Onerep is a privacy monitoring service/ privacy provider that Mozilla partnered with for their Mozilla Monitor service.

Yesterday, Brian Krebs (a cybersecurity journalist) dug into Onerep and found that the CEO is a shady Belarussian. Dimitri Shelest, CEO, of Onerep owns multiple “people searching” websites. Shelest has also been linked to aggressive spam and affiliate marketing emails.

Onerep’s reputation is shady due to their CEO’s multiple conflicts of interest. At worst, Onerep is sucking your personal information. At best, you’re paying for a service that doesn’t do anything. Either way, I would not trust Mozilla Monitor service .

This is a copy and paste from a post I made to [email protected]. I do not no know how to crosspost and I apologise for my mistake a head of time.

  • @[email protected]
    link
    fedilink
    94
    edit-2
    8 months ago

    Yikes. This has the potential to seriously damage the reputation of Mozilla. I guess there are 3 possibilities:

    • Onerep isn’t actually shady, but partnering with a company part of a conglomerate with companies directly opposing the stated goal isn’t a good look either way
    • Onerep is shady and Mozilla failed to conduct the necessary research before partnering with them
    • Onerep is shady and Mozilla knew

    In any case: Personally, I’ll never not be grateful towards Mozilla for continuing to support and develop Firefox, which is quite literally the only relevant engine standing against the monopoly of chromium and all the bad that entails. But I trust other companies/initiatives/projects more when it comes to services other than the browser engine.

    • @DangerousInternet
      link
      -18 months ago

      I guess they did not knew about it, but only because they just do not give a shit about privacy, only claim they are privacy oriented.

    • @Daughter3546OP
      link
      9
      edit-2
      8 months ago

      Apologies! The links must not have copied over from my post on [email protected]! I’ll update the post with the correct links.

      Edit: I updated the original post with the correct links.

    • @solrize
      link
      -88 months ago

      What does this have to do with Mozilla?

      • @Daughter3546OP
        link
        29
        edit-2
        8 months ago

        Mozilla partnered with Onerep (the company investigated by Brian Krebs) for their privacy monitoring service. The CEO of Onerep is linked to numerous “people lookup” websites.

  • @[email protected]
    link
    fedilink
    26
    edit-2
    8 months ago

    At best, OneRep is sucking your data through Mozilla.

    This isn’t even the worst thing Mozilla has done recently: they also

    • Bought an “AI” shopping company with a trove of private data
    • Promise they will sell the data to advertisers
    • Integrated this into Firefox:

    FakeSpot collects your browsing and search history

    More info

    • @Daughter3546OP
      link
      28
      edit-2
      8 months ago

      I really love Firefox, but I dislike some of the initiatives the for-profit arm, Mozilla Corporation, is taking. This is another head scratcher moments for me. I want my browser to be just a browser. I don’t want Pocket, Google Search, nor any other nonsense.

      I get that they are subsiding the development costs of Firefox, but surely, there must be other avenues to generate revenue. It is really hypocritical of Mozilla when they market Firefox as a privacy focused alternative to Chrome/Edge/Safari and then bundle ads and sponsored nonsense.

        • @[email protected]
          link
          fedilink
          138 months ago

          Agreed. They have so many options for privacy-respecting value adds, but they often fall short. For example, their VPN:

          They picked a good vendor, but they missed so many opportunities to really make it a standout feature.

          And there’s more they could do like that:

          • private, local only ads with revenue share with sites
          • create a Mozilla payment network using GNU Taler or similar; you’d pay Mozilla to get credits (potentially with crypto if you don’t trust Mozilla with payment info), and sites would opt in to accept those credits, and the user remains anonymous
          • integrate with popular password management service like Bitwarden - have it work seamlessly with their other offerings

          There’s plenty more ideas like that as well. However, I don’t trust Mozilla to actually follow through with any of them since they’ve dropped the ball every other time.

          • @[email protected]
            link
            fedilink
            78 months ago

            I really, really like the idea of paying content creators some amount of a monthly budget based on site views.

            My only critique of your really thoughtful comment is: I really want those features to be modular. Every time Mozilla drops an extension like Pocket and integrates it directly into the browser, it seems to upset two groups of people:

            • People who don’t want the extension, who are now forced to tolerate or remove it
            • People who do want the extension, who tend to be disappointed with the way the integration is accomplished.

            I can guarantee after watching Brave do their crap that people generally don’t want a browser installing an ad network or a VPN without their consent, especially when the browser is already considered pretty big like Firefox. Chrome might suck, but it’s practically a minimalist browser compared to Firefox… If not in function, then at least in presentation.

            • @[email protected]
              link
              fedilink
              48 months ago

              I really want those features to be modular

              Oh absolutely, and that’s a huge part of why I don’t really trust Mozilla to handle it properly.

              Brave

              That’s because Brave didn’t deliver on its promise. It said it would pay content creators, but it didn’t. It should absolutely be opt-in for both parties (user and site).

