Mozilla plans to integrate data from “Have I Been Pwned” in its browser, informing users when they visit a previously compromised website. An experimental feature cross-references users’ email address with a database of hacks and delivers advice on how to proceed.
It could prove infinitely useful. This year has featured several large-scale hacks, and unfortunately, that’s nothing out of the ordinary. Last year, Yahoo announced a hack that affected up to 1 billion users, and it 2014, its estimated that half of Americans had their personal information exposed.
However, more scary are the hacks that don’t make huge headlines. Many reuse the same password on multiple sites, and one weak link means all of their accounts are exposed. As a result, it’s incredibly important to stay up to date with the latest breaches.
Though Have I Been Pwned? already delivers that functionality, it doesn’t have the same intuitive reach. Instead of having to visit a separate website, users will be informed just as they are about to log in.
The project is currently in its infancy and there are already some concerns. The major one is privacy. To check for a hack, Mozilla needs to know the user’s email address. Users would have to supply this, and that data needs to be in a safe place.
As a result, current functionality would only be useful to those who opt-in. Subramanya is working on a way to make the feature useful for all users without being intrusive. Thankfully, he has the support of Troy Hunt, creator of Have I Been Pwned, who is helping with the code.
“Firefox is just looking at which sites have been breached and we’re discussing other ways of using the data in the future,” he said to Engadget. “They’ve got a broad reach and surfacing this info via Firefox is a great way to get more exposure around data breaches.”
Despite this, developers can already try the tool. A GitHub repository lets users compile the addon and run it on certain versions of Firefox. Though functionality is limited, feedback so far has been positive.