Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,567
10,872



Mozilla has announced a new security tool for users of its Firefox web browser. Called Firefox Monitor, the website lets visitors check if their accounts have been included in known data breaches and the types of data exposed in each breach.

The security tool is the result of a partnership between Mozilla and HaveIBeenPwned.com (HIBP), a site set up by security researcher Troy Hunt that includes a database of email addresses that are known to have been compromised in data breaches.

Thanks to the partnership, Firefox is able to check email addresses against the HIBP database via a method of anonymized data sharing (full details can be found in Troy Hunt's blog post). The new tool builds on Firefox's existing HIBP integration, which tells users if a site they are visiting was previously exposed in a data breach.


In February, password management app 1Password announced its own partnership with HIBP, which lets users check that their passwords haven't been leaked online. Since that time, developers AgileBits have built the Pwned Passwords database list into its 1Password desktop apps. As of today, users can also search HIBP from directly within 1Password via the Watchtower feature in the web version of the product.

Mozilla says it will begin trialling the new integration between HIBP and Firefox to make breach data searchable over the coming weeks.

Firefox Quantum is available for macOS as a free download directly from the Mozilla website.

Article Link: Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration
 

JosephAW

macrumors 68040
May 14, 2012
3,154
3,678
I'm assuming you can opt out of this "feature" where they send your email to this third party?
 
  • Like
Reactions: bernuli

tothsa

macrumors newbie
Oct 28, 2016
5
4
I'm assuming you can opt out of this "feature" where they send your email to this third party?
Did you read the full article? It says Mozilla uses “anonymized data sharing” so your email address won’t be revealed to third parties!
 
  • Like
Reactions: groadyho

JosephAW

macrumors 68040
May 14, 2012
3,154
3,678
Did you read the full article? It says Mozilla uses “anonymized data sharing” so your email address won’t be revealed to third parties!
If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.
 

RightMACatU

macrumors 65816
Jul 12, 2012
1,412
1,098
192.168.1.1
Another good security news from Mozilla this morning.
And... I won't have to change from my 1Password paid once to a subscription model to access such feature -Thumbup
 

mikes63737

macrumors 65816
Jul 26, 2005
1,134
312
Your e-mail could be brute-forced from the hash -- but it cannot be reversed.

Eg, the service could say "I have a hash abf112bacd3489... is this hash equal to a@gmail.com? No? How about b@gmail.com? No?"

However, nobody... NOBODY is going to take the time to brute-force each individual email/hash. It would take way too much time and effort.
 
  • Like
Reactions: stainless

T Coma

macrumors 6502
Dec 3, 2015
284
522
Flyover Country, USA
Worked great until I noticed file associations got all out of sorts when FF ran. Took a long time to figure it out. File associations are fine on Chrome, Safari, and Opera though.

Oh well.
 

woodlandtrek

macrumors member
Jan 21, 2008
69
9
If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.
Firefox will not only hash your email with SHA-1, it will send only the first 6 characters of that hash to HIBP. That amount of data is useless to try to recreate your email.
 
  • Like
Reactions: JosephAW

Col4bin

macrumors 68000
Oct 2, 2011
1,727
1,286
El Segundo
You mean the slow and clunky mammoth that was based on the Netscape 5.0 codebase? Nostalgia aside, I don't know how anyone could miss that. Even IE was better at the time.
Obviously no one misses the old browser by today's standards, but that wasn't my point. I personally gave up IE for the Mozilla Project browser back in 2004 as I strongly preferred it. Being nostalgic.
 

thelem

macrumors newbie
May 13, 2007
15
1
Brighton, UK
I'm assuming you can opt out of this "feature" where they send your email to this third party?
Mozilla's big thing is privacy, security and user rights. They have worked really hard to create a system that gives you this protection while revealing basically nothing about you (read the full article for details, but they are not sending your hashed email address to the service. A service that probably already knows your email address and password for several sites, but the way.)

Or you could choose to use Chrome, from a company who track everything they can about their users so they can sell that information.

If you are at all concerned about your online privacy then use Firefox or Brave.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.