[HN Gopher] Mozilla Monitor Plus: automatically remove your pers...
___________________________________________________________________
Mozilla Monitor Plus: automatically remove your personal info from
data brokers
Author : mikece
Score : 224 points
Date : 2024-02-06 14:37 UTC (8 hours ago)
(HTM) web link (blog.mozilla.org)
(TXT) w3m dump (blog.mozilla.org)
| causal wrote:
| I like this in theory, I don't have time to chase down every data
| broker to opt-out on my own. I'm just wondering how I can measure
| whether it's really effective or not.
|
| Anyone have experience with this kind of thing?
| Vinnl wrote:
| The data brokers that show your info will be listed, so you can
| spot check them yourself to see if they still show you. Not
| perfect, but should give you some confidence that if it says
| your data has been removed, it actually has been removed.
|
| (You can scan for brokers before upgrading to Plus for
| automatic opt-out, so you can also check beforehand that you
| _can_ see your data.)
| dylan604 wrote:
| This is always my pessimistic view of the world we live in
| today. Why in the world would they delete that data vs just
| putting it on mute/ignore/etc? The only "proof" you have is if
| you send a request to see the data they hold on you. If they
| send you an empty report because the ignore flag was set, you
| would only see an empty report. You have no evidence that the
| data was actually deleted.
| wolverine876 wrote:
| I also wonder if it stops them from collecting it. Also, what
| are the legal requirements if a customer asks their data to
| be removed?
|
| Still, I'm not giving up a plausible solution because
| potentially it's only a partial solution.
| StopTheTechies wrote:
| > Why in the world would they delete that data vs just
| putting it on mute/ignore/etc?
|
| If you're serious it's because having a fig leaf is useful to
| reduce risk in controversial business practices, especially
| if the vast majority of people don't take advantage of it.
| myself248 wrote:
| And I've never seen a single stalker-corp ("data broker")
| executive serve prison time for failing to delete data that
| they claimed was deleted.
|
| Either that has literally never happened, or there's
| inadequate auditing/enforcement, and I don't consider the
| former to be plausible.
| PascLeRasc wrote:
| That's because this is actually a data validation service for
| brokers. Most of their data is junk or incomplete, but now
| they know which pieces belong to actual people who want to
| pay money for it to be deleted.
| beyondd wrote:
| Optery customers get Removals Reports every 90 days. PCMag.com
| wrote this about the Optery Removals Report: "With the Removals
| report, you see what was found along with a new screenshot
| demonstrating that the data was removed, and a link to verify
| the removal. No other personal data removal service I've seen
| gives you this level of verification."
| Flimm wrote:
| I wanted to try this, but it seems to be restricted to only
| people in the USA. It is impossible to enter a location outside
| the USA in the sign-up form, and it's impossible to skip that
| form. Please, Mozilla, make it much clearer which countries are
| supported to avoid causing this frustration and to give people a
| reason to come back once other countries are supported.
| Vinnl wrote:
| Sorry about that. The form should only be shown for people in
| the USA, but detecting the country you're in can't be done
| perfectly. Which is a good reminder - we'll look into making
| the US-only part clearer.
|
| (I'm an engineer on Monitor.)
| isodev wrote:
| Or perhaps, just thinking out loud, you could extend support
| for the service to other countries. The EU would love you for
| this at the very least.
| mynameisvlad wrote:
| I'm sure if it was as easy as snapping their fingers,
| they'd have done it.
|
| Time is a finite resource, and a lot of these data brokers
| seem to be very geographically-specific and have their own
| ways of requesting deletion.
| cwales95 wrote:
| I'm also not clear why this is US only. There's definitely a
| market in other areas of the world. I'd be interested to know
| why it should be US only.
| JohnTHaller wrote:
| They're likely starting with the US because either their
| partner(s) for this is US only and/or it's easier to start
| with a single large market. The US is about a 50% larger
| market in terms of GDP than all EU countries combined.
| callalex wrote:
| What's wrong with simply displaying/linking to a list of
| supported countries?
| westpfelia wrote:
| Could just be in the short term they are limiting it to the USA
| and going global soon.
| donkeyd wrote:
| Same with Optery shared below. I wonder if there are any
| European/International counterparts to these services.
| pluc wrote:
| haveibeenpwned.com has been offering the same service for free
| for years.
| Liquid_Fire wrote:
| It doesn't look the same to me.
|
| haveibeenpwned will notify you if your email address was in a
| breach.
|
| The Mozilla offering seems to include the same, but also
| cover other pieces of personal data, and the ability to
| request removal from data brokers.
| pluc wrote:
| That ability is not the product they're offering though,
| that's something you can already once you identify where
| your data is. And obviously that's _if_ they have a way for
| you to do request removal and _if_ they feel like doing it
| at all which are the same constraints for Mozilla. I think
| this is all purely for convenience of having it all done
| for you (which is okay)
| Liquid_Fire wrote:
| Well, even if you consider the removal aspect of it
| useless since you could do it yourself, there is still
| value in knowing where your data is. Have I Been Pwned
| will tell you about breaches, but not about brokers
| reselling your data, and they only monitor email
| addresses.
