April 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Google has for years accepted requests to remove certain sensitive data such as bank account or credit card numbers from search results. In a blog post on Wednesday, Google’s Michelle Chang wrote that the company’s expanded policy now allows for the removal of additional information that may pose a risk for identity theft, such as confidential log-in credentials, email addresses and phone numbers when it appears in Search results.

“When we receive removal requests, we will evaluate all content on the web page to ensure that we’re not limiting the availability of other information that is broadly useful, for instance in news articles,” Chang wrote. “We’ll also evaluate if the content appears as part of the public record on the sites of government or official sources. In such cases, we won’t make removals.”

While Google’s removal of a search result from its index will do nothing to remove the offending content from the site that is hosting it, getting a link decoupled from Google search results is going to make the content at that link far less visible. According to recent estimates, Google enjoys somewhere near 90 percent market share in search engine usage.

KrebsOnSecurity decided to test this expanded policy with what would appear to be a no-brainer request: I asked Google to remove search result for BriansClub, one of the largest (if not THE largest) cybercrime stores for selling stolen payment card data.

BriansClub has long abused my name and likeness to pimp its wares on the hacking forums. Its homepage includes a copy of my credit report, Social Security card, phone bill, and a fake but otherwise official looking government ID card.

The login page for perhaps the most bustling cybercrime store for stolen payment card data.

Briansclub updated its homepage with this information in 2019, after it got massively hacked and a copy of its customer database was shared with this author. The leaked data — which included 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers — was ultimately shared with dozens of financial institutions.

TechCrunch writes that the policy expansion comes six months after Google started allowing people under 18 or their parents request to delete their photos from search results. To do so, users need to specify that they want Google to remove “Imagery of an individual currently under the age of 18” and provide some personal information, the image URLs and search queries that would surface the results. Google also lets you submit requests to remove non-consensual explicit or intimate personal images from Google, along with involuntary fake pornography, TechCrunch notes.

This post will be updated in the event Google responds one way or the other, but that may take a while: Google’s automated response said: “Due to the preventative measures being taken for our support specialists in light of COVID-19, it may take longer than usual to respond to your support request. We apologize for any inconvenience this may cause, and we’ll send you a reply as soon as we can.”

Update: 10:30 p.m. ET: An earlier version of this story incorrectly stated that people needed to show explicit or implicit threats regarding requests to remove information like one’s phone number, address or email address from a search result. A spokesperson for Google said “there is no requirement that we find the content to be harmful or shared in a malicious way.”


47 thoughts on “You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

  1. AnonymousGal

    A quick Google search of my old landline officially unlisted phone number used to pull up my full name, age, DOB and every address that I had lived at over the past 20+ years. I just did a quick retest after reading this article, and the only remaining information about me is a legitimate Dun & Bradstreet mention of my former business name, and then all the rest of the Google search listings are for the name and email address of the person who had the landline number before I did, more than 25 years ago. He is/was a software tech and programmer, and posted messages often in Usenet newsgroups and other early online websites where techs communicated with each other. So it makes sense that Google would leave his info intact.

    1. Richard

      So just to clarify, are you saying you submitted a request to delete to Google and they complied?
      If so what was the time frame?
      Or that your info just mysteriously disappeared once you read the article and happened to Google your “old landline officially unlisted phone number”?

      1. AnonymousGal

        I didn’t submit a request. I was just curious to see if anything had changed for me.

      2. AnonymousGal

        No I just was curious to see if anything with my info had been changed.

    2. BellaLondon

      HIRE the best Recovery Expert To Get The Job Done. While Looking to Hire Someone Be careful not to Hire Scammers Pretending To be Recovery Expert, as They Will also Scam You of Your funds. If You Want To Hire a well Trusted and Experienced Professional to Help you Recover your Bitcoin or Funds either Stolen, Hacked or
      Scammed, Simply Visit PAYBACK REFUND DOT COM, They are one of the Forensic Expert fully equipped {REFUND PAYBACK } HAT G,M,A,!.L what app +1 (980) 216‑4893‬

  2. Someone

    Hopefully they are serious about this. I once asked to have an email address removed and they refused, saying it wasn’t private info. Well it is, my personal email I don’t ever give out to anyone. And somehow someone randomly came up with it and put it on a google post somewhere.
    I’ll have to search again, this time for other things too.

  3. KFritz

    A google search using my town of residence in the USA produced an out-of-date address with a current cell phone number. In case this info makes anyone feel secure. DuckDuckGo and Quant searches both produced top 5 ranks for Spokeo, which shows parts of the available data on people. The visible data for myself was accurate, and for a fee presumably anyone would get up-to-date info.

  4. Gibbs

    So… how is this request to Google made? I cannot see anything on my account settings. Also, do I have to site a specific website(s) or will they via their magical algorithms remove any non governmental listing? I read this twice and I am either not seeing or understanding how to enact this request with Google. Some guidance would be appreciated

  5. Curious

    I’ve often wondered if the very act of searching for one’s name, phone number or other details results in seeding the internet with the very information you don’t want to find there.

  6. Curious

    I’ve often wondered if the very act of searching for one’s own name, phone number, address or other personal information actually seeds that very information onto the web

    1. Bob

      I’ve wondered the same. By the very act of searching for your PII, you’re giving the search engine your PII. What do they do with it?

      It may be best to only make these take down requests of Google when you otherwise become aware your PII is available somewhere (such as Brian’s example).

