How does Firefox know when I am visiting a site that has had a breach?
I am not using Firefox Monitor, and I am running Firefox 66. I just visited a website, and was told via a popup message in the address bar there had been a breach back in 2010, exposing thousands of passwords. (And of course it suggested I sign up for Firefox Monitor to get details.)
I am wondering how Firefox knew that it should show me that message? Does it regularly download a list of breached sites, or is every site I visit being sent to Mozilla so they can check to see whether it's on a breach list?
I'm hoping it's not the latter as I never agreed to share my browsing history with Mozilla, or anyone else, but I can't find any information about how the browser maintains its list of breached sites.
Modified
All Replies (2)
Hi there,
Not from mozilla but working in data security,
This will work by instead of sending the website address to Mozilla, the Firefox Browser will keep a list of breached websites locally, and therefore instead of it being "Mozilla is checking my websites." It becomes... "I am checking my own websites, against Mozilla's list.".
Again not certain this is the way it works, but 1) Mozilla seem to genueinly care about user privacy 2) Locally checking would also be faster and more effecient.
Monitor solves the problem of a breach that hasn't been added to your local list yet not notifying you, and also notifys you about breaches with your specefic user details in. @Mozilla, can confirm?
Note that there is a setting in "Options/Preferences -> Privacy & Security" to enable Firefox Monitor alerts.
- https://support.mozilla.org/en-US/kb/firefox-monitor
- https://support.mozilla.org/en-US/kb/firefox-monitor-faq