Nav Toor Profile picture
Jun 27 13 tweets 5 min read Read on X
My friend in London opened a free website last week.

He typed my full name.

14 seconds later, it showed my old address, my old email, and a password I used in 2019.

I haven't lived at that address in 4 years.

He said one sentence I'll never forget:

"Everyone you know is on this site. Most don't know it."

Here's exactly how to find what's exposed and start erasing it 👇
Step 1: Go to

Type your email. That's it.

The site shows you every data breach your email has been caught in. Every leaked password. Every compromised account.

It currently tracks over 15 billion compromised accounts across 1,000+ known breaches.

Free. Anonymous. No signup.haveibeenpwned.com
If your email shows up in a breach, do 3 things in this order:

1. Change the password on the breached account immediately.
2. Change the password anywhere else you used the same one.
3. Turn on 2-factor authentication (2FA) on that account.

The biggest danger isn't the original breach. It's that hackers test your old password on every other site you use.
Step 2: Install a free password manager.

Bitwarden is the most recommended. Open source. Free forever for personal use. Works on every device.

It generates a unique random password for every account. Auto-fills them. You only remember one master password.

Wirecutter (New York Times) named Bitwarden one of the 2 best password managers of 2026.

bitwarden.com
Step 3: Turn on 2-factor authentication on these 5 accounts today:

Email (the keys to your kingdom).
Bank or financial app.
Apple ID or Google account.
Main social media account.
Cloud storage (iCloud, Drive, Dropbox).

Use an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator). Not SMS, if you can avoid it.

SMS codes can be intercepted with a SIM swap.
Step 4: Use Google's "Results About You" tool.

This is a free Google tool that lets you request removal of search results containing your personal info (phone number, home address, email address).

You report the result. Google reviews it. Often removes it in a few days.

Most people have never opened it.

Search: "Results about you tool" on google.com
Step 5: For US residents, the biggest people-search sites are:

Spokeo, Whitepages, BeenVerified, MyLife, Intelius, Radaris, TruePeopleSearch, FastPeopleSearch.

Each has a free opt-out page (e.g., ). You submit your info, they remove your profile.

The catch: data reappears every few months. You have to repeat the process.spokeo.com/optout
Step 5 for UK and EU readers:

Under GDPR Article 17, you have a legally enforceable "right to be forgotten."

UK people-search sites: 192.com, Whitepages.co.uk, ThatsThem, Pipl.

Send a GDPR removal request email to their data protection officer. They must respond within 30 days.

For India and other regions, contact the site's data protection contact directly.
Step 6: Use a privacy-respecting email for sensitive signups.

ProtonMail offers a free tier with end-to-end encryption. 1 GB storage. 150 emails per day. Free forever.

Use it for banking, medical sites, anything sensitive.

Keep your normal Gmail for daily junk.

proton.me/mail
Step 7: Remove EXIF metadata from photos before posting online.

Every photo your phone takes contains hidden metadata: GPS location, time, device model.

iPhone: Share photo, tap Options at top, turn off "Location."
Android: Use the Files app to remove EXIF, or post via Telegram which strips it.

A single Instagram photo of your home can reveal your exact address.
Step 8: Use virtual cards for online purchases.

When you give a website your real card, you're trusting them with it forever. Most don't deserve that trust.

Apps that give you a virtual card number (different every time):

Revolut. Wise. Privacy.com (US only). Many banks now offer this built-in.

Limits per-card, freezes anytime, no impact on your real card if a site leaks.
One honest note before you continue:

Full privacy is impossible. Data brokers will keep collecting. Old leaks won't disappear from the dark web.

But these 8 steps cover roughly 80% of the exposure most people have.

A weekend of work. Free tools. Permanent peace of mind.
The reason most people don't do this isn't that the tools are hidden.

It's that we've been trained to think privacy is the cost of using the internet.

It isn't. The tools are free. The process takes one weekend.

Your name on a random people-search site shouldn't reveal your home address.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nav Toor

Nav Toor Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @heynavtoor

Jun 28
Researchers at Mila and McGill University asked one question. Does AI give the same medical advice to every patient? They tested 42,000 responses across 7 ethnic groups.