|
| And yes, you could probably go and ask the brokers
| directly, but that is certainly a lot of time and effort,
| so paying for it might make sense, assuming you trust the
| service provider.
| beyondd wrote:
| haveibeenpwned.com provides data breach monitoring, but does
| not remove personal info from data broker sites as Optery and
| Mozilla Monitor do.
| ary wrote:
| I'm a happy, long term Optery user (not affiliated) and they take
| care of 100% of this for you. https://www.optery.com
|
| The Mozilla offering looks somewhat comparable, but I do wonder
| if they're going to beat a company which has the sole focus of
| solving this problem.
| tholtken wrote:
| Especially with a backend service provider (onerep.com) that is
| questionable at best.
| eltondegeneres wrote:
| What are the issues with Mozilla's use of onerep?
| beyondd wrote:
| One of the issues are OneRep's affiliate partnerships with
| the very data brokers you're paying them to remove you
| from: https://imgur.com/a/juSC66b
| fdgadfagfgd wrote:
| Any other issues besides that possible conflict of
| interest? Also, you're the founder of a competing
| service, right?
| tholtken wrote:
| not affiliated with Optery but agree conflict of
| interest, also misleading by onerep and at best
| deceptive. take that potential lack of trust together
| with the several reports online that onerep's us
| operation is a sham and they are really operating out of
| eastern europe and sending user data there...seems shady.
| begs the question: what does a privacy-respecting org
| like Mozilla see in onerep and how is it better than what
| other companies offer?
| wolverine876 wrote:
| They are. There's a flagged dead comment where they say
| so (I don't know if this link will work for a flagged
| dead comment):
|
| https://news.ycombinator.com/item?id=39276106
|
| beyonddd should really identify themselves as the founder
| of a competitor. Nothing wrong with posting, but pseudo-
| anonymously disparaging the competition seems very
| inappropriate.
| beyondd wrote:
| Yes - I flagged myself as an Optery founder on my first
| comment, but as you mentioned the comment was
| subsequently flagged and hidden from view. It is also
| made clear here:
| https://news.ycombinator.com/user?id=beyondd
| wolverine876 wrote:
| From my perspective, I'd put it in any comment mentioning
| Optery or criticizing competitors. People often read one
| comment; they don't read all your comments and your
| profile.
|
| It also adds some credibility: You actually know what
| you're talking about in regard to this kind of service.
| beyondd wrote:
| Yes - I flagged myself as an Optery founder on my first
| comment, but the comment was subsequently flagged and
| hidden from view
| (https://news.ycombinator.com/item?id=39276106). It is
| also made clear here:
| https://news.ycombinator.com/user?id=beyondd
| anjel wrote:
| OneRep is the service I used, briefly. I have no
| Affilliation with them except as past customer. They
| delivered as promised and the effect has been persistent
| 2+ years since the time I discontinued the subscription.
| sp0rk wrote:
| I think "partnership" seems like too strong a word for
| what appears to be the simple use of an affiliate
| program. Why would OneRep know or care about an
| individual affiliate and the content of their site, as
| long as their behavior with regards to the affiliate
| program is above-board?
| beyondd wrote:
| Affiliate programs have application processes intended to
| filter out bad actors and mis-alignment with a brand. To
| use an extreme example, a web site promoting terrorism
| would typically be rejected. Approving data brokers as
| affiliate partners for a data broker removal service is
| viewed by many as questionable. To use an another extreme
| example, how would you feel about an anti-virus software
| company that approved as affiliate partners creators and
| distributors of computer virus programs.
| haswell wrote:
| Also an unaffiliated, long term, and happy user of Optery.
|
| If nothing else, I'm glad there are more offerings showing up
| on this space because of the competition this will hopefully
| generate.
|
| Consumer Reports also has a semi-related offering called
| "Permission Slip" that is focused on opting out of data sharing
| with individual companies, e.g. Netflix, Home Depot, etc.
| megasquid wrote:
| Also a satisfied Optery user. Been using their service for the
| past year, from what I can tell, they seem to have the most
| robust solution in the space.
| Workaccount2 wrote:
| I can't help but be a bit miffed that despite ostensibly being
| a privacy service, optery is still running a bunch of third
| party scripts on their site, including google...
| HaloZero wrote:
| I'm curious, what's the point of paying for Optery per year?
| Isn't removing your data be a one time request. Except for
| supporting new brokers that might appear.
| beyondd wrote:
| Your point is spot on. Data removal services have an aspect
| where a ton of value is obtained in the first 1 - 4 months as
| the majority of profiles are wiped away, and then after that
| you're sort of in maintenance mode where the service catches
| profiles as they pop back up, or when new data brokers are
| added to the system for coverage.
