Technology

62853 readers

6344 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

618

Mozilla’s new service tries to wipe your data off the web (www.theverge.com)

submitted 1 year ago by AnActOfCreation@programming.dev to c/technology@lemmy.world

72 comments fedilink hide all child comments

Mozilla has launched a paid subscription service called Mozilla Monitor Plus, which monitors and removes personal information from over 190 sites where brokers sell data.
The service is priced at $8.99 per month and is an extension of the free dark web monitoring service Mozilla Monitor (previously Firefox Monitor).
Basic Monitor members receive a free scan and one-time removal sweep, while Plus members get continual monthly data broker scans and removal attempts.

Archive link: https://archive.ph/YdY3R

you are viewing a single comment's thread
view the rest of the comments

[+] Static_Rocket@lemmy.world -8 points 1 year ago* (last edited 1 year ago) (11 children)

Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?

Edit: You goofs know you can calculate the hash locally and submit it for review without actually exposing your password to them right? That's how bitwarden does it's check. https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity

Ah, but Mozilla isn't even trying to do anything cool like that. They just use onereap and those fuckers look shady. Quotes from their privacy policy: https://onerep.com/privacy-policy#what-data-we-collect-and-how-we-do-that

We use your Personal Information for a number of purposes, which may include the following:

[snip]

To display advertisements to you.

To manage our Affiliate marketing program.

There will be times when we may need to disclose your Personal Information to third parties. We may disclose your Personal Information to:

[snip]

Third-party service providers and partners who assist us in the provision of the Services and Website, for example, (a) those who support delivery of or provide certain features in connection with the Services and Website (e.g. Stripe, a payment services provider; Sendgrid, an email delivery service; HubSpot, a CRM platform, and Sentry, a crash reporting platform); (b) providers of analytics and measurement services (e.g. Google Analytics, ProfitWell etc.); (c) providers of technical infrastructure services (e.g. Microsoft Azure, Google Cloud, and Amazon AWS); (d) providers of customer support services (e.g. Zendesk); (e) those who facilitate conduct of surveys (e.g. Hotjar); (f) those who help to advertise, market or promote our Services and Website (e.g. Mautic, Facebook Ads, Google Ads, Linkedin Ads, Reddit Ads, and Microsoft Ads);

The bastards

[–] Steve@communick.news 22 points 1 year ago (4 children)

The front page there is literally: "Give us your email, so we can find leaks of your email." It's exactly the same thing.

[–] Bitrot@lemmy.sdf.org 14 points 1 year ago (3 children)

They are talking about the password lookup: https://haveibeenpwned.com/Passwords

But, it's the same deal. You have to trust they are actually doing what they say. Mozilla uses haveibeenpwned for their basic Monitor service too.

[–] Nyfure@kbin.social 13 points 1 year ago

To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.

load more comments (2 replies)

load more comments (8 replies)