Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration

[MacRumors]

Mozilla has announced a new security tool for users of its Firefox web browser. Called Firefox Monitor, the website lets visitors check if their accounts have been included in known data breaches and the types of data exposed in each breach.

The security tool is the result of a partnership between Mozilla and HaveIBeenPwned.com (HIBP), a site set up by security researcher Troy Hunt that includes a database of email addresses that are known to have been compromised in data breaches.

Thanks to the partnership, Firefox is able to check email addresses against the HIBP database via a method of anonymized data sharing (full details can be found in Troy Hunt's blog post). The new tool builds on Firefox's existing HIBP integration, which tells users if a site they are visiting was previously exposed in a data breach.

In February, password management app 1Password announced its own partnership with HIBP, which lets users check that their passwords haven't been leaked online. Since that time, developers AgileBits have built the Pwned Passwords database list into its 1Password desktop apps. As of today, users can also search HIBP from directly within 1Password via the Watchtower feature in the web version of the product.

Mozilla says it will begin trialling the new integration between HIBP and Firefox to make breach data searchable over the coming weeks.

Firefox Quantum is available for macOS as a free download directly from the Mozilla website.

Article Link: Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration

 

[Col4bin]

I used to like the old pre-Firefox, “Mozilla” browser. Remember that?

 

[JosephAW]

I'm assuming you can opt out of this "feature" where they send your email to this third party?

 

[tothsa]

I'm assuming you can opt out of this "feature" where they send your email to this third party?

Did you read the full article? It says Mozilla uses “anonymized data sharing” so your email address won’t be revealed to third parties!

 

[JosephAW]

Did you read the full article? It says Mozilla uses “anonymized data sharing” so your email address won’t be revealed to third parties!

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

 

[bLackjackj]

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

No it can't,..I don't know where you are making up this information from, but it's wrong.

 

[budselectjr]

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

That is impossible

 

[mrzz]

I used to like the old pre-Firefox, “Mozilla” browser. Remember that?

I'm fine with speed improvements in FF58+ I

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

I recommend you to read something about hashes.

 

[RightMACatU]

Another good security news from Mozilla this morning.
And... I won't have to change from my 1Password paid once to a subscription model to access such feature -Thumbup

 

[mikes63737]

Your e-mail could be brute-forced from the hash -- but it cannot be reversed.

Eg, the service could say "I have a hash abf112bacd3489... is this hash equal to a@gmail.com? No? How about b@gmail.com? No?"

However, nobody... NOBODY is going to take the time to brute-force each individual email/hash. It would take way too much time and effort.

 

[lunarworks]

I used to like the old pre-Firefox, “Mozilla” browser. Remember that?

You mean the slow and clunky mammoth that was based on the Netscape 5.0 codebase? Nostalgia aside, I don't know how anyone could miss that. Even IE was better at the time.

 

[T Coma]

Worked great until I noticed file associations got all out of sorts when FF ran. Took a long time to figure it out. File associations are fine on Chrome, Safari, and Opera though.

Oh well.

 

[woodlandtrek]

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

Firefox will not only hash your email with SHA-1, it will send only the first 6 characters of that hash to HIBP. That amount of data is useless to try to recreate your email.

 

[Col4bin]

You mean the slow and clunky mammoth that was based on the Netscape 5.0 codebase? Nostalgia aside, I don't know how anyone could miss that. Even IE was better at the time.

Obviously no one misses the old browser by today's standards, but that wasn't my point. I personally gave up IE for the Mozilla Project browser back in 2004 as I strongly preferred it. Being nostalgic.

 

[thelem]

I'm assuming you can opt out of this "feature" where they send your email to this third party?

Mozilla's big thing is privacy, security and user rights. They have worked really hard to create a system that gives you this protection while revealing basically nothing about you (read the full article for details, but they are not sending your hashed email address to the service. A service that probably already knows your email address and password for several sites, but the way.)

Or you could choose to use Chrome, from a company who track everything they can about their users so they can sell that information.

If you are at all concerned about your online privacy then use Firefox or Brave.