Mozilla Says It’s Finally Done With Two-Faced Onerep

In March 2024, Mozilla announced its intention to cease its collaboration with Onerep, an identity protection service integrated with the Firefox web browser, designed to help users remove their personal information from hundreds of people-search websites. This decision followed an investigation by KrebsOnSecurity that revealed Onerep’s founder had established numerous people-search services and was actively operating at least one of them. Despite this initial announcement, Mozilla continued to promote Onerep for an additional sixteen months. This week, Mozilla confirmed that its partnership with Onerep will officially conclude next month, marking the definitive end of their association.

The long-delayed severance comes after a period of continued promotion of the service by Mozilla, raising questions about the timeline and the initial commitment to severing ties. The initial report from KrebsOnSecurity highlighted a significant conflict of interest: the very company promising to protect user data from data brokers was itself deeply entrenched in the data broker industry. This revelation cast a long shadow over Mozilla’s endorsement of Onerep, prompting the initial announcement of a partnership wind-down. However, the protracted period between the announcement and the final termination suggests a complex process, possibly involving contractual obligations or a gradual transition plan that extended beyond the initial timeline.

In a statement published on Tuesday, Mozilla detailed the discontinuation of its "Monitor Plus" service, which provided users with data broker site scans and automated personal data removal services powered by Onerep. This move signifies Mozilla’s commitment to re-evaluating its partnerships and prioritizing user privacy with greater scrutiny. The company emphasized its ongoing dedication to user privacy and security through other integrated services within Firefox.

"We will continue to offer our free Monitor data breach service, which is integrated into Firefox’s credential manager, and we are focused on integrating more of our privacy and security experiences in Firefox, including our VPN, for free," the advisory stated. This indicates a strategic shift for Mozilla, focusing on core privacy features that are directly controlled and integrated within the Firefox ecosystem, rather than relying on third-party services with potential conflicts of interest. The free "Monitor" service, which alerts users to data breaches, will remain, highlighting Mozilla’s continued commitment to providing foundational security tools to its user base. The mention of integrating their VPN for free further underscores this strategy of offering robust, in-house privacy solutions.

Current subscribers to Monitor Plus will have uninterrupted access to the service until its official wind-down date on December 17, 2025. Following this date, these subscribers will automatically receive a prorated refund for any unused portion of their subscription, ensuring a fair transition for paying customers. This grace period allows users ample time to seek alternative solutions for their identity protection needs and ensures they are not financially penalized for the service’s discontinuation.

Mozilla further elaborated on the challenges that led to this decision, citing the inherent complexities of the data broker ecosystem and their stringent vendor standards. "We explored several options to keep Monitor Plus going, but our high standards for vendors, and the realities of the data broker ecosystem made it challenging to consistently deliver the level of value and reliability we expect for our users," the statement read. This candid admission points to the inherent difficulties in navigating the data broker landscape, where transparency and ethical practices can be elusive. Mozilla’s commitment to "high standards for vendors" suggests that Onerep, despite initial assurances, ultimately failed to meet the ethical and operational benchmarks set by Mozilla for a service entrusted with sensitive user data. The "realities of the data broker ecosystem" likely refer to the pervasive nature of data collection and the difficulty in achieving comprehensive data removal, as well as the ethical compromises often inherent in the industry.

The controversy surrounding Onerep first came to light on March 14, 2024, when KrebsOnSecurity published a detailed investigation. The report exposed that Onerep’s CEO and founder, Dimitri Shelest, a Belarusian national, had launched dozens of people-search services since 2010. Crucially, the investigation revealed that Shelest was still actively operating Nuwber, a data broker that sells background reports on individuals. This revelation directly contradicted the premise of Onerep’s service, which was marketed as a tool to combat the very practices Shelest himself was engaged in.

Shelest subsequently issued a lengthy statement in response to the KrebsOnSecurity report, acknowledging his continued ownership stake in Nuwber. He admitted to founding Nuwber in 2015, a period that coincided with the launch of Onerep. This admission confirmed the core findings of the investigation and solidified the perception of a significant ethical breach. The dual role of operating a data broker while simultaneously offering a service to remove data from such brokers created an irreconcilable conflict of interest, making it impossible for Mozilla to continue its partnership in good faith.

The implications of this saga extend beyond just Mozilla and Onerep. It serves as a stark reminder for consumers about the importance of scrutinizing privacy services and understanding the underlying business models of companies that claim to protect personal data. The data broker industry is notoriously opaque, and services that promise complete removal of personal information often operate in a grey area. The conflict of interest at the heart of Onerep’s operations highlights the need for greater transparency and accountability within the data privacy sector.

Mozilla’s decision, though delayed, is a positive step towards restoring user trust. By disentangling itself from a vendor with questionable ethical practices, Mozilla reaffirms its commitment to its core mission of promoting an open and private internet. The focus on integrating more privacy and security features directly into Firefox demonstrates a proactive approach to user protection, moving away from reliance on third-party services that may harbor hidden conflicts. The extended wind-down period, while perhaps frustrating for those who initially learned of the issues, suggests a carefully managed exit strategy designed to minimize disruption for existing users and fulfill contractual obligations. Ultimately, this protracted but decisive end to the Onerep partnership underscores Mozilla’s dedication to upholding its privacy principles, even when faced with complex industry realities and challenging vendor relationships. The experience with Onerep serves as a valuable lesson for both consumers and the privacy industry at large, emphasizing the critical need for due diligence and unwavering ethical standards in the pursuit of digital privacy.

Mozilla Says It’s Finally Done With Two-Faced Onerep

Mozilla Says It’s Finally Done With Two-Faced Onerep

Pradipta eManuel

Related Posts

Most Parked Domains Now Serving Malicious Content

Dismantling Defenses: Trump 2.0 Cyber Year in Review

Leave a Reply Cancel reply

Other Story

Astronaut on Space Station Suffers Medical Issue, Raising Questions on Space Travel’s Inherent Risks

“Purifying” photons: Scientists found a way to clean light itself

Large American VCs Topped 2025 Active Investor Ranks, Including A16Z, Accel And Sequoia

Most Parked Domains Now Serving Malicious Content

A New CRISPR Startup Bets on Easing Regulatory Hurdles for Gene Editing Therapies.

Babylon Code Vulnerability Risks Block Production Slowdown