They've also been instrumental in helping define the model which HIBP uses to feed them data without Mozilla disclosing the email addresses being searched for. Arguably, the work done by Mozilla's Josh Aas and Eric Rescorla (still the Mozilla CTO today) has been one of the greatest contributions to online privacy and security we've seen and Mozilla remains a platinum sponsor to this day. In particular, Mozilla was instrumental in the birth of Let's Encrypt, the free and open certificate authority that's massively increased the adoption of HTTPS on the web. I'm really happy to see Firefox integrating with HIBP in this fashion, not just to get it in front of as many people as possible, but because I have a great deal of respect for their contributions to the technology community. You can read Mozilla's announcement of the new feature and how they plan to conduct the testing and rollout. This is major because Firefox has an install base of hundreds of millions of people which significantly expands the audience that can be reached once this feature rolls out to the mainstream. Over the coming weeks, Mozilla will begin trialling integration between HIBP and Firefox to make breach data searchable via a new tool called "Firefox Monitor". As it turns out, we had much bigger plans and that's what I'm sharing here today. I ended up fielding a heap of media calls just on that one little feature - people loved the idea of HIBP in Firefox, even in a very simple form. But the press picked up on some signals which indicated that in the long term, we had bigger plans than that and the whole thing got a heap of very positive attention. I was a bit surprised at the time as it was nothing more than their Breach Alerts feature which simply highlighted if the site being visited had previously been in a data breach (it draws this from the freely accessible breach API on HIBP). Last November, there was much press about Mozilla integrating HIBP into Firefox. However, that scope is about to expand dramatically via 2 new partnerships which I'm announcing today, starting with Firefox: Mozilla and Firefox Monitor Don't get me wrong - I'm enormously happy and personally fulfilled by having been able to do even this - but clearly, I'm barely scratching the surface. I'm reaching 0.06% of them via the notification service and not a whole lot more in terms of people coming to the site and doing an ad hoc search (usually 100k - 200k people a day). Of the 5.1 billion records that are in HIBP today, there's 3.1B unique email addresses. That's amazing, never expected to see that! /uTfoZud7wk- Troy Hunt June 20, 2018ΔΆ million is more than I ever expected, if I'm honest, but it's also only a tiny, tiny drop in the ocean. Wow, just realised passed the 2 million *verified* subscribers mark whilst I've been travelling. That's out of a subscriber base that just recently ticked over the 2M million mark: In cases like Ticketfly, loading the data into HIBP meant notifying 105k of my subscribers. Only used you guys once for tickets to a concert. Thankfully built an amazing tool ( )for issues like this. I at least know about it, thx to Tim Plas June 3, a heads up would have been nice. Well, that's annoying: data breach attacker publicly posted my info (along w 26MM others). thanks for the excellent service that notifies users of #privacy disasters like this :) /jlqnKXteDG- Yale Privacy Lab June 4, 2018 Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: Often, it's after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |