In mid-March 2024, KrebsOnSecurity revealed that the founding father of the non-public knowledge elimination service Onerep additionally based dozens of people-search corporations. Shortly after that investigation was printed, Mozilla stated it might cease bundling Onerep with the Firefox browser and wind down its partnership with the corporate. However practically a 12 months later, Mozilla continues to be selling it to Firefox customers.
Mozilla affords Onerep to Firefox customers on a subscription foundation as a part of Mozilla Monitor Plus. Launched in 2018 beneath the identify Firefox Monitor, Mozilla Monitor additionally checks knowledge from the web site Have I Been Pwned? to let customers know when their electronic mail addresses or password are leaked in knowledge breaches.
The ink on that partnership settlement had barely dried earlier than KrebsOnSecurity published a story exhibiting that Onerep’s Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search companies since 2010, together with a still-active knowledge dealer known as Nuwber that sells background stories on individuals. This appeared to contradict Onerep’s acknowledged motto, “We consider that nobody ought to compromise private on-line safety and get a revenue from it.”
Shelest launched a lengthy statement (PDF) whereby he acknowledged sustaining an possession stake in Nuwber, a client knowledge dealer he based in 2015 — across the identical time he began Onerep.
Onerep.com CEO and founder Dimitri Shelest, as pictured on the “about” web page of onerep.com.
Shelest maintained that Nuwber has “zero cross-over or information-sharing with Onerep,” and stated every other previous domains which may be discovered and related together with his identify are now not being operated by him.
“I get it,” Shelest wrote. “My affiliation with a individuals search enterprise might look odd from the surface. In fact, if I hadn’t taken that preliminary path with a deep dive into how individuals search websites work, Onerep wouldn’t have the perfect tech and staff within the area. Nonetheless, I now admire that we didn’t make this extra clear up to now and I’m aiming to do higher sooner or later.”
When requested to touch upon the findings, Mozilla stated then that though buyer knowledge was by no means in danger, the surface monetary pursuits and actions of Onerep’s CEO didn’t align with their values.
“We’re working now to solidify a transition plan that may present clients with a seamless expertise and can proceed to place their pursuits first,” Mozilla said.
In October 2024, Mozilla printed a press release saying the seek for a unique supplier was taking longer than anticipated.
“Whereas we proceed to guage distributors, discovering a technically glorious and values-aligned associate takes time,” Mozilla wrote. “Whereas we proceed this search, Onerep will stay the backend supplier, guaranteeing that we will keep uninterrupted companies whereas we proceed evaluating new potential companions that align extra intently with Mozilla’s values and person expectations. We’re conducting thorough diligence to search out the precise vendor.”
Requested for an replace, Mozilla stated the seek for a substitute associate continues.
“The work’s ongoing however we haven’t discovered the precise different but,” Mozilla stated in an emailed assertion. “Our clients’ knowledge stays protected, and because the product supplies a whole lot of worth to our subscribers, we’ll proceed to supply it throughout this course of.”
It’s a win-win for Mozilla that they’ve acquired accolades for his or her principled response whereas persevering with to associate with Onerep virtually a 12 months later. But when it takes so lengthy to discover a appropriate substitute, what does that say in regards to the private knowledge elimination business itself?
Onerep seems to be working in partnership with one other problematic people-search service: Radaris, which has a historical past of ignoring opt-out requests or failing to honor them. Per week earlier than breaking the story about Onerep, KrebsOnSecurity published research exhibiting the co-founders of Radaris have been two native Russian brothers who’d constructed an unlimited community of affiliate internet marketing applications and client knowledge dealer companies.
Attorneys for the Radaris co-founders threatened to sue KrebsOnSecurity except that story was retracted in full, claiming the founders have been in reality Ukrainian and that our reporting had defamed the brothers by associating them with the actions of Radaris. As a substitute, we printed a follow-up investigation which confirmed that not solely did the brothers from Russia create Radaris, for a few years they issued press releases quoting a fictitious CEO searching for cash from buyers.
A number of readers have shared emails they acquired from Radaris after trying to take away their private knowledge, and people messages present Radaris has been selling Onerep.
An electronic mail from Radaris selling Onerep.
