Hacking of web sites is a growing trend. Sites serve as potential targets for hackers who are usually after user information. Furthermore, for the average user, it is impossible to keep track of every website that has endured a data breach, making it even simpler for a hacker.
As a result, Firefox may soon display notifications to users who frequent sites that have previously gone through a data breach.
Firefox to introduce a new security feature
The Firefox browser is on the verge of launching a new safety feature to make users’ online encounter safer. The revealing of the news was by NihanthSubramanya, the Mozilla developer, and its confirmation was by the presence of a newly-released GitHub copy named “Breach AlertsPrototype.”
The identification of this gap by Firefox was going to be an extension through which Nihanth would use as a vehicle for prototyping primary user interface (UI) and interaction flow for a forthcoming feature in Firefox.
This feature would notify users if their credentials are possibly leaked or stolen in a data breach, and this is as published on GitHub.
The Mozilla developer has partnered with haveibeenpwned.com as database related to data breaches. The new feature, though has not yet come to completion. The developer also explained that in the state the feature is currently, it is in no way intended to represent production code, or how it will operate or look like when it ships.
Troy Hunt, the security guru behind Have I Been Pwned, affirmed the news, tweeting that “yes, we are doing some amazing things @haveibeenpwned and @mozilla.”
For now, the addition is rather simple. When you visit the site have I Been Pwned’s naughty roster, it will show a flag that states that you have come from Ashley Madison. It will not halt you from entering; instead, it gives you a notion that at one point or another, the platform’s security processes were less than optimal.
Goals of the new security feature
- Inform users about hacked data via the Firefox UI. For instance, an alert when these users visit a site (or maybe when they see a form on a login page) in which hacking just took place.
- Reveal records/educational information about interfering data within the Firefox UI. For example, a “Learn more” channel in the notification highlighted above leading to a support page.
- Provide a way for interested users to be educated about and opt for a service that alerts them when they may suffer from breaches in the future.
The developer says there may be privacy concerns because the users are required to give an email address so that they can receive any security notifications.
There are several significant questions raised by the developer over these concerns, such as: who is the guardian of this data? Can we still provide essential functionality to users who chose not to subscribe their email addresses?
Nihanth Subramanya also says that though the project is still in its infant stages, the main idea is to offer as much utility as they can while taking consideration of the user’s privacy.
On the other hand, hacked sites may not be too excited about a component that will put to shame any previous negligence on security. However, if properly executed, it could offer a useful service to consumers, enabling them to know that they might need to either change their password or not reuse the breached one.
Troy Hunt,an Australian web security expert, is very enthusiastic about the amount of positive feedback the project has garnered in such a short time.