|
| Optery generally has 2 types of customers:
|
| - The first type are those that care a lot about their
| privacy and the cost of an ongoing subscription is
| insignificant to them, so they keep the service running on an
| ongoing basis for the ongoing automated scans and removals
| and for getting new data brokers they get coverage for
| immediately as they are added into the system.
|
| - The second type of customer is more price conscious and is
| basically looking back and forth between their credit card
| statement and their Optery dashboard each month and then they
| either pause or cancel the subscription when they feel
| they're reached a good stopping point. Optery's pause
| subscription feature is very popular for this type of
| customer and you can use it to automatically re-start the
| service in 3, 6, 9 months, etc.
|
| - Another thing to point out is many other services only
| offer Yearly subscriptions, Optery offers Yearly or Monthly.
| If you're price conscious, the Monthly is nice because you
| can turn it on and off, or pause it as you wish.
|
| More detail on the topic of keeping Optery running on an
| ongoing basis is on the Optery Help Desk here:
|
| https://help.optery.com/en/article/why-should-i-keep-my-
| opte...
| mamidon wrote:
| Have you considered adding a 3-months-every-year option? I
| wonder if automating the second type of customer would
| provide you a lift in revenue.
| beyondd wrote:
| This is a great suggestion and we would like to add this.
| Not because it would provide any revenue lift though, but
| because it is what some Optery customers have been asking
| for, e.g. can I have a lower cost subscription that runs
| every other month, or every three months, etc.
| Technically, you can do this today by cancelling and re-
| starting a Monthly subscription at your desired cadence,
| or pausing and re-starting your subscription
| periodically, but that requires manual effort. A
| configurable cadence is definitely on our backlog though.
| anjel wrote:
| I cleared my name from the net using another service that
| charged by the month. I paid them for three months, when their
| work clearing my data from about 100+brokers was completed,
| then cancelled. 2 years later, my name and personal data still
| remain no longer to be found like it once was before the
| scrubbing.
| rayshan wrote:
| What is the service you used?
| pininja wrote:
| Anyone have experience comparing this to Incogni? I've been an
| unaffiliated user for over a year now. While many brokers have
| replied, many never seem to.
| beyondd wrote:
| Optery founder here. We did a deep dive comparison between
| Incogni and Optery (https://www.optery.com/incogni-review/).
| The biggest takeaway is Incogni, at this time, does not cover
| many of the most popular people search sites like Whitepages,
| TruePeopleSearch, Spokeo, RocketReach, ThatsThem,
| BeenVerified, TruthFinder, InstantCheckmate, and many others.
| Most Incogni reviews you'll find online are written by their
| affiliate partners.
| geor9e wrote:
| Haha wow it's actually asking me to sign over LIMITED POWER OF
| ATTORNEY. It's optional but says it's recommended. That's a
| nope from me.
| GuB-42 wrote:
| Isn't it to be expected? I guess that they have to make
| demands on your behalf to have your data removed. I guess
| that's optional because they can still work without it is
| some cases, and ask you on a case-by-case basis for others,
| but that's extra work for you and for them, so they may not
| do it, at least not on the lower tier pricing.
| khaki54 wrote:
| Why? You limit the power of attorney to the ability to remove
| your data from data brokers.
| beyondd wrote:
| Many data brokers will not permit third party services to
| remove the data without a signed limited power of attorney.
| Note that the power of attorney is limited to interactions
| for submitting removal requests and opt outs.
| darknavi wrote:
| Blame data brokers for making such asinine restrictions.
|
| You can also just use the free version to collect a list of
| brokers your self and manually contact all of them to find
| out how much of a pain in the ass it is.
| PascLeRasc wrote:
| Discover bank also offers something like this for free, but I
| can't tell if it's as capable as other services.
| https://www.discover.com/security/online-privacy-protection/
| doix wrote:
| > Privacy starts with a Mozilla Account
|
| I like how the solution to the privacy issue is _yet another
| account_. I don't know why, but I find it highly amusing. I do
| get it, you need to share your details with them so they know
| which details to delete, but I still can't help but laugh.
| westpfelia wrote:
| For something like this to work you have to trust SOMEONE. And
| Mozilla is definitely more trustworthy then others in the
| space.
| mozempthrowaway wrote:
| Eh kind of. One of the recent themes at our all hands was
| "data collection for user benefit" which I'm sure is what
| every company says.
| tholtken wrote:
| What does this even mean? How does Mozilla know what
| benefits me, the user?
| RDaneel0livaw wrote:
| I attempted to use this, entered my email, was prompted with a
| "create your account" page, laughed out loud and closed the
| tab. This is a comical misunderstanding of what the product
| even IS or DOES.
| dvngnt_ wrote:
| competitors require an account too?
| pietro72ohboy wrote:
| How do they think they're supposed to do their job if they
| don't even have a way to identify you in the first place.
