Is GEDmatch safe? I get that question a lot. With your DNA, privacy, security and trust matter. So, what has happened to GEDmatch? Is your data digitally protected? Here are some answers–and alternatives to GEDmatch.
I have been here since the beginning of the genetic genealogy world and I have seen plenty of companies come and go. In 2010, two retired men from Florida saw a need in the genetic genealogy community and decided to put their heads together to create something to help.
But what was needed in 2010, just isn’t needed any longer. Please hear me out on this important topic and download our free guide to three free alternatives to GEDmatch.
What is GEDmatch?
GEDmatch was created for two reasons: To allow genealogists to compare test results from multiple companies, and to offer analysis tools that were not available. And doing both things for free.
GEDmatch is what we refer to as a “third party tool.” That just means that they aren’t taking your actual physical DNA sample, but just re-analyzing the data you got from another company. So once you upload your data you can compare your DNA with other people who have also uploaded and use a variety of different tools. And this uploading is not a permanent situation. You can delete your data from GEDmatch at any time.
What has happened to GEDmatch?
Two things have contributed to lessen the impact of GEDmatch on the genetic genealogy community:
- DNA testing dramatically decreased in price, making it more realistic for individuals to be tested at more than one company.
- Family Tree DNA and MyHeritage DNA started accepting DNA transfers. Which means that anyone who had tested at any company could then get access to the DNA match lists at FTDNA and MyHeritage for FREE.
These two changes, as well as their involvement in a controversial law enforcement case, have served to dethrone GEDmatch from its previous place of prominence, trust, and influence in the genetic genealogy community.
At the tail end of 2019 GEDmatch was acquired by Verogen, a forensic DNA company, which effectively shifted the purpose of GEDmatch from helping genealogists find their lost ancestors, to helping law enforcement find elusive criminals. Though, since both genealogists and detectives need the same kinds of DNA analysis tools, GEDmatch still services both crowds.
GEDmatch does have tools for genealogists. But do you need them? Get our free guide to find out more.
Get the Free Guide to Three Free Alternatives to GEDmatch
So is GEDmatch safe?
OK, let’s get to the point of this article, shall we? This is a question that is often asked, and just doesn’t have a very good answer. It doesn’t have a good answer because “safe” is a relative term. I am going to define “safe” as a company who can effectively digitally protect the data you give it, and won’t use your data for purposes other than what you give it permission to do.
So how does GEDmatch stack up?
Is your data digitally protected?
I am not a data security specialist. I have no real solid ideas about what it takes to electronically protect data. Here’s what GEDmatch’s Terms of Service and Privacy Policy says about Security (as of 7/28/2022):
Although GEDmatch has endeavored to create a secure and reliable Site for you, the confidentiality of any communication, material, or personal information provided to GEDmatch via the Site or email cannot be guaranteed.
The original Raw DNA and GEDCOM data you provide to GEDmatch is not kept in its original form. It is converted to a form that makes it more efficient for the software to perform searches and comparisons. The Genealogical Data is loaded into a relational database that might still be recognizable as text. The Raw DNA is converted to a compressed binary format in a process we call ‘tokenization.’ Although the Raw DNA is not encrypted in the usual sense of the word, it would be very difficult for a human to read it. Original uploaded files are deleted from the Site servers soon after they are processed and archived.
We encrypt your login password before putting it in our database. We cannot tell what your password is. However, there have been cases in the news of encrypted data being hacked and decoded. Be aware that may be a possibility on this or any other Site. We take measures to ensure that only registered users have access to your results, but those measures have not been and never will be perfect. Direct access to your data is available to GEDmatch personnel, including volunteers, on a need to know basis.
Information such as Raw Data, Genealogy Data, and profile information may be stored as an archive copy as part of a backup or recovery plan. When a registered GEDmatch user deletes or requests deletion of Raw Data, Genealogy Data, and/or profile information, copies of that information stored in an archive copy will be deleted upon storage of an updated archive copy, no later than 30 days after the user request.
Will your data be used for other purposes?
I feel like asking whether or not a company is going to use your data for purposes other than what was originally stated is a bit like peering into a crystal ball. Does that sound too cynical? I am actually not a cynical person. But for me, when deciding whether or not to give up my data, I have to decide if I generally trust that company. GEDmatch had a very altruistic and important start with two men who had a passion for this industry. I trusted them with my data. But then they got into a very difficult situation and allowed their database to be used to investigate a law enforcement case that was decidedly outside of their terms and conditions.
To me it really is less about whether you do or don’t trust GEDmatch, it is if you do or don’t need GEDmatch in your research (and how badly). We all are willing to afford some risk depending on how badly we want the payoff. I love mobile banking. Does it carry with it more risk than if I didn’t? For sure. But it is worth it for me.
So the decision you need to make is: do you NEED GEDmatch? Maybe. But these days, you have attractive alternatives. Before putting your DNA there, read my free guide, 3 Reasons You Don’t Need GEDmatch–And What to Do Instead.
0 Comments