Mozilla To Build Breach Notifications Into Firefox Browser

Mozilla developers are preparing a feature for the Firefox browser that would alert users who may have been affected by a data breach.

The feature, which is still in an early stage of development and is currently being tested as an add-on, is designed to give data breaches a higher profile for those who may have been involved in them, as well as offering users ways of protecting themselves.

As breaches grow larger and more frequent, “it’s desirable to keep track of them and communicate about them to web users when their credentials may have been compromised, and educate them on the repercussions, what they can do when such a breach occurs, and protect themselves in the future,” said Mozilla developer Nihanth Subramanya on the feature’s GitHub page.

He said the GitHub code, which uses the name “Breach Alerts”, is meant for testing possible approaches and shouldn’t be taken as indicating the way Mozilla’s final product will appear.

Breach notification

Australian security researcher Troy Hunt, who operates the Have I Been Pwned breach-tracking website, confirmed he is working on the project with Mozilla.

At present, users may only find out that their credentials have been stolen in a data breach when they’re notified by a vendor or by media reports.

Building notification directly into the browser would change that, notifying users as soon as an independent security service such as Hunt’s becomes aware of a breach.

In its present form the add-on produces an alert when the user visits a site listed in Hunt’s database of breached sites.

Subramanya said another approach could be for the alert to be triggered when the user begins the login process for such sites.

User protection

He said Mozilla intends to use the feature to provide more information about data breaches and to allow users to opt into services that could notify them about future incidents.

Subramanya acknowledged the project needs to address issues including protecting the privacy of those who use the feature to sign up for notifications.

“Who is the custodian of this data?… Can we still offer useful functionality to users who opt out of subscribing (with) their email address?” he wrote. “The idea is to offer as much utility as possible while respecting the user’s privacy.”

The test code is available for anyone to download, but only supports Firefox’s developer version.

For development purposes it uses an older plugin structure that Mozilla abandoned with Firefox 57, released last week, a significant update that brings together speed improvements and adds a new user interface.

Subramanya said the legacy format would make the feature easier to import into Firefox’s main development code in the future.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

21 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

22 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

22 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 day ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago