Firefox Monitor Will Inform You of Data Breaches (venturebeat.com) 34
Earlier this year, Mozilla announced Firefox Monitor, a service that will inform you if your online accounts were hacked in a recent data breach. It's now available to general public. A report adds: For the new security-focused tool, Mozilla partnered with Troy Hunt, the renowned security expert behind Have I Been Pwned? (HIBP), which is a database of data breaches that allows anyone to discover whether one of their online accounts has been compromised. The first iteration of Firefox Monitor is, for all intents and purposes, a clone of HIBP. After you enter your email address and hit the scan button, you're told which online services have leaked your personal details (if any). You can also sign up to be notified of any future data breaches involving one or more of your email addresses.
If you don't use Firefox... (Score:3, Informative)
Yep, it's good. (Score:2)
Troy and his site are good.
Re: (Score:2, Informative)
Since you didn't read TFA...
It is also worth noting here that Firefox Monitor [firefox.com] isn’t actually restricted to Firefox — it‘s a web page that can be accessed from any browser.
So, why even bother?
So what is the deal here — why bother launching a Firefox-branded version of an existing popular database? Well, there are a couple of likely reasons.
From HIBP’s perspective, having the weight of Mozilla behind it will significantly boost awareness of its database. HIBP currently has just over 2 million people signed up for breach alerts, which sounds like a lot until you learn that there are 3.1 billion unique email addresses in the HIBP database. This means less than 0.1 percent of breached email addresses are being monitored by their respective owners.
and
From Mozilla’s perspective, bolstering its security credentials through tie-ups with well-respected platforms such as HIBP can only add to its reputation. However, as noted already, Firefox Monitor in its current guise isn’t much of an integration because it doesn’t really feed directly into the Firefox browser. Instead, it appears Firefox Monitor as it stands is essentially a minimal viable product (MVP) upon which deeper integrations can be created.
Finally,
Mozilla is already piloting a password management tool called Firefox Lockbox, which enables users to store and auto-complete usernames and passwords for websites they visit. Have I Been Pwned? already integrates with password manager 1Password, and it would make a great deal of sense to properly integrate Firefox applications such as Firefox Lockbox with the HIBP database so that users can be informed the moment an online data breach is detected.
A seed of an idea that never grew (Score:2)
So far, this looks to me like something that happened with me once. The Firefox team liked the site and liked the idea of working together somehow. But then nobody really had a great idea of *how* they could work together in a way that really adds value. After the excitement of the idea of working together, what was left was how browsers work with web sites - they display them.
After I read a book called Zero Bugs and Program Faster, I really liked what the author was doing. It aligns with my mission to impr
Re: (Score:2)
It aligns with my mission to improve the reliability and quality of software everywhere by teaching programmers how to make more reliable software.
Tell me about it. Choosing better programming languages to start with is one of the most important steps to improving reliability and quality. It's amazing how much people want to stick with "what they know", even when what they know isn't borne out by the practical realities.
What I find disappointing is that even when you demonstrate that the same result can be delivered in less time with higher performance in languages like Pascal or Rust, C programmers still try to justify the use of C based on articl
Re: (Score:3)
The only entrapment is not knowing. https://haveibeenpwned.com/Pwn... [haveibeenpwned.com] You could just manually browse this list if you are really that paranoid though.
Re: (Score:2)
And what do **they** do with that email?
It will probably be breached itself. (Score:1)
Damn FF (Score:1)
Conspicuously Absent? (Score:2)
Where is the information about the Equifax Breach? This is far more troubling than Last.fm, Disqus, LinkedIn, etc. How the Equifax corruption is permitted to stand by the American people is beyond me.
Plugin/Extension? (Score:2)
Once again, an excellent idea that should be a plugin (arguably pre-installed on new installs).
The whole password store, and even form-filling feature should be a plugin. In my case, Dashlane does all of that stuff (including the Have I been Pwned thing, so I don't need Firefox doing it. It would be rather good to be able to remove all that code from the running browser by removing the plugin.
Re: (Score:2)
So, I had this idea a while back where I'd make a plugin or whatever to check for people re-using bad, pwn'd passwords. I diligently collected about 40GB of breached password data (that's after I threw out everything but the cracked passwords themselves).
After filtering for uniqueness and slapping everything into a database, it was still something like 16GB. I lost interest in the project before I found a clever way to reduce this further.
The data set is too huge to install on a mobile device, and pretty un
Re: (Score:2)
But this isn't that - it's basically a Have I Been Pwned service, integrated into the browser. It checks usernames, not passwords.
I'd agree about your size issues and the privacy issues too. However, it could be solved by hashing the passwords before sending them to the server. The server would then not need any plaintext passwords either - just hashes of them using whatever hashing algorithm the plugin uses. You'd still have a trust issue to solve, but as I say, that's different to what's being offered her