228

submitted 1 year ago* (last edited 1 year ago) by Daughter3546@lemmy.world to c/privacy@lemmy.ml

32 comments fedilink hide all child comments

Onerep is a privacy monitoring service/ privacy provider that Mozilla partnered with for their Mozilla Monitor service.

Yesterday, Brian Krebs (a cybersecurity journalist) dug into Onerep and found that the CEO is a shady Belarussian. Dimitri Shelest, CEO, of Onerep owns multiple “people searching” websites. Shelest has also been linked to aggressive spam and affiliate marketing emails.

Onerep’s reputation is shady due to their CEO’s multiple conflicts of interest. At worst, Onerep is sucking your personal information. At best, you’re paying for a service that doesn’t do anything. Either way, I would not trust Mozilla Monitor service .

This is a copy and paste from a post I made to firefox@lemmy.ml. I do not no know how to crosspost and I apologise for my mistake a head of time.

all 41 comments

sorted by: hot top controversial new old

[-] suppenloeffel@feddit.de 94 points 1 year ago* (last edited 1 year ago)

Yikes. This has the potential to seriously damage the reputation of Mozilla. I guess there are 3 possibilities:

Onerep isn't actually shady, but partnering with a company part of a conglomerate with companies directly opposing the stated goal isn't a good look either way
Onerep is shady and Mozilla failed to conduct the necessary research before partnering with them
Onerep is shady and Mozilla knew

In any case: Personally, I'll never not be grateful towards Mozilla for continuing to support and develop Firefox, which is quite literally the only relevant engine standing against the monopoly of chromium and all the bad that entails. But I trust other companies/initiatives/projects more when it comes to services other than the browser engine.

[-] DangerousInternet@lemmy.world -1 points 1 year ago

I guess they did not knew about it, but only because they just do not give a shit about privacy, only claim they are privacy oriented.

[-] fl42v@lemmy.ml 38 points 1 year ago* (last edited 1 year ago)

~~Here's the link, if anyone's interested: https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-company-onerep-com-founded-dozens-of-people-search-firms/~~

[-] Daughter3546@lemmy.world 9 points 1 year ago* (last edited 1 year ago)

Apologies! The links must not have copied over from my post on firefox@lemmy.ml! I'll update the post with the correct links.

Edit: I updated the original post with the correct links.

[-] Gork@lemm.ee 0 points 1 year ago

It appears Mr. Shelest sought to reinvent his online identity in 2015 by adding a “2” to his email address. A search on the Belarus phone number tied to Nuwber.com shows up in the domain records for askmachine.org, and DomainTools says this domain is tied to both dmitrcox@gmail.com and dmitrcox2@gmail.com.

"Drats! They found out! My plans are foiled again!"

[-] LWD@lemm.ee 1 points 1 year ago* (last edited 2 weeks ago)

deleted by creator

[+] LWD@lemm.ee 25 points 1 year ago* (last edited 2 weeks ago)

[deleted]

[-] Daughter3546@lemmy.world 29 points 1 year ago* (last edited 1 year ago)

I really love Firefox, but I dislike some of the initiatives the for-profit arm, Mozilla Corporation, is taking. This is another head scratcher moments for me. I want my browser to be just a browser. I don't want Pocket, Google Search, nor any other nonsense.

I get that they are subsiding the development costs of Firefox, but surely, there must be other avenues to generate revenue. It is really hypocritical of Mozilla when they market Firefox as a privacy focused alternative to Chrome/Edge/Safari and then bundle ads and sponsored nonsense.

[+] LWD@lemm.ee 28 points 1 year ago* (last edited 2 weeks ago)

[deleted]

[-] sugar_in_your_tea@sh.itjust.works 13 points 1 year ago

Agreed. They have so many options for privacy-respecting value adds, but they often fall short. For example, their VPN:

was a rebranded Mullvad (fine) with fewer features (lame)
no integration with Firefox (missed opportunity)
eventually integrated it with Container Tabs, but it's still not advertised on their landing page

They picked a good vendor, but they missed so many opportunities to really make it a standout feature.

