unbroker is an open-source Hermes Agent skill for consent-gated data broker removal, local ledgers, least-disclosure requests, human fallback, and recurring re-scans.
unbroker: Consent-Gated Data Broker Removal
unbroker moves AI agents out of abstract chat and into a concrete privacy job: find broker exposure for a consenting person, submit removals where appropriate, record what happened, and check again later.
Privacy frame: data removal agents handle the same sensitive identifiers they are trying to suppress. The useful test is not whether the agent is autonomous. The useful test is consent, least disclosure, local storage, verification, and re-scan discipline.
Primary sources
- unbroker README on GitHub
- Hermes Agent unbroker skill docs
- California DROP official page
- California Data Broker Registry
- BADBOOL broker opt-out list
What it is
unbroker is an optional Hermes Agent security skill. Its README describes a deterministic Python CLI that owns the state: config, dossiers, broker data, tier planning, ledger, drafts, reports, and the action queue.
The agent side does the browser and extraction work. That split is the interesting part: the model does not improvise the entire privacy workflow from scratch. It follows a queue, records outcomes, and escalates hard cases into one digest.
Why it fits Cunicula
Cunicula already scores privacy services by KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary →, jurisdiction, ownership, funding, and operational risk. unbroker adds a new lane: privacy work performed by an agent, where the risk is not payment metadataData about data, such as who contacted whom, when, from what device, and from which location. Metadata often remains exposed even when content is encrypted.Glossary → but personal-data handling.
This should be tracked beside data-removal services and scrubbing guides, not mixed into agent-money. It belongs in a separate agent-privacy profile with fields for consent, PII residency, disclosure mode, verification, human fallback, and re-check cadence.
- Add it as an open-source Privacy Tools provider record.
- Surface the agent-privacy metadata on the provider page.
- Keep the article linked from OPSEC and AI privacy groups.
- Watch the official repo for field-testing changes and broker coverage updates.
What matters operationally
The strongest idea is not full autonomy. It is constrained autonomy. unbroker says consent is required, hard CAPTCHA and government-ID cases become human tasks, and confirmed removal should only be recorded after a verifying re-scan.
That is the right shape for a privacy agent. Data brokerA company that collects, buys, packages, and sells personal information such as names, addresses, location history, and behavioral data.Glossary → cleanup is repetitive, perishable, and full of hostile forms. A local ledger, narrow disclosure, and recurring re-scan loop are more valuable than a one-shot deletion claim.
DROP changes the California lane
California DROP is now a separate path for California residents. The official state page says a California resident can submit one request to more than 600 registered brokers, and that brokers must begin processing DROP deletion requests on August 1, 2026.
That means the best workflow for a California resident is not only per-site scraping. It is DROP first, then people-search parent clusters, then standalone opt-outs, then scheduled re-checks.
Limits
Do not treat broker removal as erasure. Public records, court files, property records, paid-tier retention, and re-listing can remain. A removal agent reduces exposure. It does not delete reality.
Do not run this as people-search OSINT. The value comes from consent and minimization. Without those, the same tool shape becomes surveillance infrastructure.
How Cunicula should score this lane
- Consent is mandatory before scans or removals.
- Dossiers and ledgers stay local by default, with encryption preferred.
- The workflow discloses only fields required by the broker removal channel.
- Human-only cases are batched into one digest instead of forcing unsafe automation.
- Removal is not marked complete until a later re-scan verifies it.
- California users are routed to DROP before low-leverage per-site work.
See the Cunicula provider record for the structured agent-privacy profile. Compare this with the older personal information scrubbing guide.
Frequently Asked Questions
What is unbroker?
unbroker is an optional Hermes Agent skill for consent-gated data broker and people-search removal workflows. It uses a local CLI, ledger, broker plans, email verification, browser steps, and scheduled re-scans.
Is unbroker a replacement for every data removal service?
No. It is an open-source workflow and field-testing surface. It can reduce broker-removal labor, but public records, paid-tier retention, hostile forms, and broker re-listing still need manual review and recurring checks.