The 6,000-Star List That Exposes How Deep the Data Broker Rabbit Hole Goes
Hook
Over 6,000 developers have starred a repository that’s primarily a single README file. Instead of code, it’s a maintenance nightmare of a different kind: tracking the constantly-shifting maze of data broker opt-out procedures that no API can automate away.
Context
Data brokers are the infrastructure layer of surveillance capitalism that most developers never think about until they’re personally affected. Companies like BeenVerified, Intelius, and others scrape public records, purchase consumer data, and aggregate information from hundreds of sources to build profiles on virtually every U.S. resident. These profiles—complete with addresses, phone numbers, relatives, and employment history—are then sold to anyone willing to pay, from legitimate background check services to stalkers and scammers.
The Big Ass Data Broker Opt-Out List (BADBOOL) emerged in September 2017 as a response to a fundamental asymmetry: while data brokers have automated the collection and aggregation of personal information at scale, opting out remains a deliberately manual, time-consuming process. There’s no API, no bulk deletion endpoint, no standardized protocol. Each broker has its own procedure, its own forms, its own verification requirements. Yael Grauer, a privacy-focused journalist, started this list as a public resource because no one else was doing the unglamorous work of documenting these procedures and keeping them current as brokers changed their processes or disappeared entirely.
Technical Insight
BADBOOL is architecturally fascinating precisely because it’s anti-architecture in approach. It appears to be primarily a README file that functions as a living database, maintained through a simple version control workflow: email submissions to yael@yaelwrites.com and pull requests. The structure is deceptively simple—a markdown table with emoji-based priority tags followed by H3-sectioned entries for each broker:
### 💐 BeenVerified
Find your information and opt out of [people search](https://www.beenverified.com/app/optout/search)
and [property search](https://www.beenverified.com/app/optout/address-search).
BeenVerified also owns PeopleLooker and PeopleSmart. Be aware that BeenVerified
only allows one opt-out per email address, so you may need to reach out via
email for additional opt-outs.The emoji system is brilliant information architecture for a non-technical audience. 💐 marks crucial removals (13 total), ☠ indicates high priority (19 combined), while 🎫, 📞, and 💰 warn users about friction points—ID requirements, phone calls, or fees. This visual vocabulary communicates priority and cost at a glance, which matters when you’re asking people to invest significant manual labor.
What makes BADBOOL valuable isn’t technical sophistication—it’s the metadata that only comes from manual verification. Each entry encodes institutional knowledge about corporate evasion tactics: “BeenVerified only allows one opt-out per email address, so you may need to reach out via email for additional opt-outs.” That’s not documented in any API spec. It’s learned through user reports and testing.
The repository demonstrates a critical principle that developers often miss: some problems resist automation not because they’re technically hard, but because they’re deliberately obfuscated. Data brokers want opt-outs to be difficult. They change procedures, split into subsidiary companies, and implement verification requirements that would fail any reasonable UX audit. BADBOOL’s value is that it tracks these changes through regular updates.
The update log shows the maintenance burden: broken links, acquired companies, changed procedures. This is infrastructure work—unglamorous, essential, and never finished. The disclaimer section is equally telling: “Sometimes, information is pulled from other sources and you’ll need to opt out multiple times for the same site.” This is eventual consistency in the worst possible way—your data propagates across brokers quickly, but deletions are slow and incomplete.
For California residents, BADBOOL points to a genuine technical solution: the DROP portal, a government-mandated single-form interface to 500+ registered data brokers. This is what centralized opt-out infrastructure looks like when backed by legal requirements (CCPA). It’s also a stark reminder that privacy problems require legislative solutions, not just better documentation.
Gotcha
BADBOOL is US-specific and cannot help international users navigate different regulatory frameworks like GDPR. More fundamentally, it’s a workaround for a broken system, not a fix. You’re still doing manual labor—filling forms, sending emails, sometimes calling numbers and reading driver’s license information to strangers. Some brokers charge fees to remove your data, which is extortion with extra steps.
The repository is volunteer-maintained with updates dependent on community submissions to the maintainer’s email. The disclaimer is brutally honest: “Sometimes information is pulled from other sources and you’ll need to opt out multiple times for the same site.” Worse, public records like real estate transactions and voter registration remain accessible in most states regardless of how many data brokers you opt out of. If you bought a house or registered to vote, that data is likely public and re-scrapable. BADBOOL can reduce your attack surface, but it can’t make you invisible. The architecture of surveillance is too distributed, too deeply embedded in legal frameworks, for any markdown file to fully address.
Verdict
Use BADBOOL if you’re a U.S. resident who’s been doxed, stalked, or harassed and you need to immediately reduce your digital footprint without paying for commercial removal services. It’s essential for journalists, activists, domestic violence survivors, or anyone with a legitimate safety threat who can invest the time for manual opt-out work. Start with the 💐 crucial entries (13 sites) if you’re time-constrained. Skip it if you’re outside the US, if you’re in California (use the DROP portal instead for bulk removal from 500+ brokers), or if you’re looking for an automated solution—this is a guide to manual labor, not a script you can run. Also skip if you’re unwilling to accept that opt-outs are temporary and your data will likely reappear from other sources. This is harm reduction, not elimination.