      1. Gibbs

        Here is my experience so far
        I found 25+ instances of my name and/or address and/or phone numbers
        I copied each URL
        Turns out you need screen shots as well so I went through that process
        Sent request to Google, did get an acknowledgement basically saying they can remove my query info but each website will still have the info, so in effect, it will not be “gone”
        It also suggested that I contact each of the websites and request a removal
        I started with Radaris, which essentially said here is a list of (estimated) 50 different sources that we get our information from. You can set up an account with us to request us to remove it from our website. So now I set up another location with an account, personal info, etc that could be hacked in the future and essentially I help them validate my info in the process which then has the potential to be sold to other brokers f they are so inclined. This seems link a dog chasing a tail, or is the tail chasing the dog?? Not sure.
        Of interest, some of the sources Radaris claims to receive info from are Credit Bureau. I suspect internet providers as well as one of them set me up at an incorrect address which took me months to fix and this address shows up on several websites with my name, phone, etc as well. I am mulling over what to do moving forward

        1. mealy

          Let Barb Streissand know how it all shakes out deleting yourself from the internet.

        2. Tyler

          You’re right that unless you remove yourself from the sites yourself, anyone who goes straight to them can still find you. Look up the “Intel Techniques Workbook”. It’s a good guide for how to opt out of lots of sites like Radaris.

          If that guide seems overwhelming, there are also paid services that do it for you. I started one called EasyOptOuts because all the existing services were unreasonably expensive… we’re way more affordable. We don’t need any data from you that’s not already on the people-search websites, so the risk of sharing it is low. Check us out if you’re interested.

        3. Gibbs

          Here is my latest update. I did provide URL and screenshots to google per their protocol. About a day or two later I received a response with a lot of lawerese and they acknowledged that they would work on it. About 10 days later I received a response that their efforts were completed. Allegedly all my links which I submitted would be removed with hours and there were a few that they could not find my name associated with the link. I revalidated (all) the links and found across all submittals, nothing was done. In the course of all of this transpiring I started researching these businesses that scrub your data. You provide a whole bunch of personal data, and they remove your name for a year (of course for a fee) It turns out there are some business which perform this service, even with fancy websites, that are unscrupulous. I am not certain what is so magical about one year either, do they hold you hostage and get all the info reinstated? Hard not to be skeptical these days. Even if legit, you create one more location with all your info, that could be hacked. Tough laws and stiff penalties sounds like a good solution to stopping this, but when they cannot enforce a subpoena, how can they enforce privacy laws assuming they ever get created.

  7. A Non

    This is a canard and tantamount to playing whack-a-mole. Submitting a single request for particular websites is much too much work for the average person because doxxers can simply move it elsewhere. Google should enumerate where PII is found and allow selective removal of it across all matching pages.

  8. Dennis

    Why do we have to do anything to remove ourselves? Why is not the law to prevent that from being listed and used in the first place?

    OK, there’s one sleazy search engine that does it, so we will need to go and confirm that yes, this is our real info, so please remove it. (Btw, what is the guarantee that they will remove it in the first place, and not just put a check mark somewhere in their internal database that it’s a real info, keep it!) And then what, there will be 10 other sleazy services that we will need to go to that sell our data and make billions?

    1. D1nonlysnshn

      Excellent point. This could be a herculean task as one would not know on how many sites one’s info is on. Anytime you find your info somewhere, you would have to ask Google to remove it.

      I think the reason is that no one anticipated all the issues and implications that would arise once we had the internet. There will be more issues to consider in the future as people with nefarious intentions figure out to pervert something that was intended to be beneficial at inception, or came up with something nefarious just because she/he/they/? could.

    1. Chatbot

      I want you to read the article. Can you do this for me?

  9. John Ganga

    Google knows quite well that is dangerous, very dangerous, to have all the private infos of citizens available for anyone to dig in and use on purpose.

  10. Gerry

    Thanks for the heads up. I will apply the knowledge you shared and see how it goes.

  11. Brenda Ates

    please remove my phone number, addresse, and email information. Thank you

  12. Bob

    This is showing you have to submit the site that has it to have it removed. So. Not quite the claim of the article.

  13. Winocha

    But the tokens an mac of the id device never been removed. Always record their logs that company.

  14. jdmurray

    How many other search engines index PII besides Google? Which of those offer this same PII sanitization service?

    1. mealy

      Anything that actually indexes will unless told not to.

  15. KraziJoe

    What? Crazy, I thought all you needed to do was just post that So and So site is not allowed to use your name or pictures without your consent pursuant to Some code etc…It’s on FB all the time so it’s got to be true, right?

  16. DCT

    according to Google own site there is a requirement for Explicit or Implicit Harm or calls to harass. It seems at odds with what they told you. Additionally the extent that they will remove doxxing information is minimal compared to how they respond to take down requests from other agencies. It is like putting a band-aid on a compound fracture.

    “Requirements to remove doxxing content

    For us to consider the content for removal, it must meet both of these requirements:

    Your contact info is present.
    There’s the presence of:
    Explicit or implicit threats, or
    Explicit or implicit calls to action for others to harm or harass.”

  17. Virgil

    Yes, Hooray! While they are at it, how about removing all those YouTube advertisements of financial geeks bragging about incoming money while displaying both personal and business checks showing names, routing numbers and account numbers, etc.).

  18. Laura McVay

    OK so how do you request this. Im not computer savy so forgive me if I should know.

  19. bob dole

    so I always look up phone numbers that call me and never answer them. but I’ve recently noticed that there are no results for a lot of the ones I’ve looked up recently. are all the spammers removing their numbers too? or are their actual humans calling me?

  20. tita

    Your blog is very informative for me i got many things from your blog and it is very useful information,
    GTU

Comments are closed.