• Mozilla has launched a paid subscription service called Mozilla Monitor Plus, which monitors and removes personal information from over 190 sites where brokers sell data.
  • The service is priced at $8.99 per month and is an extension of the free dark web monitoring service Mozilla Monitor (previously Firefox Monitor).
  • Basic Monitor members receive a free scan and one-time removal sweep, while Plus members get continual monthly data broker scans and removal attempts.

Archive link: https://archive.ph/YdY3R

      • Th3D3k0y@lemmy.world
        link
        fedilink
        English
        arrow-up
        82
        ·
        9 months ago

        How dare they try to bring this to a larger market at exactly the same price as that other company without increasing the price.

      • mightyfoolish@lemmy.world
        link
        fedilink
        English
        arrow-up
        45
        ·
        9 months ago

        They really need a way to gain money independently from Google. Reselling an interesting looking service is better than only Google.

  • Rodeo@lemmy.ca
    link
    fedilink
    English
    arrow-up
    81
    arrow-down
    26
    ·
    edit-2
    9 months ago

    How can they know it’s your data without first collecting your data to compare it?

    “Give us your personal information so we can ask others to delete your personal information” just doesn’t sound like a trustworthy offer.

    • Steve@communick.news
      link
      fedilink
      English
      arrow-up
      109
      ·
      edit-2
      9 months ago

      I can also see the irony. But I can’t imagine another way to do it at any scale. Do you know of another option?

      • Static_Rocket@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        19
        ·
        edit-2
        9 months ago

        Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?

        Edit: You goofs know you can calculate the hash locally and submit it for review without actually exposing your password to them right? That’s how bitwarden does it’s check. https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity

        Ah, but Mozilla isn’t even trying to do anything cool like that. They just use onereap and those fuckers look shady. Quotes from their privacy policy: https://onerep.com/privacy-policy#what-data-we-collect-and-how-we-do-that

        We use your Personal Information for a number of purposes, which may include the following:

        [snip]

        • To display advertisements to you.
        • To manage our Affiliate marketing program.

        There will be times when we may need to disclose your Personal Information to third parties. We may disclose your Personal Information to:

        [snip]

        • Third-party service providers and partners who assist us in the provision of the Services and Website, for example, (a) those who support delivery of or provide certain features in connection with the Services and Website (e.g. Stripe, a payment services provider; Sendgrid, an email delivery service; HubSpot, a CRM platform, and Sentry, a crash reporting platform); (b) providers of analytics and measurement services (e.g. Google Analytics, ProfitWell etc.); © providers of technical infrastructure services (e.g. Microsoft Azure, Google Cloud, and Amazon AWS); (d) providers of customer support services (e.g. Zendesk); (e) those who facilitate conduct of surveys (e.g. Hotjar); (f) those who help to advertise, market or promote our Services and Website (e.g. Mautic, Facebook Ads, Google Ads, Linkedin Ads, Reddit Ads, and Microsoft Ads);

        The bastards

        • Bitrot@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          61
          arrow-down
          1
          ·
          edit-2
          9 months ago

          No. If your name is Dave Jones they have to look around those broker sites for Dave Jones. If those sites were using hashes then they could use hashes too.

          This is no different than any credit or identity monitoring service. The need to give them basic information should be obvious, people have to decide if the company is trustworthy or not.

          • Peer@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            5
            ·
            9 months ago

            They could just look for names, then hash those names and compare them to your hashed name. So technically that don’t need to store your data, just hashes.

            • Lmaydev@programming.dev
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              edit-2
              9 months ago

              I’m all for privacy but worrying about giving one of the most trustworthy companies around your name seems a bit much.

              You’d also have to give them your card details to pay for it.

              This would also require searching and indexing the entire system as opposed to searching it.

        • Steve@communick.news
          link
          fedilink
          English
          arrow-up
          23
          arrow-down
          1
          ·
          9 months ago

          The front page there is literally: “Give us your email, so we can find leaks of your email.” It’s exactly the same thing.

            • Nyfure@kbin.social
              link
              fedilink
              arrow-up
              14
              arrow-down
              1
              ·
              9 months ago

              To be fair, you can check the code they run or just use the API.
              The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.

