There’s also no addresses on Gedmatch, the police would email you and ask for your details.

You are splitting hairs. Unless you took precautions to use a fake name and an untraceable email address, the police are showing up at your door. It’s what they do.

On the ‘turned on by default’ statement, that’s just untrue.

Here’s the gedmatch page describing their policy, and here’s the screenshot they use to illustrate it:

“Public” is selected by default. Yeah yeah, they added “public opt-in” and “public opt-out” options in 2019 and forgot to update their screenshot, but I bet “public opt-in” is still selected by default. The NYT article says exactly that too. It is just untrue to call that “just untrue”! And can you guess what happened to all the people who uploaded their DNA data before 2019? Were all they automatically upgraded to “public opt-in”? I don’t understand why you are so adamant to protect gedmatch saying “go ahead, upload your DNA freely!” when we know for sure that it was a free-for-all at least until 2019.

And you are still splitting hairs because you haven’t refuted my main claim that police can get your data with a warrant. All that “opt-in/opt-out” is for the gedmatch’s voluntary police information warrantless sharing program. I have seen no indication that gedmatch will not search the entire database for a match upon police request with a warrant. I have reason to believe that they will, because I know the state is sovereign. You cannot shield your information stored at third parties from government search just because you signed a privacy agreement with them.

The law dictates it must have an opt in policy

The law of the state of Maryland, not the other 49 states. And I looked up the actual law, it doesn’t actually say “opt-in” contrary to the news article description of it:
https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/hb0240?ys=2021RS https://mgaleg.maryland.gov/2021RS/Chapters_noln/CH_681_hb0240e.pdf

(D) FGGS MAY ONLY BE CONDUCTED USING A DIRECT–TO–CONSUMER OR PUBLICLY AVAILABLE OPEN–DATA PERSONAL GENOMICS DATABASE THAT: (1) PROVIDES EXPLICIT NOTICE TO ITS SERVICE USERS AND THE PUBLIC THAT LAW ENFORCEMENT MAY USE ITS SERVICE SITES TO INVESTIGATE CRIMES OR TO IDENTIFY UNIDENTIFIED HUMAN REMAINS; AND (2) SEEKS ACKNOWLEDGMENT AND CONSENT FROM ITS SERVICE USERS REGARDING THE SUBSTANCE OF THE NOTICE DESCRIBED IN ITEM (1) OF THIS SUBSECTION.

To me that sounds more like “providing a warning” than providing an “opt-in/opt-out” system. The “acknowledgment and consent” could be as simple as clicking “I agree to terms of service”. Here’s what gedmatch privacy policy says:

some of these possible uses of Raw Data, personal information, and/or Genealogy Data by any registered user of GEDmatch include but are not limited to:
Familial searching by third parties such as law enforcement agencies to identify the perpetrator of a crime, or to identify remains.
…
We may disclose your Raw Data, personal information, and/or Genealogy Data if it is necessary to comply with a legal obligation such as a subpoena or warrant.
…
we may use and disclose personal information for meeting legal requirements and enforcing legal terms, as described in more detail above

I am not a lawyer but to me that sounds like an explicit notice that law enforcement may get my data and satisfies the Maryland law requirement for a warrant. Specifically, gedmatch policy does not say they will ignore a warrant if you opt out. Again, my assertion is that the opt-in/opt-out system is for the voluntary warrantless information sharing system, and the warrants described in Maryland law are separate from that.

You also imply that 23andMe and ancestry.com do NOT share any information with law enforcement because they do not have an opt-in system. This is also false. Here’s ancestry.com policy:

Ancestry will release basic subscriber information as defined in 18 USC § 2703©(2) about Ancestry users to law enforcement only in response to a valid trial, grand jury or administrative subpoena.

Ancestry will release additional account information or transactional information pertaining to an account (such as search terms, but not including the contents of communications) only in response to a court order issued pursuant to 18 USC § 2703(d).

Contents of communications and any data relating to the DNA of an Ancestry user will be released only pursuant to a valid search warrant from a government agency with proper jurisdiction.

They WILL give up your DNA data to a valid warrant. The only question in my mind is whether they will also search the entire database for a given police sample. There is this article that says ancestry.com refused a police warrant in 2019 as improper, and police did not push the matter further. But it is unclear if ancestry.com was refusing to search its database on principle, or whether that one warrant in particular was faulty. Like if the police request “all 15 million DNA records” because they are idiots and don’t know how databases work there is grounds to argue that is too broad of a request. But we don’t have the text of the actual warrant. There are other articles that say police have been using specifically ancestry.com successfully to investigate crimes.

Someone would need to search the actual court cases where police used genealogy data to find suspects to confirm whether every single instance has used GEDMatch voluntary opt-in service, or whether police warrants have successfully retrieved match data from GEDMatch full database and from ancestry.com and 23andMe. I do not have such access.

EVEN IF ancestry.com and GEDmatch refuse warrants to search non-opt-in DNA in databases, such refusals have not yet been tested in court.

EVEN IF the Maryland law is amended/interpreted to mean that police cannot search non-opt-in DNA in databases even with a warrant (a voluntary restriction of the state on its own sovereign power, quite possible!), and EVEN IF the opt-in is made an explicit choice made in consultation with a “trained bioethicist” instead of an “I agree” checkbox below Terms of Service, and EVEN IF all other 49 states pass the same law as Maryland, it would STILL not be perfectly safe to upload your DNA to these services. Just as Maryland law changed in 2019, so it can change again. As we’ve seen with Roe v. Wade even long-established laws are not safe when there is a political interest to change them.