Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration

Discussion in 'Mac Blog Discussion' started by MacRumors, Jun 26, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Mozilla has announced a new security tool for users of its Firefox web browser. Called Firefox Monitor, the website lets visitors check if their accounts have been included in known data breaches and the types of data exposed in each breach.

    The security tool is the result of a partnership between Mozilla and HaveIBeenPwned.com (HIBP), a site set up by security researcher Troy Hunt that includes a database of email addresses that are known to have been compromised in data breaches.

    Thanks to the partnership, Firefox is able to check email addresses against the HIBP database via a method of anonymized data sharing (full details can be found in Troy Hunt's blog post). The new tool builds on Firefox's existing HIBP integration, which tells users if a site they are visiting was previously exposed in a data breach.

    [​IMG]

    In February, password management app 1Password announced its own partnership with HIBP, which lets users check that their passwords haven't been leaked online. Since that time, developers AgileBits have built the Pwned Passwords database list into its 1Password desktop apps. As of today, users can also search HIBP from directly within 1Password via the Watchtower feature in the web version of the product.

    Mozilla says it will begin trialling the new integration between HIBP and Firefox to make breach data searchable over the coming weeks.

    Firefox Quantum is available for macOS as a free download directly from the Mozilla website.

    Article Link: Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration
     
  2. Col4bin macrumors 68000

    Col4bin

    Joined:
    Oct 2, 2011
    Location:
    El Segundo
    #2
    I used to like the old pre-Firefox, “Mozilla” browser. Remember that?
     
  3. JosephAW macrumors 68020

    JosephAW

    Joined:
    May 14, 2012
    #3
    I'm assuming you can opt out of this "feature" where they send your email to this third party?
     
  4. tothsa macrumors newbie

    Joined:
    Oct 28, 2016
    #4
    Did you read the full article? It says Mozilla uses “anonymized data sharing” so your email address won’t be revealed to third parties!
     
  5. JosephAW macrumors 68020

    JosephAW

    Joined:
    May 14, 2012
    #5
    If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.
     
  6. bLackjackj macrumors member

    Joined:
    Nov 14, 2016
    #6
    No it can't,..I don't know where you are making up this information from, but it's wrong.
     
  7. budselectjr macrumors 6502a

    Joined:
    Oct 6, 2009
    Location:
    Minnesota
    #7
    That is impossible
     
  8. mrzz Suspended

    Joined:
    Mar 25, 2017
    #8
    I'm fine with speed improvements in FF58+ I
    I recommend you to read something about hashes.
     
  9. RightMACatU macrumors 65816

    RightMACatU

    Joined:
    Jul 12, 2012
    Location:
    192.168.1.1
    #9
    Another good security news from Mozilla this morning.
    And... I won't have to change from my 1Password paid once to a subscription model to access such feature -Thumbup
     
  10. mikes63737 macrumors 65816

    Joined:
    Jul 26, 2005
    #10
    Your e-mail could be brute-forced from the hash -- but it cannot be reversed.

    Eg, the service could say "I have a hash abf112bacd3489... is this hash equal to a@gmail.com? No? How about b@gmail.com? No?"

    However, nobody... NOBODY is going to take the time to brute-force each individual email/hash. It would take way too much time and effort.
     
  11. lunarworks macrumors 68000

    Joined:
    Jun 17, 2003
    Location:
    Toronto, Canada
    #11
    You mean the slow and clunky mammoth that was based on the Netscape 5.0 codebase? Nostalgia aside, I don't know how anyone could miss that. Even IE was better at the time.
     
  12. T Coma macrumors 6502

    T Coma

    Joined:
    Dec 3, 2015
    Location:
    MAGA Country, a.k.a. Chicago, IL
    #12
    Worked great until I noticed file associations got all out of sorts when FF ran. Took a long time to figure it out. File associations are fine on Chrome, Safari, and Opera though.

    Oh well.
     
  13. woodlandtrek macrumors member

    Joined:
    Jan 21, 2008
    #13
    Firefox will not only hash your email with SHA-1, it will send only the first 6 characters of that hash to HIBP. That amount of data is useless to try to recreate your email.
     
  14. Col4bin macrumors 68000

    Col4bin

    Joined:
    Oct 2, 2011
    Location:
    El Segundo
    #14
    Obviously no one misses the old browser by today's standards, but that wasn't my point. I personally gave up IE for the Mozilla Project browser back in 2004 as I strongly preferred it. Being nostalgic.
     
  15. thelem macrumors newbie

    Joined:
    May 13, 2007
    Location:
    Brighton, UK
    #15
    Mozilla's big thing is privacy, security and user rights. They have worked really hard to create a system that gives you this protection while revealing basically nothing about you (read the full article for details, but they are not sending your hashed email address to the service. A service that probably already knows your email address and password for several sites, but the way.)

    Or you could choose to use Chrome, from a company who track everything they can about their users so they can sell that information.

    If you are at all concerned about your online privacy then use Firefox or Brave.
     

Share This Page

14 June 26, 2018