| What is comical is your blend of ignorance of the technical
| needs of the product and arrogance to suggest that it should
| be done in this "magical anonymous way" that nobody seems to
| grok.
| riddley wrote:
| Capitalism's whole thing is create the sickness and sell the
| cure, right?
| nickthegreek wrote:
| Mozilla Monitor Plus - $14/mo, or $108/yr. Too pricey for most.
|
| >Every month, we use the information you provided about yourself
| (name, location and birthdate) to search across [?]190[?] data
| broker sites that sell people's private information. If we find
| your data on any of these sites, we initiate the request for
| removal. Data removal can take anywhere from a day to a month.
| This feature is available for [?]Monitor Plus[?] users only.
|
| Anyone know if there are any local/open source tools to do this?
| WirelessGigabit wrote:
| I have used Permission Slip by CR with limited success.
|
| I use <website>@<personal-domain>.<tld>, and you cannot enter a
| wildcard in Permission Slip.
| devrand wrote:
| I use this pattern but I'm starting to move away from it.
| Some things just don't work (ex. linking accounts between
| companies) and it also throws customer service agents into a
| panic when they see their own company name in the e-mail
| address.
|
| I'm also not sure it gets me that much. I do get to see how
| was compromised or sold my data, but most of that just goes
| to spam anyway. I also usually find out about the compromises
| from other sources anyway.
| MyNameIs_Hacker wrote:
| Sure some of the CSA's panic a bit, but I've never had one
| not go along especially after explaining my purpose. I've
| not seen too many compromises, but some of them were not
| public. Especially with small businesses like a car
| dealership, they may never know themselves.
| rdgddffd wrote:
| Try just rot13 or hashing the website name.
| nickthegreek wrote:
| Closest thing I can find to roll your own.
|
| https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-Li...
| ethagnawl wrote:
| _How_ do they get your data removed from the brokers ' databases?
| tholtken wrote:
| onerep.com
|
| "If you are located in the United States and have a Monitor
| Plus subscription, OneRep receives your first and last name,
| email address, phone number, physical address and date of birth
| in order to scan data broker sites to find your personal data
| and request its removal. OneRep keeps your personal data until
| you end your Monitor subscription in order to check whether
| your information shows up on additional sites, or has
| reappeared on the sites you've already been removed from."
| riddley wrote:
| I wonder how it works for people who use business-
| name@personal-domain.tld as their emails with whatever
| businesses.
| JohnMakin wrote:
| They submit an opt-out request on your behalf. Frequently, the
| data will not be removed entirely, or re-surfaces later on.
| You're entirely dependent on the good will of the data broker
| sites, who are likely trying very hard to stop automation like
| this.
| ethagnawl wrote:
| > Frequently, the data will not be removed entirely, or re-
| surfaces later on. You're entirely dependent on the good will
| of the data broker sites, who are likely trying very hard to
| stop automation like this.
|
| This was my instinctual, cynical assumption, too. Unless
| there's a GDPR-like law in place and some standard for
| differentiating identities, they're just going to find
| loopholes to recapture peoples' data (e.g. remove middle
| initial, modify address format, etc.).
| JohnMakin wrote:
| I've used several of these services now and they all have
| the same issue - the thing is, the data brokers don't even
| use loopholes. They'll (sometimes) cooperate with removing
| the data, and then it just reappears in identical form
| sometime later, often very quickly. They pretend like it
| isn't their problem and the problem is their data sources
| that contain the data. It's the complete wild west.
| bluish29 wrote:
| I wonder if they will bundle it with VPN, Relay, for a good and
| reasonable price. This would be an attractive bundle to
| subscribe.
| kmfrk wrote:
| One of the ironies of these things is that they tend to map to a
| specific e-mail address, whereas the more paranoid of us who'd
| want to pay for a service like that tend to have different
| addresses, either entirely or something like Gmail with +filters.
|
| HIBP supports domain searches[^1] at least, but part of the
| problem is also how we keep trying to reinvent the e-mail system
| to not fall prey to this, much how Fastmail have Masked Emails,
| and Apple have Hide My Email.
|
| In a sense, it sounds like the advice of the services is less
| subscribing to them than trying not to have a few e-mails that
| map to your personal identity.
|
| [^1]: https://haveibeenpwned.com/DomainSearch
| Vinnl wrote:
| > In a sense, it sounds like the advice of the services is less
| subscribing to them than trying not to have a few e-mails that
| map to your personal identity.
|
| Firefox Relay is a great way to do that :)
| https://relay.firefox.com
|
| Integrating that with Monitor is pretty high on at least my
| personal wish list.
| kmfrk wrote:
| The phone masking looks great, too. Like Privacy.com, it's
| awesome with virtual alternatives for PII, except they don't
| tend to be available here in Europe, but I'm definitely
| jealous.
| miki123211 wrote:
| If you need a privacy.com alternative for the EU, Revolut
| is a good option. They offer both one-time-use (disposable)
| cards, as well as normal virtual cards that are valid until
| revoked. They're not as advanced as privacy.com AFAIK,
| cards that only work for a single merchant but multiple
| transactions aren't offered for example, but they're good
| enough for most purposes.