And there's more they could do like that:

private, local only ads with revenue share with sites
create a Mozilla payment network using GNU Taler or similar; you'd pay Mozilla to get credits (potentially with crypto if you don't trust Mozilla with payment info), and sites would opt in to accept those credits, and the user remains anonymous
integrate with popular password management service like Bitwarden - have it work seamlessly with their other offerings

There's plenty more ideas like that as well. However, I don't trust Mozilla to actually follow through with any of them since they've dropped the ball every other time.

[+] LWD@lemm.ee 7 points 1 year ago* (last edited 2 weeks ago)

[deleted]

[-] sugar_in_your_tea@sh.itjust.works 4 points 1 year ago

I really want those features to be modular

Oh absolutely, and that's a huge part of why I don't really trust Mozilla to handle it properly.

Brave

That's because Brave didn't deliver on its promise. It said it would pay content creators, but it didn't. It should absolutely be opt-in for both parties (user and site).

So until there's an ethical way to handle advertising, I'll keep my ad-blocker.

[-] Daughter3546@lemmy.world 8 points 1 year ago

You couldn't have said it better. If money and revenue is an issue, then why keep chasing the next shiny thing.

Just last month, they had a press release announcing they'll incorporate AI into their product suite. In my opinion, the release was just a buzzword laden nonsense. I just don't see the why other than to keep themselves relevant.

[-] JCreazy@midwest.social 9 points 1 year ago

Fakespot is so inaccurate that I stopped using it.

[-] utopiah@lemmy.ml 22 points 1 year ago

At least they are very clear about what data is at risk here, namely "OneRep receives your

first and last name,
email address,
phone number,
physical address and
date of birth

in order to scan data broker sites to find your personal data and request its removal." cf https://www.mozilla.org/en-US/privacy/subscription-services/

It's indeed not a good look anyway to be partnering (without doing much that sharing your brand, and thus trust invested in you) with somebody apparently solving the problem... they themselves help fuel.

[-] FeelzGoodMan420@eviltoast.org 8 points 1 year ago

Is this a shitpost? I'm confused as to how they'd verify if your accounts are compromised without knowing your basic info.

[-] sugar_in_your_tea@sh.itjust.works 8 points 1 year ago

That's not the problem, the problem is whether we can actually trust Mozilla Monitor to not sell the same data you're trying to scrub.

[-] FeelzGoodMan420@eviltoast.org 4 points 1 year ago

Fair enough. I completely agree that the feature creep is concerning and aggravating. I think it comes down to them trying to grow adoption of the browser and services. Mozilla has like a 1% market share. I'll still use it over chrome or edge. At least we can disable all the bullshit in about:config or just not sign up for the extra services.

[-] Scolding0513@sh.itjust.works 2 points 1 year ago

This reminds me of that one virus where you put your Credit Card info into the shady website to check that "your card is not in any hacker database" lmao

[-] TheAnonymouseJoker@lemmy.ml 21 points 1 year ago* (last edited 1 year ago)

[removed by mod]

[-] jjlinux@lemmy.ml 8 points 1 year ago* (last edited 1 year ago)

While I agree that the comment by the OP may be construed as Xenophobic, can we agree that it could also just be a part of the information with no ill intent? Based on that, would it be too hard to ask the OP to please edit it out instead of just delivering that as an order? I didn't think about the potential of seeing that comment as xenophobic until you mentioned it, and realize more people could find it distasteful, but there's no need to deliver the message in the form of a command.

[-] TheAnonymouseJoker@lemmy.ml 0 points 1 year ago* (last edited 1 year ago)

[removed by mod]

[-] jjlinux@lemmy.ml 5 points 1 year ago* (last edited 1 year ago)

I'm not going to downvote your comment, because I strongly believe that we're all entitled to our own opinion.

Now, according to the Merriam-Webster dictionary, xenophobia is defined as "fear and hatred of strangers or foreigners or of anything that is strange or foreign". Nowhere does the OP display fear or hatred of any type of group, race, religion, nationality or anything else. The thread is about a CEO that is known for having a horrible track record with the privacy of the data his companies collect.

