Title says it all.
I’m looking into using services like Zoro.
And I’m looking for first-hand experiences. Please do NOT post any private info into this thread.
Thanks !!
As a somewhat privacy aware web based software engineer for the last 20 or so years, and without having tried it, I would venture the opinion that Zoro is unabashed junk.
- It requires signup to proceed, even for the “free privacy scan” (eg, to see what info it can allegedly find - this is exactly what I would want to avoid)
- The website does not say how they propose to remove data from the “25 major data brokers” - having worked for online casinos, I can assure you that your data will NEVER be removed. Maybe from one list, sure - at the same time it is added to another list. Often the very act of requesting that data be removed serves as confirmation that it is “live” and therefore more valuable.
- There is a “dark web” scan offered… which is laughable. Firstly, the “dark web” is not just sitting around waiting for Zoro to index the lists on sale in the dodgy parts of the internet, and in an utterly unregulated environment, what is Zoro going to do to force a list seller on the dark Web to comply with removal requests? Hire a hitman to do it? In any case, this free service https://haveibeenpwned.com/ will tell you the same information - all you need to is lookup your details and change your passwords if you appear
More subtly,
- The website is badly written (poor HTML, and a poor effort at SEO). I would not trust the people who allowed that to go into production with my personal details.
If you are really concerned, use Brave browser ( from brave.com ) which is privacy-focused (ie, removes ads and tracking software) and check on the “Have I been Pwned” site I linked above. Use strong passwords; use a password manager, use different passwords for everything. Don’t waste time (and inevitably money) on Zoro
edit: and just to prove that these people are not at all interested in what they claim, have a look at the following text that is added to your link:
?utm_source=facebook&utm_medium=cpc&utm_campaign=US±+1%25+LAL+All+Users±+Desktop+Newsfeed&utm_content=23844813123540065&cid=397&startpage=%2Fprivate-info
That would be the Google Analytics tracking code telling Zoro where you came from and how you found the link… pretty much the exact opposite of what you would hope for from this “service”
I am a little bored, so I signed up with fake details.
Lo and behold: my fake account, one that I have never used anywhere else, is “very exposed” with “25+ sites” exposing various details, including my address, my phone number etc - all things that do not even exist yet because I have not made them up.
The “scan” brought up exceptionally generic data about people with a similar name to the fake one I provided; to “remove now” I was asked to cough up US$299.99 which seems a little steep for a fake account. Your mileage may vary.
Asked and answered.
Thanks !!
Now…about Password Managers. I am üuber-suspicious of ALL of 'em.
Which one should I use and how involved must I be day to day?
Sent from my SM-N950U using Tapatalk
There are many. I use LastPass, but not really for any reason except it was the one that my company recommended. I don’t have a strong opinion on which one is best.
You do not need to be very involved, that is the point. You do need to choose a strong master password, and then use the password manager everywhere. By doing so you get a fair amount of safety, you will be nagged if you try to reuse a password.
The password manager, however, is only as safe as the master password and your control of that. I use Lastpass for most things but my Gmail account (and the associated Android phones) and my Internet banking have their own, separate and independent passwords: those accounts are the most risky. The passwords I use for these two accounts are very complex and unique.
I also have the luxury (being a bit of a nerd) of setting up a specific email address for each signup, so I know that, for example, my new email address “zoro@my-domain.com” was used to sign up at a specific site. The email/password combination is unique plus I get to see when that site has leaked or sold my details. The actual email address is “real enough” so I can click on confirmation links, but normally I redirect such mail to Mailinator.com or similar “temporary” mailbox services, instead of to my regular email account. I have a few domains specifically for this purpose, there are literally thousands pointed to Mailinator for the same reason - just be aware that all mail sent to one of these is completely public.
IMO the best password manager is a notebook. It is hackproof. Use different passwords for each site. Do not give actual birthdate information, make up a standard fake birthdate so you can remember it. Do not give actual answers for security questions, there is no reason for them to know your mother’s maiden name, that benefits them or the hackers, but certainly not you. But be sure to write down the answers you give. So my entry for Facebook would be something like:
Facebook
EMail: control-z@whatever.com
Password: GX437!3
Mother’s Maiden Name: Dingus
Favorite Teacher’s name: Thag
If you don’t want to use a notebook I’d even use a Google doc before I would use a password manager. A password manager may be nice and secure now, but you have no control over how it is run in the future.