Login
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.
Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites.
A testimonial on onerep.com.
Customer case studies published on onerep.com state that it struck a deal to offer the service to employees of Permanente Medicine, which represents the doctors within the health insurance giant Kaiser Permanente. Onerep also says it has made inroads among police departments in the United States.
But a review of Onerep’s domain registration records and that of its founder reveal a different side to this company. Onerep.com says its founder and CEO is Dimitri Shelest from Minsk, Belarus, as does Shelest’s profile on LinkedIn. Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address dmitrcox2@gmail.com.
A search in the data breach tracking service Constella Intelligence for the name Dimitri Shelest brings up the email address dimitri.shelest@onerep.com. Constella also finds that Dimitri Shelest from Belarus used the email address d.sh@nuwber.com, and the Belarus phone number +375-292-702786.
Nuwber.com is a people search service whose employees all appear to be from Belarus, and it is one of dozens of people-search companies that Onerep claims to target with its data-removal service. Onerep.com’s website disavows any relationship to Nuwber.com, stating quite clearly, “Please note that OneRep is not associated with Nuwber.com.”
However, there is an abundance of evidence suggesting Mr. Shelest is in fact the founder of Nuwber. Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address dmitrcox@gmail.com. Recall that Onerep.com’s domain registration records in 2018 list the email address dmitrcox2@gmail.com.
It appears Mr. Shelest sought to reinvent his online identity in 2015 by adding a “2” to his email address. The Belarus phone number tied to Nuwber.com shows up in the domain records for comversus.com, and DomainTools says this domain is tied to both dmitrcox@gmail.com and dmitrcox2@gmail.com. Other domains that mention both email addresses in their WHOIS records include careon.me, docvsdoc.com, dotcomsvdot.com, namevname.com, okanyway.com and tapanyapp.com.
Onerep.com CEO and founder Dimitri Shelest, as pictured on the “about” page of onerep.com.
A search in DomainTools for the email address dmitrcox@gmail.com shows it is associated with the registration of at least 179 domain names, including dozens of mostly now-defunct people-search companies targeting citizens of Argentina, Brazil, Canada, Denmark, France, Germany, Hong Kong, Israel, Italy, Japan, Latvia and Mexico, among others.
Those include nuwber.fr, a site registered in 2016 which was identical to the homepage of Nuwber.com at the time. DomainTools shows the same email and Belarus phone number are in historic registration records for nuwber.at, nuwber.ch, and nuwber.dk (all domains linked here are to their cached copies at archive.org, where available).
Nuwber.com, circa 2015. Image: Archive.org.
Update, March 21, 11:15 a.m. ET: Mr. Shelest has provided a lengthy response to the findings in this story. In summary, Shelest acknowledged maintaining an ownership stake in Nuwber, but said there was “zero cross-over or information-sharing with OneRep.” Mr. Shelest said any other old domains that may be found and associated with his name are no longer being operated by him.
“I get it,” Shelest wrote. “My affiliation with a people search business may look odd from the outside. In truth, if I hadn’t taken that initial path with a deep dive into how people search sites work, Onerep wouldn’t have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I’m aiming to do better in the future.” The full statement is available here (PDF).
Original story:
Historic WHOIS records for onerep.com show it was registered for many years to a resident of Sioux Falls, SD for a completely unrelated site. But around Sept. 2015 the domain switched from the registrar GoDaddy.com to eNom, and the registration records were hidden behind privacy protection services. DomainTools indicates around this time onerep.com started using domain name servers from DNS provider constellix.com. Likewise, Nuwber.com first appeared in late 2015, was also registered through eNom, and also started using constellix.com for DNS at nearly the same time.
Listed on LinkedIn as a former product manager at OneRep.com between 2015 and 2018 is Dimitri Bukuyazau, who says their hometown is Warsaw, Poland. While this LinkedIn profile (linkedin.com/in/dzmitrybukuyazau) does not mention Nuwber, a search on this name in Google turns up a 2017 blog post from privacyduck.com, which laid out a number of reasons to support a conclusion that OneRep and Nuwber.com were the same company.
