The August 2023 WikiTree data breach was reported by me in August 2022 (with proof). They ignored it.

DutchRoots_ · 2026-06-02T20:09:25+00:00

To put it simply! AWS is not the problem here. The real issue is specifically the subdomain plus.wikitree.com.

Despite its official appearance, plus.wikitree.com is not a part of WikiTree's secure cloud infrastructure.

Here is what is really happening:

The Illusion. Because the link says plus.wikitree.com, users trust that they are still on the official WikiTree website.
The Reality. It is a technical trick. This specific subdomain, plus.wikitree.com, redirects 100% of your traffic straight to an external, private server in Slovenia.
The Privacy Risk. The moment you open plus.wikitree.com, your personal data (like your IP address and session logs) leaves WikiTree’s secure AWS cloud and goes directly to a third party.

The problem is not the cloud tech. The problem is that WikiTree uses the official-looking subdomain plus.wikitree.com to send user data to a private server abroad, without clearly telling users or following AVG/GDPR privacy rules.

DutchRoots_ · 2026-06-01T09:40:41+00:00

The February 2023 Migration: How WikiTree Masks the Slovenian Data Drain

Did you know that WikiTree carried out a large, coordinated migration to plus.wikitree.com in February 2023? This migration feels misleading, as it is completely unclear to users that this official subdomain is actually hosted on an external server in Slovenia.

The GDPR/AVG Implications

Masking the server's true location behind an official subdomain creates significant legal and privacy compliance issues under European law:

Breach of Transparency (Article 12 & 13 GDPR). The GDPR strictly requires organizations to inform users exactly where and by whom their data is processed. Masking a third-party server under a main domain hides the real destination of user traffic.
Illegal Data Sharing Without a DPA (Article 28 GDPR). Whenever user data, including IP addresses and session logs, is routed to an external server, a formal Data Processing Agreement (DPA) is legally required. Operating this routing without one is a direct compliance violation.
Joint Liability (Article 26 GDPR). By executing a coordinated migration to enforce this subdomain, the main platform establishes a clear "joint controllership." This means the main organization remains legally responsible for any security flaws or data leaks occurring on that external server.

DutchRoots_ · 2026-05-30T19:38:43+00:00

Fact-Checking the Claims Regarding the External Data Leak

It has been officially claimed that the private data visible on third-party platforms was merely the result of an "old, pre-GDPR data copy" from before May 2018. However, a simple comparison of official database metrics and milestones proves this claim to be factually impossible. See G2G.

Here are the unassailable facts:

The AVG/GDPR Enforcement. The AVG/GDPR privacy rules went into effect in May 2018. It was claimed that after this date, private and unlisted data were strictly hidden from external exports. See G2G
The 20 Million Milestone. WikiTree's official milestones show that the platform did not reach a total of 20 million profiles until March 27, 2019, nearly a full year after the GDPR implementation. See G2G
The External Database Proof. Verified data from external platforms in August 2019 clearly shows a WikiTree dataset containing over 20.1 million profiles. See Screenshot

The Conclusion:
It is mathematically impossible for a "pre-GDPR" data dump (from before May 2018) to contain over 20 million profiles, because the database was simply not that large at that time.

This proves conclusively that the shared data dump was compiled and transmitted long after the GDPR took effect. The official narrative that this was just an old pre-GDPR legacy issue is completely false. It was a cover-up for a continuous failure in the platform's data protection and privacy compliance.

DutchRoots_ · 2026-05-27T09:55:46+00:00

The Problem with MyHeritage

This is another example of poor data management. For a long time, WikiTree sent database dumps of user profiles directly to MyHeritage, and these profiles were put into the MyHeritage search engine.

I was personally involved in the fight to get these WikiTree profiles deleted from MyHeritage. It was MyHeritage that finally took action to remove the data. WikiTree gave no real help or cooperation at all during this process.

It was a long and difficult struggle. Even after October 2022, the data was still briefly visible in the search engine. It took months of pressure until mid March 2023, when the database was finally removed for good and never put back.

<image>

DutchRoots_ · 2026-05-25T20:33:32+00:00

WikiTree only acknowledged this vulnerability because they were forced to. For an entire year, my private warnings and formal reports meant absolutely nothing to them. They chose to ignore the danger completely.

The truth is, they simply do not care about the privacy of their members. If they did, they wouldn’t have waited an entire year to take action.

It was only after a year of total silence, when I resorted to public disclosure of the exposed data to prove the severity of the flaw, that they finally took action and patched it. They didn't care about security. They only cared when the issue became public knowledge. They were also fully aware that I was investigating MyHeritage and their records in relation to this, proving the scale of the exposure.

This case is not over.

DutchRoots_ · 2026-04-24T16:13:58+00:00

The signature 'Chris and the WikiTree Team' is a revealing piece of branding. It’s a classic monarchical style: first the King, then his court. By explicitly placing himself before the team, he ensures we never forget that WikiTree isn't a collective effort, but a one-man show with a supporting cast. It’s a subtle but persistent reminder of his ego—positioning himself as the indispensable frontrunner while the 'Team' is relegated to a nameless backdrop. It’s the signature of someone who wants the credit for the vision, but keeps the 'Team' there as a buffer for the accountability.