Mentioning a nationality alone is not xenophobia.

Additionally, whether you are a moderator or just a regular user, it does not justify talking to anyone in the way you do.

It is highly likely that the OP has not complied or replied precisely because of the way you chose to word your comment. If it was me, I would have probably removed the nationality from the post, and would not have replied to you, but we're all different.

A moderator moderates. To moderate is to lessen the intensity or extremeness of.

While I respect the tasks moderators do, because they take the time to maintain toxicity away as much as humanly possible, which is not an easy task, being a moderator does not give anyone the right to treat others with disrespect, regardless of the situation.

Now, I have no idea of the extent of a moderator's power in Lemmy instances, but if you kick me out, ban me, or whatever, know that I dont really mind. My reason for being here is wanting to interact with others on productive and respectful conversations, but by no means would that affect me in any significant way. I'm not challenging you, but this is one of the reasons I removed Reddit from my life. Too many moderators with low to no tolerance towards anything they thought was against their rules and acting like dictators.

[-] beefbot@lemmy.blahaj.zone 5 points 1 year ago

Sorry to pile on but since we’re already splitting hairs: it’s the phrasing that pushes it over into xenophobia. A better way might be for example “the CEO is shady. A Belorussian, [name] is…”. But combined in the same noun phrase - “a shady X” - puts it past whatever fine line we’re debating

[-] jjlinux@lemmy.ml 0 points 1 year ago* (last edited 1 year ago)

Oh, I fully agree that the OP could have certainly phrase that better. As I mentioned in my first comment, the way it was phrased can give way to understanding it as a xenophobic comment. My issue is not with the interpretation of the OPs post, but with the way this mod chose to address it. He apparently expects EVERYONE else to be careful how they word their ideas, but that rules applies to everyone but himself. The moment he mentioned "xenophobic", I realized that this was easily interpreted as such, and the way you suggest it could have been phrased does allow to disregard that possibility. Another way the OP could have said it is: "Dimitri Shelest, a Belorussian with a shady record" or any other way to avoid a potential misinterpretation of his/her comment, and like the moderator, I also believe that everyone would be better served if the OP just modifies it. I still think that, when voicing thoughts and opinions, more than the content itself, it's all in the delivery.

[-] rdyoung@lemmy.world 11 points 1 year ago

If anyone reading this has an account with discover, they offer a similar service for free. If you don't have a discover account, create one.

[-] lemmyreader@lemmy.ml 11 points 1 year ago

The krebsonsecurity.com page had an update where Mozilla is quoted :

Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor service that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.

“The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”

In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.

“We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”

[-] Tangent5280@lemmy.world 10 points 1 year ago

It's like a twisted mustache twirling disney villanesque version of data leak conspiracies. Only way I can think of for this to be funnier is if it turns out the dude also had a prominent position in some secret police state agency.

[-] Daughter3546@lemmy.world 10 points 1 year ago* (last edited 1 year ago)

It does sound like a conspiracy and I am advocating to wait until Mozilla addresses the concern. In my opinion, it's likely an oversight and failure to do their due diligence.

[-] sanpo@sopuli.xyz 11 points 1 year ago

That's a pretty damn big "oversight" for a company claiming to have privacy as one of their main selling points...

[-] Tangent5280@lemmy.world 7 points 1 year ago

Maybe they're so good at erasing online data that when they got to choosing a CEO, they couldn't find any info on this dude being shady online.

[-] Daughter3546@lemmy.world 1 points 1 year ago

I agree and I am going to give them benefit of doubt until they issue a statement or address it.

[-] pineapplelover@lemm.ee 6 points 1 year ago

If you're looking for a data removal service, I can personally vouch for easyoptouts. I made a post here about it.

https://lemm.ee/post/22988838

this post was submitted on 15 Mar 2024

228 points (95.2% liked)

Privacy

39645 readers

182 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS