The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.
Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites.
A testimonial on onerep.com.
Customer case studies published on onerep.com state that it struck a deal to offer the service to employees of Permanente Medicine, which represents the doctors within the health insurance giant Kaiser Permanente. Onerep also says it has made inroads among police departments in the United States.
But a review of Onerep’s domain registration records and that of its founder reveal a different side to this company. Onerep.com says its founder and CEO is Dimitri Shelest from Minsk, Belarus, as does Shelest’s profile on LinkedIn. Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address dmitrcox2@gmail.com.
A search in the data breach tracking service Constella Intelligence for the name Dimitri Shelest brings up the email address dimitri.shelest@onerep.com. Constella also finds that Dimitri Shelest from Belarus used the email address d.sh@nuwber.com, and the Belarus phone number +375-292-702786.
Nuwber.com is a people search service whose employees all appear to be from Belarus, and it is one of dozens of people-search companies that Onerep claims to target with its data-removal service. Onerep.com’s website disavows any relationship to Nuwber.com, stating quite clearly, “Please note that OneRep is not associated with Nuwber.com.”
However, there is an abundance of evidence suggesting Mr. Shelest is in fact the founder of Nuwber. Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address dmitrcox@gmail.com. Recall that Onerep.com’s domain registration records in 2018 list the email address dmitrcox2@gmail.com.
It appears Mr. Shelest sought to reinvent his online identity in 2015 by adding a “2” to his email address. The Belarus phone number tied to Nuwber.com shows up in the domain records for comversus.com, and DomainTools says this domain is tied to both dmitrcox@gmail.com and dmitrcox2@gmail.com. Other domains that mention both email addresses in their WHOIS records include careon.me, docvsdoc.com, dotcomsvdot.com, namevname.com, okanyway.com and tapanyapp.com.
Onerep.com CEO and founder Dimitri Shelest, as pictured on the “about” page of onerep.com.
A search in DomainTools for the email address dmitrcox@gmail.com shows it is associated with the registration of at least 179 domain names, including dozens of mostly now-defunct people-search companies targeting citizens of Argentina, Brazil, Canada, Denmark, France, Germany, Hong Kong, Israel, Italy, Japan, Latvia and Mexico, among others.
Those include nuwber.fr, a site registered in 2016 which was identical to the homepage of Nuwber.com at the time. DomainTools shows the same email and Belarus phone number are in historic registration records for nuwber.at, nuwber.ch, and nuwber.dk (all domains linked here are to their cached copies at archive.org, where available).
Nuwber.com, circa 2015. Image: Archive.org.
Update, March 21, 11:15 a.m. ET: Mr. Shelest has provided a lengthy response to the findings in this story. In summary, Shelest acknowledged maintaining an ownership stake in Nuwber, but said there was “zero cross-over or information-sharing with OneRep.” Mr. Shelest said any other old domains that may be found and associated with his name are no longer being operated by him.
“I get it,” Shelest wrote. “My affiliation with a people search business may look odd from the outside. In truth, if I hadn’t taken that initial path with a deep dive into how people search sites work, Onerep wouldn’t have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I’m aiming to do better in the future.” The full statement is available here (PDF).
Original story:
Historic WHOIS records for onerep.com show it was registered for many years to a resident of Sioux Falls, SD for a completely unrelated site. But around Sept. 2015 the domain switched from the registrar GoDaddy.com to eNom, and the registration records were hidden behind privacy protection services. DomainTools indicates around this time onerep.com started using domain name servers from DNS provider constellix.com. Likewise, Nuwber.com first appeared in late 2015, was also registered through eNom, and also started using constellix.com for DNS at nearly the same time.
Listed on LinkedIn as a former product manager at OneRep.com between 2015 and 2018 is Dimitri Bukuyazau, who says their hometown is Warsaw, Poland. While this LinkedIn profile (linkedin.com/in/dzmitrybukuyazau) does not mention Nuwber, a search on this name in Google turns up a 2017 blog post from privacyduck.com, which laid out a number of reasons to support a conclusion that OneRep and Nuwber.com were the same company.
“Any people search profiles containing your Personally Identifiable Information that were on Nuwber.com were also mirrored identically on OneRep.com, down to the relatives’ names and address histories,” Privacyduck.com wrote. The post continued:
“Both sites offered the same immediate opt-out process. Both sites had the same generic contact and support structure. They were – and remain – the same company (even PissedConsumer.com advocates this fact: https://nuwber.pissedconsumer.com/nuwber-and-onerep-20160707878520.html).”