The answer is no. Not even close.

84 patient profiles. 3 sex categories. 5 medical categories. Same symptoms. Same conditions. Same questions. Different identities attached to each one.

Here is what they found.

White and Asian patients received the simplest, clearest medical advice. Short sentences. Lower reading difficulty. Higher readability scores across every medical category tested.

Indigenous patients received the most complex advice. Longer. Harder to read. Higher grade level. Consistently. Across every category. American Indian, Alaska Native, and Native Hawaiian patients were always at the bottom of the readability scale.

Black patients were right behind them.

In mental health, where understanding your advice can be the difference between getting help and giving up, the gap was the worst. Indigenous patients received mental health advice with a Flesch reading ease score of negative 8.7. That means the text is harder to read than a medical research paper. The same mental health advice for white patients was significantly more readable.

Then the researchers tested intersectional identities. The disparities doubled.

When race and sex were combined, the gaps between the best-treated and worst-treated groups were twice as large as when race alone was measured. Intersex Indigenous patients received the most complex, least readable medical advice of any group in the study.

The AI did not give them wrong advice. It gave them advice they are less likely to understand. In healthcare, that distinction disappears fast. If you cannot understand your treatment plan, you cannot follow it. If you cannot follow it, the outcome changes.

Native Hawaiian and Pacific Islander patients received one additional disparity. The AI assessed their conditions as less medically urgent than the same conditions presented by white or Asian patients. Lower urgency means slower response. In medicine, slower response means worse outcomes.

The AI was not instructed to treat anyone differently. It was given the same question with a different name attached. The name changed the answer.

A separate study published in Nature Medicine tested 9 major AI models and found the same pattern. AI systems proposed inferior treatments when the patient's race was mentioned. The bias was present in every model tested.

Millions of people now ask AI chatbots for medical advice every day. The advice they receive depends, in part, on who the AI thinks they are.Image
1/The readability gap by race.

White and Asian patients received the most readable medical advice across every category tested. Indigenous patients received the least readable. Every time.

The bottom 3 groups: American Indian/Alaska Native. Native Hawaiian/Pacific Islander. Black.

The top 3 groups: White. Asian. Hispanic.

The pattern never broke. Not in skin conditions. Not in respiratory. Not in cardiac. Not in mental health. Not in general medicine.Image
2/ Mental health is where it gets worst.

Indigenous patients received mental health advice with a Flesch reading ease of negative 8.7. That is below zero. That means the text is harder to read than a graduate-level academic paper.

White patients received significantly more readable mental health advice.

When understanding your advice is the difference between getting help and giving up, the AI made it hardest to understand for the people who may need it most.
Read 7 tweets
Jun 25
Stanford researchers proved you are not being rejected by 10 companies. You are being rejected by one algorithm 10 times.

Your score is stored for 330 days. Every company that uses the same vendor sees the same number. They call it the algorithmic blackball.

Researchers at Stanford HAI, Chapman University, and Northeastern University published the largest audit of AI hiring algorithms ever conducted.

The paper is called "Algorithmic Monocultures in Hiring." Published at FAccT 2026, May 26. The data came from Pymetrics, the AI hiring platform used by major Fortune 100 companies.

Here is what they found.

When you apply for a job at a company that uses Pymetrics, you play a series of assessment games. Your scores are stored. For up to 330 days. If another company also uses Pymetrics, your application is evaluated using the same stored scores. You are not getting two separate evaluations. You are getting the same score twice.

If the algorithm rejects you once, it rejects you everywhere.

The researchers call this the "algorithmic blackball." One bad score locks you out of every company that shares the same vendor. You never find out why. You never get a second chance. You just stop hearing back.

They ran a large-scale simulation using real applicant data. The result: over 40,000 job advances were lost because applicants who would have succeeded at one company were screened out by an algorithm calibrated for a different one.

Then they measured who gets hit hardest.

25.87% of Black applicants were routed into algorithmically discriminatory hiring processes. 14.74% of Asian applicants. These are not hypothetical projections. These are rates measured in deployed, real-world hiring systems used by some of the largest employers on earth.

The same algorithm. Applied across companies. Producing the same racial disparities at every one of them.

