In the middle of March 2024, KrebsOnSecurity disclosed that the creator of the personal data elimination service Onerep also established numerous people-search enterprises. Following the release of that investigation, Mozilla announced its decision to cease bundling Onerep with the Firefox browser and to terminate its collaboration with the organization. However, nearly a year afterwards, Mozilla continues to advocate for Onerep among Firefox users.

Mozilla provides Onerep to Firefox users on a subscription model as part of Mozilla Monitor Plus. Established in 2018 under the title Firefox Monitor, Mozilla Monitor also analyzes data from the website Have I Been Pwned? to inform users when their email addresses or passwords are compromised in data breaches.

The ink on that cooperation agreement had barely dried before KrebsOnSecurity reported that Onerep’s Belarusian CEO and founder Dimitiri Shelest had initiated multiple people-search platforms since 2010, which included a currently operating data broker named Nuwber, that sells background checks on individuals. This appeared to contradict Onerep’s proclaimed motto, “We believe that no one should compromise personal online security and get a profit from it.”

Shelest issued a detailed statement (PDF) in which he confirmed possessing an ownership interest in Nuwber, a consumer data broker he established in 2015 — around the same period he founded Onerep.

Shelest asserted that Nuwber has “no overlap or data sharing with Onerep,” and stated any remaining old domains linked to his name are no longer under his management.

“I understand,” Shelest commented. “My connection to a people search enterprise may seem unusual from an exterior viewpoint. In reality, had I not embarked on that original path with an in-depth exploration of how people search sites function, Onerep would not possess the leading technology and team in the industry. Nonetheless, I now recognize that we did not clarify this more effectively in the past, and I am committed to enhancing this in the future.”

When approached for a statement regarding the findings, Mozilla remarked that although customer data was never compromised, the external financial interests and undertakings of Onerep’s CEO were not in alignment with their principles.

“We are currently in the process of establishing a transition strategy that will ensure customers have a seamless experience while prioritizing their interests,” Mozilla stated.

In October 2024, Mozilla issued a statement indicating that the search for an alternative provider was taking more time than expected.

“As we continue to assess vendors, locating a technically proficient and values-aligned partner requires time,” Mozilla noted. “During this search, Onerep will remain the backend provider, enabling us to deliver uninterrupted services while we evaluate new prospective partners that align more closely with Mozilla’s principles and user expectations. We are conducting comprehensive diligence to identify the right vendor.”

When requested for an update, Mozilla mentioned that the quest for a substitute partner was ongoing.

“The efforts are in progress, but we haven’t identified the right alternative yet,” Mozilla confirmed in an emailed statement. “Our customers’ data remains secure, and since the product offers substantial value to our subscribers, we’ll continue to provide it throughout this process.”

It’s a favorable outcome for Mozilla that they’ve garnered praise for their ethical response while still collaborating with Onerep almost a year later. Nonetheless, if finding a fitting replacement is taking such an extended period, what does that imply about the personal data elimination sector itself?

Onerep seems to be collaborating with another contentious people-search service: Radaris, which has a track record of disregarding opt-out requests or failing to comply with them. A week prior to breaking the news about Onerep, KrebsOnSecurity published an analysis indicating that the co-founders of Radaris were two Russian brothers who had established a vast network of affiliate marketing schemes and consumer data broker services.

Attorneys for the Radaris co-founders threatened legal action against KrebsOnSecurity unless the article was fully retracted, asserting that the founders were in fact Ukrainian and that our report had libeled the brothers by connecting them to Radaris’s activities. Instead, we published a follow-up investigation which demonstrated that not only did the brothers from Russia create Radaris, but for many years they had issued press releases citing a fictitious CEO soliciting funds from investors.

Numerous readers have forwarded emails they received from Radaris after attempting to remove their private information, and those correspondences reveal that Radaris has been endorsing Onerep.