“Things changed in early 2016 when OneRep.com began offering privacy removal services right alongside their own open displays of your personal information. At this point when you found yourself on Nuwber.com OR OneRep.com, you would be provided with the option of opting-out your data on their site for free – but also be highly encouraged to pay them to remove it from a slew of other sites (and part of that payment was removing you from their own site, Nuwber.com, as a benefit of their service).”
Reached via LinkedIn, Mr. Bukuyazau declined to answer questions, such as whether he ever worked at Nuwber.com. However, Constella Intelligence finds two interesting email addresses for employees at nuwber.com: d.bu@nuwber.com, and d.bu+figure-eight.com@nuwber.com, which was registered under the name “Dzmitry.”
PrivacyDuck’s claims about how onerep.com appeared and behaved in the early days are not readily verifiable because the domain onerep.com has been completely excluded from the Wayback Machine at archive.org. The Wayback Machine will honor such requests if they come directly from the owner of the domain in question.
Still, Mr. Shelest’s name, phone number and email also appear in the domain registration records for a truly dizzying number of country-specific people-search services, including pplcrwlr.in, pplcrwlr.fr, pplcrwlr.dk, pplcrwlr.jp, peeepl.br.com, peeepl.in, peeepl.it and peeepl.co.uk.
The same details appear in the WHOIS registration records for the now-defunct people-search sites waatpp.de, waatp1.fr, azersab.com, and ahavoila.com, a people-search service for French citizens.
The German people-search site waatp.de.
A search on the email address dmitrcox@gmail.com suggests Mr. Shelest was previously involved in rather aggressive email marketing campaigns. In 2010, an anonymous source leaked to KrebsOnSecurity the financial and organizational records of Spamit, which at the time was easily the largest Russian-language pharmacy spam affiliate program in the world.
Spamit paid spammers a hefty commission every time someone bought male enhancement drugs from any of their spam-advertised websites. Mr. Shelest’s email address stood out because immediately after the Spamit database was leaked, KrebsOnSecurity searched all of the Spamit affiliate email addresses to determine if any of them corresponded to social media accounts at Facebook.com (at the time, Facebook allowed users to search profiles by email address).
That mapping, which was done mainly by generous graduate students at my alma mater George Mason University, revealed that dmitrcox@gmail.com was used by a Spamit affiliate, albeit not a very profitable one. That same Facebook profile for Mr. Shelest is still active, and it says he is married and living in Minsk [Update, Mar. 16: Mr. Shelest’s Facebook account is no longer active].
The Italian people-search website peeepl.it.
Scrolling down Mr. Shelest’s Facebook page to posts made more than ten years ago show him liking the Facebook profile pages for a large number of other people-search sites, including findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, peepull.com, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke.com, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, webmeek.com, and many country-code variations of viadin.ca (e.g. viadin.hk, viadin.com and viadin.de).
The people-search website popopke.com.
Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address dmitrcox@gmail.com.
Mr. Shelest has not responded to multiple requests for comment. KrebsOnSecurity also sought comment from onerep.com, which likewise has not responded to inquiries about its founder’s many apparent conflicts of interest. In any event, these practices would seem to contradict the goal Onerep has stated on its site: “We believe that no one should compromise personal online security and get a profit from it.”
The people-search website findmedo.com.
Max Anderson is chief growth officer at 360 Privacy, a legitimate privacy company that works to keep its clients’ data off of more than 400 data broker and people-search sites. Anderson said it is concerning to see a direct link between between a data removal service and data broker websites.
“I would consider it unethical to run a company that sells people’s information, and then charge those same people to have their information removed,” Anderson said.
Last week, KrebsOnSecurity published an analysis of the people-search data broker giant Radaris, whose consumer profiles are deep enough to rival those of far more guarded data broker resources available to U.S. police departments and other law enforcement personnel.
That story revealed that the co-founders of Radaris are two native Russian brothers who operate multiple Russian-language dating services and affiliate programs. It also appears many of the Radaris founders’ businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.
KrebsOnSecurity will continue investigating the history of various consumer data brokers and people-search providers. If any readers have inside knowledge of this industry or key players within it, please consider reaching out to krebsonsecurity at gmail.com.
Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.
“The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”
In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.
“We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”
Wow! I was about to sign up for onerep.com because Mozilla, the company that runs Firefox web browser, launched a privacy removal service which is apparently just a white label partner of Onerep.com according to the Verge. https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests
Yikes, not a good look for Mozilla!
I’d be curious to know if Wes Davis @ The Verge or Mozilla Monitoring are aware of Brian’s current research into Onerep.com’s questionable background.
