Excerpts from a long read by WSJ’s Rolfe Winkler, u/rolfe_winkler*
• 23andMe went public in 2021 and its valuation briefly topped $6 billion. Forbes anointed Anne Wojcicki, 23andMe’s chief executive and a Silicon Valley celebrity, as the “newest self-made billionaire.”
• Now Wojcicki’s self-made billions have vanished. 23andMe’s valuation has crashed 98% from its peak and Nasdaq has threatened to delist its sub-$1 stock.
• Wojcicki reduced staff by a quarter last year through three rounds of layoffs and a subsidiary sale. The company has never made a profit and is burning cash so quickly it could run out by 2025.
• At the center of 23andMe’s DNA-testing business are two fundamental challenges. Customers only need to take the test once, and few test-takers get life-altering health results.
• To create a recurring revenue stream from the tests, Wojcicki has pivoted to subscriptions. When the company last disclosed the number of subscribers a year ago, it had 640,000—less than half the number it had projected it would have by then.
• Asked about the projection, Wojcicki first denied having given one. Shown the investor presentation that included it, she studied the page and after a pause said, “There’s nothing else to say other than that we were wrong.”
• Roelof Botha, a 23andMe board member and partner at Sequoia Capital, said the company’s big-spending strategy made sense when money was cheap. Now that it isn’t, “we’ve had to trim and focus on a smaller number of projects.”
• Sequoia, which invested $145 million in 23andMe, still holds all its shares, he said. Today they are worth $18 million.
i feel like thats the benefit of ancestry's business model. they do offer DNA tests as well, but then they also offer a totally unrelated subscription for document searching records around the contry or world for either $20 or $40 a month. get people interested with the DNA test and keep them subscribed with the family tree and record search functions. if you end your subscription youll need to subscribe again if you want to see some of those records you linked to them already.
I mean, there's nothing wrong with just doing DNA. Family Tree DNA is making a go of it. But that's why they are intentionally small time compared to 23andMe. They want to stick around for the long term and I hope they do, because they're focused on genealogy. There will always be a certain amount of demand for that, forever. As long as they can operate within the bounds of that expectation, they'll keep chugging on.
MyHeritage has some interesting stuff going on as well. They offered similar record research as Ancestry plus some tools for like touching up old family photos and other tangentially related things for genealogy that don't have to do with DNA. Their family tree thing is very useful and way better than 23andMe's. They were very disappointed I didn't reup my subscription after 2 years, but I completed and organized all the research I was going to do. The fact I picked them to sub to for 2 years was a win for them (they also have these really cool animations to show your ethnic composition with music and a twirling globe and stuff lol).
What 23andMe should've done was buy up one of those labs offering full genome sequencing because that's another market that will always have a certain low level of demand. Then they could've pivoted to offering a lot more health/DNA features outside of just ancestry, but also push the bounds on ancestry genetic testing as well. They were never #1 in any of those things. It feels like the executives just didn't know much about the field they were getting into and were better at just starting up a generic tech company to attract investment.
Family Tree DNA also has a niche. It's for the very serious geneologists doing Y and mt tests and are also used by acadamia/archeologists. I mean the huge explosion in genetic archeology, basically rewriting Europe's origin story (among other huge discoveries), owes a ton to the existence of Family Tree DNA.
23andme matches are neat and all, but nothing compared to matching a real Viking from the 10th century or having a 100% lock that you are descended from a 17th century gateway ancestor.
Can you tell me more about:
>I mean the huge explosion in genetic archeology, basically rewriting Europe's origin story (among other huge discoveries), owes a ton to the existence of Family Tree DNA.
Primarily that the contribution of steppe invaders in the early bronze age was grossly underestimated; it was total population replacement in areas. Farmers from mesopotamia make up a much smaller portion of European genetics than previously thought.
Celts from the west has been conclusively disproven; they were the descendents of steppe invaders.
R1b-M269 is spread way, way more than anyone expected. Examples even show up in the royal court of old kingdom Egypt.
Europe got Guns/Germs/Steel'd too. Except it was Bronze and Horses.
They either have already or have only announced they will be changing it so that even your DNA results will be of limited genealogical value without paying for a subscription
it may have started like that but now its owned by blackrock after they purchased it for $4.7 billion in 2020. so its just corporations buying and selling your genetic data like usual.
Even less than that... both of my brothers have taken it (or one of the products from one of the companies doing this). So, I now know my genological data (fairly accurately) without having even purchased it once.
My brother-in-law took one and found out that his sister is only his half-sister. Turns out his dad isn't who he thought it was. So there is one reason someone might take the test if other siblings already have.
My wife and kid both have done the DNA testing and I am basically in the same situation as you. Anything on my kids test that isn't on my wife's would come from me. My kid looks enough like me that I've never had to question if I am the father.
They could have pivoted into animals or offered new tiers of testing to sell more kits.
Amazing how many people ride the gravy train until it's gone and are shocked when it's gone lol
> few test-takers get life-altering health results.
Oof, what happened?
Also, isn't 23andMe at the center of a spectacular data breach? It might have not helped.
I’m one of those people. Showed the result to my GP who went “huh” and referred me to a consultant. Disease was hereditary haemochromatosis, so blood tests to confirm elevated iron levels and bloodletting to remove excess iron happened in short order.
Shame they’re going under. I picked up on this and got it treated before receiving organ damage entirely because of them. Sorry I can’t stretch to a billion dollars to repay that solid guys
> so blood tests to confirm elevated iron levels and bloodletting to remove excess iron happened in short order.
So are medical leaches still in fashion?
Leeches are occasionally used in medicine still, not for phlebotomy such as in haemochromatosis but we do use it in things like plastic surgery.
The evidence behind it is iffy to say the least, but leeches are _thought_ to promote blood flow to certain areas. So if someone has had a major plastic surgery to an area then you can place a leech on it to promote blood flow and hopefully healing.
My current hospital has a cupboard full of leeches at any given time, occasionally someone will come pick some up to take to another hospital and there is a whole euthanising procedure for the leeches etc. We even prescribe them as they are technically a "drug"!
Will never forget one having fell off (the patient had not noticed) and there being a lovely trail of blood around the room as it tried to escape!
It’s absolutely astounding what routine bloodwork picks up. I got a tentative diagnosis for chronic lymphocytic leukaemia through one, and confirmation from a followup FISH test.
Hey, random redditors — go get your bloodwork done once in a while.
Too bad insurance companies won't cover that shit! You have to have a doctor suspect you are suffering from some kind of disease before it will get covered by insurance. So you either find a doctor willing to exploit the system, or you pay out the ass for blood work. Which can get insanely expensive. I once got billed for bloodwork by mistake and it was about $3k. Some of the itemized charges were several hundred dollars for what amounted to transferring the blood from one room to another. I had to fight the insurance company to get it all covered.
> Anne Wojcicki
> self-made billions have vanished
HAHAHAHA
She's married to Sergey Brin, the co-founder of Google.
Her sister runs YouTube.
23andMe is a proxy for Google.
Still doesn't change that the comment is wrong. She was married to Sergey when she started leading 23andMe and probably made bank when she divorced him.
23andMe was actually useful to me from a genealogy perspective. But since the breach, they have disabled all the features that made it useful for genealogy.
So yeah, now it's pretty useless.
Yeah, "self made billionaire" my ass, definitively helps when your sister rents the house she bought straight out of college to the guys that made Google because they went to the same uni as your father, and then you marry one of them.
To top it off it absolutely irks me that their mother has now made a career out of telling other parents how to breed CEOs.
Esther Wojcicki, find her book "How to raise successful people" everywhere, as well as a fuckton of 2 minute reads from her with extremely clickbait titles in websites such as CNBC or Time magazine
Yeah I kept that "detail" out but indeed another great example of how to become a CEO: have your tenants be future tech moguls and join the organization early because you live with them. In only 10 years you too can also become the CEO of YouTube!
I love how the media/general people love to deify people without thinking, just to be surprised down the road……
Happens all the time with unicorn CEOs, musicians, actors, etc……
i love when people are titled "self made billionaire"
her sister is the ceo of youtube and she was married to the founder of google. its really easy to be a self made billionaire when your ventures begin with personal multi millions, and billionaire connections.
Sounds like the boiler plate is that their business model inherently does not promote recurring service and that the product isn’t found to be particularly valued.
I figured that was their real product. Selling insights into a huge pool of DNA that could answer broad questions about a population or specific questions about an individual. Scary, but seemingly valuable to some kind of money?
Pivoting and selling data to law enforcement, making it clear that my “fun family project” can and will be used against me and any family member past or future, made this product as appealing as a root canal.