              • claudiop@lemmy.world
                link
                fedilink
                English
                arrow-up
                9
                ·
                9 months ago

                Y’know that you can see the requests your browser makes, right? Mind putting in here a screenshot of HIBP uploading your password or any complete hash of it?

                Failing to provide that grants you the “talking shit out of ya ass” award.

        • admiralteal@kbin.social
          link
          fedilink
          arrow-up
          14
          arrow-down
          1
          ·
          9 months ago

          No, because you are asking the data broker to do something with your data that they possess. It is not possible for them to delete your data without knowing which are your data.

          The only alternative is fully banning this kind of data collection. Which would be nice, but isn’t happening anytime soon.

    • TrickDacy@lemmy.world
      link
      fedilink
      English
      arrow-up
      40
      arrow-down
      4
      ·
      9 months ago

      Unless you trust Mozilla. I’m unaware of another organization that is more trustworthy, despite the haters mad that CEOs make money.

      • LWD@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        4
        ·
        9 months ago

        The CEO is making an inordinate amount of money. $6.9 million is excessive.

        You can argue that Mozilla should be held to the same low standard as every other corporation, but if you do that, you have to take into account that the Mozilla CEO got a huge pay raise in a year where other CEOs got less money.

        • Telodzrum@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          13
          ·
          9 months ago

          $6.9MM is a perfectly reasonable compensation package for a $500MM organization and is probably low to attract a significant number of quality candidates.

          • idefix@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            12
            arrow-down
            2
            ·
            9 months ago

            Just no. My CEO runs a much larger organisation than Mozilla corp and her salary is 1m€ per year (public information), and that’s perfectly adequate.

              • orgrinrt@lemmy.world
                link
                fedilink
                English
                arrow-up
                8
                ·
                9 months ago

                Yeah I don’t think we should so directly equate quality of an expert with quantity of money.

              • LWD@lemm.ee
                link
                fedilink
                English
                arrow-up
                5
                ·
                9 months ago

                A $2 million raise just made the CEO worse at running Mozilla. Honestly, if you think the company should hemorrhage money that rapidly, who’s the one that hates it?

    • Neato@ttrpg.network
      link
      fedilink
      English
      arrow-up
      35
      ·
      9 months ago

      Likely you must provide Mozilla with basic identifying data like name and birth date. Which isn’t all that radical since you’re giving them quite a bit more by paying them.

    • AeonFelis@lemmy.world
      link
      fedilink
      English
      arrow-up
      33
      arrow-down
      1
      ·
      9 months ago

      It’s better when it’s in their hands, because:

      1. It’s Mozilla - one of the more trusty organizations out there.
      2. They don’t get your information in some sneaky way from some source that was never supposed to be available to them.
      3. You know exactly how they make money from your data.
    • Defaced@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      9 months ago

      It’s ironic yeah, but if trust is the only way to implement something like this, then Mozilla is probably the one company I would trust considering they’re a non-profit org.

    • JustUseMint@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      9 months ago

      There isn’t a better company to do this than mozzila. I mean there literally are but in practice this is a good thing

    • /home/pineapplelover@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      The way I see it, if you’re asking for data removal, it’s because your identity is public online already, the company has nothing else to gain maybe other than the payment information and you can get a new card if they just happened to be untrustworthy.

  • subignition@kbin.social
    link
    fedilink
    arrow-up
    49
    arrow-down
    1
    ·
    9 months ago

    There are already plenty of companies that sell managed data removal like this, Mozilla claims to be doing it better and perhaps they are incrementally more trustworthy than the smaller no name ones

        • TheIllustrativeMan@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          I think it was only 3 when I first signed up, so that’s an improvement. They probably hit the ones most likely to honor takedown requests, but yeah 190 sites is more than 10. $9 is more than $0 too though, so it’s a balance.

          I wonder how many sites like this actually exist. Probably over a thousand would be my guess.

  • jqubed@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    1
    ·
    9 months ago

    If I’m reading this correctly, are they basically just reselling the Onerep service ($14.95/monthly or $99.96/annually) for $8.99/month?