“Any people search profiles containing your Personally Identifiable Information that were on Nuwber.com were also mirrored identically on OneRep.com, down to the relatives’ names and address histories,” Privacyduck.com wrote. The post continued:
“Both sites offered the same immediate opt-out process. Both sites had the same generic contact and support structure. They were – and remain – the same company (even PissedConsumer.com advocates this fact: https://nuwber.pissedconsumer.com/nuwber-and-onerep-20160707878520.html).”
“Things changed in early 2016 when OneRep.com began offering privacy removal services right alongside their own open displays of your personal information. At this point when you found yourself on Nuwber.com OR OneRep.com, you would be provided with the option of opting-out your data on their site for free – but also be highly encouraged to pay them to remove it from a slew of other sites (and part of that payment was removing you from their own site, Nuwber.com, as a benefit of their service).”
Reached via LinkedIn, Mr. Bukuyazau declined to answer questions, such as whether he ever worked at Nuwber.com. However, Constella Intelligence finds two interesting email addresses for employees at nuwber.com: d.bu@nuwber.com, and d.bu+figure-eight.com@nuwber.com, which was registered under the name “Dzmitry.”
PrivacyDuck’s claims about how onerep.com appeared and behaved in the early days are not readily verifiable because the domain onerep.com has been completely excluded from the Wayback Machine at archive.org. The Wayback Machine will honor such requests if they come directly from the owner of the domain in question.
Still, Mr. Shelest’s name, phone number and email also appear in the domain registration records for a truly dizzying number of country-specific people-search services, including pplcrwlr.in, pplcrwlr.fr, pplcrwlr.dk, pplcrwlr.jp, peeepl.br.com, peeepl.in, peeepl.it and peeepl.co.uk.
The same details appear in the WHOIS registration records for the now-defunct people-search sites waatpp.de, waatp1.fr, azersab.com, and ahavoila.com, a people-search service for French citizens.
The German people-search site waatp.de.
A search on the email address dmitrcox@gmail.com suggests Mr. Shelest was previously involved in rather aggressive email marketing campaigns. In 2010, an anonymous source leaked to KrebsOnSecurity the financial and organizational records of Spamit, which at the time was easily the largest Russian-language pharmacy spam affiliate program in the world.
Spamit paid spammers a hefty commission every time someone bought male enhancement drugs from any of their spam-advertised websites. Mr. Shelest’s email address stood out because immediately after the Spamit database was leaked, KrebsOnSecurity searched all of the Spamit affiliate email addresses to determine if any of them corresponded to social media accounts at Facebook.com (at the time, Facebook allowed users to search profiles by email address).
That mapping, which was done mainly by generous graduate students at my alma mater George Mason University, revealed that dmitrcox@gmail.com was used by a Spamit affiliate, albeit not a very profitable one. That same Facebook profile for Mr. Shelest is still active, and it says he is married and living in Minsk [Update, Mar. 16: Mr. Shelest’s Facebook account is no longer active].
The Italian people-search website peeepl.it.
Scrolling down Mr. Shelest’s Facebook page to posts made more than ten years ago show him liking the Facebook profile pages for a large number of other people-search sites, including findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, peepull.com, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke.com, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, webmeek.com, and many country-code variations of viadin.ca (e.g. viadin.hk, viadin.com and viadin.de).
The people-search website popopke.com.
Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address dmitrcox@gmail.com.
Mr. Shelest has not responded to multiple requests for comment. KrebsOnSecurity also sought comment from onerep.com, which likewise has not responded to inquiries about its founder’s many apparent conflicts of interest. In any event, these practices would seem to contradict the goal Onerep has stated on its site: “We believe that no one should compromise personal online security and get a profit from it.”
The people-search website findmedo.com.
Max Anderson is chief growth officer at 360 Privacy, a legitimate privacy company that works to keep its clients’ data off of more than 400 data broker and people-search sites. Anderson said it is concerning to see a direct link between between a data removal service and data broker websites.
“I would consider it unethical to run a company that sells people’s information, and then charge those same people to have their information removed,” Anderson said.
Last week, KrebsOnSecurity published an analysis of the people-search data broker giant Radaris, whose consumer profiles are deep enough to rival those of far more guarded data broker resources available to U.S. police departments and other law enforcement personnel.
That story revealed that the co-founders of Radaris are two native Russian brothers who operate multiple Russian-language dating services and affiliate programs. It also appears many of the Radaris founders’ businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.