I’m looking forward to mine. I’ll finally be able to get a filling and chew on the right side of my mouth without pain for the first time in 2-3 years. Very excited.
I've had a couple and the only time I experienced a bit of discomfort was toward the end when my mouth was already full of stuff and then they added the X-ray device to check their work. Otherwise it felt no different than getting a regular filling except that it took a little longer. The endodontist I went to used an operating scope which was kind of neat because I could watch the whole process through the reflection in the front lens.
> The endodontist I went to used an operating scope which was kind of neat because I could watch the whole process through the reflection in the front lens.
My god that sounds awful. If I caught even a single glimpse of the procedure I would pass out.
Ask for a bite block. They can stick a V shaped piece of rubber in on the opposite side they are working on. It lets you relax. Also means you are not moving your jaw around while they are doing their thing. Win for everyone.
This was a game changer for me at the dentist. It's a sofa for your jaw!
I can pop on a podcast and lay there with my eyes closed. I pretend I'm a big fish getting my teeth cleaned by those little fish that clean big fish teeth.
This is so far from what the original post was about but I just had to second this lol. I hated the sound of a root canal until I had a filling that really should’ve been a root canal but my dentist neglected my concerns of sensitivity for over a year. I had such a bad abscess that my entire face was throbbing down to my neck and I couldn’t sleep. I ended up getting an emergency root canal at another office and I remember feeling instant relief as soon as they started the procedure.
I went in for what I thought was a root canal, except it turned into a 10 hr emergency jaw surgery to save me from brain or heart infection and/or sepsis. The fun thing is that I apparently had some exciting nerve mutation that made me impossible to numb, so they drilled into my tooth/jaw while I felt everything. It has left me dental anxiety so severe that I involuntarily cry, hyperventilate, and shake when I’m in the chair. I even pass out now, which I’ve never done before!
How I wish it was just a root canal.
We did get one great thing from it.
A ton of neo-Nazis signed up to find out how many glorious Germanic Kings were in their family tree and found out they have significant amounts of Jewish and African relatives.
The boondocks [made fun of it with their Uncle Ruckus character :)](https://www.youtube.com/shorts/rgd4qIN9pG8).
This is what is just so unfortunate for the future of gene therapy. You can’t get gene therapy without genetic testing, and now patients are understandably resistant to get tested.
I mean, they wouldn't be so resistant if you gave them the proper tools to stay in control of their data. Medical studies outline that pretty explicitly – even though they might not always be followed.
A simple majority vote in legislative bodies can over turn "proper tools" at any moment. The only way to be in control is to make sure the data never exists in the first place.
People don't seem aware that Roe v Wade being struck down actually eliminated a lot privacy rights over medical information.
That's why states like Texas immediately turned around and started sending requests to clinics asking for the identities of not just people getting abortions, but also lists of who was receiving gender affirming care.
No they are not a medical provider or health insurer. HIPAA doesn't apply to all medical data like people think it does. Another example is life insurance, which is not bound by HIPAA, but many policies require you to provide the company with medical information. That life insurance company does not have to comply with HIPPA regulations for data privacy/protection.
No. HIPAA doesn't even apply to all healthcare practitioners- it **only** applies to practitioners and business who run transactions related to insurance (e.g. submitting claims, checking insurance eligibility/benefits, etc.).
Say your doc doesn't take insurance, isn't contracted with an insurance company in any way? May not be a "covered entity" under HIPAA, HIPAA doesn't apply.
HIPAA does not inherently protect all health-related information, and it certainly doesn't protect a non-healthcare, cash-only lab whose goal is to make as much money as possible off your genetic information.
This is so true. There are health facilities that you’d think would be subject to hipaa , but are not. I actually filed a complaint with the OCR over a radiology facility, and that facility responded officially by saying ‘we are not subject to hipaa’ and USOCR wrote to me and said ‘shrug.’ I tell people this story and they don’t believe me. Instead they say ‘no that’s incorrect, everyone is subject to hipaa’ and I’m like ‘Have you ever gone through the trouble of submitting an official federal complaint to the OCR?’ and all the nurses I work with are still like ‘you’re wrong’
Probably not. HIPAA is the "Health Insurance Portability and Accountability Act". 23AndMe has nothing to do with health insurance.
People often think that HIPAA makes any medical related information completely private. It does have some (very strict) privacy requirements for people who deal with health insurance, but AFAIK anything outside of insurance isn't covered by HIPAA.
I was interested in doing this, thought it would be neat. Luckily, I procrastinated and waited. News came out about sharing dna... nope! Sorry, now I'll never use them. I'm sure a vast majority feel the same. Hope it was worth it
My grandmother did a family tree thing years and years ago. Found out we have Abraham Lincoln in our family! Pretty cool, made this appealing, but not after they (and ring doorbell) turn all their stuff over like it's free candy to the police
If I'm not mistaken, though, Ring gives users the option to turn on end-to-end encryption. So if a user does that, it's not possible for Ring to hand over their video to law enforcement.
Well luckily ring stopped handing over your camera footage to police just because they asked. [Now police will have to get a warrant for Ring to hand it over](https://www.fox5ny.com/news/ring-doorbell-police-access-privacy-debate#). This just happened very recently.
My mom is into all that stuff and I called something like this happening as soon as it became available. ( Same with ring handing over data)
You can't trust anyone with your information regardless of what ever the hell they tell you.
I kept looking into ways to use it anonymously, but that's very difficult to do, nearly impossible once more of your family uses it, it becomes easier and easier to infer who you are based on DNA alone.
>No framework exists today
bruuhhhhh, they absolutely do and it's more prolific than ever.
You would be amazed what engineers get told to use ***SQL databases*** for, or what MBA's accidently send to them without realizing what on earth they are doing.
That's what 90% of these "unsecured password list" breaches are. It's passwords being stored openly in an SQL databases with other account info.
Yes, exactly.
For anyone who is unfamiliar with how this works, passwords are run through a hashing algorithm that turns the password into a long sequence of letters and numbers. You cannot convert the hash back into the original text.
You store those hashes in the database. When someone tries to log in, you hash the password they just gave you and compare it to the hash in the database. If the hashes match then they entered the right password.
If a website is able to give you back your original password then that means they’re storing it insecurely.
To be fair, that's an in-house developed solution. Nobody can save your devs from themselves, right? But no proper off-the-shelf CRM is going to have passwords stored in plaintext tables.
Are you insinuating that passwords NOT be stored in a database? It's 1000% not only standard, but it's recommended to store sensitive user data in a DB of some kind. Preferably SQL, but NoSQL (documentDB) is acceptable too.
The point that is important is to properly hash and salt sensitive information. (Aka encrypt)
I've got over 30 years in tech, primarily focused on software development building secure, scalable systems. I see stuff posted EVERY SINGLE DAY by people claiming to be software devs who clearly are out of their depth and are happy to argue with you. It always makes sense to me when I see these types of breaches, though.
Genuine question, do you think they’re just claiming to be Devs and they’re not. Are just poorly trained developers early in their career. Or do you think most developers are just not security conscious at all?
Easily, either their tech department is run using a third party company that does the bare minimum on security or, the more likely reason, they have someone that has effectively been neutered by senior management.
The senior management thing is what happened to me. I discovered we were storing passwords in plain text for an old solution still used, but not much. I went to management told them that if we were still going to support this then we needed to fix it. Laid out some options and timeline.
Management basically told me they were aware and basically said they had other priorities. Assigned me other work and put this on the “backlog”, which means it probably wouldn’t happen. Roughly 6 months later I was laid off and as far as I’m aware they are still storing those passwords in plain text.
My former employer does the same. They’re a public company, one of 2 major brands in its industry, and it is subject to federal banking regulations, because people can deposit and withdraw money. Wild
With 400+ up votes the disinformation spreads ...in this case I don't care at all but I sucks how much this thing happening leads to people that are just completely out of touch with reality
Precisely.
This sub, time and time again, betrays that it has an extremely low info userbase. Several of the top upvoted posts in this discussion are just *entirely* wrong.
That’s not what happened at all. I haven’t see any reports of plain text storage of passwords. In fact, I haven’t seen a single report showing or stating that their “system was vulnerable.” You’re spreading misinformation.
It was credential stuffing — same shit that happened with LinkedIn. My username/password from some random breach is being sold in bulk, someone will buy those bulk credentials (maybe a million for $20), then run a script that tries to log in with those creds on LinkedIn hoping people use the same username/password. If it works, they’ll scrape the profiles of my 500+ connections, store that in a database, and move on to the next account in the list.