    • LWD@lemm.ee
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      9 months ago

      They’re reselling it for $13.99/monthly or $107.88/annually.

      So it’s cheaper if you buy it for just one month at a time, but more expensive for the annual subscription… And there are other alternatives besides.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    18
    ·
    9 months ago

    This is the best summary I could come up with:


    For $8.99 a month under its annual subscription, Mozilla says it will automatically keep a lookout for your information at over 190 sites where brokers sell information they’ve gathered from online sources like social media sites, apps, and browser trackers, and when your info is found, it will automatically try to get it removed.

    Mozilla Monitor product manager Tony Cinotto told The Verge in an email that Mozilla partners with a company called Onerep to perform these scans and subsequent takedown requests.

    Mozilla will keep trying, he added, but will also give Plus members instructions for attempting removal themselves.

    Basic Monitor members will get a free scan and one-time removal sweep, plus continual monthly data broker scans afterward, Mozilla says.

    Mozilla says its data broker scans can find details online like your name and current and previous home addresses but adds that it could go as deep as criminal history, hobbies, or your kids school district.

    Services like this are fairly common, but they’re not all that well known to most people and searching for them is as likely to turn up sketchy scam sites as it is legitimate service providers like, for instance, DeleteMe.


    The original article contains 325 words, the summary contains 195 words. Saved 40%. I’m a bot and I’m open source!

  • ares35@kbin.social
    link
    fedilink
    arrow-up
    17
    arrow-down
    3
    ·
    9 months ago

    services like this rely upon the data harvesters and brokers to honor removal requests. honest ones would. but there’s tons of them that aren’t legit, so it’s like using a straw to empty lake superior.

    • ohlaph@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      Exactly. I trust Mozilla, but I absolutely do not trust the broker sites to actually honor a request to remove data.

    • thehatfox@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Even for the “honest” data collectors I’m sceptical any of these services really work. Privacy and data protection laws are weak in many places, and even the countries that have enacted better legislation in this regard often have fairly toothless enforcement. Data is the new oil and is far too valuable for companies to want to part with. There seems little real incentive for companies to truthfully cooperate with these schemes.

      • TheDarkKnight@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        9 months ago

        We need chain of custody data laws. If FB sells your data they’re responsible for keeping a chain of custody as to who they sold it to and requests for removal need to follow that chain down with regular audits and stiff fines for noncompliance.

  • OscarRobin@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    9 months ago

    If they added automatic online account collation and mass deletion I’d pay them $100 on the spot to wipe the hundreds of random accounts I have on sites/services I never use and often have never used.

  • foggy@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    59
    ·
    edit-2
    9 months ago

    I got downvoted to hell for saying it before, but what Ubuntu and Firefox are up to together is kinda what Microsoft went to court over Internet Explorer for in the 90s.

    Firefox is my go-to today, but I’m watching them closely.

    Edit: typical fanboy downvotes. The writing is on the wall. Mark my words y’all. In 2035 you’ll be saying “get off Firefox” like you’re currently saying “get off chrome”. I’ve seen this song and dance before.

    Also, look at this super cool not disgusting abomination of a bug that’s not a bug. Remap my fucking root directory?

    Read on

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      English
      arrow-up
      48
      ·
      9 months ago

      what Ubuntu and Firefox are up to together is kinda what Microsoft went to court over Internet Explorer for in the 90s.

      Can you elaborate on the statement? I’m not connecting the dots.

        • Blisterexe@lemmy.zip
          link
          fedilink
          English
          arrow-up
          22
          arrow-down
          2
          ·
          9 months ago

          No, they’re talking about how Ubuntu doesn’t let you uninstall Firefox, and constantly push ads for it down your throat, and how Ubuntu always opens web search results in Firefox regardless of your default browser, and how… Oh wait

          • stembolts@programming.dev
            link
            fedilink
            English
            arrow-up
            13
            arrow-down
            4
            ·
            edit-2
            9 months ago

            So you don’t know how to uninstall Firefox on Ubuntu?

            Where do these “Ubuntu ads” display in the operating system? Are you talking about the software browser? An application used to get software suggestions is suggesting software? Or something more nefarious?