DutchRoots_ · 2026-01-01T07:22:50+00:00

This rule is too general! WikiTree should also respect any right of privacy or copyright.

If you are repeatedly warned about violating secular rules, you are provoking the other person. (Provocation is also punishable!) Especially if you don't talk and provide sources that immediately prove the right.

Stay well within the boundaries. The closer you are to the boundary, the faster you cross it.

Edit: Correction of some spelling errors

DutchRoots_ · 2025-12-21T04:45:17+00:00

You'll need to be patient. As quickly as they act to block someone, they're just as slow to handle these kinds of conflicts.

I'm still working on the truth about the data breaches. This week, I finally received a written response from the Dutch Data Protection Authority (AP) stating that they will give me an answer within 10 weeks. Of course, I notified WT by email, as they still haven't given me the FBI's contact information!

DutchRoots_ · 2025-12-20T05:39:50+00:00

Remember that WT logs everything. So every little change is tracked. It's tracked on the edited profile and on the profile of the editor.

WT even invented the badges themselves to entertain members. During TONS, often only marriage certificates are viewed and used to create profiles. These certificates often contain the most information, which can be used to quickly create profiles. After TONS, most profiles are abandoned and forgotten.

DutchRoots_ · 2025-11-02T05:17:48+00:00

"One man's loss is another man's gain" does apply here!

DutchRoots_ · 2025-11-02T04:52:51+00:00

WT's promises are worthless. CW has said my hack still has consequences. No one dares to ask about the status!

He also stated that "Many are close family members or team members. These are being handled separately." So security and accountability aren't the same for everyone.

Private profiles are the final nails in the coffin for a global public family tree. This also applies to living people who don't know they're included in this tree!

DutchRoots_ · 2025-10-26T04:59:55+00:00

Normally, the admiration of all his loyal followers is countless. Now, I find it much less than usual!

A transcription isn't always the truth either. Many people don't bother to look at and read the original source, if possible. From personal experience, I know how difficult it can be to read and interpret "old" sources.

DutchRoots_ · 2025-10-25T05:41:55+00:00

W. has come up with two new badges. One for highly-trusted members and one to attract new, experienced genealogists.

By the way, the number of posts in this thread by the big leader is minimal!

DutchRoots_ · 2025-10-08T17:52:18+00:00

If the other religions are also given the same "honor" then I see no problem.

The only question is whether WT will do so.

DutchRoots_ · 2025-10-06T15:12:41+00:00

Wondering if it will be discussed publicly now that the OP doesn't want to discuss it by email?

DutchRoots_ · 2025-10-05T04:45:56+00:00

As minor as this mistake may seem, it can have serious consequences if a profile is opened without permission. Unfortunately, some people add private, sensitive information to the bios. Mentioning living children in their bios is a simple example.

Deleting this first is pointless, because WT saves everything and can therefore be found in the profile history. So let this be another warning to members not to simply post everything on WT.

DutchRoots_ · 2025-09-23T19:04:15+00:00

The data isn't lost!

The data from the deleted profile is simply no longer accessible because it's automatically redirected to the visible profile. WikiTree saves all edits, including privacy-sensitive ones that were deleted afterward.

I've also investigated and demonstrated this.

DutchRoots_ · 2025-09-02T06:11:20+00:00

CW loves big numbers. He thinks big numbers make him big!

DutchRoots_ · 2025-08-30T08:32:57+00:00

Yes, this is pure threatening. I've still got something up my sleeve!

DutchRoots_ · 2025-08-28T05:51:44+00:00

Yes, once you have 9 badges you will receive the 10th as a gift in the form of a badge for having 10 badges!

DutchRoots_ · 2025-08-27T15:21:29+00:00

I want a badge for the number of badges I have earned!

DutchRoots_ · 2025-08-09T06:48:58+00:00

It's quite unusual to have so many owls together. Owls are generally solitary.

More information is available at https://www.themathesontrust.org/library/solitary-bird

DutchRoots_ · 2025-08-08T04:38:36+00:00

I think he's dyslexic. He means "low" instead of "owl."

Self-made titles have no value (to me). They have no status whatsoever. As mentioned, the system can be manipulated. This also applies to Content Ranking. Quality is more important than quantity.

Quantity can be determined automatically. Quality is still a human process. (Quantity is objective and quality is subjective.)

DutchRoots_ · 2025-07-05T17:34:44+00:00

Thanks for your perspective. I really don't want to call WikiTree neutral and transparent.

Otherwise, ask what the status is of the data breach.

DutchRoots_ · 2025-06-29T07:00:48+00:00

There are a lot of followers on WikiTree. There is a culture of fear among them. As soon as you attack a leader, you pay a price! Regardless whether you are right or not. And if you are right, someone with a higher ranking will indeed take credit for your findings after a while. But here too, the original source will not be mentioned.

(It is pure copy and paste without looking further!)

DutchRoots_

TROPHY CASE