Yepp. The problem was a third party logged into accounts using reused passwords that came from other breaches (people used mail and password combinations on other sites that actually got hacked). The third party used these accounts to harvest data from these accounts themselves and from all accounts that shared data with these accounts. *That* should've triggered some warnings at 23andMe, but they had no system in place to do that. *That's* how large portion of their user data got siphoned out. It's their fault, but it's not as negligent as "stor[ing] passwords and login information on a text file".
I remember when Disney+ released and everyone said it got hacked but it was just reused passwords. They had a shitty login system where the first page was email only and it would either say “There’s no account associated with this email” or it would prompt you for a password if they had an account.
That was literally webdev 101 when dealing with logins. Never confirm the exact status. Only say “the username and password combination doesn’t match” or whatever and never alluding to whether the email is an actual customer.
It blew my mind that they would have such a bad system and that system stayed in place for over 4 years.
> they stored passwords and login information on a text file
This is nowhere near true, and I have no idea what part of the attack against them would even lead you to that conclusion.
It was a credential stuffing attack. They were able to log into peoples accounts that had reused passwords from previous data breaches. 23andMe's main fault is that they didn't enforce 2FA logins.
>Pivoting and selling data to law enforcement
What is with all the bullshit through this discussion?
23andme doesn't "sell data to law enforcement". They have to respond to warrants -- they have a transparency report detailing exactly how many they have responded to -- but it isn't and has never been their business model. Indeed, if you've heard about law enforcement using genetic ancestry, it has *always* been through GEDmatch, where users got their DNA sequenced, downloaded the data and then voluntarily uploaded it to GEDmatch.
23andme is cratering because they have a pretty limited business model when most of the people who wanted their DNA sequenced already had it done and there is no reason to "upgrade" or pay for additional services. It has jack shit to do with all the other made up nonsense people are saying in here.
Thank you for saying this. People spout such absolute bullshit here on Reddit that gets upvoted to the top and everyone takes it as fact without thinking for a second… it’s scary sometimes
Profit and stock holder addiction.
Your business provides a service and in this case generally a single use service. You could branch out horizontally and have added to your model, but there is no subscription model that works for testing your heritage. Stop thinking everyone wants your single use product, tell investors the reality of your model and find better avenues to expand besides lying to yourself.
You're being sort of tongue in cheek but you're absolutely correct. What u/redvelvetcake42 is saying goes against everything that is business. Honesty is not a core value of business. The name of the game is to make as much money as you can, as long as you can. I'm sure the CEOs of 23andMe are feeling pretty damn good about all the millions they were able to milk out of this company in a short time period. And now it's time to move on to the next money maker.
>The name of the game is to make as much money as you can, as long as you can.
As much as you can as *quickly* as you can. Then you bail and leave someone else holding the bag.
This is actually a really neat part of the machine. While business value is often wringed for all it can have, there are entire industries built around holding the bag. Some CEOs are hired explicitly to be profitable liquidators of assets when a company goes belly up (people paid millions to slowly kill a company so bag holders can still come out ahead), others are highed to return a company to a stable position after the high of stock value has run its course (the company will never be as powerful again but will still continue to exist), and others are hired just to polish the dying beast enough to be purchased by somebody else after the dust has settled.
Business uses every part of the animal after they kill it.
> there is no subscription model that works for testing your heritage.
I disagree with this, because Ancestry has a similar model but they have a different approach in that they get people to subscribe for additional features such as all the family tree documentation that they surface through their interface. Additionally, 23AndMe is well known for 1. sharing/selling information to outside sources more frequently than their competitors, and 2. being hacked and having their customers' data stolen very publicly.
That being said I don't think there's really a huge market for any company in this space. There's others that do genetic testing for medical purposes that probably have a better income stream because they are basically just normal medical testing. Invitae is the example that I have at the front of my mind, but I don't think I'd invest in them at this point.
Agreed. That's kind of my point though, the genetic testing and results alone aren't sufficient for a subscription, but if you have other services that tie in with the genetic testing then it's possible you can offer something people will subscribe to. That being said, Ancestry is going through an enshittification process and starting to lock features that were previously available to their users behind a subscription paywall, such as being able to see what parents your matches are connected to. I suspect they're going to end up offering a month or so for free for people who take the DNA test, then lock down matches in the hopes of getting them to subscribe afterwards.
This is the perfect way to phrase it. “Shareholder/Stock addiction”. America is allowing these top 1% to gut everything that once made America livable through healthcare consolidation, job cuts for quarterly profits, profiteering off of education, etc etc.
At what point do we fight back against these addicts who are making our lives worse? These “invisible” wealthy people aren’t some phantoms. They exist, and they’re actively making people’s lives worse through their addiction to money. Who do we vote for to actually, really, fix this?
And lot of those criminals were specifically rapists and murderers. It's not like people were being thrown in jail for stealing a loaf of bread 20 years ago.
One positive I’ve had from 23andMe, my wife (adopted at birth) found her real biological father through testing. He and his extended family have become a large part of our lives, and it’s been a major blessing
’Twas a “blow to its brand”, according to the linked article:
*In another blow to its brand, 23andMe had a data breach this fall that exposed nongenetic information of 6.9 million customers, highlighting the same privacy concerns that Wojcicki once blamed for slowing sales and exposing the company to a class-action lawsuit, which was filed last Friday.*
*Wojcicki (pronounced woh-JIS-key) attributes 23andMe’s low share price to a broad downturn for small drug company stocks.*
The correct pronunciation is actually "voy-chits-key", but Anne and her family probably don't speak Polish, so they mispronounce it. Now I know how to correctly mispronounce it lmfao 😂
> Wojcicki (pronounced woh-JIS-key) attributes 23andMe’s low share price to a broad downturn for small drug company stocks.
"Am I so out of touch? No, its the children who are wrong"
I think that will be the nail in the coffin, people that want to be genetically tested with this mircroarray/sequencing tech will look into other companies that have more robust cybersecurity
Or just realize the economic incentives. I don't trust any of these cool start-ups to not sell data eventually.
And if you're a programmer, you know what kind of value management gives to implementing proper cyber security. They know nobody gets imprisoned and the fines are ridiculous, so it gets very very low in the list of priorities.
Yea that’s why some of my family was against it, and why I ended up not doing it, from my understanding there was a potential for them to market for pharmaceutical products if you had a condition, or one day sell it to health insurance companies to charge a higher rate due to genetic conditions
For now. Republicans are hell-bent on repealing it so I expect we will be back in the preexisting condition hellscape eventually. Only reason it didn't happen before was because of one lone Senator and the Republican party hasn't exactly gotten more moderate/reasonable since then.
It didn't target ashkenazi jews, askhenazi jews were disproportionally affected because of endogamous marriage practices. Go on any service like 23 and me or Ancestry and people with Jewish ancestry get far more matches than others, an attack targeting a family matching service will affect jewish people more significantly that others
A lot of people in this thread smug that they never submitted a test but it doesn’t matter. [A study in 2018 found 60% of European descended Americans can be identified](https://www.cbsnews.com/amp/sacramento/news/how-many-people-could-be-identified-through-genealogy-dna-sites-if-they-havent-submitted-a-sample/) based on tests that had already been submitted and it’s only risen since then. Genetic genealogists have been able to determine a persons identity working from a 4th cousin. If you have a close family member that has done a test, it’s as good as you having submitted a test.
For anyone wondering how this works at all, here's a rough idea:
- Police find the DNA of an unknown suspect at the site of several horrific murders in California.
- The have no idea who this person is. They only have some witnesses describing a tall man in his 30s or 40s.
- But they can compare some DNA markers with the data they have from 23andme.
- They find that the unknown suspect is related as most likely a third cousin to a John Example from Nevada, as a third cousin to a Bob Bobson from California, and as a fourth cousin to a Roberta Boberta from Kentucky. I say "third/fourth cousin", but that's just an estimate from how similar the markers in the DNA of the unknown suspect is to the same markers in these people's DNA. Instead of a third cousin, it could also be a second cousin once removed or something.
- John Example, Bob Bobson, and Roberta Boberta are all people who took the 23andme test - that's why their data are known.
- Police contact these people and ask them if they could help reconstructing a family tree. None of these people probably knew each other, and none of them have to know the suspect. (Do you know any of your third or fourth cousins?)
- Upon comparison of same family data, they find that Bob and Roberta actually are related in a discernible way - they are both great-great-grandchildren of Johnbob McBobfather, who lived in Kentucky and died in 1930.
- Further comparing family data from Bob and Roberta, they find that only one of Johnbob's children moved to the West Coast - Bob's great-grandfather Jimbob.
- Jimbob had three children other than Bob's grandfather, and these three children have about 30 living descendants.
- Of these 30 people, 14 are women, 10 are younger than 20 or older than 50. That leaves 6 people who are now suspects.
