Mozilla Unveils (Possibly Futile) Tool That Lets You Request That Data Brokers Delete Your Data
from the pay-for-privacy dept
Every few weeks for the last fifteen years there’s been a massive scandal involving some company, telecom, data broker, or app maker over-collecting your detailed personal location data, failing to secure it, then selling access to that information to any nitwit with a nickel. And despite the added risks this creates in the post-Roe era, we’ve still done little to pass a real privacy law or rein in reckless data brokers.
The reason we don’t do that is because Congress is grotesquely, comically corrupt, something that often doesn’t seem to warrant a mention in most news coverage of the problem.
Enter Mozilla, which is trying to monetize the data broker problem with a new $9 a month privacy monitoring service dubbed Mozilla Monitor Plus. According to Mozilla, the new service will scour the web for your personal information at over 190 sites where brokers sell information they’ve gathered from online sources like social media sites, apps, and browser trackers.
The product is basically an extension of the company’s existing (free) Mozilla Monitor service that scours the web for compromised accounts. Based on this Verge article, it sounds like the product basically rebrands services from Onerep, a company that basically does the same thing. From the Mozilla Blog:
“When we launched Monitor, our goal was to help people discover where their personal info may have been exposed. Now, with Monitor Plus, we’ll help people take back their exposed data from data broker sites that are trying to sell it,” said Tony Amaral-Cinotto, Product Manager of Mozilla Monitor at Mozilla.”
Mozilla does great work on privacy issues (their recent report on the abysmal state of vehicle cybersecurity is essential reading). And I imagine that applying their trusted brand name onto such a service helps consumers find a useful tool in a sea of cybersecurity snake oil salesmen.
That said, it’s fairly pathetic that this is only necessary because Congress is too corrupt to regulate data brokers. And the data broker industry is so massive (and massively convoluted by design), I’m not entirely sure that tools like this even begin to get to all the dodgy repositories where consumer data (and detailed consumer profiles based on that data) now reside. Including most world governments.
Actually fixing our obvious consumer privacy and security problems requires new laws and competent regulators with actual teeth, something the United States clearly isn’t interested in. In the interim, I guess paying for something vaguely resembling personal privacy is the best you can hope for.
Filed Under: data brokers, privacy, security
Companies: mozilla
Comments on “Mozilla Unveils (Possibly Futile) Tool That Lets You Request That Data Brokers Delete Your Data”
I find their communication a bit misleading, using “exposed data”, “data broker” and “trying to sell it” would let user confusing illegal activities, like ransomware, and still legal (even not much regulated) activities like data broker.
Ransomware have been a plague for few years so people understand the danger, but who really knows about data brokers?
This follows the recent trend of Mozilla surfing on buzzwords (talking much about AI last months) more than teaching to people the danger of an always more centralized web (what Google, their main financial contributor, continue to promote, with much more money).
Still, it’s nice to see they keep standing for more digital liberties for all of us.
Companies should require your permission to collect your data. They should require your permission to transfer your data to their servers. They should require your permission to transfer your data to a third party like a data broker. By the time a data broker has it, it’s too late. We need comprehensive privacy legislation that shuts all this bullshit down.
Re:
That would be inconvenient for Mozilla, who get the IP address of everyone who installs Firefox and the “telemetry” of everyone using it—unless they take efforts to prevent this, as some of us do. Entire Firefox forks exist for this reason, though somehow there’s always someone on the internet saying that “nobody cares”, or that they’re overly paranoid or Mozilla is less bad than other companies (so what?).
I do completely agree with what you wrote, and I think additionally that programs should require permission before even storing data locally. “Most Recently Used” lists, browser history files, etc., have been concerns for me since the Windows 95 days, and in fact there are lots of people paranoid about browser history.
Re: Re:
Mozilla gets your permission to collect telemetry. As far as I know, it doesn’t transfer that data to other companies. Mozilla is perhaps not perfect on privacy but it’s a hell of a lot better than almost all other tech companies.
Re: Re: Re:
Kind of. They—the browser acting as their agent—collect telemetry locally without any consent; also cookies, history, and such. I don’t consider that acceptable. They, the corporation, do not receive all of this telemetry until consent is provided; that’s good.
However, the fist time the browser is started after installation, it immediately attempts to load a page from Mozilla’s servers, without asking. I find this unacceptable too. It reveals the user’s IP address, and that they are a Firefox user, to Mozilla; it also effectively reveals to the ISP that the person uses Firefox.
As predicted, we quickly got the reply that Mozilla isn’t as bad as others. I don’t disagree with that, but I still have reservations about recommending their products to people. “Not as bad as the competition” is about as enthusiastic as I can get. I’d really like to have higher standards.
Re: Re:
Indeed. Just as the saying goes, “A small win is still a win”, so too is it true that “Less bad is still bad”.
Re: Re: Re:
Or as Monty Python famously said, “it’s not got much Spam in it”. (“I don’t want any Spam!”)
DeleteMe
There are companies out there already advertising this service via YouTube influencers. DeleteMe being just one of them.
I don’t trust them not to be harvesting the data they proclaim to be deleting, and then selling it on themselves, back to the very same brokers they purport to get it deleted from.
Why should I trust the Mozilla Foundation to do any more safely, accurately or securely?
Re: Streisand Effect
yeah and it’s a bit like the counter productive Streisand Effect
to protect your privacy you highlight/reveal your personal ID INFO to an online business who then spreads your info around the internet seeking matches … all done under unknown security practices
you are just adding another vulnerability window to your privacy
Ruining the day of digital stalkers
Any effort to stick a finger in the eye of those peeking through the digital window like that sounds like a good move to me so long as it doesn’t carry a worse outcome, and if all they’re doing it going around and demanding that data hoarders delete their collections on clients that sounds like a sound idea.
Truly privacy-minded people use Qubes OS, and muck around with iptables and/or ufw.
Certifiably paranoid people use Kodachi OS.
But no matter your level of expertise, the first thing you should do before firing up a fresh installation is to turn off the network. When the browser can’t phone home successfully, plug that ip address into your firewall. Occasionally scan for other addresses. Microsoft is known to have more than 100 separate addresses that Windows attempts to contact. But…. the OS doesn’t try them all immediately, it waits for up to 48 hours to make some of those attempts.
Be careful out there!
Re:
On Linux, one can simply use “unshare -Un” to run any program in a network namespace with no devices (in other words: offline). Setting the XRE_START_OFFLINE environment variable to 1 also works for the specific case of Firefox, for now (as does clicking “Work Offline” in the profile manager, but that no longer appears unless you give a command line option).
The latest annoyance from Mozilla is this nag screen with a cute fox, which I literally just saw a few minutes ago. I’ve already got like a hundred about:config settings to disable shit like this, but Mozilla apparently does not take “no” for an answer when it comes to consent. So, pay them $9/month and give them all my personal data? I don’t think so.