Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Protections Dashboard & Login breach information

  • 13 replies
  • 0 have this problem
  • 56 views
  • Last reply by cor-el

more options

Hello,

this topic is about two things.

1. How do I reset the data of the built-in Protections Dashboard without resetting all of Firefox?

2. and probably more complicated, how do I stop Firefox from checking for "Login breach information"?

I do already have and always had "Show alerts about passwords for breached web sites" in options disabled. Still the Dashboard shows that "1 password stored securely.".

Mozilla says "[i]Firefox Monitor warns you if your online accounts were involved in a known data breach. For more information, see Firefox Password Manager - Alerts for breached websites. To get the latest login breach information and more, Firefox connects to firefox.settings.services.mozilla.com/i"

So now I've gone as far as blocking "firefox.settings.services.mozilla.com" through HOSTS. Still the Dashboard shows that "1 password stored securely.".

Why is it still checking? How is it still checking? How do I stop this?

edit: Screenshots added

Hello, this topic is about two things. 1. How do I reset the data of the built-in Protections Dashboard without resetting all of Firefox? 2. and probably more complicated, how do I stop Firefox from checking for "Login breach information"? I do already have and always had "Show alerts about passwords for breached web sites" in options disabled. Still the Dashboard shows that "1 password stored securely.". Mozilla says "[i]Firefox Monitor warns you if your online accounts were involved in a known data breach. For more information, see Firefox Password Manager - Alerts for breached websites. To get the latest login breach information and more, Firefox connects to firefox.settings.services.mozilla.com[/i]" So now I've gone as far as blocking "firefox.settings.services.mozilla.com" through HOSTS. Still the Dashboard shows that "1 password stored securely.". Why is it still checking? How is it still checking? How do I stop this? edit: Screenshots added
Attached screenshots

Modified by WiesoWeshalbWarum

All Replies (13)

more options

Screenshot of your settings your referring to here? So others can compare and see what's different.

more options

That is how this Protection Dashboard (about:protections) works. It shows data stored locally in the profile folder and has not much to do with Sync apart from that you can use your Firefox Account to login to Firefox Monitor.

more options

Thank you cor-el for answering but just linking to Mozilla support articles, which explain nothing, does not help.

I am not and never have been logged in to this/my Mozilla account through Firefox, therefore I'm making these posts by using another browser. Also I have and always had the option for "Show alerts about passwords for breached web sites" set to disabled. And I have blocked firefox.settings.services.mozilla.com" through HOSTS now.

How can the Privacy Dashboard still show info about breached passwords, ignoring my setting? I consider this a breach of Privacy. I mean in order to do so Firefox or Firefox' servers must have contacted the 3rd party website Have I been Pwned. The website itself may be trustworthy but I denied it by disabling the setting!

Last but not least, if the data from the Protection Dashboard is stored locally, where is it stored and how can I delete/reset it (WITHOUT resetting Firefox completely)? I need to check if blocking firefox.settings.services.mozilla.com", which Mozilla says is the server adress they contact, really prevents Firefox from doing what it wants because "That is how this Protection Dashboard works."...

more options

Your screenshot doesn't shows that Firefox will check for breaches, but the "Look out for data breaches" section merely shows that you can login to the Firefox Monitor website in case you are interested. The same for the passwords that also require to connect to a Firefox Sync account and enable logins. These actions are all optional and you do not have to proceed and use them.

more options

My screenshot shows that I disabled the only available option yet it obviously still contacts a 3rd part website and checks for breaches. Otherwise the Dashboard would be unable to show that there have been no breaches.

And because nobody has told me yet how to reset the Dashboard data, without deleting all Firefox data btw, I can still not confirm if Firefox stops contacting said 3rd party website and therefore stops checking for breaches now that I denied access to firefox.settings.services.mozilla.com.

I do not use any Firefox logins or sync account stuff in Firefox. Never have, never will. And the support articles you are linking are no help at all.

Why does Firefox still contact the 3rd party website Have I been Pwned even tho I disabled the only available option regarding this topic available in Firefox' settings? How do I reset the Dashboard data (without completely wiping all other Firefox data). These are my questions I want an answer to.

more options

This data is stored in protections.sqlite in the Firefox profile folder.

more options

Unfortunatel only the Trackers section but not the passwords section is stored in the file. So deleting it resets the Tracker count but doesn't reset the password count, making it still impossible the see if either the option to not contact Have I been Pwned or blocking firefox.settings.services.mozilla.com is obeyed now.

And while I understand that you are trying to help I have to say that I find it highly suspicious that either no official knows about this function/function's behaviour or that they simply do not want to answer.

more options

I think that the password count it shows is what is stored in logins.json (there might be a hidden entry for Sync), so you can clear/rename this file to see if this makes a difference.

more options

While you are right about the logins.json it's not a real solution. Yes, as soon as you delete the file the Passwords Breach section is empty. But as soon as you move it back, the Breach Info is there again as well.

In my main browser, not the test environment I did the Screenshows with, I have 95 saved Logins. As soon as I delete the file they are ofc all gone. There is no way I will re-do them all just to get rid of some info that shouldn't be there in the first place.

I also tested LibeWolf and it doesn't have the Breached Passwords section. I also compared the logins.json of Firefox and LibreWolf but I was unable to find the difference. So my guess is, the info isn't stored in the logins.json file itself but comes from Mozilla servers, which I denied allowance, and that it what the whole thing is about.

I find it hard to believe that there is officlal on the official forum who knows what's going on here and how to stop it. I feel like having to go to the LibreWolf forums and ask them for help... which is a joke.

more options

Don't use that about:protections page if you aren't pleased with what is displays, it just shows some telemetry statistics about content blocked by Enhanced Tracking Protection and info about stored logins. If you use the Primary Password then others won't be able to access the logins easily, provided that you haven't unlocked the logins in the session by entering the PP (you can re-lock by canceling the PP like when clicking the eye icon).

more options

I'm not ok with what about:protections shows because it ignored (and still ignores) a privacy related setting. Not using about:protections is neither an option nor the solution.

Don't get mad but don't reply to this topic anymore please. I'd rather wait for an official answer, even if that means I have to bump this topic for a whole year.

more options

I'm going to lock this thread as we have explained that this dashboard is designed to show some stats about your usage of Firefox like how many items are blocked and if you have logins stored and how you can check for breaches on the monitor.firefox.com website. This is all about data stored locally in the profile folder and doesn't requires checking/uploading on internet. If you do not sign up for Firefox monitor then there no known email address that can be checked.

See also the Firefox Data Collection settings here:

  • Settings -> Privacy & Security
    Firefox Data Collection and Use

Allow Firefox to send technical and interaction data to Mozilla (datareporting.healthreport.uploadEnabled) Allow Firefox to install and run studies (app.shield.optoutstudies.enabled) Allow Firefox to send backlogged crash reports on your behalf (browser.crashReports.unsubmittedCheck.*)