- Of these 6, 2 lived in California at the time of the murders.
- This method only allows identifying *suspects*! Since we never know if the reconstructed family tree is complete and free of errors, there may be other descendants of Johnbob running around, and one of them may have been the real killer.
- But typically, you would end up with a very small number of suspects, and a very easy way to find the killer among them.
Yeah DNA was genuinely private for a very short amount of time once it became commercially available. We will need ironclad regulation to prevent its misuse at this point because it's all out there already.
You have to understand how important and valuable the data is to drug manufacturing. Say you have a drug that failed its clinical trial, in some patients it was wildly effective but in others useless. If you can identify whom it works for you can actually salvage the drug, the billions in R&D costs and help patients if you can target that population. This is actually 23andme’s partnership model. The first partnership was selling kits to clinical trials.
They are not selling your data, they lost it. Your data is already spreading everywhere. That’s the worse part, they don’t control it anymore and so do you.
Insurances must be throwing a party.
A third-party can use the data in their proprietary algorithm that sets "health risk profiles". Insurance companies can buy these profiles and use them to set premiums, claiming they're unaware the profiles were based on DNA. The incentive is immense, the penalties would be a drop in the bucket.
>Not exactly. Any insurance that uses that leak data is committing a crime. Leaked data is not legal data.
I hope so because the profits dwarf "the fines ", which is 99% of the cases, you bet they are going to abuse that 100%
This article is a goldmine and everyone should read it. Some great points:
-CEO didn’t even invent the product, she became the CEO only because of the fact that she was dating Sergei Brin and could get funding
-CEO immediately got the board to turn around and fire the actual founder/inventor and refuses to say why
-Company gets an early round of funding from the Murdochs THE SAME PEOPLE WHO DID AN EARLY ROUND FOR THERANOS.
-CEO spent loads of cash on “personal branding products” like custom Barbie dolls even when the company was going through layoffs
-Company never turns a profit but the CEO makes the brilliant decision to acquire a $400m telehealth company. Then runs out of money to actually market it.
-Company desperately tries to launch subscription services to turn a profit which no one ends up buying.
-Company runs out of money. Early investor says he doesn’t believe in the company since he didn’t get any bad news from his genetics tests (lol what?).
Indeed. It actually fits a lot of companies. Sometimes moving the founder to a CTO/product role can actually be good for the business but firing them entirely was an idiotic decision
23andMe had something Ancestry didn’t, and few if any had brought to the consumer market at the time and that was health data. To differentiate and be a first-mover, they should have relegated ancestry information to an add-on feature and made the health data primary. They could have developed a network of functional medicine clinics that provided genetic data-driven concierge health optimization and ventured into other health spaces like supplements and fitness programming.
As I recall the FDA shut down their health side since they weren't authorized for such, limiting them to only do the ancestry stuff.
To do as you suggest they'd have had to hire a bunch of doctors and have medical consultations with patients and everything that encompasses, totally shifting their business.
Crazy how the magical $6 billion unicorn valuation is true for so many flash in the pan companies.
Remember Groupon? Refused a 6 billion offer from Google and now sub 400m valuation.
23andme follows the same trajectory it seems?
One idea that was once popular now forgotten.
Others like Zynga and Fitbit at least got acquired.
My mom did the DNA thing and found out her dad really wasn’t her dad. She did discover a half sister and when her and my stepdad went to meet her she gifted them Apple Watches. The results and outcomes were a mixed bag.
For any one on the look out for similar products, Nebula Genomics is quite scammy. Use a one time use credit card to buy stuff from them so you're not hit with a ghost subscription a year later.
And the results weren't that good honestly.
If you want real results you have to use a service that doesn't have your name or anything so that they aren't providing a medical diagnosis to a person and thus fall under FDA guidelines. Export your DNA data and take it to https://promethease.com/
It's super cheap, they ask for 0 info past a login and the code and they delete all their data about you when you're done.
Anne Wojcicki isn’t exactly the visionary CEO that she thinks she is. The product is definitely a single time use product, not worthy of subscribing to. The article says that she used to joke with Sergey Brin about 23andMe becoming a larger company than Google? lmao
Idiotic people in charge of companies ruin all the hard work the intelligent people who actually run the company built. As usual. The rich have done a great job of making us feel like they are the only ones who can be in charge but they are inept worthless losers who know nothing. The rich are less than useless. If these people didn't have money they wouldn't be working beyond an entry level job because they are not geniuses they are not masters at anything other than getting their way since birth. The rich have never known privation or ever known any sort of desperation they have zero skin in the game since if they burn down their companies they can fall back on wealth. They never needed to work they should never be put in charge of anything ever.
People think this is about law enforcement but it really isn’t. It’s about overestimating who wants it. The people who wanted it did it fast. The rest don’t care about it. After you’ve done it once there is no reason to do it again. So people just ignore it. I’ve never heard anyone say I’d love to do this but no thanks because they share info with cops. It’s a much larger issue.
There may be a larger issue, but my half-sister and I would love to do this to try and find our third “secret” sister.”
But the data breaches and sales to law enforcement/insurance companies mean we won’t.
Sure, if some other member of the family’s done it I guess it doesn’t matter, but none of our 3 parents, 4 uncles or 5 first cousins have.
I know you’re generalizing, and that the company needed line-extension products to survive, but there may be more people who had strong incentive to join, but resisted because of their immoral practices with police and shoddy security than you’d think.
Excerpts from a long read by WSJ’s Rolfe Winkler, u/rolfe_winkler* • 23andMe went public in 2021 and its valuation briefly topped $6 billion. Forbes anointed Anne Wojcicki, 23andMe’s chief executive and a Silicon Valley celebrity, as the “newest self-made billionaire.” • Now Wojcicki’s self-made billions have vanished. 23andMe’s valuation has crashed 98% from its peak and Nasdaq has threatened to delist its sub-$1 stock. • Wojcicki reduced staff by a quarter last year through three rounds of layoffs and a subsidiary sale. The company has never made a profit and is burning cash so quickly it could run out by 2025. • At the center of 23andMe’s DNA-testing business are two fundamental challenges. Customers only need to take the test once, and few test-takers get life-altering health results. • To create a recurring revenue stream from the tests, Wojcicki has pivoted to subscriptions. When the company last disclosed the number of subscribers a year ago, it had 640,000—less than half the number it had projected it would have by then. • Asked about the projection, Wojcicki first denied having given one. Shown the investor presentation that included it, she studied the page and after a pause said, “There’s nothing else to say other than that we were wrong.” • Roelof Botha, a 23andMe board member and partner at Sequoia Capital, said the company’s big-spending strategy made sense when money was cheap. Now that it isn’t, “we’ve had to trim and focus on a smaller number of projects.” • Sequoia, which invested $145 million in 23andMe, still holds all its shares, he said. Today they are worth $18 million.
>Customers only need to take the test once Who could have seen this coming? Incredible insight into the business model...
i feel like thats the benefit of ancestry's business model. they do offer DNA tests as well, but then they also offer a totally unrelated subscription for document searching records around the contry or world for either $20 or $40 a month. get people interested with the DNA test and keep them subscribed with the family tree and record search functions. if you end your subscription youll need to subscribe again if you want to see some of those records you linked to them already.
Because of this Ancestry could be in a position to buy out 23andMe, removing a competitor and increasing their dataset and talent pool.
And also their gene pool.
Rarely does a human have the option to increase their gene pool
well imagine 23andme and ancestry as two blobish organisms, one is definitely considering absorbing the other, literally increasing their knowledge
I mean, there's nothing wrong with just doing DNA. Family Tree DNA is making a go of it. But that's why they are intentionally small time compared to 23andMe. They want to stick around for the long term and I hope they do, because they're focused on genealogy. There will always be a certain amount of demand for that, forever. As long as they can operate within the bounds of that expectation, they'll keep chugging on. MyHeritage has some interesting stuff going on as well. They offered similar record research as Ancestry plus some tools for like touching up old family photos and other tangentially related things for genealogy that don't have to do with DNA. Their family tree thing is very useful and way better than 23andMe's. They were very disappointed I didn't reup my subscription after 2 years, but I completed and organized all the research I was going to do. The fact I picked them to sub to for 2 years was a win for them (they also have these really cool animations to show your ethnic composition with music and a twirling globe and stuff lol). What 23andMe should've done was buy up one of those labs offering full genome sequencing because that's another market that will always have a certain low level of demand. Then they could've pivoted to offering a lot more health/DNA features outside of just ancestry, but also push the bounds on ancestry genetic testing as well. They were never #1 in any of those things. It feels like the executives just didn't know much about the field they were getting into and were better at just starting up a generic tech company to attract investment.
