Firefox 62: Firefox Monitor system add-on integration
Mozilla plans to integrate a new system add-on called Firefox Monitor in Firefox 62 that Mozilla plans to roll out gradually to the Firefox population.
Mozilla ran a Firefox Monitor Shield study recently to find out how useful Firefox users who enrolled in the study found the new feature.
Firefox Monitor is a security feature to inform users about data breaches. The service has a web component that Firefox users may enter email addresses to check whether the email is found in compromised databases and to sign up for alerts to receive word when an email address is found on a newly leaked database.
Mozilla cooperates with Troy Hunt who maintains the Have I Been Pwned database for the project.
The system add-on will have an integrated component eventually as well that displays a notification to users when they visit a breached site.
It is unclear when breach warnings will be displayed to users. Possibilities include when users visit the site or when they are on a page with form fields, e.g. a login page.
Mozilla plans to roll out the feature to EN-US users of Firefox only during initial launch. The organization plans to enable the feature for 0.5% of EN-US users initially on September 5, 2018.
If that initial rollout goes well, it will be rolled out to 100% of the EN-US Firefox population on September 25, 2018. The actual website will be available to all users on September 25, 2018 as well. The language of the site will be in English only for the time being though.
If the initial rollout does not perform well -- Mozilla plans to compare the performance to the performance of the Shield study -- only the website will be made available but the rollout itself will be stopped.
The system add-on can be turned off by users who don't want to use it.
- Type about:config?filter=extensions.fxmonitor.enabled in the Firefox address bar.
- Confirm that you will be careful.
- Set the preference to false to turn the system add-on off.
Note that the preference does not exist yet, not even in Firefox Nightly.
Closing Words
Firefox Monitor informs users about data breaches. The website component that Mozilla runs checks addresses for breaches and includes an alert function to inform users about breaches. The functionality depends on the availability of breached databases, however, and should not be seen as a 100% way of finding out about any breach that happens.
I find the integrated notification component promising as it informs users about breached sites when they visit these sites. It remains to be seen how this will be implemented in the browser.
Firefox users who don't want to use the extension can turn it off using a preference.
Now You: What is your impression of Firefox Monitor?
Yesterday I upgraded to v65 on my Mac. Monitor appeared and then suddenly just disappeared … simply went away right before my eyes.
I have no opinion on this being good or bad, but when things like that happen, I always question the honesty and integrity of those who do such silly and meaningless things. Either lead, follow or get out of the way Mozilla, but whichever make up your mind and move on.
Good feature. Thanks Mozilla!
Don’t get why the tinfoil hats are coming out for this. The more people that are aware of data breaches, the better.
This might work:
in about:config
creating a new boolean key
extensions.fxmonitor.enabled
and setting it to false
https://www.reddit.com/r/firefox/comments/9ii8sj/firefox_keeps_silently_installing_hidden/e6jtq30
@Yuliya:
I did the same and I completely agree with you.
I found the result of this action was cpu load constantly being above 40% as soon as firefox had downloaded the fx monitor addon to my temp folder but could not install it to my profile.
Maybe there is another way to disable it?
This is so annoying, I can’t get rid of “fxmonitor@mozilla.org.xpi”. I DON’T NEED IT, MOZILLA!!
I just found it under my profile folder, and it’s always created. I can’t figure out if there is a way to disable it. I might just have to block permissions on that “features” folder.
@Yuilya: I am using Firefox 62 portable, and do not have the folder nor the xpi file on my PC. Could it be that the portable version does not provide that ‘nice’ feature?
I removed the “features” folder and instead created an empty file called “features” and set it to read-only. This seems to prevent Fx from instaling that garbage on my PC. God damn annoying as hell this company is. The fact that Mozilla could install this crap on my PC without my consent OR KNOWLEDGE! is worrying. Borderline malware behaviour.
This thing cannot be disabled, it’s recreated every time in profile subfolder “features” as file “fxmonitor@mozilla.org.xpi”. :(
This sounds like a useful idea for many people. I’m very disappointed that it seems that it will only be possible to disable it through about:prefs, though.