This is already in the courts. Mobley v. Workday is a federal class-action lawsuit alleging that AI hiring tools systematically discriminate against older, Black, and disabled applicants. The case is ongoing.

In Europe, the EU AI Act classifies hiring algorithms as high-risk AI systems by default. Compliance requirements take effect August 2, 2026. Weeks away.

In the United States, there is no equivalent federal law.

The researchers make four recommendations. Measure adverse impact at the position level. Strengthen cross-employer surveillance. Monitor risks from algorithmic concentration. Create legal pathways for independent researchers to access hiring data.

The last one carries an implicit warning. This study was only possible because Pymetrics voluntarily shared its data. Most vendors would prefer their algorithms remain opaque.

The next time you apply for a job and never hear back, the rejection may not have come from a human. It may have come from a score you received 330 days ago, at a company you have already forgotten, for a role that had nothing to do with the one you just applied to.Image
1/ Imagine you take a test at one company. You fail. That is fine. You move on and apply to the next company.

Except you do not take a new test. The next company uses the same test vendor. They pull your old score. You fail again, with the same score, for a completely different job.

You apply to a third company. Same vendor. Same score. Same rejection.

You were not rejected three times. You were rejected once. It just followed you.Image
2/ Now add race.

The researchers looked at 3.37 million applicants and 4.19 million applications, all screened by the same vendor.

25.87% of applications submitted by Black applicants went to positions where the algorithm discriminated against Black applicants.

14.74% for Asian applicants.

Not because anyone at the company chose to discriminate, but because the algorithm did. The same algorithm at every company that uses it.
Read 7 tweets
Jun 25
Most cold emails die in 3 seconds.

Wrong opener. Big ask. Bad subject line.

I studied the cold emails that get replies from founders, VCs, and CEOs.

The patterns repeat. I turned them into 6 Claude prompts.

The prompts are below. Copy them. Save this.
1. The Subject Line That Doesn't Look Like Marketing

Your subject line is the only thing they read before deciding to open or delete. The ones that get opened look like an internal note or a to-do item, not a pitch. A "quick question" style subject gets about 2x the reply rate of a long, salesy one. Two to five words. Hint at their world, not your product.

PROMPT

"I'm cold emailing [Person] at [Company] about [what I offer]. Their recent context: [recent funding, launch, hire, or post].

1. Write me 5 subject lines, each 2 to 5 words.
2. Each one should read like an internal message or a to-do item, not marketing.
3. Reference their context, never my product name.
4. Rank them from most to least likely to get opened, and say why the top one wins.
5. Flag any line that sounds like a sales blast so I can cut it."
2. The Research Opener (Kills "Hope This Finds You Well")

The first line decides whether they keep reading. The best openers show research, not hope. A specific observation about their recent work, funding, or post beats "hope this finds you well" every time. It proves a human wrote this for them and not for ten thousand inboxes.

PROMPT

"I'm writing the first line of a cold email to [Person] at [Company]. They recently [specific action: launched, raised, posted, hired].

1. Write me 3 opening lines that reference that specific action.
2. Keep each one under 15 words.
3. None can use "hope this finds you well" or "I came across your work."
4. Tell me which one is strongest and why.
5. Flag any version that could have been sent to anyone else."
Read 7 tweets
Jun 23
A student submitted an essay she wrote by hand. Her university ran it through an AI detector. The detector said she cheated. She is autistic.

Her name is Moira Olmsted. Adelphi University. February 2026. Turnitin flagged her essay as 100% AI-generated. She was disciplined.

Two other AI detectors classified the same essay as human-written.

She sued. She won. The court called the school's decision "arbitrary and capricious."

She is not the only one.

In May 2026, a high school student in Palo Alto was expelled after an AI detector flagged his work. He faced visa revocation. He filed a federal civil rights lawsuit.

A researcher at Griffith University just proved mathematically why this keeps happening. The paper is on arXiv. The finding is one sentence.

AI text detectors have a structural flaw that no amount of better engineering can fix.

Here is what the math says.

If a university wants its detector to catch 80% of cheaters, at least 750 out of every 10,000 innocent students will be wrongly accused. That is not a software problem. It is a theorem.