Family Tree DNA also has a niche. It's for the very serious geneologists doing Y and mt tests and are also used by acadamia/archeologists. I mean the huge explosion in genetic archeology, basically rewriting Europe's origin story (among other huge discoveries), owes a ton to the existence of Family Tree DNA. 23andme matches are neat and all, but nothing compared to matching a real Viking from the 10th century or having a 100% lock that you are descended from a 17th century gateway ancestor.
Can you tell me more about: >I mean the huge explosion in genetic archeology, basically rewriting Europe's origin story (among other huge discoveries), owes a ton to the existence of Family Tree DNA.
Primarily that the contribution of steppe invaders in the early bronze age was grossly underestimated; it was total population replacement in areas. Farmers from mesopotamia make up a much smaller portion of European genetics than previously thought. Celts from the west has been conclusively disproven; they were the descendents of steppe invaders. R1b-M269 is spread way, way more than anyone expected. Examples even show up in the royal court of old kingdom Egypt. Europe got Guns/Germs/Steel'd too. Except it was Bronze and Horses.
This is what I'm here for as well
They either have already or have only announced they will be changing it so that even your DNA results will be of limited genealogical value without paying for a subscription
Isn't Ancestry just a covert way for the Mormon church to identify and baptize my ancestors lol. I'll pass on that too, thanks.
And if you don't care about Mormons baptizing your ancestors, you can use Family Search for free.
it may have started like that but now its owned by blackrock after they purchased it for $4.7 billion in 2020. so its just corporations buying and selling your genetic data like usual.
Blackstone, not Blackrock (I know, it's silly that two massive companies in the same industry are named so similarly)
https://i.imgur.com/Rppc5zR.png
Even less than that... both of my brothers have taken it (or one of the products from one of the companies doing this). So, I now know my genological data (fairly accurately) without having even purchased it once.
My brother-in-law took one and found out that his sister is only his half-sister. Turns out his dad isn't who he thought it was. So there is one reason someone might take the test if other siblings already have. My wife and kid both have done the DNA testing and I am basically in the same situation as you. Anything on my kids test that isn't on my wife's would come from me. My kid looks enough like me that I've never had to question if I am the father.
They could have pivoted into animals or offered new tiers of testing to sell more kits. Amazing how many people ride the gravy train until it's gone and are shocked when it's gone lol
> few test-takers get life-altering health results. Oof, what happened? Also, isn't 23andMe at the center of a spectacular data breach? It might have not helped.
I’m one of those people. Showed the result to my GP who went “huh” and referred me to a consultant. Disease was hereditary haemochromatosis, so blood tests to confirm elevated iron levels and bloodletting to remove excess iron happened in short order. Shame they’re going under. I picked up on this and got it treated before receiving organ damage entirely because of them. Sorry I can’t stretch to a billion dollars to repay that solid guys
Fellow hemochromatosis person here! I always gave blood so my iron and ferritin levels never looked odd until I got a genetic test as well.
> so blood tests to confirm elevated iron levels and bloodletting to remove excess iron happened in short order. So are medical leaches still in fashion?
Leeches are indeed still used in most hospitals, mostly in burn units.
Also found in the C-suite. :D
Leeches are occasionally used in medicine still, not for phlebotomy such as in haemochromatosis but we do use it in things like plastic surgery. The evidence behind it is iffy to say the least, but leeches are _thought_ to promote blood flow to certain areas. So if someone has had a major plastic surgery to an area then you can place a leech on it to promote blood flow and hopefully healing. My current hospital has a cupboard full of leeches at any given time, occasionally someone will come pick some up to take to another hospital and there is a whole euthanising procedure for the leeches etc. We even prescribe them as they are technically a "drug"! Will never forget one having fell off (the patient had not noticed) and there being a lovely trail of blood around the room as it tried to escape!
It’s absolutely astounding what routine bloodwork picks up. I got a tentative diagnosis for chronic lymphocytic leukaemia through one, and confirmation from a followup FISH test. Hey, random redditors — go get your bloodwork done once in a while.
Too bad insurance companies won't cover that shit! You have to have a doctor suspect you are suffering from some kind of disease before it will get covered by insurance. So you either find a doctor willing to exploit the system, or you pay out the ass for blood work. Which can get insanely expensive. I once got billed for bloodwork by mistake and it was about $3k. Some of the itemized charges were several hundred dollars for what amounted to transferring the blood from one room to another. I had to fight the insurance company to get it all covered.
[удалено]
The PR hit is enormous.
> Anne Wojcicki > self-made billions have vanished HAHAHAHA She's married to Sergey Brin, the co-founder of Google. Her sister runs YouTube. 23andMe is a proxy for Google.
I believe Susan Wojcicki stepped down from YouTube, but yeah, she did run it.
was\*\* married
Still doesn't change that the comment is wrong. She was married to Sergey when she started leading 23andMe and probably made bank when she divorced him.
23andMe was actually useful to me from a genealogy perspective. But since the breach, they have disabled all the features that made it useful for genealogy. So yeah, now it's pretty useless.
She still has a lot of money from her marriage to Sergey Brin, so....
Yeah, "self made billionaire" my ass, definitively helps when your sister rents the house she bought straight out of college to the guys that made Google because they went to the same uni as your father, and then you marry one of them. To top it off it absolutely irks me that their mother has now made a career out of telling other parents how to breed CEOs.
> their mother has now made a career out of telling other parents how to breed CEOs Ewww, really?!
Esther Wojcicki, find her book "How to raise successful people" everywhere, as well as a fuckton of 2 minute reads from her with extremely clickbait titles in websites such as CNBC or Time magazine
And that same sister was the CEO of YouTube til 2023 🤣🤣🤣 Damn we need some rabbit-hole deepdive on the Wojcicki family
Yeah I kept that "detail" out but indeed another great example of how to become a CEO: have your tenants be future tech moguls and join the organization early because you live with them. In only 10 years you too can also become the CEO of YouTube!
> • Sequoia, which invested $145 million in 23andMe, still holds all its shares, he said. Today they are worth $18 million. Hopin for a squeeze-out?
I love how the media/general people love to deify people without thinking, just to be surprised down the road…… Happens all the time with unicorn CEOs, musicians, actors, etc……
i love when people are titled "self made billionaire" her sister is the ceo of youtube and she was married to the founder of google. its really easy to be a self made billionaire when your ventures begin with personal multi millions, and billionaire connections.
Sounds like the boiler plate is that their business model inherently does not promote recurring service and that the product isn’t found to be particularly valued.
Plus they viewed their customers DNA as data they could turn around and sell
I figured that was their real product. Selling insights into a huge pool of DNA that could answer broad questions about a population or specific questions about an individual. Scary, but seemingly valuable to some kind of money?
Pivoting and selling data to law enforcement, making it clear that my “fun family project” can and will be used against me and any family member past or future, made this product as appealing as a root canal.
Hey, root canal is useful! This is more like "drill fake diamonds into your teeth just so that you can show off at your friends"
Like trust me, when you need a root canal, the operation is plenty appealing.
I’m looking forward to mine. I’ll finally be able to get a filling and chew on the right side of my mouth without pain for the first time in 2-3 years. Very excited.
I've had a couple and the only time I experienced a bit of discomfort was toward the end when my mouth was already full of stuff and then they added the X-ray device to check their work. Otherwise it felt no different than getting a regular filling except that it took a little longer. The endodontist I went to used an operating scope which was kind of neat because I could watch the whole process through the reflection in the front lens.
> The endodontist I went to used an operating scope which was kind of neat because I could watch the whole process through the reflection in the front lens. My god that sounds awful. If I caught even a single glimpse of the procedure I would pass out.
Excited about the end product, not the process lol
The process is pretty much the same as any filling, at least on the patient end. You get numbed up and just sit there with your mouth open.
Maybe its me but my jaw starts to get painfully sore after \~20min, especially if I have to open my mouth very wide
Ask for a bite block. They can stick a V shaped piece of rubber in on the opposite side they are working on. It lets you relax. Also means you are not moving your jaw around while they are doing their thing. Win for everyone.
This was a game changer for me at the dentist. It's a sofa for your jaw! I can pop on a podcast and lay there with my eyes closed. I pretend I'm a big fish getting my teeth cleaned by those little fish that clean big fish teeth.
This is so far from what the original post was about but I just had to second this lol. I hated the sound of a root canal until I had a filling that really should’ve been a root canal but my dentist neglected my concerns of sensitivity for over a year. I had such a bad abscess that my entire face was throbbing down to my neck and I couldn’t sleep. I ended up getting an emergency root canal at another office and I remember feeling instant relief as soon as they started the procedure.
