I started keeping a “name search” spreadsheet two years ago. Every Sunday evening I’d Google my full name in an incognito window, screenshot the first three result pages, and log which data brokers showed up, what address they had, which relatives they listed, and how recent the data looked. The first month, twenty-three different broker sites had me on file. By month six — after working through the playbook below — that number was down to four, and none of them ranked on the first page anymore.
This is not a sales pitch for a paid service. The entire process can be done with free tools and direct opt-out forms. It is, however, tedious, slow, and surprisingly emotional — you will discover that companies you’ve never heard of know your mother’s maiden name and the apartment you lived in as a college sophomore. That is the point of writing this down: so you only have to do the research once.
The guide below is calibrated for US residents in 2026, accounts for the new state privacy laws that have changed the leverage you have, and is honest about where the free path stops working.
What Data Brokers Actually Know About You
Most people picture “their data” as an email address and maybe a credit card. The reality is wider and more uncomfortable. A typical US data broker dossier links your full legal name to every address you’ve held going back fifteen-plus years, every phone number you’ve used, names of relatives and former roommates, approximate income band, vehicles registered, court filings, bankruptcies, voter registration history, and best-guess inferences about your political leanings, ethnicity, and health concerns.
The FTC has been documenting this since its 2014 report “Data Brokers: A Call for Transparency and Accountability”, which identified hundreds of firms aggregating consumer information without affirmative consent. The Wikipedia entry on information brokers is a solid primer, and the Privacy Rights Clearinghouse data broker directory tracks more than 500 active US firms. None of this aggregation is illegal under federal law — there is no national US equivalent of the EU’s GDPR — which is precisely why the opt-out burden lands on you.
When you Google your own name, the first page is usually dominated by eight or nine sites: Spokeo, BeenVerified, Whitepages, Radaris, MyLife, FastPeopleSearch, TruePeopleSearch, Intelius, and PeopleFinder. Clear those nine and your name effectively disappears from public search engines. The remaining 490+ brokers are mostly business-to-business and never surface in consumer search results — they matter for identity-theft hardening, not for the immediate “I just got a stalker email” problem.
The Free Tool Stack That Works in 2026
After two years of testing, the free stack I keep coming back to is small. Five tools cover roughly 80 percent of the visible damage; the remaining 20 percent is manual.
| Tool | What it does (free tier) | What it does NOT do |
|---|---|---|
| Optery Free | Scans 100+ brokers, generates a per-broker exposure report with direct opt-out links | Does not auto-submit removals on the free tier |
| Mozilla Monitor | Continuous breach monitoring + free Onerep scan integration | Removal automation is paywalled |
| Have I Been Pwned | Breach exposure check by email/phone | Does not touch broker data |
| State privacy portals (CCPA / CPRA / SHIELD / CTDPA) | Legal right-to-delete request with statutory deadline | Only enforceable if you reside in a covered state |
| Direct broker opt-out URLs | Per-broker removal forms (free, mandatory) | Time-consuming; resurfacing is common |
Optery’s free dashboard is the best starting point
Optery’s free tier — it’s a paid service at the higher tiers — gives you a remarkably useful exposure scan. You enter your name, current city, and birth year, and within a few minutes it returns a visual gallery of broker profiles that match. Each card has a screenshot of your listing, the broker’s name, and a deep-link to that broker’s opt-out form. Even if you never upgrade, you’ve just saved yourself ninety minutes of manual searching.
Mozilla Monitor for the breach side
Most data brokers don’t get their data from breaches — they buy it from public records and credit bureaus. But identity-theft hardening overlaps heavily with broker opt-outs, and Mozilla’s free monitor (which absorbed the old Firefox Monitor and integrates Onerep scans) is the cleanest free continuous-watch tool I’ve used. Pair it with Have I Been Pwned, which the Electronic Frontier Foundation routinely recommends, and you’ll catch the breach-driven re-listings.
State privacy portals are the legal lever
If you live in California, New York, Connecticut, Colorado, Virginia, Texas, Oregon, or Utah, you have a statutory right to delete that the broker must honor within 45 days. The California Attorney General’s CCPA portal is the model. A single email citing the statute is more effective than ten polite removal requests, and brokers know it.
The Seven-Step Manual Workflow That Actually Works
This is the order I use. Skipping steps creates rework — for example, removing yourself from BeenVerified before clearing your address from voter records means BeenVerified just re-pulls your data three months later.
- Google yourself in a private/incognito window. Use your full legal name plus your current city. Screenshot the first three pages. This is your before snapshot.
- Run the Optery free scan and Mozilla Monitor. Save the broker list as a checklist. You’ll work through it top to bottom.
- File the big three direct opt-outs first — Spokeo’s removal page, Whitepages suppression form, and BeenVerified’s opt-out search. These three drive most of the visible search-result damage.
- Hit the high-volume aggregators — Intelius, Radaris, MyLife, FastPeopleSearch, TruePeopleSearch, PeopleFinder. Each takes three to seven minutes.
- Submit a CCPA/CPRA request to the credit-bureau-adjacent brokers — Acxiom, LexisNexis Risk Solutions, CoreLogic, Oracle Data Cloud. These are the ones that re-seed the public-facing brokers, so clearing them upstream slows resurfacing.
- Reduce the public-records firehose. Opt out of voter-record sale where your state allows it (about half do), file a USPS forwarding request only when actually moving, and use a virtual mailbox for everything else. This is the single highest-ROI step long-term.
- Wait four weeks, then re-Google. Anything still ranking goes onto a manual second-pass list. Repeat steps 3–6 quarterly.
The whole first pass takes about six to ten hours of focused work, spread across two or three weekends. There is no shortcut to the manual filing — the brokers that monetize your data have zero incentive to make removal one-click.
