Freedom of the Press Foundation
Show Navigation

Controversy over Mozilla’s anti-data broker service

Martin Shelton
Dr. Martin Shelton

Principal Researcher

Electronic Frontier Foundation. (CC BY 2.0)

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

We recently shared news of Mozilla’s partnership with data removal service Onerep. Through a service it calls Mozilla Monitor Plus, Onerep is designed to automatically scan for personal information on data broker websites — services that aggregate and sell data about private individuals, such as addresses, phone numbers, names of family members, and even purchase histories. But journalist Brian Krebs has found evidence that the founder of Onerep, purveyor of anti-data broker services, himself created dozens of data broker services. Read more.

What you can do

  • It’s pretty disappointing to hear this news, especially having highlighted the service earlier. But it’s also an opportunity to talk about how not to take the promises or histories of any particular tool as gospel. While I wish every time I mentioned a tool it just stayed unproblematic, the reality is that we learn more about services in our security toolkit all the time. The services will change, we will learn more about them, and we will assess if they have become more or less reliable for our needs. So we hope journalists will use examples like this to understand the changing nature of the security space and find the tools that work best at the moment those tools are needed.
  • OK, I just gave you advice about not being married to any one service. All the same, an anti-data broker service that works well right now in about a dozen countries is DeleteMe, which allows you to have personal data removed from data brokers. It’s not cheap though — roughly $129 each year.
  • Also, you can manually remove yourself (for free!) from a variety of data brokers by following instructions listed in Yael Grauer's Big Ass Data Broker Opt-Out List.

Updates from my team

We are always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Donate to support press freedom

Your support is more important than ever.
Donate now

Read more about Digital Security Digest

Header image with a graphic of Signal's "speech bubble" logo, with a pattern of silhouettes of phones in the background.

Crossfire over messaging security

Johns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.

57fe4d8e-3f52-ea6d-d840-5e8dd6dca412

Google Docs locks out writer

While it’s powerful and convenient, Google Docs might not be right for all documents, including those that you consider sensitive, private, or that you can’t risk losing. Read more about newsroom privacy and security considerations when using Google Workspace.

Google details app violations

According to its security blog, Google prevented 2.28 million — yes, million — Android apps from being published on its Play Store in 2023. The company says it also removed 333,000 accounts for attempting to deliver malware through the Play Store, as well as for “repeated severe policy violations.” These numbers have grown substantially since 2022, when the company disclosed it prevented 1.43 million apps from being published on the Play Store.

More posts