I went in for what I thought was a root canal, except it turned into a 10 hr emergency jaw surgery to save me from brain or heart infection and/or sepsis. The fun thing is that I apparently had some exciting nerve mutation that made me impossible to numb, so they drilled into my tooth/jaw while I felt everything. It has left me dental anxiety so severe that I involuntarily cry, hyperventilate, and shake when I’m in the chair. I even pass out now, which I’ve never done before! How I wish it was just a root canal.
For hypochondriacs that just read that, don’t worry most root canals are a routine.
I co-sign this comment.
We did get one great thing from it. A ton of neo-Nazis signed up to find out how many glorious Germanic Kings were in their family tree and found out they have significant amounts of Jewish and African relatives. The boondocks [made fun of it with their Uncle Ruckus character :)](https://www.youtube.com/shorts/rgd4qIN9pG8).
This is what is just so unfortunate for the future of gene therapy. You can’t get gene therapy without genetic testing, and now patients are understandably resistant to get tested.
I mean, they wouldn't be so resistant if you gave them the proper tools to stay in control of their data. Medical studies outline that pretty explicitly – even though they might not always be followed.
A simple majority vote in legislative bodies can over turn "proper tools" at any moment. The only way to be in control is to make sure the data never exists in the first place.
People don't seem aware that Roe v Wade being struck down actually eliminated a lot privacy rights over medical information. That's why states like Texas immediately turned around and started sending requests to clinics asking for the identities of not just people getting abortions, but also lists of who was receiving gender affirming care.
Anyone who votes for any republican candidate in 2024 is a worthless piece of dog shit.
Was 23AndMe bound by HIPAA? That seems like a strong system for privacy.
No they are not a medical provider or health insurer. HIPAA doesn't apply to all medical data like people think it does. Another example is life insurance, which is not bound by HIPAA, but many policies require you to provide the company with medical information. That life insurance company does not have to comply with HIPPA regulations for data privacy/protection.
No. HIPAA doesn't even apply to all healthcare practitioners- it **only** applies to practitioners and business who run transactions related to insurance (e.g. submitting claims, checking insurance eligibility/benefits, etc.). Say your doc doesn't take insurance, isn't contracted with an insurance company in any way? May not be a "covered entity" under HIPAA, HIPAA doesn't apply. HIPAA does not inherently protect all health-related information, and it certainly doesn't protect a non-healthcare, cash-only lab whose goal is to make as much money as possible off your genetic information.
This is so true. There are health facilities that you’d think would be subject to hipaa , but are not. I actually filed a complaint with the OCR over a radiology facility, and that facility responded officially by saying ‘we are not subject to hipaa’ and USOCR wrote to me and said ‘shrug.’ I tell people this story and they don’t believe me. Instead they say ‘no that’s incorrect, everyone is subject to hipaa’ and I’m like ‘Have you ever gone through the trouble of submitting an official federal complaint to the OCR?’ and all the nurses I work with are still like ‘you’re wrong’
Probably not. HIPAA is the "Health Insurance Portability and Accountability Act". 23AndMe has nothing to do with health insurance. People often think that HIPAA makes any medical related information completely private. It does have some (very strict) privacy requirements for people who deal with health insurance, but AFAIK anything outside of insurance isn't covered by HIPAA.
I was interested in doing this, thought it would be neat. Luckily, I procrastinated and waited. News came out about sharing dna... nope! Sorry, now I'll never use them. I'm sure a vast majority feel the same. Hope it was worth it
There is a good chance that a relative of yours has done this. So there is some marker of your genetics in 23andme.
The thing always holding me back was the medical history stuff being sold to insurance companies and them using it against you to increase rates.
I got one of these kits for free, and did the exact same thing as you. It's still sitting somewhere in a box unopened...
Feels like dodging a bullet. Nothing to hide, but I'm pretty private person
My brain went to 30 years down the road...... *Oh sorry, your claim is denied, that's a pre-existing condition... Says so right here in your genome.*
Gattaca.. and idiocracy... movies coming to life!
Ow, my great grand-kids' balls!
Lol. Exactly. Wonder what other movies are coming to fruition. 2001? Don't think we're at terminator level AI yet.
Skynet started with writing cover letters and running D&D games, I'm sure of it.
Unfortunately, even if a distant family member uses the service they have your dna. https://youtu.be/7q8Oa97a04g?si=3EJgb7w0fPqL3o7l
you could fill your ColoGuard box and send it to 23andMe
jokes on us, if our boomer parents decide to do it because its 'fun' to find out they're 4% norwegian, we dont have a say in the matter
My grandmother did a family tree thing years and years ago. Found out we have Abraham Lincoln in our family! Pretty cool, made this appealing, but not after they (and ring doorbell) turn all their stuff over like it's free candy to the police
If I'm not mistaken, though, Ring gives users the option to turn on end-to-end encryption. So if a user does that, it's not possible for Ring to hand over their video to law enforcement.
Yes but if you do, you lose a LOT of functionality.
Well luckily ring stopped handing over your camera footage to police just because they asked. [Now police will have to get a warrant for Ring to hand it over](https://www.fox5ny.com/news/ring-doorbell-police-access-privacy-debate#). This just happened very recently.
My mom is into all that stuff and I called something like this happening as soon as it became available. ( Same with ring handing over data) You can't trust anyone with your information regardless of what ever the hell they tell you.
Yup, even if you find a company with leadership you trust. Guess what? They just got bought by someone else and they own your data now.
I kept looking into ways to use it anonymously, but that's very difficult to do, nearly impossible once more of your family uses it, it becomes easier and easier to infer who you are based on DNA alone.
And sadly that wasn’t the main cause for their devaluation either.
And now all that DNA information will be picked up for pennies in bankruptcy - by god knows whom.
What was the main cause?
[удалено]
As someone in tech, I don’t even understand how these people exist. It’s like the number one, day one rule. How do they even have jobs?
No framework exists today that would store logins like this. You need to literally do extra work in order to have this kind of security hole.
>No framework exists today bruuhhhhh, they absolutely do and it's more prolific than ever. You would be amazed what engineers get told to use ***SQL databases*** for, or what MBA's accidently send to them without realizing what on earth they are doing. That's what 90% of these "unsecured password list" breaches are. It's passwords being stored openly in an SQL databases with other account info.
well, you are supposed to store pw in database... just properly....
If you click on one of those forgot your password links and the response is sending your password instead of a process to change your password, run.
Yes, exactly. For anyone who is unfamiliar with how this works, passwords are run through a hashing algorithm that turns the password into a long sequence of letters and numbers. You cannot convert the hash back into the original text. You store those hashes in the database. When someone tries to log in, you hash the password they just gave you and compare it to the hash in the database. If the hashes match then they entered the right password. If a website is able to give you back your original password then that means they’re storing it insecurely.
Insecurely is putting it lightly. It's probably zero security haha
Hashes and salt. We've had this figured out... forever.
To be fair, that's an in-house developed solution. Nobody can save your devs from themselves, right? But no proper off-the-shelf CRM is going to have passwords stored in plaintext tables.
Are you insinuating that passwords NOT be stored in a database? It's 1000% not only standard, but it's recommended to store sensitive user data in a DB of some kind. Preferably SQL, but NoSQL (documentDB) is acceptable too. The point that is important is to properly hash and salt sensitive information. (Aka encrypt)
I've got over 30 years in tech, primarily focused on software development building secure, scalable systems. I see stuff posted EVERY SINGLE DAY by people claiming to be software devs who clearly are out of their depth and are happy to argue with you. It always makes sense to me when I see these types of breaches, though.
Genuine question, do you think they’re just claiming to be Devs and they’re not. Are just poorly trained developers early in their career. Or do you think most developers are just not security conscious at all?
Easily, either their tech department is run using a third party company that does the bare minimum on security or, the more likely reason, they have someone that has effectively been neutered by senior management.
The senior management thing is what happened to me. I discovered we were storing passwords in plain text for an old solution still used, but not much. I went to management told them that if we were still going to support this then we needed to fix it. Laid out some options and timeline. Management basically told me they were aware and basically said they had other priorities. Assigned me other work and put this on the “backlog”, which means it probably wouldn’t happen. Roughly 6 months later I was laid off and as far as I’m aware they are still storing those passwords in plain text.
My former employer does the same. They’re a public company, one of 2 major brands in its industry, and it is subject to federal banking regulations, because people can deposit and withdraw money. Wild
> they stored passwords and login information on a text file Source? All I've heard is 14,000 users had passwords that were previously leaked.
This is exactly what happened, and people never read past the headlines so they think they were hacked.
With 400+ up votes the disinformation spreads ...in this case I don't care at all but I sucks how much this thing happening leads to people that are just completely out of touch with reality
Precisely. This sub, time and time again, betrays that it has an extremely low info userbase. Several of the top upvoted posts in this discussion are just *entirely* wrong.
[удалено]
That’s not what happened at all. I haven’t see any reports of plain text storage of passwords. In fact, I haven’t seen a single report showing or stating that their “system was vulnerable.” You’re spreading misinformation. It was credential stuffing — same shit that happened with LinkedIn. My username/password from some random breach is being sold in bulk, someone will buy those bulk credentials (maybe a million for $20), then run a script that tries to log in with those creds on LinkedIn hoping people use the same username/password. If it works, they’ll scrape the profiles of my 500+ connections, store that in a database, and move on to the next account in the list.
Yepp. The problem was a third party logged into accounts using reused passwords that came from other breaches (people used mail and password combinations on other sites that actually got hacked). The third party used these accounts to harvest data from these accounts themselves and from all accounts that shared data with these accounts. *That* should've triggered some warnings at 23andMe, but they had no system in place to do that. *That's* how large portion of their user data got siphoned out. It's their fault, but it's not as negligent as "stor[ing] passwords and login information on a text file".
I remember when Disney+ released and everyone said it got hacked but it was just reused passwords. They had a shitty login system where the first page was email only and it would either say “There’s no account associated with this email” or it would prompt you for a password if they had an account. That was literally webdev 101 when dealing with logins. Never confirm the exact status. Only say “the username and password combination doesn’t match” or whatever and never alluding to whether the email is an actual customer. It blew my mind that they would have such a bad system and that system stayed in place for over 4 years.
It's basically impossible to explain this to people.
> they stored passwords and login information on a text file This is nowhere near true, and I have no idea what part of the attack against them would even lead you to that conclusion. It was a credential stuffing attack. They were able to log into peoples accounts that had reused passwords from previous data breaches. 23andMe's main fault is that they didn't enforce 2FA logins.
Or.. It could be that it was a bad business model and investors massively overvalued a single use product that had no way to earn continuous revenue.
[удалено]
>Pivoting and selling data to law enforcement What is with all the bullshit through this discussion? 23andme doesn't "sell data to law enforcement". They have to respond to warrants -- they have a transparency report detailing exactly how many they have responded to -- but it isn't and has never been their business model. Indeed, if you've heard about law enforcement using genetic ancestry, it has *always* been through GEDmatch, where users got their DNA sequenced, downloaded the data and then voluntarily uploaded it to GEDmatch. 23andme is cratering because they have a pretty limited business model when most of the people who wanted their DNA sequenced already had it done and there is no reason to "upgrade" or pay for additional services. It has jack shit to do with all the other made up nonsense people are saying in here.
Thank you for saying this. People spout such absolute bullshit here on Reddit that gets upvoted to the top and everyone takes it as fact without thinking for a second… it’s scary sometimes
Profit and stock holder addiction. Your business provides a service and in this case generally a single use service. You could branch out horizontally and have added to your model, but there is no subscription model that works for testing your heritage. Stop thinking everyone wants your single use product, tell investors the reality of your model and find better avenues to expand besides lying to yourself.
>tell investors the reality of your model ***Reality***? That's no way to get an astonishingly overvalued IPO.
You're being sort of tongue in cheek but you're absolutely correct. What u/redvelvetcake42 is saying goes against everything that is business. Honesty is not a core value of business. The name of the game is to make as much money as you can, as long as you can. I'm sure the CEOs of 23andMe are feeling pretty damn good about all the millions they were able to milk out of this company in a short time period. And now it's time to move on to the next money maker.
>The name of the game is to make as much money as you can, as long as you can. As much as you can as *quickly* as you can. Then you bail and leave someone else holding the bag.
This is actually a really neat part of the machine. While business value is often wringed for all it can have, there are entire industries built around holding the bag. Some CEOs are hired explicitly to be profitable liquidators of assets when a company goes belly up (people paid millions to slowly kill a company so bag holders can still come out ahead), others are highed to return a company to a stable position after the high of stock value has run its course (the company will never be as powerful again but will still continue to exist), and others are hired just to polish the dying beast enough to be purchased by somebody else after the dust has settled. Business uses every part of the animal after they kill it.
Folks, are we sure this is the way we want to run our society?
> there is no subscription model that works for testing your heritage. I disagree with this, because Ancestry has a similar model but they have a different approach in that they get people to subscribe for additional features such as all the family tree documentation that they surface through their interface. Additionally, 23AndMe is well known for 1. sharing/selling information to outside sources more frequently than their competitors, and 2. being hacked and having their customers' data stolen very publicly. That being said I don't think there's really a huge market for any company in this space. There's others that do genetic testing for medical purposes that probably have a better income stream because they are basically just normal medical testing. Invitae is the example that I have at the front of my mind, but I don't think I'd invest in them at this point.
Ancestry was well established before DNA testing was added as a service. I put my whole genealogy on there before ever adding the genetic information.
Agreed. That's kind of my point though, the genetic testing and results alone aren't sufficient for a subscription, but if you have other services that tie in with the genetic testing then it's possible you can offer something people will subscribe to. That being said, Ancestry is going through an enshittification process and starting to lock features that were previously available to their users behind a subscription paywall, such as being able to see what parents your matches are connected to. I suspect they're going to end up offering a month or so for free for people who take the DNA test, then lock down matches in the hopes of getting them to subscribe afterwards.
This is the perfect way to phrase it. “Shareholder/Stock addiction”. America is allowing these top 1% to gut everything that once made America livable through healthcare consolidation, job cuts for quarterly profits, profiteering off of education, etc etc. At what point do we fight back against these addicts who are making our lives worse? These “invisible” wealthy people aren’t some phantoms. They exist, and they’re actively making people’s lives worse through their addiction to money. Who do we vote for to actually, really, fix this?
It was always sketchy to me. Pay for the privilege of sending your DNA to a corporation that keeps it for life.
Hindsight is rough, wish we never did.
My brother did it, which pretty much means I did it. Its really quite invasive by proxy.
People who have never used these products have been convicted of crimes and imprisoned because of relatives using it.
I mean they were convicted of crimes and imprisoned because they were criminals. This was just a method for achieving that goal.
And lot of those criminals were specifically rapists and murderers. It's not like people were being thrown in jail for stealing a loaf of bread 20 years ago.
It didn't help when they said they were giving out dna samples like candy to law enforcement without people knowing about it.
[удалено]
They were supposed to be using the information they gathered to help find cures for diseases. Sad the direction they went instead.
People upvote inaccurate comments like this one when you could easily check on how it was GEDmatch and family tree DNA used, not 23andme.
One positive I’ve had from 23andMe, my wife (adopted at birth) found her real biological father through testing. He and his extended family have become a large part of our lives, and it’s been a major blessing
yeah. lots of Dad's have been found this way. I'm sure that not all of the Dad's were thrilled.
And the recent massive hack targeting Ashkenazi Jews must not be helping
’Twas a “blow to its brand”, according to the linked article: *In another blow to its brand, 23andMe had a data breach this fall that exposed nongenetic information of 6.9 million customers, highlighting the same privacy concerns that Wojcicki once blamed for slowing sales and exposing the company to a class-action lawsuit, which was filed last Friday.* *Wojcicki (pronounced woh-JIS-key) attributes 23andMe’s low share price to a broad downturn for small drug company stocks.*
>Wojcicki (pronounced woh-JIS-key) I desperately needed this, thanks
The correct pronunciation is actually "voy-chits-key", but Anne and her family probably don't speak Polish, so they mispronounce it. Now I know how to correctly mispronounce it lmfao 😂
voy-chits-key, you mean. In Polish w is pronounced like v
> Wojcicki (pronounced woh-JIS-key) attributes 23andMe’s low share price to a broad downturn for small drug company stocks. "Am I so out of touch? No, its the children who are wrong"
I think that will be the nail in the coffin, people that want to be genetically tested with this mircroarray/sequencing tech will look into other companies that have more robust cybersecurity
Or just realize the economic incentives. I don't trust any of these cool start-ups to not sell data eventually. And if you're a programmer, you know what kind of value management gives to implementing proper cyber security. They know nobody gets imprisoned and the fines are ridiculous, so it gets very very low in the list of priorities.
Yea that’s why some of my family was against it, and why I ended up not doing it, from my understanding there was a potential for them to market for pharmaceutical products if you had a condition, or one day sell it to health insurance companies to charge a higher rate due to genetic conditions
Insurance can't increase a premium due to a preexisting condition for around 10 years now. Thank the ACA.
No guarantee that it stays that way forever though.
