Privacy @lemmy.ml Daughter3546 @lemmy.world 8 mo. ago

Mozilla Monitor is shady

Onerep is a privacy monitoring service/ privacy provider that Mozilla partnered with for their Mozilla Monitor service.

Yesterday, Brian Krebs (a cybersecurity journalist) dug into Onerep and found that the CEO is a shady Belarussian. Dimitri Shelest, CEO, of Onerep owns multiple “people searching” websites. Shelest has also been linked to aggressive spam and affiliate marketing emails.

Onerep’s reputation is shady due to their CEO’s multiple conflicts of interest. At worst, Onerep is sucking your personal information. At best, you’re paying for a service that doesn’t do anything. Either way, I would not trust Mozilla Monitor service .

This is a copy and paste from a post I made to firefox@lemmy.ml. I do not no know how to crosspost and I apologise for my mistake a head of time.

35 comments

Yikes. This has the potential to seriously damage the reputation of Mozilla. I guess there are 3 possibilities:

Onerep isn't actually shady, but partnering with a company part of a conglomerate with companies directly opposing the stated goal isn't a good look either way

Onerep is shady and Mozilla failed to conduct the necessary research before partnering with them

Onerep is shady and Mozilla knew

In any case: Personally, I'll never not be grateful towards Mozilla for continuing to support and develop Firefox, which is quite literally the only relevant engine standing against the monopoly of chromium and all the bad that entails. But I trust other companies/initiatives/projects more when it comes to services other than the browser engine.
- I guess they did not knew about it, but only because they just do not give a shit about privacy, only claim they are privacy oriented.
~~Here's the link, if anyone's interested: https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-company-onerep-com-founded-dozens-of-people-search-firms/~~
- Apologies! The links must not have copied over from my post on firefox@lemmy.ml! I'll update the post with the correct links.
  
  Edit: I updated the original post with the correct links.
- What does this have to do with Mozilla?
  
  Mozilla partnered with Onerep (the company investigated by Brian Krebs) for their privacy monitoring service. The CEO of Onerep is linked to numerous "people lookup" websites.
At best, OneRep is sucking your data through Mozilla.

This isn't even the worst thing Mozilla has done recently: they also

Bought an "AI" shopping company with a trove of private data

Promise they will sell the data to advertisers

Integrated this into Firefox:

More info
- I really love Firefox, but I dislike some of the initiatives the for-profit arm, Mozilla Corporation, is taking. This is another head scratcher moments for me. I want my browser to be just a browser. I don't want Pocket, Google Search, nor any other nonsense.
  
  I get that they are subsiding the development costs of Firefox, but surely, there must be other avenues to generate revenue. It is really hypocritical of Mozilla when they market Firefox as a privacy focused alternative to Chrome/Edge/Safari and then bundle ads and sponsored nonsense.
  
  That's the thing, Mozilla keeps talking about diversifying to avoid becoming irrelevant, but those diversification efforts seem to only involve finding a shiny new thing, chasing it, then dropping it and laying off 60 employees. And then pursuing the next shiny new thing
- Fakespot is so inaccurate that I stopped using it.
At least they are very clear about what data is at risk here, namely "OneRep receives your

first and last name,

email address,

phone number,

physical address and

date of birth

in order to scan data broker sites to find your personal data and request its removal." cf https://www.mozilla.org/en-US/privacy/subscription-services/

It's indeed not a good look anyway to be partnering (without doing much that sharing your brand, and thus trust invested in you) with somebody apparently solving the problem... they themselves help fuel.
- Is this a shitpost? I'm confused as to how they'd verify if your accounts are compromised without knowing your basic info.
  
  That's not the problem, the problem is whether we can actually trust Mozilla Monitor to not sell the same data you're trying to scrub.
- This reminds me of that one virus where you put your Credit Card info into the shady website to check that "your card is not in any hacker database" lmao
Privacy concerns aside, may I ask what does it have to do with the "Belarussian" nationality of CEO of Onerep? Xenophobia is not allowed. Edit that out.
- While I agree that the comment by the OP may be construed as Xenophobic, can we agree that it could also just be a part of the information with no ill intent? Based on that, would it be too hard to ask the OP to please edit it out instead of just delivering that as an order? I didn't think about the potential of seeing that comment as xenophobic until you mentioned it, and realize more people could find it distasteful, but there's no need to deliver the message in the form of a command.
  
  While I agree that the comment by the OP may be construed as Xenophobic, can we agree that it could also just be a part of the information with no ill intent?
  
  No, there is no possible agreement. If this was an American company or CEO, the nationality would most likely be welcomed in a sorry manner.
  
  The order I stated was as a moderator. We at Lemmy do not welcome xenophobia and similar elements. OP has not even bothered to reply or comply in almost half a day.
- Belarus is a puppet state of Russia, which I would place alongside China as the country I would least trust with any of my data.
If anyone reading this has an account with discover, they offer a similar service for free. If you don't have a discover account, create one.
The krebsonsecurity.com page had an update where Mozilla is quoted :

Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor service that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.

“The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”

In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.

“We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”
It's like a twisted mustache twirling disney villanesque version of data leak conspiracies. Only way I can think of for this to be funnier is if it turns out the dude also had a prominent position in some secret police state agency.
- It does sound like a conspiracy and I am advocating to wait until Mozilla addresses the concern. In my opinion, it's likely an oversight and failure to do their due diligence.
  
  That's a pretty damn big "oversight" for a company claiming to have privacy as one of their main selling points...
If you're looking for a data removal service, I can personally vouch for easyoptouts. I made a post here about it.

https://lemm.ee/post/22988838

You've viewed 35 comments.