            To me, your post just says, “I haven’t used Linux much,” because I’ve never encountered any of these problems… but I’m always open to being wrong.

            Edit : Just wanted to add that I now see that I missed a joke. I appreciate the helpful replies!

            • TheGrandNagus@lemmy.world
              link
              fedilink
              English
              arrow-up
              33
              ·
              edit-2
              9 months ago

              They’re being satirical.

              They’re saying Ubuntu does those things then ending it with “oh wait… [they don’t! That’s what Microsoft does!]”

              • Blisterexe@lemmy.zip
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                9 months ago

                I thought the fact that Ubuntu does none of those things, and the “oh, wait…” Made it clear enough, I’ll add a /s next time though

    • agent_flounder@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      9 months ago

      super cool not disgusting abomination of a bug that’s not a bug. Remap my fucking root directory?

      I am not convinced that’s what’s going on. It looks more like some weird thing snap does to make hunspell available to snap Firefox.

      Have you seen this behavior on your own Ubuntu install? In other words, can you reproduce the described scenario?

      • foggy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        9
        ·
        9 months ago

        Yes. I literally have a cron job to unmount and rename my root directory to / that runs every 12 hours.

        • agent_flounder@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          9 months ago

          That makes no sense. The bug listed shows the same device mounted to / and that spelling for in /var or whatever. And your system wouldn’t operate if / didn’t exist. I’m almost curious enough to go set up a VM to try to see what’s happening.

          • foggy@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            2
            ·
            edit-2
            9 months ago

            My working solution is literally running a Cron .sh which is

            sudo umount /var/snap/Firefox/common/host-hunspell 2>/dev/null
            
            Sudo snap disconnect Firefox:host-hunspell 2>/dev/null
            
            

            If Firefox updates via snap, it will change back to bullshit. Is the case in every 22.04 VM I have on my machine as well. This script effectively gives me “/” back, and unfucks the rest of my machine.

            It is a reason for me looking to leave Ubuntu after 12 years dedicated. Just because it makes no sense doesn’t mean it isn’t happening.

        • Derp@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          9 months ago

          And how does that work? How do you unmount the root directory of a live system and invoke a script?

          • foggy@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            4
            ·
            edit-2
            9 months ago
            
            sudo umount /var/snap/Firefox/common/host-hunspell 2>/dev/null
            
            Sudo snap disconnect Firefox:host-hunspell 2>/dev/null
            
            

            Like that?

            It’s not unmounting my root directory it’s unmounting what Firefox mounted on my root directory.

            • murderisbad@lemm.ee
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              9 months ago

              You are misinterpreting the information here. Neither Firefox nor Ubuntu are doing anything to your root directory. The behavior described and what you are undoing is that your storage device is being made available at two locations: both at / and at the hunspell path.

              • foggy@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                3
                ·
                edit-2
                9 months ago

                lsblk outputs that my NVMe0n1p1 is mounted at /var/snap/Firefox/common/host-hunspell.

                This drive and partition is where my root is.

                • patatahooligan@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  9 months ago

                  lsblk is just lacking a lot of information and creating a false impression of what is happening. I did a bind mount to try it out.

                  sudo mount -o ro --bind /var/log /mnt
                  

                  This mounts /var/log to /mnt without making any other changes. My root partition is still mounted at / and fully functional. However, all that lsblk shows under MOUNTPOINTS is /mnt. There is no indication that it’s just /var/log that is mounted and not the entire root partition. There is also no mention at all of /. findmnt shows this correctly. Omitting all irrelevant info, I get:

                  TARGET                                                SOURCE                 [...]
                  /                                                     /dev/dm-0              [...]
                  [...]
                  └─/mnt                                                /dev/dm-0[/var/log]    [...]
                  

                  Here you can see that the same device is used for both mountpoints and that it’s just /var/log that is mounted at /mnt.

                  Snap is probably doing something similar. It is mounting a specific directory into the directory of the firefox snap. It is not using your entire root partition and it’s not doing something that would break the / mountpoint. This by itself should cause no issues at all. You can see in the issue you linked as well that the fix to their boot issue was something completely irrelevant.