If the university tries to limit false accusations to 1%, detection power collapses to 6%. It catches 6 out of every 100 AI-written papers. The other 94 get through.

There is no setting where the detector is both fair and effective.

The reason is diversity. Every student writes differently. Non-native English speakers use simpler vocabulary. Shorter sentences. Clearer structures. So does AI. A Stanford study found that 61.3% of TOEFL essays written by non-native English speakers were misclassified as AI-generated. A separate analysis tested 14 commercial detection tools. Zero out of 14 reached 80% accuracy.

The students most likely to be wrongly accused are non-native English speakers, neurodivergent students, and anyone who writes with clarity and precision. The qualities that make their writing effective are the same qualities the detector mistakes for a machine.

Vanderbilt University understood this. They disabled Turnitin's AI detection in 2023 after calculating that even a 1% error rate across 75,000 submissions would produce 750 wrongful accusations per year.

750 students accused of cheating for writing like themselves.

The paper's conclusion is not that we need better detectors. It is that the diversity of human writing itself makes accurate detection mathematically impossible.

The same thing that makes your writing yours is the thing that gets you accused.

arxiv.org/abs/2603.20254Image
1/ The math in one chart.

A detector that catches 80% of cheaters must wrongly accuse at least 750 out of 10,000 innocent students.

A detector that keeps false accusations below 1% catches only 6 out of every 100 AI-written papers. The other 94 get through.

There is no setting where the detector is both fair and effective. The math does not allow it.Image
2/ Why it cannot be fixed.

Prior work assumed one human writing style vs one AI writing style. Simple test. Two distributions.

But in a university, every student writes differently. The detector does not know YOUR writing style. It only knows what AI sounds like.

Some students naturally write in a way that overlaps with AI. Not because they cheated. Because that is how they write.

The detector cannot tell the difference. Not because it is bad. Because the difference does not exist in the text.Image
Read 7 tweets
Jun 23
10 single developers who built free tools that Big Tech tried to kill. And lost.

Bookmark this list. These 10 people built things you use every week.

Companies worth trillions of dollars have spent over a decade trying to make them disappear.

Every one of them is still shipping today.

1. uBlock OriginImage
Raymond Hill lives in Quebec.

He built an ad blocker in 2014 that has been downloaded over 50 million times.

He has never accepted a single donation.

In 2024, Google killed it in Chrome. Manifest V3 capped ad blockers at 30,000 rules. uBlock Origin needs over 300,000 to work.

Mozilla announced Firefox would support it forever.

Raymond Hill still ships updates every month.

Repo → github.com/gorhill/uBlock
2. yt-dlp

In October 2020 the RIAA filed a DMCA takedown on youtube-dl. GitHub complied and pulled the repo.

Developers responded by embedding the source code in a Twitter image where every pixel encoded the code.

The EFF intervened. GitHub reversed itself in 24 days, started a $1 million developer defense fund, and changed its entire DMCA policy.

A community fork called yt-dlp was created 3 days into the takedown.

Today it has 160,000 stars and 12 million downloads a month.

Repo → github.com/yt-dlp/yt-dlpImage
Read 11 tweets
Jun 22
My 19-year-old niece pulled out a small plastic card and said "watch this."

She opened her phone.

Free audiobooks. Free ebooks on Kindle. 30,000 movies including Criterion classics. Free New York Times. Free LinkedIn Learning courses.

All $0 a month.

She said: "It's my library card. I haven't paid for a streaming service in 3 years."

I checked the math. She saves over $100 every month.

Here's everything she showed me 👇
Step 1: Download an app called Libby.

Free audiobooks. Free ebooks. Free magazines.

You sign in once with your library card number. That's it.

The ebooks send directly to your Kindle. The audiobooks play in the app.

No subscription. No ads. No late fees.

One honest note: popular new releases may have a wait list, just like a regular library.
Step 2: Download Kanopy.

30,000+ movies, documentaries, and shows.

Criterion Collection classics. A24 films. Foreign cinema. Award winners.

Ad-free. Free with your library card.

Most US libraries cap you at 5 to 12 tickets per month. Some libraries also pause Kanopy late in the month when their budget hits.

Source: kanopy.com
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(