I use the built-in sync service in various Firefox forks to sync bookmarks/history/tabs, using the default Mozilla servers.
When I went to “Manage Account” to review and prune the devices (“services?”) linked with Mozilla Sync down to what I’m actively using currently, and noticed “Mozilla Monitor” in there.
I can’t find any info on why Mozilla Monitor required sync credentials, and I don’t remember Mozilla Monitor telling me it would be gaining access to my sync data, nor can I find any way to review what data “Mozilla Monitor” has access to.
Any ideas?
For now I’m signing out that entry, while I consider other sync options.
Monitor monitors the Web for leaked credentials you have in Firefox’s password manager. That’s what it’s for. I think it’s quite clear why it would access your sync data
I’ve seen no documentation that Mozilla Monitor works by accessing one’s sync data.
The interface suggests that it only monitors email addresses manually added on monitor.mozilla.org’s UI.
It‘s also worth mentioning that Monitor anonymizes your data before checking it for breaches.
So there shouldn‘t be any serious privacy issues.
Yes, I was aware of that at the time, and I probably assumed that my browser would be hashing each piece of data (e.g. each email address or username) before sending it to Mozilla Monitor or haveibeenpwned.
What concerns me is Mozilla Monitor appearing in the list of devices/browsers synced, each of which is implied to have cleartext access to all the data I decide to sync (bookmarks/history/tabs in my case, logins+passwords and more for many other people).