KrebsOnSecurity will continue investigating the history of various consumer data brokers and people-search providers. If any readers have inside knowledge of this industry or key players within it, please consider reaching out to krebsonsecurity at gmail.com.
Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.
“The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”
In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.
“We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”
Related tags
Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it.
There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more formally known as telemedicine. While usage numbers have risen dramatically across all age groups, it’s particularly so for elders. Pre- and post-pandemic numbers saw a 63-fold increase in Medicare telemedicine use.
However, many older patients are missing out and not using telemedicine for one reason or another. What’s holding them back? Several things, according to research from the University of California, San Francisco:
Moreover, another issue is that many older adults do not know that telemedicine is an option. Research from the University of Michigan showed that 55% of older adults surveyed were unaware if their healthcare provider even offered telemedicine as a service. And perhaps quite telling is that the same survey revealed nearly half of older adults harbored concerns about privacy and did not feel personally connected to their care provider during their visits.
For us as children and grandchildren of older adults, it can be tough knowing that a loved one is missing out on an avenue of care that they could otherwise benefit from. While we absolutely respect what they feel is comfortable and trustworthy for them, there are several other areas where we can help the older loved ones in our lives overcome the issues and concerns they face.
With that, let’s talk about the technology behind telemedicine and how you can help them use it, and address some of those privacy issues as well.
As indicated above, paying a visit to the doctor via telemedicine can be a big jump. Just as the idea of it is new for many of us, it’s yet newer for older adults. There’s a good chance that you’re familiar with video chats and calls already, which gives you a foundation we can work with when it’s time to see the doctor on a screen. That may not be the case for older adults. Add that into the privacy concerns and decades of seeing a doctor in person, you can see why some older adults simply choose to opt-out.
One way you can help is to have a few video chats with your older loved ones. In addition to the regular calls you make, you might want to try having a video chat with them from time to time. It’s an outstanding way to spend time together when you can’t be together in person, and it may develop a comfort level with the technology so that they may be willing to give telemedicine a try. You can check out my earlier article in this series that covers video chats with mom and dad, along with straightforward steps to get them up and running on the technology and how to use it.
One thing your parents will need for their visit is a reliable device that they’re comfortable using. It could be a computer or laptop, or it may be a smartphone or tablet. Note that in some cases their healthcare provider may use a telemedicine solution that has certain requirements as well, so you’ll want to see what those are and ensure that the device mom or dad has is compatible. (For example, the care provider may have an app that’s available through the Apple App Store or Google Play. Others may have an online platform that can be accessed by several different kinds of devices.)
If they’re using a smartphone or tablet, that will likely make things easier because the camera and microphone are already integrated into the device—all set up and ready to go. For a computer or laptop, you can help them get familiar with the setup, like the microphone levels, speaker volume, and camera. For audio, you can see a set of headphones or smartphone earbuds work well for them, which can help prevent audio feedback loops and simply make it easier to hear the caregiver.
If you’re looking for a little assistance with a Windows computer, you can check out this quick article for setting up the audio and this article for setting up the camera. For Macs, check out this article for audio and this article for the video.
If they don’t already have comprehensive online protection software for their devices, look into getting it. This will protect them against malware, viruses, and phishing attacks. They’ll also benefit from other features that help them manage their passwords, protect their identity, safeguard their privacy, and more.
As for privacy in general, medical information is among the most precious information any of us have. For example, here in the U.S., we have HIPPA privacy standards to protect our medical records and conversations. Yet there’s also the issue of eavesdropping, which is a risk in practically any online communication.
To help address privacy issues and concerns, health care providers will often post a set of Frequently Asked Questions (FAQ) as part of their telemedicine service. Within that, you’ll very likely find a section on personal privacy and the technologies in place to protect it. Here’s a good example of a telemedicine FAQ from the University of Washington Medicine and another example from the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
In all, if your parents have concerns about their privacy, you can absolutely assure them that it’s a valid concern. Consult the provider’s FAQ for guidance. If either of you has further questions, feel free to call the healthcare provider and speak with them.
