself. That’s the problem. And there’s a lot of different tools at your disposal to help strengthen your safety and to help strengthen your security. not recycling passwords using a password manager, using MFA everywhere you can, being very vigilant about, the text messages and the phone calls and the emails that you receive.

Lawrence: There’s a lot of different things that you can do. and then one of the tools at your disposal is an assessment of what is your data exposure out on the web. That’s one of several tools at your disposal. thread, I would definitely recommend running a free Optree scan, whether you use Optree, you’ve never used [00:34:00] anything before, or whether you used a competitor site to see what we find.

Lawrence: It’s free. and then you can make a determination as to what’s the best thing for you. Are you already very well covered? do you want to upgrade into an account? Do you want to do this yourself? But that would be, I think the key thing that I like to stress is just that’s one. Tactic among several at your disposal.

Lawrence: And the people that are the most secure, the most safe are using all of these things,

Paul: Lawrence, is there anything that I didn’t ask you that you wanted to say?

Lawrence: Once. Thank you. Thanks for for the conversation. It was great to meet you at RSA and it’s great to be able to. , to chat with you about this. I think one of the things that I find interesting is there’s so many people out there that just don’t know that this is a problem and are not aware of it.

Lawrence: It usually, if you spend a little bit of time with people, if I spend a little bit of time with people, start talking to them, light bulbs start to go off. And they start to say, Oh, wow, I never thought of this before. I think maybe for you and I, it’s easy to take for granted that we know what’s going on here.

Lawrence: But there’s so many people out there that don’t [00:35:00] know what’s going on. I think if there’s any one thing I would say is just if you’re in a state that doesn’t have a privacy law, reach out to your lawmakers, your local politicians, they usually have intake forms online where you can submit requests and complaints and email addresses that you can email your lawmakers to try and get more privacy laws passed.

Lawrence: And then two, I’d say for those out there that are, interested in this, I highly recommend. Creating a free Optery scan just to do an assessment as to what’s out there, whether you’ve been using another service or you’ve never used the service, it helps to make the problem a little more real.

Lawrence: Yeah. So I think those would be the

Paul: That’s what I’m gonna do right after we get off the call

Lawrence: Sure. Yeah. Yeah.

Paul: Lawrence Gentilello. Thank you so much, CEO of Optery. Thank you so much for coming on. It’s been a super interesting conversation and honestly, thank you for the work you’re doing. I think it’s, I think it’s a critical service these days especially given, just the really loose practices out there with consumer data.

Paul: So thanks for doing this.

Lawrence: My pleasure. I thank you.

++ END ++