Firefox’s Data Broker Fiasco Is A Warning About The Whole Industry

Ben West

Ben West

4 min read
Firefox’s Data Broker Fiasco Is A Warning About The Whole Industry
Photo by Tobias Tullius / Unsplash

I wasn't planning on writting something this morning but then I saw Brian Krebs post about Mozilla and data brokers I couldn't help myself, this is a topic that really troubles me. I was planning to sit quietly, keep my computer asleep, drink something warm and try not to doomscroll before going on a nice weekend walk. But Mozilla announced it was finally cutting ties with OneRep, their paid data removal service, which was also acting as a data broker, and now here I am, typing with a dog snoring on my feet while the whole data broker ecosystem collapses under the weight of its own nonsense.

Mozilla, the Company/Foundation behind Firefox, teamed up with OneRep to help people get their personal info off "people search" sites. Then it turned out OneRep was basically doing the same kind of scraping it was supposed to be protecting people from. Even more of a head scratcher was it took months after the initial story leaking for Mozilla to actually wind down this relationship.

Krebs has the whole wild thing:
https://krebsonsecurity.com/2025/11/mozilla-says-its-finally-done-with-two-faced-onerep/

What makes this story especially troubling is that this is Mozilla. One of the last tech companies that still genuninely tries to do the right thing. In an age of everyone kissing the ring of an authoritarian government and partnering with the creepiest military contractors to help facilitate the panopticon this kind of principled company is important. But if they can get misled by a vendor in this space, the rest of us are, frankly, screwed. Or at least wandering around in the dark holding a tiny flickering flashlight.

The Data Broker Industry IS the Point

Byron Tau’s Means of Control basically confirms every grim suspicion anyone has ever had about the data economy. Data brokers are actually the beating heart of the tech sector with a revolving door relationship with They’re the pipes everything flows through. Law enforcement and intelligence agencies buy whatever they can’t legally subpoena. Location data. Behavioral inferences. All the creepy stuff you think only advertisers see.

And then we’re sold twelve-dollar subscriptions to “fix” it. Sure. And for $5 more they’ll throw in a toothbrush that cures climate change.

Canada Post Is Still Selling People And We’re All Just Pretending That’s Normal

In case you thought a nice country like Canada was immune to this, do you remember the Canada Post thing? They were caught selling customer data for targeted advertising. Totally not what the national postal service is supposed to be doing but they are pushed into this via underfunding and "corporstization". The Office of the Privacy Commissioner wagged a finger. Canada Post said they’d “review practices.” From my digging around it seems like all that happened is you can now opt out of having your data sold.

Here’s the story:
https://globalnews.ca/news/9979708/9979708-canada-post-reviewing-personal-data-use-privacy-law/

The Removal Services Are Playing Whack-A-Mole With A Blindfold On.

Consumer Reports tested a handful of the big data removal services. The results were… well, not great.

Their summary is here:
https://advocacy.consumerreports.org/press_release/consumer-reports-evaluation-of-people-search-site-removal-services-finds-that-they-are-largely-ineffective/

None of the services removed anyone’s data from all thirteen sites tested. The best performers only hit around sixty five percent after four months. Meanwhile manual removal hit seventy percent in a week.

Techlore does a nice job explaining it:
https://youtu.be/iCSLkuWM4mU?si=YKkEeLLr1IqvEe1w

The industry sells peace of mind. What it’s delivering is “eh, we tried.”

DIY is Still Best

Michael Bazzell’s workbook remains the most honest piece of privacy work on the internet.
https://inteltechniques.com/workbook.html

Yael Grauer’s Broker List Makes The Scale Obvious

Yael Grauer put together a clear list of the thirteen people search sites used by Consumer Reports. No hand waving. No marketing language. Just the actual links and opt outs. It is absurdly useful.

Here:
https://mastodon.social/@yaelwrites/113212352382901835

And once you scroll through it you can see thirteen are just the starter pack.There are hundreds more under the California Delete Act and over a thousand functioning data brokers in North America alone.

This is not a problem you solve by clicking a button or two, automation and AI alone will not solve your problems without significant human involvement.

The Fine Print Is Practically A Second Terms Of Service

A lot of these companies advertise removal from seven hundred plus brokers. Then the fine print quietly mentions that your plan covers sixty. Maybe a hundred if you pay extra. The rest turn into “custom requests” which usually means you typing emails yourself like a chump.

Restore Privacy digs into all this and the questionable “anonymized” data sharing some services engage in:

https://restoreprivacy.com/data-removal/deleteme-review/

If you’ve read Tau’s book, you know anonymization is a myth. It turns out metadata is very good at being deanonymized.

I Love Creators. I Just Want Them To Give People The Full Story.

Some of my favorite tech journalists and creators promote these services. No hate. People need income. Independent news teams needs revenue. And sometimes these services genuinely help people who would otherwise do nothing.

But this category is different. High stakes. High risk. Messy consequences.

Shannon Morse’s review is a great example of balanced coverage:
https://youtu.be/QH1zb8HRUWI?t=824&si=Ja5y9_c9Xe9wtBLR

What I would love is if every affiliate ad came bundled with something like the IntelTechniques guide or Yael’s list. Give people the tool and the truth.

Laws Fix What Subscriptions Can’t

Consumer Reports says it directly. Without federal law, none of this gets fixed. California’s Delete Act is a good start, but it’s one state trying to patch a nationwide surveillance economy using duct tape.

Tau’s book burns this into your brain, government are using these products in troubling ways.

Final Thoughts

The Firefox situation is a reminder of how impossible this landscape is to navigate, even for people who are actively trying to do good. If Mozilla struggled, regular consumers are basically wandering through a digital funhouse with no way out.

Use whatever tools help you. Just don’t be fooled into thinking they solve the underlying problem. Mix in manual deletion work when you can. But more importantly, demand transparency. Push for regulation. Support the groups of privacy nerds advocating for better laws.

The system wasn’t built for us, that needs to change. Ok time to wake up this sleeping dog and get some fresh air.

🌤️Join Me Where the Sky is Blue

If you have come this far you might as well check this out.

Exit to Bluesky