- Mozilla has launched a paid subscription service called Mozilla Monitor Plus, which monitors and removes personal information from over 190 sites where brokers sell data.
- The service is priced at $8.99 per month and is an extension of the free dark web monitoring service Mozilla Monitor (previously Firefox Monitor).
- Basic Monitor members receive a free scan and one-time removal sweep, while Plus members get continual monthly data broker scans and removal attempts.
Archive link: https://archive.ph/YdY3R
Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?
Edit: You goofs know you can calculate the hash locally and submit it for review without actually exposing your password to them right? That’s how bitwarden does it’s check. https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
Ah, but Mozilla isn’t even trying to do anything cool like that. They just use onereap and those fuckers look shady. Quotes from their privacy policy: https://onerep.com/privacy-policy#what-data-we-collect-and-how-we-do-that
The bastards
deleted by creator
They could just look for names, then hash those names and compare them to your hashed name. So technically that don’t need to store your data, just hashes.
I’m all for privacy but worrying about giving one of the most trustworthy companies around your name seems a bit much.
You’d also have to give them your card details to pay for it.
This would also require searching and indexing the entire system as opposed to searching it.
Need a Moreno payment system
Tbf if someone logged that you were paying for this service that data would get removed anyway haha
The front page there is literally: “Give us your email, so we can find leaks of your email.” It’s exactly the same thing.
deleted by creator
To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.
ah yes. type your password in here we totally wont steal it
Y’know that you can see the requests your browser makes, right? Mind putting in here a screenshot of HIBP uploading your password or any complete hash of it?
Failing to provide that grants you the “talking shit out of ya ass” award.
No, because you are asking the data broker to do something with your data that they possess. It is not possible for them to delete your data without knowing which are your data.
The only alternative is fully banning this kind of data collection. Which would be nice, but isn’t happening anytime soon.