No thanks. This is not the way to correct for the problems we now face.
Now Firefox will ping a third party with the user's identity, to validate the user's currently level of safety, based on what other people know about the user ID. Dialing out to this third party will show externally observable traffic indicating authentication whenever threat validation traffic occurs.
Maybe I don't share the same idea about what represents safety.
An investigator found a photocopy of my driver's license in a file cabinet at a super villain's hide out.
So now I legally change my name, and apply for a new license under that name, yes? Well, great,
this is the new normal.
“This is only meant as a vehicle for quick testing as we iterate on the design, and to help visualize different ideas. In its current state it is in no way meant to represent actual production code, or how the feature will work or look like when it ships. Pull requests are welcome but please keep in mind the highly experimental/volatile nature of this repository.”
And:
“The third goal brings up some privacy concerns, since users would need to supply an email address to receive notifications. Who is the custodian of this data? Can we avoid sending user data to haveibeenpwned.com? Can we still offer useful functionality to users who opt out of subscribing their email address? While the project is still in infancy, the idea is to offer as much utility as possible while respecting the user's privacy.”
It is easy to jump ahead and come to some conclusions but this is an experiment currently. If you think Mozilla is going to send your email to a third party without your consent then you are wrong.
They have a prototype, I'm not sure why calling that the current implementation is problematic (I think it implies that change is quite possible...).
If you read my comment, you'll see that I talk about the user needing to provide credentials for them to be disclosed to a third party, so I think you misunderstood my meaning somewhere there.
Now Firefox will ping a third party with the user's identity, to validate the user's currently level of safety, based on what other people know about the user ID. Dialing out to this third party will show externally observable traffic indicating authentication whenever threat validation traffic occurs.
Maybe I don't share the same idea about what represents safety.
An investigator found a photocopy of my driver's license in a file cabinet at a super villain's hide out.
So now I legally change my name, and apply for a new license under that name, yes? Well, great, this is the new normal.