Skip to main content

Google can now remove search results that dox you without second-guessing intent

Google can now remove search results that dox you without second-guessing intent


If you put in a request and there isn’t public utility for the info

Share this story

A Google logo sits at the center of ominous concentric circles
It’ll remove links to your address, phone number, and more.
Illustration by Alex Castro / The Verge

Google says it’s expanding the types of personal information that it’ll remove from search results to cover things like your physical address, phone number, and passwords. Before now, the feature mostly covered info that would let someone steal your identity or money — now, you can ask Google to stop showing certain URLs that point to info that could lead someone to your house or give them access to your accounts.

According to a blog post, Google’s giving people the new options because “the internet is always evolving” and if its search engine gives out your phone number or home address, that could be both jarring and dangerous. Here’s a list of what kinds of info Google may remove, with the new additions in bold (h/t to the Wayback Machine for making the old list accessible):

  • Confidential government identification (ID) numbers like U.S. Social Security Number, Argentine Single Tax Identification Number, etc.
  • Bank account numbers
  • Credit card numbers
  • Images of handwritten signatures
  • Images of ID docs
  • Highly personal, restricted, and official records, like medical records (used to read “Confidential personal medical records”)
  • Personal contact info (physical addresses, phone numbers, and email addresses)
  • Confidential login credentials

According to a support page, Google will also remove things like “non-consensual explicit or intimate personal images,” pornographic deepfakes or Photoshops featuring your likeness, or links to sites with “exploitative removal practices.”

Google already had policies in place that let people remove personal information that had been shared maliciously, an act commonly known as doxxing. This policy change, however, requires less of a judgment call — instead of a Google employee having to look at the links submitted and somehow determine whether they’d cause harm, now Google will just have to decide whether the info is of public interest. According to its FAQ, that person will determine whether the info in the link is “newsworthy,” “professionally-relevant,” or if came from a government; all things that could be far easier to decide than trying to figure out why a phone number was posted.

The company does still have a process for dealing with actual malicious doxxing too, if, say, your phone number was shared “with malicious, threatening, or harassing intent.” When you’re filling out the personal information removal request, there’s a question on whether you think that’s the case. The form also asks you to give Google a list of URLs that link to the personal information, as well as the search pages that surface those links. After you submit a request, Google will evaluate the links and determine whether they’re relevant to the public. If Google does decide that the links should be removed, it says they’ll either not show up for any search query or that they won’t be surfaced for searches that include your name.

Google seems to be applying a relatively high bar for what counts as personally identifying information, which makes it a bit different from the systems it’s had to implement in places like the EU to comply with so-called right to be forgotten rules. Those laws let people request that links they deem unflattering or irrelevant be taken down, which isn’t the case here — the rules Google added today only cover links to very sensitive info.

If you’ve ever searched for someone’s phone number, you may have ended up at a site that exists explicitly to sell people’s information, promising to give it to you if you subscribe. When asked if the new policy would apply to these types of sites, Google spokesperson Ned Adriance told The Verge that it would: “If we can verify that such links contain personally identifiable information, there is not other content on the webpage that may be of public interest, and we receive a request to remove those URLs, we will do so, assuming they meet our requirements outlined in the help page — whether or not the information is behind a paywall,” he said in an email.

This page was easily accessible from a Google link and promises to give out my phone number and address. If it meets Google’s requirements, it counts.
This page was easily accessible from a Google link and promises to give out my phone number and address. If it meets Google’s requirements, it counts.

Importantly, as Google notes on its support page and in its blog post, getting the information taken off of Google Search doesn’t wipe it from the internet. If, for example, you ask Google to delist a forum post with your address in it, anyone who goes to that forum will be able to see it; the post just shouldn’t pop up if someone searches “[your name] home address.”

Update April 27th, 5:05PM ET: Added statement from Google on paywalled info sites.

Correction, April 28th 4:21PM ET: A previous version of this article didn’t properly address the difference between Google’s new policies for removing personally identifying information, and removing links meant to maliciously dox a person. The story has been updated to provide additional context, and we regret the error.