TY - JOUR TI - Attacks on genetic privacy via uploads to genealogical databases AU - Edge, Michael D AU - Coop, Graham A2 - Nordborg, Magnus A2 - McCarthy, Mark I A2 - Williams, Amy L A2 - Carmi, Shai VL - 9 PY - 2020 DA - 2020/01/07 SP - e51810 C1 - eLife 2020;9:e51810 DO - 10.7554/eLife.51810 UR - https://doi.org/10.7554/eLife.51810 AB - Direct-to-consumer (DTC) genetics services are increasingly popular, with tens of millions of customers. Several DTC genealogy services allow users to upload genetic data to search for relatives, identified as people with genomes that share identical by state (IBS) regions. Here, we describe methods by which an adversary can learn database genotypes by uploading multiple datasets. For example, an adversary who uploads approximately 900 genomes could recover at least one allele at SNP sites across up to 82% of the genome of a median person of European ancestries. In databases that detect IBS segments using unphased genotypes, approximately 100 falsified uploads can reveal enough genetic information to allow genome-wide genetic imputation. We provide a proof-of-concept demonstration in the GEDmatch database, and we suggest countermeasures that will prevent the exploits we describe. KW - identity by state KW - identity by descent KW - genetic genealogy KW - genetic privacy JF - eLife SN - 2050-084X PB - eLife Sciences Publications, Ltd ER -