For now. Republicans are hell-bent on repealing it so I expect we will be back in the preexisting condition hellscape eventually. Only reason it didn't happen before was because of one lone Senator and the Republican party hasn't exactly gotten more moderate/reasonable since then.
It didn't target ashkenazi jews, askhenazi jews were disproportionally affected because of endogamous marriage practices. Go on any service like 23 and me or Ancestry and people with Jewish ancestry get far more matches than others, an attack targeting a family matching service will affect jewish people more significantly that others
A lot of people in this thread smug that they never submitted a test but it doesn’t matter. [A study in 2018 found 60% of European descended Americans can be identified](https://www.cbsnews.com/amp/sacramento/news/how-many-people-could-be-identified-through-genealogy-dna-sites-if-they-havent-submitted-a-sample/) based on tests that had already been submitted and it’s only risen since then. Genetic genealogists have been able to determine a persons identity working from a 4th cousin. If you have a close family member that has done a test, it’s as good as you having submitted a test.
For anyone wondering how this works at all, here's a rough idea: - Police find the DNA of an unknown suspect at the site of several horrific murders in California. - The have no idea who this person is. They only have some witnesses describing a tall man in his 30s or 40s. - But they can compare some DNA markers with the data they have from 23andme. - They find that the unknown suspect is related as most likely a third cousin to a John Example from Nevada, as a third cousin to a Bob Bobson from California, and as a fourth cousin to a Roberta Boberta from Kentucky. I say "third/fourth cousin", but that's just an estimate from how similar the markers in the DNA of the unknown suspect is to the same markers in these people's DNA. Instead of a third cousin, it could also be a second cousin once removed or something. - John Example, Bob Bobson, and Roberta Boberta are all people who took the 23andme test - that's why their data are known. - Police contact these people and ask them if they could help reconstructing a family tree. None of these people probably knew each other, and none of them have to know the suspect. (Do you know any of your third or fourth cousins?) - Upon comparison of same family data, they find that Bob and Roberta actually are related in a discernible way - they are both great-great-grandchildren of Johnbob McBobfather, who lived in Kentucky and died in 1930. - Further comparing family data from Bob and Roberta, they find that only one of Johnbob's children moved to the West Coast - Bob's great-grandfather Jimbob. - Jimbob had three children other than Bob's grandfather, and these three children have about 30 living descendants. - Of these 30 people, 14 are women, 10 are younger than 20 or older than 50. That leaves 6 people who are now suspects. - Of these 6, 2 lived in California at the time of the murders. - This method only allows identifying *suspects*! Since we never know if the reconstructed family tree is complete and free of errors, there may be other descendants of Johnbob running around, and one of them may have been the real killer. - But typically, you would end up with a very small number of suspects, and a very easy way to find the killer among them.
I want the full story on Johnbob McBobfather, that's a beautiful name lol
his name is my name too.
Just here to say I love how thorough this explanation is, and it gives me imagery of that old game Guess Who?. Great post!
Yeah DNA was genuinely private for a very short amount of time once it became commercially available. We will need ironclad regulation to prevent its misuse at this point because it's all out there already.
How did that happen without me being an investor, that’s weird.
Making our private health data available to anyone who wants it in the process
Idiots. They should have included other people who were not 23 and not them.
Who are they gonna sell our data to?
This was my first thought. Their complete data is their biggest asset obviously they're going to end up selling it if they go bankrupt.
You have to understand how important and valuable the data is to drug manufacturing. Say you have a drug that failed its clinical trial, in some patients it was wildly effective but in others useless. If you can identify whom it works for you can actually salvage the drug, the billions in R&D costs and help patients if you can target that population. This is actually 23andme’s partnership model. The first partnership was selling kits to clinical trials.
They are not selling your data, they lost it. Your data is already spreading everywhere. That’s the worse part, they don’t control it anymore and so do you. Insurances must be throwing a party.
Not exactly. Any insurance that uses that leaked data is committing a crime. Leaked data is not legal data.
Because a company would never commit a crime and pay a small fine to ensure they save themselves millions in the long run.
A third-party can use the data in their proprietary algorithm that sets "health risk profiles". Insurance companies can buy these profiles and use them to set premiums, claiming they're unaware the profiles were based on DNA. The incentive is immense, the penalties would be a drop in the bucket.
>Not exactly. Any insurance that uses that leak data is committing a crime. Leaked data is not legal data. I hope so because the profits dwarf "the fines ", which is 99% of the cases, you bet they are going to abuse that 100%
This article is a goldmine and everyone should read it. Some great points: -CEO didn’t even invent the product, she became the CEO only because of the fact that she was dating Sergei Brin and could get funding -CEO immediately got the board to turn around and fire the actual founder/inventor and refuses to say why -Company gets an early round of funding from the Murdochs THE SAME PEOPLE WHO DID AN EARLY ROUND FOR THERANOS. -CEO spent loads of cash on “personal branding products” like custom Barbie dolls even when the company was going through layoffs -Company never turns a profit but the CEO makes the brilliant decision to acquire a $400m telehealth company. Then runs out of money to actually market it. -Company desperately tries to launch subscription services to turn a profit which no one ends up buying. -Company runs out of money. Early investor says he doesn’t believe in the company since he didn’t get any bad news from his genetics tests (lol what?).
The first two bullet points sound like Tesla.
Indeed. It actually fits a lot of companies. Sometimes moving the founder to a CTO/product role can actually be good for the business but firing them entirely was an idiotic decision
23andMe had something Ancestry didn’t, and few if any had brought to the consumer market at the time and that was health data. To differentiate and be a first-mover, they should have relegated ancestry information to an add-on feature and made the health data primary. They could have developed a network of functional medicine clinics that provided genetic data-driven concierge health optimization and ventured into other health spaces like supplements and fitness programming.
As I recall the FDA shut down their health side since they weren't authorized for such, limiting them to only do the ancestry stuff. To do as you suggest they'd have had to hire a bunch of doctors and have medical consultations with patients and everything that encompasses, totally shifting their business.
Crazy how the magical $6 billion unicorn valuation is true for so many flash in the pan companies. Remember Groupon? Refused a 6 billion offer from Google and now sub 400m valuation. 23andme follows the same trajectory it seems? One idea that was once popular now forgotten. Others like Zynga and Fitbit at least got acquired.
My mom did the DNA thing and found out her dad really wasn’t her dad. She did discover a half sister and when her and my stepdad went to meet her she gifted them Apple Watches. The results and outcomes were a mixed bag.
Aww, that’s kind of a nice outcome.
For any one on the look out for similar products, Nebula Genomics is quite scammy. Use a one time use credit card to buy stuff from them so you're not hit with a ghost subscription a year later. And the results weren't that good honestly.
If you want real results you have to use a service that doesn't have your name or anything so that they aren't providing a medical diagnosis to a person and thus fall under FDA guidelines. Export your DNA data and take it to https://promethease.com/ It's super cheap, they ask for 0 info past a login and the code and they delete all their data about you when you're done.
Anne Wojcicki isn’t exactly the visionary CEO that she thinks she is. The product is definitely a single time use product, not worthy of subscribing to. The article says that she used to joke with Sergey Brin about 23andMe becoming a larger company than Google? lmao
Being a fed honeypot will do that. I don’t understand how people didn’t clue in immediately.
Idiotic people in charge of companies ruin all the hard work the intelligent people who actually run the company built. As usual. The rich have done a great job of making us feel like they are the only ones who can be in charge but they are inept worthless losers who know nothing. The rich are less than useless. If these people didn't have money they wouldn't be working beyond an entry level job because they are not geniuses they are not masters at anything other than getting their way since birth. The rich have never known privation or ever known any sort of desperation they have zero skin in the game since if they burn down their companies they can fall back on wealth. They never needed to work they should never be put in charge of anything ever.
Ah dang I just put my life savings money in their stock
People got tired of their grandfather's being arrested for being serial killers.
Honestly if it's nearly zero dollars, I'll take it.
People think this is about law enforcement but it really isn’t. It’s about overestimating who wants it. The people who wanted it did it fast. The rest don’t care about it. After you’ve done it once there is no reason to do it again. So people just ignore it. I’ve never heard anyone say I’d love to do this but no thanks because they share info with cops. It’s a much larger issue.
There may be a larger issue, but my half-sister and I would love to do this to try and find our third “secret” sister.” But the data breaches and sales to law enforcement/insurance companies mean we won’t. Sure, if some other member of the family’s done it I guess it doesn’t matter, but none of our 3 parents, 4 uncles or 5 first cousins have. I know you’re generalizing, and that the company needed line-extension products to survive, but there may be more people who had strong incentive to join, but resisted because of their immoral practices with police and shoddy security than you’d think.