Article Details

Mozilla adds paid-for data-deletion tier to Monitor, its privacy-breach radar. Firefox maker promises to lean on personal info brokers to scrub records. Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information. Mozilla introduced Monitor in 2018 as a way to make people aware when their personal info may have been stolen, leaked, and/or illicitly traded online. Called Firefox Monitor at launch, and now Mozilla Monitor, it provides a service that's not just similar to the venerable HaveIBeenPwned.com – it uses the HIBP database as its source. If your personal info gets stolen or leaked by cybercriminals, and a record of that privacy breach is added to HaveIBeenPwned, Monitor will automatically flag that up to you. Necessarily alert to revenue diversification opportunities in light of its dependence on Google paying to be the default search service on its beleaguered Firefox browser, Mozilla has taken Monitor beyond HIBP alerts, added data removal, and branded that expanded service Monitor Plus with a subscription fee of $8.99 per month (or $107.88 per year). The idea being that, for paying users, Monitor will do what it can to scrub their personal info from recognized data brokers that buy and sell netizens' details and records with other businesses, such as those folks' locations and online habits. While Monitor flags up criminal activity, Monitor Plus deals with removing info from ostensibly legit brokers; we can't imagine the org will have much success persuading underworld fraudsters to remove people's records. “When we launched Monitor, our goal was to help people discover where their personal info may have been exposed," said Tony Amaral-Cinotto, product manager of Mozilla Monitor, in an announcement. "Now, with Monitor Plus, we’ll help people take back their exposed data from data broker sites that are trying to sell it." In doing so, Mozilla joins more than a dozen other companies offering similar data removal services targeting a varying number of vendors, such as Abine's DeleteMe ($10.75 per month), Optery ($4-$25 per month), and Incogni ($6.49 per month), among others. These businesses contact data brokers and ask them to remove personal information (e.g. name, email, address, phone number) from their info stores on behalf of netizens, a time-consuming and onerous process if done manually. Mozilla claims Monitor Plus will work with over 190 data broker sites, "twice the number of other competitors." As a point of comparison, Opetery's top tier boasts removals from more than 305 sites, though at a cost of more than twice what Mozilla is asking. And that falls well short of the 549 data brokers currently registered in the State of California's Data Broker Registry, to say nothing of firms not doing business in the state or just operating illegally. So Mozilla Monitor Plus is an incomplete, temporary fix – sites may reacquire customer data, necessitating follow-up removal requests – in a largely unregulated data broker business that has made few accommodations to demands for privacy. And the privacy situation has been grim for a while. A decade ago, in 2014, the FTC called on Congress to do something about the data broker industry. And not a lot has happened since. But by 2018, which saw Facebook's Cambridge Analytica scandal and the implementation of Europe's 2016 General Data Protection Regulation, demands for data privacy and protection began showing results. A year later, with browser rivals starting to block third-party cookies by default, Google saw the writing on the wall and set about designing its Privacy Sandbox advertising tools for a world grown wary of third-party tracking and data gathering. Lately, info brokers have received a lot of attention – not enough to merit an actual federal privacy law but more than usual for the intervention-averse US. The Federal Trade Commission recently banned X-Mode Social from sharing or selling location data. US Senator Ron Wyden (D-OR) called for domestic intelligence agencies to stop buying location data. And the Biden Administration is reportedly working on an executive order limiting data brokers from sharing or selling data on Americans to foreign adversaries. But the most significant development in the US in terms of data brokers has been California's Delete Act, which follows on the heels of the California Consumer Privacy Act and the state's Privacy Rights Act. The Delete Act technically became law this year but should start showing its teeth two years from now. Starting January 1, 2026, the California Privacy Protection Agency is supposed to deploy a one-stop data deletion mechanism to allow consumers to request that data brokers stop tracking them and delete their personal info. And by August 1 that year data brokers will be required to process people's deletion requests every 45 days. So two years hence or thereabout, Monitor Plus and related services may not be necessary for those in California – they'll no longer need to pay to recover the privacy taken from them without consent, at least with regard to third-party brokers. A Mozilla spokesperson told The Register the Delete Act is great news for Californians. "Since the deletion mechanism will not be available until 2026, we wanted to ensure that people could begin protecting their privacy as quickly as possible, especially for people outside California who won't have this state protection," the spokesperson said.