An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story. But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF). In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University. Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

Read more of this story at Slashdot.

Mozilla Location Service offered "a free, open way to offer GPS-style location detection features" for developers on devices without GPS hardware, remembers the Linux blog OMG Ubuntu. It used signals like Wi-Fi access points and Bluetooth beacons "without any of the privacy implications most competing geolocation services have." But Friday they reported that Mozilla "has announced it is ending access to Mozilla Location Service (MLS), which provides accurate, privacy-respecting, and crowdsourced geolocation data." Developers and 3rd-party projects that use MLS to detect a users' location, such as the freedesktop.org location framework GeoClue, which is used by apps like GNOME Maps and Weather, have only a few months left to continue using the service... In late March, POST data submissions will return 403 responses. Finally, on June 12, all 3rd-party API keys will be removed and MLS data only accessible by Mozilla... MLS' accuracy has declined in recent years. Patent infringement claims in 2019 saw Mozilla reach a settlement to avoid litigation. As part of that settlement it was forced to make changes to MLS that impacted its ability to invest in (commercially exploit?) and improve the service. The article notes that GeoClue "already supports multiple location detection methods, including IP-based ones," so it should continue operating. "But the sad reality is that there just aren't a lot of free, open, privacy-friendly, accurate, and (rather importantly for a framework built in to Linux desktops) reliable alternatives to Mozilla Location Services, which has built up a colossal 'signal map' from which to pinpoint locations." "We are grateful for the contributions of the community to MLS to both the code and the dataset," a Mozilla senior engineering manager said in a statement.

Read more of this story at Slashdot.

Ce titre est vache, mais tellement juste : « Il n'y a pas plus "2024" que virer des employés et vouloir faire de l'I.A. : Mozilla fait les deux. »
Ouais ☹️ c'est moche.
MOI JE NE VEUX PAS D'I.A. À LA CON DANS MON NAVIGATEUR, BORDEL.
Et donc adieu Mozilla's VPN, Relay (solution antispam) et mozilla.social (Mastodon). Et bien sûr toujours pas d'icône RSS. En gros Mozilla dégage les technologies qui ont un vrai impact sur la protection de la vie privée pour se concentrer sur l'I.A.
(Permalink)