Ok, it’s beginning to look like bad UI design on accounts.firefox.com:

If I click sign in at monitor.mozilla.org, it redirects me to an oauth process hosted on accounts.firefox.com which prompts me for my password then sends me back to monitor.mozilla.org.
The settings page at accounts.firefox.com then lists Mozilla Monitor under “Connected Services - Everything you are using and signed into” along with all my browser/device instances. But it doesn’t disappear when signed out from monitor.mozilla.org in the same way that a browser instance disappears when signed out from sync browser-side.

I’m supposing that list does not indicate what has access to sync data, which as far as I understood uses its own strong private keys browser-side which are never shared with the servers.

I’ve seen no documentation that Mozilla Monitor works by accessing one’s sync data.

The interface suggests that it only monitors email addresses manually added on monitor.mozilla.org’s UI.

Yes, I was aware of that at the time, and I probably assumed that my browser would be hashing each piece of data (e.g. each email address or username) before sending it to Mozilla Monitor or haveibeenpwned.

What concerns me is Mozilla Monitor appearing in the list of devices/browsers synced, each of which is implied to have cleartext access to all the data I decide to sync (bookmarks/history/tabs in my case, logins+passwords and more for many other people).

Most mass-marketed VPN services (the type marketed for accessing the internet) allow you to VPN into their private subnet where the thing you can access is their gateway router (which you use in place of your home gateway router/modem for connecting to the internet). You don’t need a VPN service to use VPN software between two points you control.