Sounds identical to HackNotice, a service used in connection with the Chrome browser, and discussed in detail in a Bleeping Computer article. See link below.
https://www.bleepingcomputer.com/news/security/hacknotice-alerts-you-when-a-site-is-hacked-or-your-info-is-leaked/
Unless this works with a downloaded database that checks sites without getting Mozilla involved in each connection, it’s B.S. This will never work well and will be “studied” forever.
Security is the latest thing we’re being sold. By everyone. What’s next, speed? Wait, can’t be, that’s what users really want! Mozilla doesn’t have a VPN to sell yet? Shame!
Can’t imagine the mess someone would end up with by installing every fear mongering add on or extension that accosts them.
Tech companies seem to hate their pesky customers. Wait again, advertisers are their customers, not users, silly me!
It should NOT be the role of a company to protect the user, but the duty of the user himself.
Protection always requires ownership, this is why these things are offered to those who are ignorant or not capable of protecting themselves, people with no merit. What commercial, ideological and/or political companies, like Mozilla, end up doing is favoring the weak in exchange of owning them
This is what is known as “Equality”
When they get to own many people, they impose themselves through collectivism: The majority becomes the center of all commercial development which leads to mediocrity, but makes these businesses rich as it causes a redistribution from, and dependency of, the user to the company itself. The mediocre becomes artificially empowered and thus supports equality by supporting the company(the State).
Redistribution is theft. Now undeserving people have access to things men create,things the company owners themselves cannot create, this is known as “parasitism”, . So redistribution benefits the parasites at the top, and the parasites at the bottom.
Usually the result is that parasites consume up all resources then start practicing cannibalism, this is why for them technology and collectivism is important to avoid or survive that, because they depend on them and without them they are just decadent. This is how companies like Mozilla and Google got so big, by evading natural selection through theft, they buy workers to make them produce technology they then sell to many for money to then again buy more workers.(vicious)
“Protection always requires ownership”
Not at all. Mozilla’s leak “protection” involves spying on users but it could perfectly have been designed without the spying. Same for safebrowsing. Lots of existing security software respects the user.
” these things are offered to those who are ignorant or not capable of protecting themselves, people with no merit”
When a company database is hacked, it’s not because its users have been “weak”.
“When they get to own many people, they impose themselves through collectivism: The majority becomes the center of all commercial development which leads to mediocrity”
Mozilla told you that all the crap they did recently was for the good of the majority, and you naively believed their commercial propaganda because it was comforting your ideological beliefs that democracy is evil and that corporations can support it. But no, their misdeeds are motivated to increase the profits of companies like Google against the interests of the majority.
I won’t comment on the rest of your disgusting political ideas that everybody but you is a mediocre parasite that deserves to die for the sake of natural selection.
Can we just go back to a fast browser that works? All any of these browsers do anymore is keep pilling on more and more crap. I just think Mozilla is in survival mode now desperate to try and make Firefox relevant again. I don’t think anything so far is helping Mozilla.
After selling our browsing data and storing addresses and credit card numbers typed in the browser, now that greedy data sucking spyware corp Mozilla wants to collect our email addresses. Fuck off Mozcorp !
Well, to go against the grain in these comments:
This is a really good feature. Most users are not interested enough in technology that they will get to know about data breaches on their own. Some countries force companies to inform users about data breaches, but not all countries do, so this levels the playing field very nicely.
But the problem is not about making people aware of data breaches. The problem is that Mozilla spies on users in the process, which was *not* necessary.
This will just be more data mining by Mozilla, and a further indication that it’s time to stop allowing Firefox updates on my system. But then, I was already going to do that when they implement that miserable forced updates anyhow.
Or try Waterfox. All the “system extensions” garbage is removed and prevented to come back. In current Firefox that would include spyware and adware things like Pocket, form autofill, activity stream,… and soon Firefox Monitor. Also they won’t be able to silently install their trash on your computer between two actual browser updates.
I gave up with Firefox and Mozilla Corporation.