Comment on Mozilla’s new service tries to wipe your data off the web
Steve@communick.news 10 months agoI can also see the irony. But I can’t imagine another way to do it at any scale. Do you know of any other way?
Comment on Mozilla’s new service tries to wipe your data off the web
Steve@communick.news 10 months agoI can also see the irony. But I can’t imagine another way to do it at any scale. Do you know of any other way?
Static_Rocket@lemmy.world 10 months ago
Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?
Bitrot@lemmy.sdf.org 10 months ago
No. If your name is Dave Jones they have to look around those broker sites for Dave Jones. If those sites were using hashes then they could use hashes too.
Peer@discuss.tchncs.de 10 months ago
They could just look for names, then hash those names and compare them to your hashed name. So technically that don’t need to store your data, just hashes.
Lmaydev@programming.dev 10 months ago
I’m all for privacy but worrying about giving one of the most trustworthy companies around your name seems a bit much.
Steve@communick.news 10 months ago
The front page there is literally: “Give us your email, so we can find leaks of your email.” It’s exactly the same thing.
Bitrot@lemmy.sdf.org 10 months ago
They are talking about the password lookup: haveibeenpwned.com/Passwords
But, it’s the same deal. You have to trust they are actually doing what they say. Mozilla uses haveibeenpwned for their basic Monitor service too.
Nyfure@kbin.social 10 months ago
To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.
ambrosiaforest@lemmy.blahaj.zone 10 months ago
ah yes. type your password in here we totally wont steal it
admiralteal@kbin.social 10 months ago
No, because you are asking the data broker to do something with your data that they possess. It is not possible for them to delete your data without knowing which are your data.
The only alternative is fully banning this kind of data collection. Which would be nice, but isn't happening anytime soon.