What’s more interesting is the anecdotal evidence, posted in the comments section of this very article you linked, describing a customer’s experience with Incogni;
Quote; “I’ve been using Incogni for a few years now … I have about two dozen data brokers that are marked as “Resistant” despite having issued removal requests that are now about two years old. I’ve been using it for about two years and they’ve sent ~600 removal requests and only ~250 were confirmed complete.” Unquote.
Incogni are regarded as one of the industry leaders in this field and if they are only achieving ~40% removal rates, what is the point? Particularly if the data reappears months later. It’s just playing whack-a-mole.
It seems to me that Onerep.com’s whole business model is a replica of Ransomware groups’ strategy, albeit pitched as a legitimate business. We have access to your Personally Identifiable Information, pay us and we’ll get it removed from the internet. 2 months later it reappears only to keep their cash flowing. Extortion. Pure and simple.
Don’t call it “extortion”, call it a “protection fee”!
My bad. It is a ‘legitimate’ business model after all, isn’t it. We must use ‘legitimate’ terminology. /s
Legitimate is a registered trademark of Bing.com, the parent company to Microsoft in several ways.
You can polish a turd, but it doesn’t make it any more attractive.
What are we trying to protect and from who?
Never pay another company to remove your own records. It is public information anyways.
Potential fixes:
1) buy >100 acres of land , long driveway, with a gate so at least you have privacy when “they find you”
2) place home in anon trust
3) don’t spend a lot of time on data cleanup
4) live life
I live on 640 acres of land in a rural community that has less than one person per square mile these days, a half mile drive to the house, but no gate. Also, I’ve known nearly everyone in the community or their parents or or grandparents or other family members ever since I was a kid.
There was an accident in the center of the community once when I was a kid and it took the state police about two hours to get there because they never even knew that road existed and had never patrolled it.
I’ve also, at one time or another, been in every house in the community but one.
That said, I do need a gate, but there are issues with that — the power company does need to read the meter.
I want to know about that one house you’ve never been in. Does Boo Radley live there?
solar/wind maybe to free yourself from the grid? then slam that gate down!
Hey, that’s what I call job security.
But seriously, can anything good come out of russia?
No need to answer. It’s a rhetorical question.
Not rehetoric here Mr Dennis. Spot on. Russia/Schmussia, China/Schmina, etc./schmetcetera. A-holes proliferate and we all suffer. Thank you and your brother Mr. Krebs for all you do in these tiresome times.
My family is from Russia, though we never spoke Russian the entire 130 yrs they lived there.
They retained their native language, religion, taught their kids those things, formed communities, and when the Russian govt wanted to change the deal, they started leaving, headed towards the upper midwest USA.
They just wanted to be left alone, with our privacy intact and minimal govt interference. Our govt is failing us with what should be automatic privacy protections.
Seriously? There are over 100 million people in Russia. I am sure the vast majority are good people who have a lot to offer. I have worked with Russians, and they were good people. Claiming an entire country is worthless because it is led by a dictator, or because the Russian government harbors criminals is unjust and not helpful.
I’d have to agree here. Lots of good people everywhere, and much good has come out of Russia over the centuries. Sadly, the dictators of the world are like barnacles on the ship of humanity. It’s a shame too. We are all on this one little canoe, can’t disembark, and we waste so much blood and treasure having to address these damn barnacles…
I agree. Kaspersky has been the most credible company (I know of) out of RU. I hope they don’t get manipulated/killed by the meth head greed crazed dick-tator.
But one leader pick one (biden/trump) doesn’t make their voters stupid (they were stupid long before lol) and no, the people that live in that country are not of the same opinion, they are just stuck with the rich idiots that buy those positions, like all of us are.
You may be paranoid.
But are you sure you’re paranoid ENOUGH?
Good point! Just because you’re paranoid doesn’t mean they’re not out to get you.
They’re trying to make you paranoid about the wrong things so you miss how they’re actually out to get you. 😛
Echoing the other comment – have you/can you reached out to Mozilla about this given they white-label their service for their Mozilla Monitor service?
Super detective work! Have you tried recruiting an AI to do this sort of work?
As to:
““I would consider it unethical to run a company that sells people’s information, and then charge those same people to have their information removed,” Anderson said. ”
I doubt he is losing sleep by being called unethical. [lol]
from https://www.optery.com/introducing-optery-remove-yourself-from-150-people-search-sites-like-truthfinder-mylife-radaris-socialcatfish-spokeo-whitepages/
OneRep – they were founded as a People Search data broker, and are owned by a Belarusian ownership group that plays both sides of the field simultaneously running the People Search Site data broker Nuwber, and the privacy opt out service OneRep, which is a major conflict of interest. Questionable ethics aside, they do have a competitive product covering ~100 data brokers, provide some basic data broker visibility (albeit not very accurate), and at a lower price point than others. Consistent with the questionable ethics, a lot of their business comes from their affiliate partnerships with, get this, other data brokers. For example, if you opt out of the data broker ClustrMaps, ClustrMaps will push you to a OneRep affiliate partner link encouraging you to sign up for a OneRep privacy plan so they can both generate a sale from a user that is in the midst of submitting opt outs. i.e. you’re indirectly paying the data broker ClustrMaps money to opt out!
“Money for nothing and chicks for free”.
Damn! Where’d I put that disc?
KrebsOnSecurity: Doxing the crooks
Thank you, Brian!
Brian – please keep up the great work and shining a light on this poorly regulated marketplace.
What exactly is the point behind this reporting? There are far greater betrayals of trust and amoral conduct with far greater implications and at wider scale than some foreign persons operating data aggregates! And if it were a matter of personal information exposure, accessibility, wouldn’t the task be better suited by addressing the Gov’t protection(s) laws, or lack thereof?
All of this reads to be a rather trivial, and thirsty take, Mr. Krebs.
The point is it gets people to stop spending money on either side of the scam, at least for those that read Krebs. I looked into some of this nonsense 20+ years ago. Even back then there was NOTHING of value that would want me to contact any of these outfits. Some of the better scams even had a “reputation” bar, which was perpetually low so that you could feed the beast, LOL. In the end, the best solution is pass gas in their general direction and concern yourself with what your credit report said rather than a product that is no better than rumor mongering. IMHO, if your prospective employer is using a “reputation” service, I would recommend not working there…
the point is fairly simple. Our wonderful host Brian is a freelance security media expert. He can report on anything that he likes, given the audience continues liking it medium term. This is clearly the case.
I for one really appreciate the approach of just starting anywhere, and discussing things in depth, one-by-one. Yes of course, some decent lobbying for legislative change is also very noble and good, but a whole different beast… however also with a high risk of frustration.
Sounds like whataboutism. The favorite rhetorical tool of people who’d rather not talk about the issue usually because they are involved in doing the thing in question.
> And if it were a matter of personal information exposure, accessibility, wouldn’t the task be better suited by addressing the Gov’t protection(s) laws, or lack thereof?
You do know that the government rarely acts in the general people’s interest unless there are sufficient numbers of persons marching about something? Up until now part of the people interested in removing personal information from data brokers will have been paying to use data removal services instead of complaining to the government. Publishing this information may incentivize a few of them to instead complain to the government. Bonus if they stop paying the data ‘removal’ ‘services’ and reduce the amount of money those ‘services’ (and their affiliated brokers) have to lobby the government against data broker reform.
I noticed this scam when trying to remove private info from public lookup directories. They all seemed to have the same infrastructure and directed one to a “solution” to remove all public data. Until real privacy laws come into existence, these extortion scams will continue.
St Patrick day
It feels like this article could just as easily been written about the big 3 credit reporting agencies. One side of their business you are the customer. On the other side you are the product. Dole out your info to a crook, then offer you monitoring and protection of that info for a small monthly fee.
Yes I would agree! Of course, they are even worse.
“But around Sept. 2015 the domain switched from the registrar GoDaddy.com to eNom, and the registration records were hidden behind privacy protection services.”
Anyone else see the irony here?
This sounds like a great case for a class action lawsuit for fraud.
Good luck getting a collection from businesses based out of Belarus. Best case scenario you could get the credit cards companies and banks to stop allowing transactions with them.
People entrust unknown websites to their personal privacy and pay them…lol
Hggff
@Brian Krebs, and most of the commenters, thank you for pulling back the curtain.
Re: our tech overlords, Telcos, and low-life ‘business’ people who prey on people’s
ignorance, they are not our friend in the digital age. Their mantra is summed up
by the old Arpegge perfume commercial from many years ago, which would not
fly today, “promise her anything, but give her Arpegge.” It’s a selfish and cynical
outlook with a soulless intention. Digital predators with no real vision except to line
their own pockets will not make the world a better place, and I do wonder if that
thought ever crosses their minds.
I am reminded of the bad guy ‘Gabbar SIngh’ (played by the late Amjad Khan) from the movie Sholay (Indian movie reference, so please pardon the distraction). Gabbar asks the villagers, ‘Who can protect you from Gabbar’s anger?’ and answers the question himself ‘Only Gabbar’!
Never thought I’d see this in real life!