[HN Gopher] Mozilla Drops Onerep After CEO Admits to Running Peo...
___________________________________________________________________
Mozilla Drops Onerep After CEO Admits to Running People-Search
Networks
Author : todsacerdoti
Score : 184 points
Date : 2024-03-22 19:06 UTC (3 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| cbsmith wrote:
| I get the concerns about conflict of interest, but I can get
| behind the CEO's point that their expertise in the space helps
| them to build better defenses.
| abhorrence wrote:
| Couldn't you make a similar argument about protection rackets?
| Their experience shaking down places for money helps them build
| better defenses against it, right?
| cbsmith wrote:
| You could, particularly since protection rackets actually do
| compete with each other. I wouldn't want to hire a criminal,
| but if someone did, they'd likely be effective.
| AdmiralAsshat wrote:
| Except the CEO _still_ operates Nuwber. It 's hard to believe
| he's learned from his mistake if he's still actively helming
| said mistake.
| Drakim wrote:
| Yeah, I'm 100% for forgiving and giving people a second
| chance. It's no different than a black hat hacker becoming a
| security researcher.
|
| But there is a clear conflict of interest if he is still
| actively engaging in the dubious behavior.
| cbsmith wrote:
| I think there's a distinction between criminal activity and
| the usual conflict of interest.
| cbsmith wrote:
| I wasn't saying he has learned from his mistake. I'm just
| saying he no doubt has expertise.
| catchmeifyou wrote:
| Or, his expertise from Onerep helps him build a better Nuwber.
| munchler wrote:
| Sure, let's put the fox in charge of defending the hen house.
| He's an expert on chickens and I'm sure he's changed his ways!
| cbsmith wrote:
| We hire black hat hackers to help with computer security.
| justinclift wrote:
| Why would you do that?
| cbsmith wrote:
| Because it's effective.
| lcnPylGDnU4H9OF wrote:
| It sounds like you're hiring penetration testers. Why do
| you call them "black hat"?
| p1esk wrote:
| How do you know the penetration testers you hired are not
| black hat hackers?
| doktrin wrote:
| > How do you know the penetration testers you hired are
| not black hat hackers?
|
| Is the implication that all pentesters are black hats
| until axiomatically proven otherwise? High bar.
| fullspectrumdev wrote:
| A lot of the better pentesters/security consultants have
| "colourful" backgrounds.
| jart wrote:
| Frank Abagnale is a good example https://youtu.be/vsMydMDi3rI
| vlovich123 wrote:
| A fraudster who by all accounts continued fraud by making
| up a life story filled with largely fictional details
| (including that he worked with the FBI)? Some people are
| like George Santos and exaggerate constantly in addition to
| constructing wholesale false stories about themselves.
|
| It's fascinating how easy it is to fall prey to a fraudster
| when they claim they've gone legit. You're probably better
| off believing they're still a fraudster.
|
| https://louisianavoice.com/2021/04/26/new-book-further-
| debun...
|
| https://en.wikipedia.org/wiki/Frank_Abagnale#Relationship_w
| i...
| giuseppe_petri wrote:
| "An old poacher makes the best gamekeeper."
| int_19h wrote:
| Per TFA, the guy is literally running ads for Onerep on his
| people-search platforms. His "business" is pure unadulterated
| blackmail.
| refulgentis wrote:
| quick note, after I almost did: Please don't feed the trolls:
| they're replying to every. single. reply. with more bait.
| cbsmith wrote:
| Fair advice.
| StressedDev wrote:
| Good catch - I have noticed that Mozilla gets a lot of
| unjustified hate and criticism. Does Mozilla make mistakes?
| Yes. Does it do a lot of good? Yes. Does it deserve the abuse
| it gets online? Absolutely not.
| olyjohn wrote:
| [delayed]
| arp242 wrote:
| I kind of agree, but there does need to be a baseline of trust,
| and that's rather difficult to give when they're operating both
| types of services at the same thing.
|
| If it had been "I have worked on identity-selling services for
| 15 years, saw it wasn't a good thing, and now I'm trying to fix
| the problem" then okay, fair enough. This is something we can
| at least start with. but this doesn't seem to be that.
| AdmiralAsshat wrote:
| I think Mozilla's heart was in the right place here, but pretty
| disappointing that they didn't vet their partner more thoroughly
| than what some GMU grad students were able to uncover.
