by Martin Brinkmann on February 18, 2019 in Firefox – 7 comments
Mozilla plans to extend the functionality of Firefox Monitor by displaying breach alerts to users of the browser.
The organization ran a Shield Study back in 2018 to test Firefox Monitor in the desktop version of the browser. The feature was passive at that time; users could check whether an account — email address — was found on hacked passwords lists, and they could sign up to receive alerts when a particular account was discovered on new leaked lists.
Firefox Monitor uses the Have I Been Pwned service but implemented the feature in a way that the full email address is never shared with third-parties.
Mozilla started to work on a breach warning system in Firefox in 2017. If things go as planned, Firefox 67 may be the first stable version of the Firefox web browser to warn users when they visit recently hacked websites.
Note: The feature is in development currently. It is possible that the release gets delayed or that functionality changes during development.
Firefox displays the alert on the first connect to a site that was hacked in the past. The notification displays information about the breach and displays an option to check an account with Firefox Monitor.
Mozilla landed the feature in Firefox Nightly recently. Firefox Nightly, currently at version 67, is the cutting edge development channel of Firefox. New features land in Nightly first before they find they way into Beta and Release channel versions.
It is necessary to enable the feature before it becomes available.
- Load about:config in the Firefox address bar.
- Confirm that you will be careful.
- Search for extensions.fxmonitor.enabled.
- If the preference is not available, click on the Add button after making sure the name is correct and the type is set to Boolean. The new Firefox about:config interface makes it super easy to create new preferences.
- Set the value of the preference to True using the toggle button.
Firefox Monitor supports additional preferences of interest:
- extensions.fxmonitor.firstAlertShown — This determines whether the first alert notification was shown already. You may set it to False to reset it and get notifications for sites breached in the past 12 months.
- extensions.fxmonitor.warnedHosts — Keeps track of the list of hosts for which warnings were displayed. Change the value of the String to blank to reset it.
Firefox displays a breach alert when you visit a site that suffered from a breach in the past 12 months. Firefox displays the notification and it is up to you to use Firefox Monitor to check your accounts or dismiss it.
If you select dismiss, you get an option to turn the feature off entirely.
Firefox remembers that it displayed a breach notification and won’t show it again unless you visit a site that was hacked in the past two months.
Mozilla does not want to cause notification fatigue by displaying lots of breach warnings to users. Another reason for that decision is that the action that users may take is always the same.
A click on the Check Firefox Monitor button opens the Firefox Monitor website. It lists information about that particular breach but the checking options are identical: type an email address to check it for hits in breaches.
Now You: Do you find Firefox Monitor useful? (via Techdows, thanks James)