• Mozilla has launched a paid subscription service called Mozilla Monitor Plus, which monitors and removes personal information from over 190 sites where brokers sell data.
  • The service is priced at $8.99 per month and is an extension of the free dark web monitoring service Mozilla Monitor (previously Firefox Monitor).
  • Basic Monitor members receive a free scan and one-time removal sweep, while Plus members get continual monthly data broker scans and removal attempts.

Archive link: https://archive.ph/YdY3R

You are viewing a single thread.
View all comments View context
-8 points
*

Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?

Edit: You goofs know you can calculate the hash locally and submit it for review without actually exposing your password to them right? That’s how bitwarden does it’s check. https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity

Ah, but Mozilla isn’t even trying to do anything cool like that. They just use onereap and those fuckers look shady. Quotes from their privacy policy: https://onerep.com/privacy-policy#what-data-we-collect-and-how-we-do-that

We use your Personal Information for a number of purposes, which may include the following:

[snip]

  • To display advertisements to you.
  • To manage our Affiliate marketing program.

There will be times when we may need to disclose your Personal Information to third parties. We may disclose your Personal Information to:

[snip]

  • Third-party service providers and partners who assist us in the provision of the Services and Website, for example, (a) those who support delivery of or provide certain features in connection with the Services and Website (e.g. Stripe, a payment services provider; Sendgrid, an email delivery service; HubSpot, a CRM platform, and Sentry, a crash reporting platform); (b) providers of analytics and measurement services (e.g. Google Analytics, ProfitWell etc.); © providers of technical infrastructure services (e.g. Microsoft Azure, Google Cloud, and Amazon AWS); (d) providers of customer support services (e.g. Zendesk); (e) those who facilitate conduct of surveys (e.g. Hotjar); (f) those who help to advertise, market or promote our Services and Website (e.g. Mautic, Facebook Ads, Google Ads, Linkedin Ads, Reddit Ads, and Microsoft Ads);

The bastards

permalink
report
parent
reply
61 points
*

No. If your name is Dave Jones they have to look around those broker sites for Dave Jones. If those sites were using hashes then they could use hashes too.

This is no different than any credit or identity monitoring service. The need to give them basic information should be obvious, people have to decide if the company is trustworthy or not.

permalink
report
parent
reply
-2 points

They could just look for names, then hash those names and compare them to your hashed name. So technically that don’t need to store your data, just hashes.

permalink
report
parent
reply
6 points
*

I’m all for privacy but worrying about giving one of the most trustworthy companies around your name seems a bit much.

You’d also have to give them your card details to pay for it.

This would also require searching and indexing the entire system as opposed to searching it.

permalink
report
parent
reply
22 points

The front page there is literally: “Give us your email, so we can find leaks of your email.” It’s exactly the same thing.

permalink
report
parent
reply
14 points

They are talking about the password lookup: https://haveibeenpwned.com/Passwords

But, it’s the same deal. You have to trust they are actually doing what they say. Mozilla uses haveibeenpwned for their basic Monitor service too.

permalink
report
parent
reply
13 points

To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.

permalink
report
parent
reply
-16 points

ah yes. type your password in here we totally wont steal it

permalink
report
parent
reply
14 points

No, because you are asking the data broker to do something with your data that they possess. It is not possible for them to delete your data without knowing which are your data.

The only alternative is fully banning this kind of data collection. Which would be nice, but isn’t happening anytime soon.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 12K

    Posts

  • 544K

    Comments