              So until there’s an ethical way to handle advertising, I’ll keep my ad-blocker.

              • @[email protected]
                link
                fedilink
                28 months ago

                There’s an interesting conversation to be had about that. Personally, due to its for-profit beginnings, I don’t think Brave would have done a good job even if they had followed through on their promises. For example, cryptocurrency has its own issues, and there are ethical problems with replacing a website owner’s chosen source of income with reliance on a different, proprietary one.

                Mozilla would have to advance much further with Firefox and everything else before any of that is worthy of discussion, unfortunately.

                • @[email protected]
                  link
                  fedilink
                  28 months ago

                  cryptocurrency has its own issues

                  I disagree, but it’s irrelevant to this discussion. The goal is micro-payments to content creators in-lieu of advertisements and/or profit sharing for advertisements. That could use cryptocurrency, or it could use traditional bank transactions.

                  And yeah, I agree that there are ethical issues here, which is why Mozilla shouldn’t put their own ads on a page w/o the content creator opting in. That’s where Brave went wrong, and where I hope Mozilla could get it right.

                  I think they just need a few big names to agree to it. Mozilla should implement some kind of credit system (i.e. to fund Mozilla VPN and other paid offerings), and make a way to keep track of page views in an anonymous manner and pilot it with some big-name brands (e.g. New York Times or similar). Initially, it would just be micropayments per page view in exchange for no ads, but Mozilla could add their own ads using your local search history (never shared with Mozilla or the website) in-lieu of ads supplied by the vendor.

                  There is an ethical way to do it, but Brave isn’t it and I don’t trust Mozilla to do it properly.

        • @Daughter3546OP
          link
          88 months ago

          You couldn’t have said it better. If money and revenue is an issue, then why keep chasing the next shiny thing.

          Just last month, they had a press release announcing they’ll incorporate AI into their product suite. In my opinion, the release was just a buzzword laden nonsense. I just don’t see the why other than to keep themselves relevant.

          • @[email protected]
            link
            fedilink
            8
            edit-2
            8 months ago

            I did some digging into FakeSpot’s history. I don’t have the pages handy, but they didn’t call themselves an AI company until 2022. I doubt anything changed. And at one point, they were even dabbling with NFT verification (something they’ve since purged from their site).

            Mozilla is chasing trends by… Buying other companies that are also chasing trends.

  • @[email protected]
    link
    fedilink
    228 months ago

    At least they are very clear about what data is at risk here, namely "OneRep receives your

    • first and last name,
    • email address,
    • phone number,
    • physical address and
    • date of birth

    in order to scan data broker sites to find your personal data and request its removal." cf https://www.mozilla.org/en-US/privacy/subscription-services/

    It’s indeed not a good look anyway to be partnering (without doing much that sharing your brand, and thus trust invested in you) with somebody apparently solving the problem… they themselves help fuel.

    • @[email protected]
      link
      fedilink
      English
      78 months ago

      Is this a shitpost? I’m confused as to how they’d verify if your accounts are compromised without knowing your basic info.

      • @[email protected]
        link
        fedilink
        88 months ago

        That’s not the problem, the problem is whether we can actually trust Mozilla Monitor to not sell the same data you’re trying to scrub.

        • @[email protected]
          link
          fedilink
          English
          48 months ago

          Fair enough. I completely agree that the feature creep is concerning and aggravating. I think it comes down to them trying to grow adoption of the browser and services. Mozilla has like a 1% market share. I’ll still use it over chrome or edge. At least we can disable all the bullshit in about:config or just not sign up for the extra services.

    • @[email protected]
      link
      fedilink
      28 months ago

      This reminds me of that one virus where you put your Credit Card info into the shady website to check that “your card is not in any hacker database” lmao

  • @rdyoung
    link
    118 months ago

    If anyone reading this has an account with discover, they offer a similar service for free. If you don’t have a discover account, create one.

  • lemmyreader
    link
    fedilink
    English
    118 months ago

    The krebsonsecurity.com page had an update where Mozilla is quoted :

    Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor service that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.

    “The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”

    In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.

    “We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”

  • @Tangent5280
    link
    108 months ago

    It’s like a twisted mustache twirling disney villanesque version of data leak conspiracies. Only way I can think of for this to be funnier is if it turns out the dude also had a prominent position in some secret police state agency.

    • @Daughter3546OP
      link
      10
      edit-2
      8 months ago

      It does sound like a conspiracy and I am advocating to wait until Mozilla addresses the concern. In my opinion, it’s likely an oversight and failure to do their due diligence.

      • @[email protected]
        link
        fedilink
        118 months ago

        That’s a pretty damn big “oversight” for a company claiming to have privacy as one of their main selling points…

        • @Tangent5280
          link
          78 months ago

          Maybe they’re so good at erasing online data that when they got to choosing a CEO, they couldn’t find any info on this dude being shady online.

        • @Daughter3546OP
          link
          18 months ago

          I agree and I am going to give them benefit of doubt until they issue a statement or address it.