Where Free Tools Stop Working
Free tools cover the consumer-facing tier. They do not cover the parts of the data broker industry that matter most for high-risk individuals — domestic-violence survivors, journalists, public officials, and anyone with an active stalking concern.
- People-search aggregators that scrape other people-search sites resurface listings within months. You need ongoing automation, not a one-time scrub. This is the single biggest reason paid services exist.
- Tier-2 specialty brokers (real-estate, automotive, medical inference, political microtargeting) almost never appear in your Google results, so the free scan tools don’t surface them. They’re only reachable via the master list at Privacy Rights Clearinghouse, and many require certified mail.
- Court records, property records, and voter records are the upstream source for half the consumer brokers. Opting out of Spokeo while leaving your name on a county clerk’s web search means Spokeo re-lists you next quarter. Address-suppression programs (California’s Safe at Home, New York’s ACP, Washington’s ACP) are the only durable fix and are restricted to documented threat cases.
- LinkedIn, Facebook, and your own social profiles leak more identifying data than the average broker. No opt-out tool helps here — you have to harden those settings yourself, ideally alongside a privacy-respecting VPN and unique email aliases.
If you are in active danger, free tools are not enough. The National Network to End Domestic Violence’s Safety Net project and your state attorney general’s victim services unit are the right starting points, and most states will fast-track address suppression with police documentation.
The Maintenance Loop: Removal Is Not Permanent
The single hardest thing to accept is that opt-out is not a one-time event. Brokers re-scrape public records on rolling schedules — typically every 90 to 180 days — and your previous opt-out does not always carry forward. Three patterns in particular cause “zombie” listings to come back:
- A new address. Moving regenerates almost every record. Submit USPS change-of-address only with PO Boxes when possible.
- A new vehicle registration or marriage record. Both are public and feed the aggregator pipelines within weeks.
- A new credit inquiry. Bureaus sell limited data to data brokers under “legitimate interest” exemptions, even after CCPA.
The realistic cadence: full re-pass every six months, plus a 15-minute Google check the first weekend of every month. The total ongoing cost is two to three hours per quarter, which is meaningfully less than the eight-to-ten-hour first pass.
🔑 Key Takeaways
- The top eight to ten data brokers cause roughly 90 percent of the search-result damage. Clear those first; the long tail can wait.
- State privacy laws (CCPA, CPRA, SHIELD, CTDPA, Colorado Privacy Act) are the strongest free lever you have — cite the statute by name when filing.
- Free tools handle the visible problem; paid services exist primarily because of resurfacing, not because of better removal access.
- Plan for a six-to-ten-hour first pass and a quarterly two-hour maintenance loop. Anyone promising “set-and-forget” is selling something.
- Upstream sources (voter rolls, court records, credit bureaus) re-seed the brokers. Suppress upstream where legally possible.
Frequently Asked Questions
How long does it take for data brokers to actually remove my information?
The major consumer brokers — Spokeo, Whitepages, BeenVerified, Intelius, Radaris — typically purge listings within 24 hours to 14 days after a verified request. Smaller aggregators take 30 to 45 days. Plan on six to eight weeks for a clean first pass across the top tier, and treat removal as ongoing rather than one-time. Roughly a third of listings reappear within three to twelve months as brokers re-scrape public records and credit-bureau feeds. The CCPA/CPRA statutory deadline is 45 days, so if a covered broker hasn’t acted by week seven, escalate.
Are free opt-out tools really as effective as paid services?
For coverage, no. Paid services like DeleteMe, Optery Premium, and Privacy Bee hit 250 to 750 brokers automatically. For the brokers that actually rank for your name in Google, free tools cover 80 to 90 percent of the visible damage. The trade-off is time: a paid service runs $100 to $250 per year and saves you eight to twelve hours of manual filing plus quarterly re-checks. If your name does not appear in the top ten Google results today, free is enough. If it does and you have any safety, doxxing, or professional exposure concern, paid pays for itself in the first quarter.
Do I need to send a copy of my driver’s license to opt out?
A few brokers — Radaris, MyLife, some LexisNexis services — request ID. You can usually upload a heavily redacted copy showing only your name, photo, and one matching address. Black out the license number, date of birth, signature, and any barcodes. Both the FTC and the California AG consider this redaction acceptable for verification purposes. If a broker refuses redacted ID, do not send the unredacted version — escalate to your state AG instead. Most refusals collapse the moment a state regulator gets involved.
What if a data broker ignores my opt-out request or relists me?
Send a single follow-up that references your original request number and cites the controlling statute — CCPA/CPRA, NY SHIELD Act, Connecticut Data Privacy Act, Colorado Privacy Act, or the FTC’s general unfairness authority. If that fails, file a complaint at reportfraud.ftc.gov and your state attorney general’s consumer protection bureau. California residents will soon have a one-stop deletion request via the state’s Delete Act portal, which propagates a single request across all registered brokers. For relisting, the same paper trail applies — cite the original removal date and demand confirmation under the statute’s anti-resurfacing provisions.
The Honest Verdict
Free data-broker opt-out is genuinely effective for the visible-search-result tier — the part of the problem that 90 percent of people care about. It is not a one-weekend fix and it is not permanent, but the playbook above is the most durable free path I’ve found in two years of testing. Budget a long Saturday for the first pass, a Sunday for the credit-bureau-adjacent CCPA filings, and twenty minutes a quarter to maintain.
If you only have time for one action this week: run the free Optery scan, file the three direct opt-outs at Spokeo, Whitepages, and BeenVerified, and take the before/after Google screenshots. That alone will measurably move the needle. Everything else compounds from there.
Related reading: Best VPNs for privacy in 2026 · How to stop spam calls in the USA · Identity theft monitoring services compared · CCPA consumer rights explained