|
| Also makes me wonder what other shady connections fellow services
| might have, waiting to be uncovered. Looking at you, popular
| podcast sponsor, DeleteMe!
| IntToDouble wrote:
| Puzzling they chose to partner with Onerep when Kanary was part
| of Mozilla's incubator and is just a fundamentally stellar
| service.
| ckozlowski wrote:
| Can you share more?
| IntToDouble wrote:
| In terms of the incubator, looks like it was replaced with
| Mozilla Ventures:
|
| https://builders.mozilla.community/
| https://builders.mozilla.community/old/alumni.html
|
| With respect to Kanary, I have my entire family the
| platform and it's drastically reduced the amount of garbage
| (figurative) that comes through our door. Needed help with
| something non-standard the CEO personally took care of
| things while learning more about our specific use case.
| throwanem wrote:
| "Puzzling" is a good description of just about every business
| decision Mozilla has made over at least the last decade.
|
| People complain about the Google search deal and I get why,
| but I've been using the browser since back when it was called
| Phoenix, and at this point I'm pretty sure the Google deal is
| the only reason it's still alive. The engineering is still
| solid; its stewardship seems anything but.
| donmcronald wrote:
| > Also makes me wonder what other shady connections fellow
| services might have, waiting to be uncovered.
|
| This is why it's so important to require disclosure of
| beneficial owners for all companies. The world is filled with
| people that will poison you just so they can sell you an
| antidote, or, better yet, life long treatment.
| jqpabc123 wrote:
| _... pretty disappointing that they didn 't vet their partner
| more thoroughly_
|
| Kinda like partnering with Google while promoting Firefox as
| the "privacy browser".
| arp242 wrote:
| I assume you're referring to the default search engine deal?
| What influence does that have on Firefox's privacy features?
| How does it make Firefox not a "privacy browser"?
| Terretta wrote:
| > _What influence does that have on Firefox 's privacy?_
|
| Don't you mean on your, the user's, privacy?
| arp242 wrote:
| Well, more like "Firefox's privacy features". I'll edit
| to clarify.
| wolverine876 wrote:
| > pretty disappointing that they didn't vet their partner more
| thoroughly than what some GMU grad students were able to
| uncover
|
| What did it take for them to uncover it?
|
| Generally speaking, GMU grad students may have have more time
| and plenty of expertise. When those grad students leave school
| and get jobs at Mozilla, they may be too busy to go down rabbit
| holes looking for long shots.
| SpaceManNabs wrote:
| I thought people were being ridiculous when they were angry at
| mozilla for bundling with Pocket. After this, maybe the slope was
| more slippery than I thought.
| wolverine876 wrote:
| How would this situation indicate a slippery slope of decision-
| making? Mozilla didn't know about OneRep's CEO's history;
| nobody did until Krebs uncovered it.
| criddell wrote:
| It goes back many years before Kreb's wrote about it. Optery
| has a nice write up of the situation here:
|
| https://www.optery.com/optery-statement-following-
| investigat...
| neilv wrote:
| I suspect that vetting this kind of partnership needs someone who
| is ferociously knowledgeable, principled, and skeptical. Not
| someone who's mainly looking at it from a business development or
| career angle.
|
| Now the aftermath could use a fighter, looking for how they could
| legally disassemble the entire racket. Not only because it's
| arguably on-mission, but more importantly because Mozilla has a
| reputation to redeem on this now.
|
| (For example, no matter how that party has squeaked by wrt
| consumers, maybe there's a new angle in their dealings with
| Mozilla, such as a different kind of fraud. And Mozilla is much
| more able to pursue the matter than most individuals would be.)
| myself248 wrote:
| This. If they can go after the guy for fraudulent
| misrepresentation or something, I'd be on the sidelines
| cheering every jab, maybe contributing if there's a legal
| "attack the stalker companies" fund.
| stefan_ wrote:
| Pursue what? God knows they should pursue _building a browser_.
| It's a simple concept, it doesn't need ChatGPT-set-to-dramatic
| words.
| cooper_ganglia wrote:
| Talk about hedging your bets!
| micromacrofoot wrote:
| I used OneRep for a few years and it did what it advertised, but
| that's certainly shady as hell and I'm glad I stopped using their
| service.
|
| Are there any more trustworthy alternatives? data brokers are
| scum.
