Andreas Gal, Mozilla's vice president of mobile and R&D, and Brendan Eich, CTO and SVP of Engineering, have updated Gal's blog with a long entry about how Firefox users can trust Mozilla when it comes to government backdoors and user privacy.
In the blog, they point out that due to laws in the U.S. and elsewhere, Web surfers must interact with Internet services knowing full well that even though cloud service companies want to protect user privacy, eventually one day those companies will be required to comply with laws. The government may acquire information that seems to violate privacy and could even force surveillance. Even more, the government can do so while enforcing gag orders on the service, leaving the consumer unaware.
This creates a problem in regards to privacy and security. Every major browser today is distributed by an organization within reach of surveillance laws, they point out. Injecting surveillance code in a web browser is quite possible.
"The unfortunate consequence is that software vendors — including browser vendors — must not be blindly trusted," they report. "Not because such vendors don't want to protect user privacy. Rather, because a law might force vendors to secretly violate their own principles and do things they don't want to do."
They also point out that unlike other browser vendors, Mozilla's products are truly open source. That's a "critical advantage," as Internet Explorer is closed, and both Safari and Chrome have open-source rendering engines, but contain "significant" fractions of closed source code. By being 100 percent open source, security researchers can verify the executable bits contained in the browsers Mozilla is distributing.
However, the answer to getting real trust, it seems, is to create a global audit system verifying that Firefox isn't immediately injected with government-tainted code at the request of court orders.
"To ensure that no one can inject undetected surveillance code into Firefox, security researchers and organizations should regularly audit Mozilla source and verified builds by all effective means, establish automated systems to verify official Mozilla builds from source, and raise an alert if the verified bits differ from official bits," they suggest.
"Beyond this first step, can we use such audited browsers as trust anchors, to authenticate fully-audited open-source Internet services? This seems possible in theory," they add.