In mid-March 2024, KrebsOnSecurity revealed that the founding father of the private knowledge elimination service Onerep additionally based dozens of people-search corporations. Shortly after that investigation was revealed, Mozilla mentioned it might cease bundling Onerep with the Firefox browser and wind down its partnership with the corporate. However almost a yr later, Mozilla remains to be selling it to Firefox customers.
Mozilla affords Onerep to Firefox customers on a subscription foundation as a part of Mozilla Monitor Plus. Launched in 2018 beneath the identify Firefox Monitor, Mozilla Monitor additionally checks knowledge from the web site Have I Been Pwned? to let customers know when their e mail addresses or password are leaked in knowledge breaches.
The ink on that partnership settlement had barely dried earlier than KrebsOnSecurity revealed a narrative displaying that Onerep’s Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search companies since 2010, together with a still-active knowledge dealer referred to as Nuwber that sells background reviews on individuals. This appeared to contradict Onerep’s acknowledged motto, “We consider that nobody ought to compromise private on-line safety and get a revenue from it.”
Shelest launched a prolonged assertion (PDF) whereby he acknowledged sustaining an possession stake in Nuwber, a shopper knowledge dealer he based in 2015 — across the identical time he began Onerep.
Onerep.com CEO and founder Dimitri Shelest, as pictured on the “about” web page of onerep.com.
Shelest maintained that Nuwber has “zero cross-over or information-sharing with Onerep,” and mentioned some other outdated domains which may be discovered and related along with his identify are not being operated by him.
“I get it,” Shelest wrote. “My affiliation with a individuals search enterprise could look odd from the surface. In fact, if I hadn’t taken that preliminary path with a deep dive into how individuals search websites work, Onerep wouldn’t have the very best tech and crew within the house. Nonetheless, I now respect that we didn’t make this extra clear prior to now and I’m aiming to do higher sooner or later.”
When requested to touch upon the findings, Mozilla mentioned then that though buyer knowledge was by no means in danger, the surface monetary pursuits and actions of Onerep’s CEO didn’t align with their values.
“We’re working now to solidify a transition plan that can present clients with a seamless expertise and can proceed to place their pursuits first,” Mozilla mentioned.
In October 2024, Mozilla revealed an announcement saying the seek for a special supplier was taking longer than anticipated.
“Whereas we proceed to judge distributors, discovering a technically glorious and values-aligned companion takes time,” Mozilla wrote. “Whereas we proceed this search, Onerep will stay the backend supplier, making certain that we will preserve uninterrupted companies whereas we proceed evaluating new potential companions that align extra carefully with Mozilla’s values and person expectations. We’re conducting thorough diligence to seek out the best vendor.”
Requested for an replace, Mozilla mentioned the seek for a substitute companion continues.
“The work’s ongoing however we haven’t discovered the best various but,” Mozilla mentioned in an emailed assertion. “Our clients’ knowledge stays secure, and because the product gives numerous worth to our subscribers, we’ll proceed to supply it throughout this course of.”
It’s a win-win for Mozilla that they’ve acquired accolades for his or her principled response whereas persevering with to companion with Onerep nearly a yr later. But when it takes so lengthy to discover a appropriate substitute, what does that say in regards to the private knowledge elimination business itself?
Onerep seems to be working in partnership with one other problematic people-search service: Radaris, which has a historical past of ignoring opt-out requests or failing to honor them. Every week earlier than breaking the story about Onerep, KrebsOnSecurity revealed analysis displaying the co-founders of Radaris have been two native Russian brothers who’d constructed an enormous community of affiliate internet marketing applications and shopper knowledge dealer companies.
Attorneys for the Radaris co-founders threatened to sue KrebsOnSecurity except that story was retracted in full, claiming the founders have been in truth Ukrainian and that our reporting had defamed the brothers by associating them with the actions of Radaris. As an alternative, we revealed a follow-up investigation which confirmed that not solely did the brothers from Russia create Radaris, for a few years they issued press releases quoting a fictitious CEO in search of cash from traders.
A number of readers have shared emails they acquired from Radaris after making an attempt to take away their private knowledge, and people messages present Radaris has been selling Onerep.
An e mail from Radaris selling Onerep.