|
| Eu regulations on card networks make such a service much
| harder to offer, privacy.com makes money on card fees,
| which you can't really do here. Such a service would either
| have to be paid or bundled with other services which you
| can make money on, which is what Revolut does.
| erinnh wrote:
| It's an ok way to do it. And I've been subscribed (but not
| using it) for 2 years.
|
| But until Firefox Relay supports custom domains, I am of the
| opinion that it's not ideal.
| ColonelBlimp wrote:
| With providers like Addy and SimpleLogin it is possible to
| use your own domain.
|
| > https://addy.io/ > https://simplelogin.io/
| dataflow wrote:
| Not sure if dumb question:
|
| If they use the data you provide (such as your address) to search
| other data brokers, doesn't that potentially give the data broker
| MORE information than they already had on you? Do the companies
| in this space prevent this somehow?
|
| Edit: Lest people think this is somehow impossible otherwise -
| all it should take would be to search for just your name +
| location, get the query results, then filter on the client side.
| Which is exactly what a human would do for the brokers that have
| a "remove this entry" option when you see (presumably) yourself
| in the search results. However, this not only requires the data
| brokers to support such an API, but also requires the deletion
| services to actually put in the effort to do it this way for
| every broker they can, which seems nontrivial. Hence my question
| of whether these services make such an attempt at all.
| notyourwork wrote:
| It seems to me like this is a core problem with the scummy
| nature of this business. I'd like to believe you're weong but
| have trouble given the business model.
| mattstir wrote:
| Not a dumb question at all. Yeah, in the process of finding you
| within a data brokers system and sending a removal request,
| they need to send that broker your personal data... it's a bit
| awkward. Optery, another PII removal service has a whole
| section about this in their privacy policy (section 7 of
| https://www.optery.com/privacy-policy/):
|
| > Optery, Inc. must send your PII to the data brokers and
| information aggregators included in the Removal Lists... We
| cannot control, guarantee or warranty how these third-parties
| will treat your PII or what they will do with it.
| feedsmgmt wrote:
| And you need to enter all of the information that you're
| trying to protect into one central location that is probably
| heavily targeted. These types of services never made sense to
| me.
| beyondd wrote:
| Optery also has a Help Desk article on this catch-22 where in
| order to opt out of data broker sites, you must first tell
| them who you are, otherwise, how else would they know who to
| opt out: https://help.optery.com/en/article/what-information-
| does-opt...
| hedora wrote:
| They could use a bloom filter with some sort of a
| cryptographic hash. On a hit, the data broker could
| challenge them to compute a salted hash of the "matched"
| data. If the salted hash matched, the data broker would
| remove the data.
|
| I think the same algorithms that are used for password
| storage would work for this without modification (except
| the data broker would pick different salts during each
| session, and you'd send the hash over the network).
| Jommi wrote:
| its called a ZKP
| politician wrote:
| _No company_ wants to implement this. I 've been involved
| in efforts to use this approach with hospitals -- a
| perfect PII-preserving situation -- that went nowhere. We
| got it working with a startup once where we published the
| bloom filter to reduce the traffic load for the
| counterparty. Do you know what they did? They reverse
| engineered the filter by blasting it with every key and
| cached the result.
| m3047 wrote:
| Nothing is impossible in tech. (Rhetorical hyperbole!) But
| seriously let me give you an analogous example, with its pros
| and cons.
|
| DNS now has something widely deployed called "query name
| minimization". For no particular reason other than it made
| server's lives easy (which it does, as we will explain) the
| recursion process historically sent the actual qname (what was
| asked for) to each nameserver contacted.
|
| Much was made of this in recent years, that this leaked
| potentially important information to servers which demonstrably
| couldn't have the actual answer for the qname (even if they
| could provide a useful referral).
|
| Two flavors of qname minimization exist in the field. One
| flavor asks qtype A questions of the form "_.example.com" until
| it triangulates on the server with the answer; the other asks
| qtype NS questions (regardless of the actual qtype). (In case
| you've noticed a change in the mix of your DNS traffic.) In a
| nutshell, qname minimization asks questions which enable it to
| triangulate on the server which can potentially answer the
| question, before sending the actual question to it.
|
| A good rule of thumb is that with a cold cache qname
| minimization will result in nearly twice as many queries being
| issued / answered during the resolution process, assuming
| nothing goes wrong. Both of these approaches are prone to
| mistakes when servers don't conform to assumptions about how
| proper DNS should operate.
| lancesells wrote:
| Could there be some sort of Robin Hood action to all of this?
| What if you took all the leaked data about millions of people
| and used that to opt out them out of all the various services
| that buy and then sell the data?
