A new prototype extension for Mozilla Firefox aims to alert users if their personal data has been leaked in a data breach, according to a GitHub repository.
The feature, called Breach Alerts, will use the Firefox UI to let users know of potential hacks. According to the GitHub page, one example of this could be to provide a notification when a user visits a site that is known to have recently been breached.
According to the page, Mozilla is teaming up with the website https://haveibeenpwned.com to gather data on potential breaches. In addition to alerting users of a breach, the feature also hopes to provide more information on certain breaches through a “Learn more” link in the notification that could redirect the user to a support page, the GitHub page said.
SEE: Secure Browser Usage Policy (Tech Pro Research)
“Data breaches (“hacks”) are a real problem on the modern Web, with sensitive data like email addresses, passwords, credit card details, and other personal information being stolen and/or leaked by parties with malicious intent,” the page said. “As they grow more frequent, it’s desirable to keep track of them and communicate about them to Web users when their credentials may have been compromised, and educate them on the repercussions, what they can do when such a breach occurs, and protect themselves in the future.”
The third goal of the feature is to allow users to opt into a service that will notify them outside of the browser’s UI (e.g., by email) of breaches they could be affected by. However, this does bring up some privacy concerns that are addressed on the GitHub page.
Concerns could include who would be considered the custodian of the data, and whether or not Mozilla could avoid sending the user data to haveibeenpwned.com. The GitHub page noted that the team is working on the extension in a way that offers “as much utility as possible while respecting the user’s privacy.”
The current alert system for the feature is a doorhanger notification that appears in Firefox when a user visits a site that was recently breached. The examples given on GitHub were linkedin.com and adobe.com.
In that notification, the user can put in their email address for future alerts if they wish. Additionally, if the user visits haveibeenpwned.com, they’ll see a textbox in a doorhanger notification that will give them the option to simulate a breach, the GitHub page said. However, being that this is a prototype, this functionality could change.
The 3 big takeaways for TechRepublic readers
- A new feature called Firefox Breach Alerts will warn users from the Firefox UI when they visit a website that has been hacked or breached.
- In the warning notification, users will also be able to learn more about the breach and sign up to receive additional notifications about future breaches.
- Privacy concerns around the collection of data exist for the email notification feature, which Mozilla is working to balance in the prototype.