In addition to digital security, there’s the possibility of physical eavesdropping, somebody actually listening in on their conversation from another room, apartment, or from the street. Help your older loved ones pick a place in their home where they can have some privacy and where they can’t be overheard by neighbors and passers-by. A bedroom is a fine place—or any location that’s familiar and comfortable as well. When choosing a private place, a well-lit location is important as well so that the camera captures a nice and clear image.
Additionally, you can help them prep for their visit by putting together a list of things to discuss during the visit. The U.S. Department of Health and Human Services suggests writing things down:
In addition to the above, there are further measures you can help your parents or older loved one take to further secure their telemedicine visit—and their internet usage in general.
Your telemedicine visit may require setting up a new account and password. When doing so, make sure it’s with a strong, unique password. A password manager can help. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about.
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software.
Beyond their devices, securing their internet router is an important step in making a telemedicine visit safe and secure. The data that travels along it is of a highly personal nature already, so make sure the router has a strong and unique password. Also, change the name of their router so it doesn’t give away their address or any other signs of their identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you have questions, check with their internet provider—they may even offer up a newer, more secure router to replace an older one.
As with anything concerning their health, have your parents and loved ones consult with their caregivers to ensure that a telemedicine visit is a proper course for them.
So while the technical ins and outs of preparing for a telemedicine visit may have their challenges for some older adults, we should also realize that getting comfortable with the idea of a telemedicine visit in the first place may take some time and effort. Starting with regular video chats with the family may increase familiarity and ease with holding a conversation over video. Likewise, having a conversation with their doctor about telemedicine may put some concerns to rest as well. After all, they will have a relationship with their doctor. Getting the facts from the doctor, face to face may help.
We all want what’s best, particularly when it comes to the care of our parents and older loved ones in our lives, and choosing to try telemedicine is a highly personal decision for them. I hope this article and the resources cited within it will help you enable them to make the choice that’s comfortable, effective, and right for them.
The post Helping Mom & Dad: Online Doctor Visits and Telemedicine appeared first on McAfee Blog.
We’ve all been there. It’s the middle of the night and you wake up to a sad and sniffly kiddo shuffling into your room. Yup, looks like someone has a temperature. You phone the on-call doctor to make sure it’s nothing serious and then set an alarm so you can make an appointment when the office opens. Yet this time that doctor’s visit could go a little differently. It may not take place in the office at all. You may be offered a chance to see the doctor with a telemedicine visit.
Telemedicine has been in use for some time. For several years now, it’s connected patients to health care services using live video and sometimes special diagnostic tools that pass along information via the internet. Overall, it’s a way of going to the doctor without actually going to the doctor’s office. Historically, it’s done a great job of caring for people who live in remote locations and for people with ongoing conditions that need long-term monitoring.
That all changed last year. Telemedicine visits saw a big spike during the early days of the pandemic, partly to help keep the spread of the virus in check and to protect vulnerable patients. Even though that spike has since tapered off, one study found that about 40 percent of consumers in the U.S. say they’ll use telemedicine moving forward—and our own research from earlier this year put that worldwide figure at nearly 30 percent. Telemedicine seems to be taking root.
While telemedicine leaves many families with more healthcare options, it may leave them with a few more questions about their security as well. After all, our health data is a precious thing. In the U.S., HIPPA privacy standards protect our information and consultations with healthcare professionals. However, online visits add an entirely new dimension to that.
If your health care provider recommends a telemedicine visit for you or your child, it can be both a convenient and safe experience with a little prep on your part. With a few straightforward security measures lined up (some of which you may already have in place), you can make sure that everyone’s private health information will be safe and secure during your virtual visit.
A great first step for a safer telemedicine visit is to protect your devices with comprehensive security software. Like security software protecting you while you manage your finances, file your taxes online, and so forth, it will help protect you while sharing your private health information. Plus, it will give you plenty of other features that can help you manage your passwords, protect your identity, safeguard your privacy in general, and more.
Be sure to protect your tablets and smartphones while you’re at it, even if you’re not using them for telemedicine. With all the shopping and banking we do on those devices, it’s a smart move to protect them in addition to laptops and computers.