| gzer0 wrote:
| That is a possibility. Another scenario is one in which you
| sign up to a service like Optery and submit a non-existent
| individual with fabricated information for PII removal; after
| about a month or so, this fabricated individual started
| showing up as a possible person that lived at my address when
| I was trying to get a quote from Progressive.
|
| So, seems like somewhere in the midst of this process, one of
| the 240 brokers that Optery sends your information to get it
| removed, someone aggregated it, sold it to Progressive and in
| the underground realm of data brokers and buying and selling
| data, someone unfortunately (or fortunately?) is now
| targeting 'Paige Notfound' and 'Meg A. Byte'.
|
| I got the last laugh! :)
| dataflow wrote:
| Thanks so much for sharing this, I was wondering what would
| happen if I tried this. I guess this basically tells me to
| be weary of such services. Great info.
|
| P.S. Just a heads up that you may have basically revealed
| your address by sharing those fake names (though I haven't
| tried to search), unless you also made up those names just
| now for illustration...
| andirk wrote:
| With an American SSN, one could dump 1,000 queries of numbers
| with only 1 of them being the client's actual SSN so the logs
| don't reveal as much. Still, though, it's a Catch 22 to find
| the thing you don't want found by using that thing.
| crawsome wrote:
| It feels weird, but this is how background checks work, and how
| the current removal process for data brokers works.
|
| I can't think of other ways to verify yourself other than to
| verify yourself.
| konart wrote:
| I find it kind of amusing:
|
| The article mentions (obviously) Mozilla Monitor.
|
| When I follow the provided link (leads to
| https://monitor.mozilla.org) in the default Firefox container and
| enter my email a new tab (now https://accounts.firefox.com) is
| created in a Google container (despite the fact that nothing
| suggests me leaving https://accounts.firefox.com)
|
| Automatically remove your personal info from data brokers you
| say?
| sf_rob wrote:
| I'm willing to bet that this is a inference due to "Login with
| Google" being an option. Probably worth sacrificing a click in
| their sign-in funnel to prevent it though.
| niels_bom wrote:
| Pricing should be way more obvious and up front. I had to search
| the comments here to find pricing.
|
| Do I really need to login to get pricing information?
| nurtbo wrote:
| Why would you use Mozilla Monitor Plus when onerep.com offers the
| same service for a lower cost? (And from other comments, I'd
| actually the same underlying service)
| diggan wrote:
| Because I've never heard of onerep.com before while I have a
| history of using Mozilla products for decades at this point. If
| the service is exactly the same, it's a no-brainer, even if it
| costs slightly more.
| bluish29 wrote:
| The price on onerep for monthly payment is $14.95 vs Mozilla's
| $13.99. Both offer discount for yearly payment and they will be
| almost the same. Of course, this is the price for individual.
| onerep offer better, cheaper plans for family (6 for $28) but
| Mozilla doesn't offer that (yet at least). So I'm not sure if
| it is a lower cost.
| mozempthrowaway wrote:
| Can confirm it is just one rep
| flanbiscuit wrote:
| There is a service I've heard advertised on twit.tv podcasts
| called DeleteMe that I've been interested in that does a similar
| thing and seems to cover way more data brokers:
| https://joindeleteme.com/sites-we-remove-from/
|
| OpenRep is another one I've seen mentioned. Covers 190+ sites:
| https://onerep.com/sites-we-remove-from
|
| One thing I can't find is a list of sites that Mozilla Monitor
| covers.
|
| Here's a comparison. I only listed the individual plans since
| Mozilla seems to only offer that. The other 2 offer plans for
| multiple persons
|
| DeleteMe: https://joindeleteme.com/
|
| brokers: 750+ https://joindeleteme.com/sites-we-remove-from/
|
| edit: I just realized looking through that list that they are a
| bit deceiving. They have qualifiers next to each website:
| * Included in Standard Plan and above (90 sites) **
| Included in Business Gold, Diamond, Platinum and VIP Plans (27
| sites) *** Included in Diamond, Platinum, and VIP Plans (1
| site) Exclusively in Platinum and VIP Plans (13 sites)
| ~ International requests (12 sites) ^ Custom Requests (665
| sites)
|
| Seems like the majority need a "custom request" which defeats the
| purpose of signing up for something that is supposed to handle
| things automatically
|
| pricing: https://joindeleteme.com/privacy-protection-plans/
|
| - individual plan: (they also have couples and family plans)
| - $10.75/month if you sign up for 1yr - $8.71/month if you
| sign up for 2yr
|
| -------------
|
| OpenRep: https://onerep.com/
|
| brokers: 190+ https://onerep.com/sites-we-remove-from
|
| pricing: https://onerep.com/pricing
|
| 1 person: $8.33/mo, they also offer family (up to 6 ppl) and
| teams (10+)
|
| -------------
|
| Mozilla Monitor: https://monitor.mozilla.org/
|
| brokers: 190 data brokers (could not find a list of data brokers
| they cover)
|
| pricing: https://monitor.mozilla.org/#:S1:
|
| - "Monitor" - their FREE tier where they scan the data brokers
| and just inform you which ones have your info and you have to
| manually go in and remove your information from each one through
| whatever process each site uses.
