Take back control of your data.
Wraith is a command-line privacy engine that automates the tedious process of removing your personal information from the internet. It handles data broker opt-outs via browser automation, monitors for breach exposure, audits domain WHOIS privacy, and tracks the 90-day re-submission cycle so you don't have to.
$ wraith scrub --all
Scrubbing 13 data brokers...
✓ FastPeopleSearch submitted
✓ BeenVerified submitted
✓ Spokeo submitted
✓ Intelius submitted
✓ PeopleFinder submitted
✓ TruthFinder submitted
✓ ThatsThem submitted
✓ CheckPeople submitted
✓ USPhoneBook submitted
✓ InstantCheckMate submitted
⚠ Whitepages manual required — phone verification needed
⚠ MyLife manual required — see instructions
✓ Radaris submitted
13/13 brokers processed · 11 submitted · 2 manual required
Next rescan: 2026-06-16
- 🕵️ Browser automation — Playwright navigates opt-out forms automatically so you don't have to
- 📊 State tracking — SQLite database tracks every submission: pending, confirmed, failed, manual
- 🔄 90-day cycle —
wraith rescanresubmits automatically when brokers are due (they re-add you) - 🔐 Breach monitoring — Checks all your emails against HaveIBeenPwned v3
- 🌐 WHOIS auditing — Flags domains where your real contact info is publicly visible
- 🔍 Google removal — Generates pre-filled checklists for content removal, personal info requests, and Street View blur
- 🎭 Dry run mode —
--dry-runnavigates without submitting, for verification - 🔒 Privacy-first — Profile data never appears in logs; masked output only (
P***e C***k)
| Broker | Method | Auto? |
|---|---|---|
| FastPeopleSearch | Form + email verify | ✅ (pauses for email) |
| BeenVerified | Form + email | ✅ |
| Spokeo | URL opt-out + email | ✅ |
| Intelius | Form + email | ✅ |
| PeopleFinder | Email form | ✅ |
| TruthFinder | Email form | ✅ |
| InstantCheckMate | Email form | ✅ |
| ThatsThem | Form | ✅ |
| CheckPeople | Form | ✅ |
| USPhoneBook | Form | ✅ |
| Radaris | Email/account | |
| Whitepages | Phone verify | |
| MyLife | Complex flow |
⚠️ Manual required means wraith automates everything up to the point where a phone number or ID verification is required, then pauses and gives you step-by-step instructions.
Prerequisites: Python 3.11+, git
# Clone the repo
git clone https://github.com/yourusername/wraith.git
cd wraith
# Create virtualenv and install
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e .
# Install Playwright's Chromium browser
playwright install chromium
# Verify
wraith --helpwraith initThis interactive wizard collects:
- Your name(s) and name variants
- Current and previous addresses
- Phone numbers
- Email addresses
- Date of birth (optional, improves broker search accuracy)
- Domain names to audit for WHOIS privacy
Profile is saved to ~/.wraith/config.toml. Sensitive fields are never logged.
wraith auditRuns all checks and shows a full exposure report:
- Data broker presence (where checkable)
- Breach exposure across all emails
- WHOIS privacy status on all domains
wraith scrub --allSubmits opt-out requests to all 13 brokers. For brokers requiring manual intervention, wraith pauses and gives you clear instructions before continuing.
wraith statusShows all tracked submissions with color coding:
- 🟢 green — confirmed removed
- 🟡 yellow — submitted, awaiting confirmation
- 🔴 red — failed or overdue
- 🔵 blue — manual action required
wraith rescanRe-submits any broker that's past its 90-day resubmission date. Data brokers re-harvest your information from public records — this is a maintenance job, not a one-time fix.
wraith init Interactive profile setup wizard
wraith audit Full exposure report (all sources)
wraith scrub Submit opt-out requests via browser automation
--all Run all brokers
--broker NAME Run a single broker by name
--dry-run Navigate to forms without submitting
wraith status Show all submission statuses
wraith monitor Re-check brokers for profile reappearance
wraith rescan Resubmit opt-outs due for renewal (90-day cycle)
wraith hibp Check emails against HaveIBeenPwned
wraith whois Audit WHOIS privacy on all configured domains
wraith google Generate Google removal URL checklist
Config file: ~/.wraith/config.toml
[profile]
names = ["Your Name", "Y. Name"]
dob = "1990-01-15" # Optional — improves accuracy
phones = ["+15555555555"]
emails = ["you@example.com"]
addresses = [
{ street = "123 Main St", city = "Anytown", state = "GA", zip = "30000" }
]
domains = ["yourdomain.com"]
[api_keys]
hibp = "" # Optional — get free key at haveibeenpwned.com/API/Key
[settings]
headless = true # Set false to watch the browser work
resubmit_days = 90 # Days before resubmitting opt-outs
confirm_wait_days = 30 # Days to wait before confirming removal
db_path = "~/.wraith/state.db"The HaveIBeenPwned /breachedaccount endpoint requires a paid API key ($3.50/month or a one-time lookup fee). Without it, wraith hibp will output instructions for getting one. The public domain search still works without a key.
Get a key at: https://haveibeenpwned.com/API/Key
Wraith uses Playwright to control a headless Chromium browser. For each data broker, it:
- Navigates to the opt-out URL
- Searches for your profile using name + state/city
- Identifies matching records
- Submits the removal form
- Records the result in SQLite
Where sites use CAPTCHAs, phone verification, or ID uploads, wraith automates everything possible and hands off the remaining steps to you with clear instructions.
Every broker submission goes through a lifecycle:
→ submitted → confirmed
↘ failed
↘ manual_required
→ skipped
After 90 days: submitted/confirmed → due for rescan
Data brokers continuously re-harvest your information from public records (property tax rolls, voter registration, court filings). A single opt-out is not permanent. Wraith's 90-day rescan cycle (wraith rescan) handles this automatically — run it as a quarterly task or add it to a cron job:
# Quarterly rescan (add to crontab)
0 9 1 */3 * cd /path/to/wraith && .venv/bin/wraith rescan- Local only — no data leaves your machine (except to the broker sites you're opting out of)
- No telemetry — zero analytics, zero tracking
- Masked output — sensitive profile data is never displayed in plaintext in logs or terminal output
- Profile stored locally —
~/.wraith/config.toml— treat it like a password file
| Limitation | Why |
|---|---|
| Public property records | Legally public — source of broker re-harvest |
| Court records | Require legal process to seal/expunge |
| News articles & blog posts | Require direct contact with site owner |
| Voter registration (some states) | Some states allow suppression requests — see your state's process |
| Google search index (organic) | Use wraith google for removal request URLs |
- Email confirmation automation (auto-click verification links)
- Tor/proxy support for scrub submissions
- Scheduled cron mode (
wraith schedule) - More brokers (targeting 50+)
- Noise generation module (submit decoy data to non-removable profiles)
- Web UI (local dashboard)
- DeleteMe/Kanary import (migrate existing service tracking)
PRs welcome, especially:
- New broker modules (copy
wraith/brokers/base.py, implementcheck_presenceandsubmit_opt_out) - Updated opt-out flows (broker sites change layouts regularly)
- Bug reports with site-specific failures
See wraith/brokers/base.py for the broker interface.
MIT © 2026
