Mozilla breaks into the anti-data broker game

Martin Shelton

Principal Researcher

An animated image of a shark fin on a computer screen
Electronic Frontier Foundation (CC BY 2.0)

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

You may or may not be seeking the services of a marriage broker this Valentine’s Day, but one thing you likely don’t want to fall prey to are the dealings of a data broker. 

Hundreds of data brokers (e.g., Intelius, Spokeo) aggregate and sell access to personal data, such as phone numbers, emails, addresses, and even purchasing habits collected through loyalty card programs, social media sites, apps, trackers embedded in websites, and more. 

Through a partnership with data removal service Onerep, Mozilla is introducing a new $8.99 monthly subscription service it calls Mozilla Monitor Plus, which automatically scans for your personal data on data broker websites. When found, the service will attempt to have your data removed through automated takedown requests. Read more here.

What you can do

  • Mozilla Monitor offerings appear to only be available in the United States. If you’d like to pursue data broker removal services outside of the U.S., DeleteMe ($129/year) offers services in several countries, though how many data brokers it covers varies significantly by region.
  • Dealing with data brokers ain’t cheap. It’s possible to manually request data removals yourself from a variety of data brokers by following instructions from Yael Grauer's Big Ass Data Broker Opt-Out List. This will absolutely take more of your time because data brokers occasionally repopulate their troves with data from other sources. But making manual requests yourself is an option.
  • If you have personally identifiable information that you’d like to make less easily searchable, you can also request to have it removed from Google. This will not remove the websites that host this information, only Google’s listings. Other search engines may still link to the website at issue.
  • Check out our recommended guides to prepare for online harassment.

Updates from my team

  • Join FPF on Feb. 22, 2024, at 7 p.m. EST for a virtual training on using the U.S. Press Freedom Tracker for your reporting, and a discussion of why covering press freedom issues matters for journalists and their readers. This event is in honor of Student Press Freedom Day, but all journalists — students or not — are welcome! Register here.
  • Are you in Arizona? My colleague David Huerta will be at CactusCon 2024. Come say hi in Mesa, Arizona, this Feb. 16–17, and grab some FPF stickers.

We are always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.


Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Apple warns iPhone users of targeted malware

On April 10, Apple sent users in 92 countries warning of mercenary malware attacks targeting the iPhone. The notification did not provide details about the identities of the attackers. According to TechCrunch, Apple warned, “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”

Preparing for election-related security issues

Throughout this year, our digital security training team will share our thoughts on navigating security issues during the 2024 election season. Elections around the world experience distinct security issues that may change from year to year, but in the U.S. we look to 2020 for lessons on how to get ahead of likely issues, from surveillance of our sensitive communications to perennial phishing attacks and harassment for political reporting.

Google to delete old Chrome Incognito data

Following a class-action lawsuit over Google’s handling of user data in its Chrome browser’s “Incognito” private browsing mode, the search company will expunge “billions of event-level data records that reflect class members’ private browsing activities” improperly collected before January 2024. It also updated its Incognito landing page to highlight that even Google can discern your activities in private browsing mode. Additionally, the company will be required to delete data that makes users’ private browsing data personally identifiable, such as IP addresses.