|
| - "Monitor Plus" - Automatic Data Removal - $13.99/month, or
| $8.99/month if you sign up for a year
|
| Both tiers come with "Data Breach Alerts" which I guess is
| similar to haveibeenpwned's notify me.
|
| --------------
|
| edit: adding one more: https://www.optery.com/
|
| brokers: 305+ https://www.optery.com/pricing/#data-brokers-we-
| cover
|
| pricing: https://www.optery.com/pricing/ &
| https://www.optery.com/business-pricing/
|
| will only cover the personal pricing:
|
| free - self-service (similar to Mozilla's free tier)
|
| 3.99/month - removal from 110+ sites
|
| 14.99/month - removal from 200+ sites
|
| 24.99/month - removal from 305+ sites
| OnACoffeeBreak wrote:
| It doesn't look like DeleteMe's individual plan covers 750+
| sites. There are only 77 sites with a single asterisk on
| https://joindeleteme.com/sites-we-remove-from/
| flanbiscuit wrote:
| I noticed that as well after I posted, so I've edited it and
| added that in.
| wolverine876 wrote:
| Thank you for the comparison. Perhaps someone who uses it can
| add info on Consumer Reports' Permission Slip?
| beyondd wrote:
| Optery founder here. We did a deep dive comparison between
| DeleteMe and Optery (https://www.optery.com/deleteme-review/).
| The biggest takeaway is you have to scroll to the bottom of the
| DeleteMe Sites We Remove From page and read the fine print on
| what is covered by the plan you are purchasing. The "750+ Data
| Brokers" written across the top of the page is misleading. The
| standard plan covers about ~90 sites.
| flanbiscuit wrote:
| I noticed that shortly after I posted and have included that
| info now (edited the comment). Classic dark pattern. That
| info should be more prominently displayed in their pricing
| information.
|
| So your service will handle (up to) 305+ data brokers
| automatically? depending on how much you are willing to pay
| of course
| beyondd wrote:
| Agreed on the dark pattern, and yes, Optery's Ultimate plan
| currently covers 300+ data brokers by default and offers
| unlimited Custom Removals. Optery has a team that's
| continually testing and adding more sites to the coverage
| defaults. There are several options, Free, Paid, Family,
| Business at different prices. For full disclosure, I'm one
| of the Optery founders, as mentioned previously.
| flanbiscuit wrote:
| Sorry for the typo of calling "OneRep" "OpenRep" (I wrote it
| twice). I can't edit my post anymore but just wanted to clarify
| that it is OneRep.
|
| https://onerep.com/
| hammyhavoc wrote:
| Not sure what I think about charging people to remove this
| information--are they not also just as bad? This seems like the
| sort of thing that shouldn't require a victim to pay for, but for
| law to enforce this not happening.
|
| As with for-profit healthcare in the USA, just seems scumbag to
| profit off of misfortune and misery.
| wolverine876 wrote:
| In fairness, Mozilla can't make a law.
| hammyhavoc wrote:
| Sure, but they are also treating it as a business
| opportunity, just like the people compiling the data are.
| They should perhaps be pushing on the legal aspect of what's
| wrong with the situation rather than making money from it.
| wolverine876 wrote:
| You're assuming they are driven by a business opportunity;
| I have no evidence of their motives (do you?), but another
| way to see it:
|
| There is no law and no prospect of one soon. Mozilla can
| partially solve the problem by providing the service - I
| think that's great. Otherwise people would have less
| recourse.
|
| And also, Mozilla must have money to operate; charging for
| this service seems among the least-bad options.
| hammyhavoc wrote:
| Well, we arrive at the whole "the optimal amount of fraud
| is non-zero" train of thought, otherwise there is no
| money-making opportunity.
|
| They push on the legal aspects of other problems, but I
| don't see them pushing on the legal aspects of this.
|
| Mozilla receives half a billion dollars per year from
| Google, making up most of their revenue. Mozilla's CEO is
| also paid millions of dollars each year. If they can't
| survive as-is whilst paying out those kinds of salaries
| with such revenue, that's a management problem.
| ChrisArchitect wrote:
| Put some dates on your blog posts Mozilla!
| Mistletoe wrote:
| What are the cons of data brokers having my info and does it
| outweigh losing $14.99 a month?
| beyondd wrote:
| For many its just getting their home address, phone number and
| email off the web, which can make you less of an easy target by
| attackers. For others its something really specific, like
| someone who is divorced and doesn't want their name showing up
| next to their ex's name as a spouse or relative. For others,
| they want their age off the web to prevent age discrimination
| in a job search. Others may be hiding from an abuser or
| stalker.
