Project Svalbard: The Future of Have I Been Pwned

[tomglynch]

Mozilla also recently launched their own version of HIBP that just gets the data from HIBP and passes it to their users: https://monitor.firefox.com/

Though just realised, they're not that upfront about giving HIBP credit - If I were Troy this would peeve me a bit.

[lol768]

It's not massively advertised on the homepage (though in some respects, I think outside of infosec circles "Firefox Monitor" probably sounds more professional/neutral than "Have I been pwned").

I think they discussed HIBP in the launch announcement: https://blog.mozilla.org/security/2018/11/14/when-does-firef...

It's also in the FAQ: https://support.mozilla.org/en-US/kb/firefox-monitor-faq

[luag]

Just tried it, they specifically write "Breach data provided by Have I Been Pwned" at the end of results.

[flurdy]

I thought the same when I initially was prompted about Firefox monitor at the bottom of Firefox's new tab page.

Was a little peeved at what seemed like a copy, but I have now realised it is just building on top of Troy's work [1] which is even better because of Firefox's larger reach.

They don't have to have a blinking marque text at the top attributing it to Have I Been Pwned. But they could have mentioned it on the front page somewhere that HIBP is one of their main sources. I trust HIBP, therefore, more value to Firefox Monitor had I known that link.

[1] https://www.troyhunt.com/were-baking-have-i-been-pwned-into-...

[Vinnl]

> I trust HIBP, therefore, more value to Firefox Monitor had I known that link.

If you trust HiBP, you don't really need Firefox Monitor. It was created specifically to reach people that HiBP could not reach.