• Mozilla has launched a paid subscription service called Mozilla Monitor Plus, which monitors and removes personal information from over 190 sites where brokers sell data.
  • The service is priced at $8.99 per month and is an extension of the free dark web monitoring service Mozilla Monitor (previously Firefox Monitor).
  • Basic Monitor members receive a free scan and one-time removal sweep, while Plus members get continual monthly data broker scans and removal attempts.

Archive link: https://archive.ph/YdY3R

  • @Rodeo@lemmy.ca
    link
    fedilink
    English
    56
    edit-2
    11 months ago

    How can they know it’s your data without first collecting your data to compare it?

    “Give us your personal information so we can ask others to delete your personal information” just doesn’t sound like a trustworthy offer.

    • @Steve@communick.news
      link
      fedilink
      English
      110
      edit-2
      11 months ago

      I can also see the irony. But I can’t imagine another way to do it at any scale. Do you know of another option?

      • @Static_Rocket@lemmy.world
        link
        fedilink
        English
        -8
        edit-2
        11 months ago

        Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?

        Edit: You goofs know you can calculate the hash locally and submit it for review without actually exposing your password to them right? That’s how bitwarden does it’s check. https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity

        Ah, but Mozilla isn’t even trying to do anything cool like that. They just use onereap and those fuckers look shady. Quotes from their privacy policy: https://onerep.com/privacy-policy#what-data-we-collect-and-how-we-do-that

        We use your Personal Information for a number of purposes, which may include the following:

        [snip]

        • To display advertisements to you.
        • To manage our Affiliate marketing program.

        There will be times when we may need to disclose your Personal Information to third parties. We may disclose your Personal Information to:

        [snip]

        • Third-party service providers and partners who assist us in the provision of the Services and Website, for example, (a) those who support delivery of or provide certain features in connection with the Services and Website (e.g. Stripe, a payment services provider; Sendgrid, an email delivery service; HubSpot, a CRM platform, and Sentry, a crash reporting platform); (b) providers of analytics and measurement services (e.g. Google Analytics, ProfitWell etc.); © providers of technical infrastructure services (e.g. Microsoft Azure, Google Cloud, and Amazon AWS); (d) providers of customer support services (e.g. Zendesk); (e) those who facilitate conduct of surveys (e.g. Hotjar); (f) those who help to advertise, market or promote our Services and Website (e.g. Mautic, Facebook Ads, Google Ads, Linkedin Ads, Reddit Ads, and Microsoft Ads);

        The bastards

        • @Bitrot@lemmy.sdf.org
          link
          fedilink
          English
          61
          edit-2
          11 months ago

          No. If your name is Dave Jones they have to look around those broker sites for Dave Jones. If those sites were using hashes then they could use hashes too.

          This is no different than any credit or identity monitoring service. The need to give them basic information should be obvious, people have to decide if the company is trustworthy or not.

          • @Peer@discuss.tchncs.de
            link
            fedilink
            English
            -211 months ago

            They could just look for names, then hash those names and compare them to your hashed name. So technically that don’t need to store your data, just hashes.

            • @Lmaydev@programming.dev
              link
              fedilink
              English
              6
              edit-2
              11 months ago

              I’m all for privacy but worrying about giving one of the most trustworthy companies around your name seems a bit much.

              You’d also have to give them your card details to pay for it.

              This would also require searching and indexing the entire system as opposed to searching it.

        • @Steve@communick.news
          link
          fedilink
          English
          2211 months ago

          The front page there is literally: “Give us your email, so we can find leaks of your email.” It’s exactly the same thing.

            • Nyfure
              link
              fedilink
              1311 months ago

              To be fair, you can check the code they run or just use the API.
              The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.

              • @claudiop@lemmy.world
                link
                fedilink
                English
                911 months ago

                Y’know that you can see the requests your browser makes, right? Mind putting in here a screenshot of HIBP uploading your password or any complete hash of it?

                Failing to provide that grants you the “talking shit out of ya ass” award.

        • admiralteal
          link
          fedilink
          1411 months ago

          No, because you are asking the data broker to do something with your data that they possess. It is not possible for them to delete your data without knowing which are your data.

          The only alternative is fully banning this kind of data collection. Which would be nice, but isn’t happening anytime soon.

    • @TrickDacy@lemmy.world
      link
      fedilink
      English
      3611 months ago

      Unless you trust Mozilla. I’m unaware of another organization that is more trustworthy, despite the haters mad that CEOs make money.

      • @LWD@lemm.ee
        link
        fedilink
        English
        811 months ago

        The CEO is making an inordinate amount of money. $6.9 million is excessive.

        You can argue that Mozilla should be held to the same low standard as every other corporation, but if you do that, you have to take into account that the Mozilla CEO got a huge pay raise in a year where other CEOs got less money.

        • @Telodzrum@lemmy.world
          link
          fedilink
          English
          -1111 months ago

          $6.9MM is a perfectly reasonable compensation package for a $500MM organization and is probably low to attract a significant number of quality candidates.

          • @idefix@sh.itjust.works
            link
            fedilink
            English
            1011 months ago

            Just no. My CEO runs a much larger organisation than Mozilla corp and her salary is 1m€ per year (public information), and that’s perfectly adequate.

              • @LWD@lemm.ee
                link
                fedilink
                English
                511 months ago

                A $2 million raise just made the CEO worse at running Mozilla. Honestly, if you think the company should hemorrhage money that rapidly, who’s the one that hates it?

    • Neato
      link
      fedilink
      English
      3511 months ago

      Likely you must provide Mozilla with basic identifying data like name and birth date. Which isn’t all that radical since you’re giving them quite a bit more by paying them.

    • @AeonFelis@lemmy.world
      link
      fedilink
      English
      3211 months ago

      It’s better when it’s in their hands, because:

      1. It’s Mozilla - one of the more trusty organizations out there.
      2. They don’t get your information in some sneaky way from some source that was never supposed to be available to them.
      3. You know exactly how they make money from your data.
    • @Defaced@lemmy.world
      link
      fedilink
      English
      2111 months ago

      It’s ironic yeah, but if trust is the only way to implement something like this, then Mozilla is probably the one company I would trust considering they’re a non-profit org.

    • @JustUseMint@lemmy.world
      link
      fedilink
      English
      1211 months ago

      There isn’t a better company to do this than mozzila. I mean there literally are but in practice this is a good thing

    • /home/pineapplelover
      link
      fedilink
      English
      311 months ago

      The way I see it, if you’re asking for data removal, it’s because your identity is public online already, the company has nothing else to gain maybe other than the payment information and you can get a new card if they just happened to be untrustworthy.