Among the major free software projects, Mozilla is special, and for multiple reasons. It’s one of the oldest, going back to 1998. It’s one of the biggest, in terms of number of contributors. It’s one of the most ambitious, with a wide range of projects tackling important issues in big markets. And last, but not least, it’s the richest open source project, with millions in the bank thanks to its lucrative deal with Google.
I’m excited about 2014 at Mozilla. Building on last fall’s Mozilla Summit, it feels like people across the project are re-energized by Mitchell’s reminder that we are a global community with a common cause. Right now, this community is sharply focused on making sure the web wins on mobile and on teaching the world how the web works. I’m optimistic that we’re going to make some breakthroughs in these areas in the year ahead.
Last month, I sat down with our board to talk about where we want to focus the Mozilla Foundation’s education and community program efforts in 2014. We agreed that two things should be our main priorities this year: 1. getting more people to use our learning tools and 2. growing our community of contributors.
He also sketches out longer-term plans:
At the Mozilla Summit, we imagined a bold future 10 years from now: one where the values of the web are built into all aspects of our connected lives and where the broad majority of people are literate in the ways of the web. In this world, Mozilla is a strong global movement with over a million active contributors.
We move towards this world by building real things: a widely used mobile operating system based on the web; new ways to store and protect personal information online; content and tools for teaching web literacy. I’m excited working on the education and community sides of all this in 2014 — I think we can make some breakthroughs.
I’d agree that the mobile operating system based around the Web is a crucially important move, given the shift from the desktop to mobile forms of computing. But there’s something missing from Surman’s blog post – call it the giant lizard in the room.
It is not possible for any open source project – or indeed any venture involving computing – to ignore what we have learned from Snowden about the activities of the NSA and its friends in the UK and elsewhere. It is not possible blithely to continue as if nothing has changed. For a start, we now know that practically everything we do online is spied on, stored and analysed. That immediately undercuts earlier efforts to provide privacy. We know that encryption is compromised, if not actually broken. That means many of our assumptions about security go out of the window.
Fortunately, another post from the Mozilla team does address this. It comes from Brendan Eich, CTO and SVP Engineering, and Andreas Gal, VP Mobile and R&D. Here’s how it begins:
It is becoming increasingly difficult to trust the privacy properties of software and services we rely on to use the Internet. Governments, companies, groups and individuals may be surveilling us without our knowledge. This is particularly troubling when such surveillance is done by governments under statutes that provide limited court oversight and almost no room for public scrutiny.
As a result of laws in the US and elsewhere, prudent users must interact with Internet services knowing that despite how much any cloud-service company wants to protect privacy, at the end of the day most big companies must comply with the law. The government can legally access user data in ways that might violate the privacy expectations of law-abiding users. Worse, the government may force service operators to enable surveillance (something that seems to have happened in the Lavabit case).
Worst of all, the government can do all of this without users ever finding out about it, due to gag orders.
That correctly identifies the key threat to users – all users – as governments around the world. The article then goes on to note the practical implications for browsers and their creators:
This creates a significant predicament for privacy and security on the Open Web. Every major browser today is distributed by an organization within reach of surveillance laws. As the Lavabit case suggests, the government may request that browser vendors secretly inject surveillance code into the browsers they distribute to users. We have no information that any browser vendor has ever received such a directive. However, if that were to happen, the public would likely not find out due to gag orders.
The unfortunate consequence is that software vendors — including browser vendors — must not be blindly trusted. Not because such vendors don’t want to protect user privacy. Rather, because a law might force vendors to secretly violate their own principles and do things they don’t want to do.
Note, again, that this correctly identifies the problem as being governments that use their powers to demand that creators of software add backdoors that can then be used against users. Eich and Gal then go on to repeat a point that I’ve made a couple of times in the wake of Snowden’s leaks:
Mozilla has one critical advantage over all other browser vendors. Our products are truly open source. Internet Explorer is fully closed-source, and while the rendering engines WebKit and Blink (chromium) are open-source, the Safari and Chrome browsers that use them are not fully open-source. Both contain significant fractions of closed-source code.
Mozilla Firefox in contrast is 100% open source. As Anthony Jones from our New Zealand office pointed out the other month, security researchers can use this fact to verify the executable bits contained in the browsers Mozilla is distributing, by building Firefox from source and comparing the built bits with our official distribution.
This will be the most effective on platforms where we already use open-source compilers to produce the executable, to avoid compiler-level attacks as shown in 1984 by Ken Thompson.
The post then builds on this fact to call for help in keeping Firefox trustworthy:
To ensure that no one can inject undetected surveillance code into Firefox, security researchers and organizations should:regularly audit Mozilla source and verified builds by all effective means; establish automated systems to verify official Mozilla builds from source; and raise an alert if the verified bits differ from official bits.
In the best case, we will establish such a verification system at a global scale, with participants from many different geographic regions and political and strategic interests and affiliations.
Security is never “done” — it is a process, not a final rest-state. No silver bullets. All methods have limits. However, open-source auditability cleanly beats the lack of ability to audit source vs. binary.
Through international collaboration of independent entities we can give users the confidence that Firefox cannot be subverted without the world noticing, and offer a browser that verifiably meets users’ privacy expectations.
That’s a great idea, and one that builds on the inherent openness of Mozilla. I hope that people will join in and make it happen.
But here I want to underline what I think is a much more important aspect of this move – and a significant moment in the history of the project. It’s that Mozilla is actively seeking to nullify government actions. That is, it has recognised that it cannot be some aloof, neutral purveyor of top-quality free software, but that it must join the fight on behalf of its community of users, alongside its users, even if, as here, that struggle is not commercial or technical, but intrinsically political.