Your telemedicine visit may require setting up a new account and password, one that will add to your growing list considering all the banking, social media, and payment apps you probably use. Plus, there are the umpteen other passwords you have for your online shopping accounts, your children’s school records, your taxes, and so on. Don’t give into the temptation of re-using an old password or making a simple one. Hackers count on that, where stealing one password means stealing several—and gaining access to multiple accounts in one blow.
When you set up your account, use a strong, unique password. This may also be a good time to get a handle on all your passwords with a password manager. Also found in comprehensive security software, a password manager can create and securely store strong and unique passwords for you, which can keep you safe and make your day a little easier too.
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect.
Like many of the security steps, we’re talking about here, using a VPN offers benefits beyond telemedicine. A VPN is a must when using public Wi-Fi, like at airports and cafes, because it makes a public connection private (and safe from prying eyes). Additionally, it’s also great for use at home when taking care of sensitive business like your banking or finances.
If you’re searching for a telemedicine provider online, keep an eye out for sketchy links and scams. The sad thing with the increased use of telemedicine is that hackers have clued in and are looking for targets. One way you can stay safer is to use a web advisor with your browser that can identify potentially hazardous links and sites. Anti-phishing technologies in your security software can help as well by preventing email-based scams from reaching your inbox in the first place.
Even better than searching online, consider contacting your pediatrician or doctor’s office for a recommendation, as they can point out the best healthcare options for you and your concerns—and let you know if a telemedicine visit is the best course of action for you in the first place. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you will use and where you’ll use it so that you feel at ease during your virtual visit.
A reputable care provider will likely put all this pre-appointment information together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that could look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can assure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by—preferably someplace like your bedroom where you can be comfortable as well. If your child has an appointment, let them know that this is like any other doctor’s visit and help them keep their voice down so they can keep their info private.
With telemedicine becoming more and more of an option for families, it’s just one of the many tools your doctor or pediatrician can use to keep you and your family well. So as always, if you have a health concern, call your doctor or pediatrician’s office for guidance. They’ll know the best path forward.
In the meantime, there are some great resources out there that can help you make the best decision about telehealth if the time comes. One really helpful article from the American Academy of Pediatrics helps parents get up to speed on telemedicine and outlines a few cases where a telemedicine visit might be right for your child.
With the sniffles, fevers, and plenty of, “Mom, I don’t feel so good …” comments that come along with parenthood, it’s nice to know that telemedicine gives us another tool we can use to keep our families well—one that’s ultimately up to you and your doctor to choose if it’s right for your child.
The post 6 Tips for a Safer and Easier Telemedicine Visit appeared first on McAfee Blog.
Among the many major shifts in lifestyle during the COVID-19 pandemic, the way we used healthcare was one of the most significant. Providers limited in-person visits, elective procedures were delayed, and we avoided hospitals. In response, we went online and started using telehealth and other virtual solutions in ways we never had before.
Our latest consumer mindset survey confirms this was more than a passing trend, showing an almost 50% rise since the beginning of the pandemic in the use of PCs and Mobile devices to access health information, meet virtually with health care providers, and manage prescriptions. Survey respondents also showed they adapted by increasing their usage of smart fitness devices, like Fitbits, to track their personal health.
Navigating the healthcare system and accessing more of our services through the web means more of our personal information is now online. From patient intake forms to test results, a great deal of data about our health, including confidential information like vaccination records, is potentially available. Survey respondents confirmed that they shared and accessed their personal health information across the internet, despite 1/3 or more of respondents having concerns for their privacy and security of their personal information.
This trend hasn’t gone unnoticed by cybercriminals. In fact, the US Department of Health and Human Services is currently investigating nearly 800 health-related data breaches impacting nearly 60 million individuals. All of which is to say that telehealth advances may help us avoid sitting in a doctor’s office, but we need to be more mindful about our security when using these new online services.
Despite the adoption of many telehealth and online health services, security was still a concern for many of our survey respondents. A majority said the primary reason they do not use smart devices for their personal health was because of privacy and security concerns. Fortunately, just as there is preventive medicine, there are also preventive cybersecurity measures we can take to keep our personal data safer online. Here are a few we recommend:
The shift to managing our health online comes with a few safety considerations, but by following the steps above, we can enjoy convenience and access to a healthier life online and off.
The post How to Make Telehealth Safer for a More Convenient Life Online appeared first on McAfee Blogs.
FreshRSS