| beyondd wrote:
| For an alternative, take a look at Optery (YC W22). We've been
| flagging the situation at OneRep for years and put a statement
| out following the Krebs article (link below). We launched to
| the public as a Show HN in 2021 and as a Launch HN in 2022.
| Full disclosure, I'm one of the Optery founders.
|
| https://www.optery.com/optery-statement-following-investigat...
| michael9423 wrote:
| What do you think about Kanary?
| beyondd wrote:
| Obviously I'm biased so I think Optery is better, but here
| are two un-biased reviews written by the lead analyst for
| security at PCMag.com:
|
| https://www.pcmag.com/reviews/optery
|
| https://www.pcmag.com/reviews/the-kanary
|
| Here's another well-researched and unbiased review:
|
| https://blog.infostruction.com/2023/08/12/privacy-
| powerhouse...
| ds wrote:
| All the existing databroker remover tools are flawed because they
| make use of manual labor to remove you from sites, primarily done
| by people in third world countries.
|
| We @ https://redact.dev are working on a pure software mechanism
| for doing these optouts directly from your own device. We already
| have full mass deletions for over 40 social media and utilitys.
| mgiampapa wrote:
| This explains some trends where posts are being edited on
| Reddit with nonsense then deleted. Personally, I think this
| kind of behavior makes the web poorer as a knowledge base. Yes
| you have a right to do it with your own content, but doing it
| at scale makes the internet a less useful tool and it makes me
| a bit sad since the scrapers will already have the data anyway.
| miguelazo wrote:
| Many databrokers make it very difficult to remove your info, on
| purpose, of course. That is why the legit removal providers
| have to rely on manual labor for some. I'd love to see it fully
| automated, but I'll believe it when I see it. Last I checked,
| Optery was removing 325+. Best of luck-- you have a long way to
| go.
|
| Edit: this looks like a totally different service. Mass
| deletion of old posts is one thing, removing PII from data
| brokers is another.
| shrimp_emoji wrote:
| In other words, would you describe your site as the Gillette
| razor attachment mechanism of online data deletion?
| vohk wrote:
| I really dislike the trend of making everything a subscription
| service. I can imagine a niche market that wants to
| continuously delete content older than an arbitrary window but
| isn't this the sort of service that most users would need only
| need sporadically?
|
| The pricing seems to implicitly acknowledge this: $35/m billed
| monthly vs $8/m billed annually! Would you really expect anyone
| to intentionally renew monthly? I can't argue that people
| forgetting to unsubscribe pays the bills, but as a business
| model it leaves a bad taste.
| micromacrofoot wrote:
| Data brokers are like the hydra, one goes down and another 2
| new ones pop up. It's a lot of work to keep on top of
| deletions if you want privacy.
| bigyikes wrote:
| I don't necessarily doubt you, but do you have any source
| for this, or in general any information on the landscape of
| data brokers?
|
| It's hard to imagine what the situation actually looks like
| behind the scenes.
| johnea wrote:
| I definetely wouldn't want Mozilla to support people-search
| organizations, but I also wonder if that's really happening here.
|
| I have to believe the expertise gained in people-sesarch would be
| exactly the expertise one needs to remove people from the roles
| used by those organizations.
|
| The real question is whether or not there is data brokerage out
| of Onerep.
|
| This seems like a triumph of optics over substance...
| citizenpaul wrote:
| I've had to make the hard acceptance that privacy is absolutely
| irrevocably dead. Anyone with power or money can now find out not
| only anything about you but likely even more than you know or
| realize about yourself. Who has time to do a through documented
| introspection of every aspect of their own life and actions
| regularly. Along with every possible connection that this also
| leads to? No one.
|
| Unless there is massive senate/house/pres unification on
| absolutely crushing the endless disgusting behavior of spying on
| people to diminish them and enrich yourself is made illegal WITH
| CONSEQUENCES. Nothing will change. This will never happen because
| the US gov is the both the biggest customer and purveyor of these
| services.
|
| Mozilla is basically the last place that even gives lip service
| to privacy and they are in bed with this guy. That is how
| hopeless the situation is.
| reilly3000 wrote:
| What a win for internet journalism.
| is_true wrote:
| Wow, this kind of companies should be nuked. I cannot wait the EU
| to notice this problem.
___________________________________________________________________
(page generated 2024-03-22 23:00 UTC)