| AzzyHN wrote:
| Snake oil at best
| nubinetwork wrote:
| I'm not sure I want to give my information to Mozilla, should
| they get hacked, it's no different than my information being held
| by another entity. (I don't use pocket or Firefox sync, etc.)
| katrotz wrote:
| Found the choice of words "Get a free scan" on their website
| button funny. My first involuntary thought was - it is a scam.
| Schnitz wrote:
| Does this cover spam-enablers like Zoominfo?
| pkaye wrote:
| Which laws are Mozilla using to get the data brokers to remove
| personal info in the US. I know there is such a law in California
| but is there also a federal law?
| beyondd wrote:
| No federal law in the U.S. yet unfortunately, but more states
| are passing laws by the day (fortunately):
| https://iapp.org/resources/article/us-state-privacy-legislat...
| pompino wrote:
| For people who are the target market for such products- Can you
| explain to me the appeal of such products for you? Have you
| previously been the victim of any escalation resulting from a
| data breach?
| gnicholas wrote:
| > _we can automatically and continuously request to remove your
| personal information with an annual paid subscription of $8.99
| per month ($107.88 a year)._
|
| This is a lot of money for most people. What would the benefit be
| of doing this all the time versus just subscribing once a year?
| How quickly do details reappear in databases?
| spiffytech wrote:
| I'm given to understand these data broker services make it as
| painful and time-consuming to opt out as they can. Supposing
| you can even find all the places you're listed (Optery supports
| 305+ sites), it sounds like a substantial time commitment to
| follow through on all of them.
| hellcow wrote:
| I signed up, and Mozilla warns it takes 7-14 days for data on
| most of these sites to be removed. They must need to do a lot
| of things by hand. This would also explain why you get 1 scan
| per month.
| KittenInABox wrote:
| These sites deliberately are slow in the removal of
| requests. So there is both manual sending but also needing
| to re-check if the site actually removed your info because
| brokers just kind of suck.
| 7734128 wrote:
| I'm confused how the internet is just ok with Mozilla
| engaging with these extortion websites. These sites are not
| legitimate and now that Mozilla and Google are engaging with
| them they just play into the protection racket.
| Klonoar wrote:
| This really isn't a lot of money for anyone in the USA, which
| is where the product is offered.
|
| Hell with the current economic environment I unfortunately
| spend more than this on my morning coffee.
| gnicholas wrote:
| Over a hundred dollars a year? That's a lot of money to get
| people to pay for a product category that most people do not
| currently purchase.
|
| Most people would also wonder why this is a perpetual
| subscription as opposed to something they can pay for one-off
| once every year or two.
| temp0826 wrote:
| Doesn't look like there is a place to enter past addresses. In
| the last 15 years I've moved ~10 times. Would be nice to have a
| way to check those as well.
| altairprime wrote:
| Anecdote: I provided one zip code and it found a past address
| in another zip code -- but I've only ever had two addresses
| total under this legal identity, so that doesn't speak to how
| far back it goes.
| johnkpaul wrote:
| Do any of these offer family plans? I feel like At these price
| points, I would really like to sign up everyone in my household.
| The FAQ pages seem to all imply individual and I don't think I'm
| asking for a "business" or "enterprise" option.
| CharlesW wrote:
| Onerep (another commenter believes this is Mozilla's U.S.
| partner) has a $15/mo family (paid annually, 6 people) plan.
| beyondd wrote:
| Optery offers a family plan: https://www.optery.com/family/
| CharlesW wrote:
| As feedback for the CEO, that "family pricing" landing page
| really does you a disservice by obfuscating your pricing
| (unless that was the goal). At a minimum, add a pricing
| calculator with a slider for "family members".
|
| For comparison, see Onerep's very clear pricing page here:
| https://onerep.com/pricing
| beyondd wrote:
| That's great feedback! We'll add more pricing detail to the
| Family page. For comparison, here is the Optery pricing
| page: https://www.optery.com/pricing/
| 8f2ab37a-ed6c wrote:
| How does this compare to Kanary?
| asmor wrote:
| These services sure are the new sell it to everyone infinite
| margin after you built it once thing on YouTube sponsorships
| after everyone who was ever going to buy one has a VPN now.
|
| What actually creates this cost, though? I was hoping it'd be
| free or at cost for the infrastructure and maintenance.
| hangonhn wrote:
| I really wish employers would pay for a service like this because
| a lot of spear phishing attacks start with data stole or scraped
| from brokers, LinkedIn, etc. If a company buys a service like
| this in bulk, it can get significant discounts. Personally I've
| resorted to hiding my information on LinkedIn and noticed that
| I've been passed over by attackers while my coworkers get spear
| phishing attacks all the time.
| MiddleEndian wrote:
| How does Mozilla determine what 190 data brokers are relevant?
| DamnableNook wrote:
| Ironically, their page doesn't seem to work on Safari. I get a
| 404 error after signing in, every time. Switching to Chrome on my
| desktop lets it work.
___________________________________________________________________
(page generated 2024-02-06 23:01 UTC)