bit-tech.net

Mozilla warns against closed-source software

Mozilla warns against closed-source software

The Mozilla Foundation claims that only open source software - as exemplified by its Firefox browser, naturally - can offer cast-iron assurances against government intrusion.

Members of the Mozilla Foundation have urged users to look to open-source software following Snowden's revelations of back-door access and hidden code in proprietary applications, beginning - naturally - with switching to its Firefox web browser.

There's little denying that documents leaked by whistleblower and former National Security Agency (NSA) contractor Edward Snowden have damaged trust in commercial software companies: NSA-mandated algorithms have been found to be vulnerable to attack, and security company RSA has seen numerous speakers pull out of its upcoming conference over claims it accepted a large cash sum from the NSA to make the broken-by-design algorithms the default in its encryption software.

For closed-source software, the claims present a problem: users are increasingly distrustful of companies who claim their software is secure only for the fingerprints of the NSA to be found all over it - but releasing the source code for audit is unthinkable. The result is usually an awkward middle ground like that chosen by Microsoft, which allows selected large customers - typically governments - limited access to selected source files for the purposes of auditing its security. For everyone else, though, it boils down to a simple matter of trust.

In a blog post entitled Trust but Verify, Mozilla's Brendan Eich and Andreas Gal argue that the only true solution is open source - in particular for web browser users. 'Software vendors — including browser vendors — must not be blindly trusted,' the pair argue. 'Not because such vendors don’t want to protect user privacy. Rather, because a law might force vendors to secretly violate their own principles and do things they don’t want to do.

'Mozilla has one critical advantage over all other browser vendors,' the pair naturally conclude. 'Our products are truly open source. Internet Explorer is fully closed-source, and while the rendering engines WebKit and Blink (Chromium) are open-source, the Safari and Chrome browsers that use them are not fully open-source. Both contain significant fractions of closed-source code.'

While encouraging users to switch to Firefox, the pair also ask security researchers to get involved in order to ensure the security of their software. 'To ensure that no one can inject undetected surveillance code into Firefox, security researchers and organizations should: regularly audit Mozilla source and verified builds by all effective means; establish automated systems to verify official Mozilla builds from source; and raise an alert if the verified bits differ from official bits.'

'Security is never “done” — it is a process, not a final rest-state,' the pair conclude. 'No silver bullets. All methods have limits. However, open-source auditability cleanly beats the lack of ability to audit source vs. binary. Through international collaboration of independent entities we can give users the confidence that Firefox cannot be subverted without the world noticing, and offer a browser that verifiably meets users’ privacy expectations.'

Mozilla is currently working on a means for verifying that its builds are indeed based on the published source code, offering public tracking of that work on its Bugzilla platform.

5 Comments

Discuss in the forums Reply
Umbra 14th January 2014, 12:51 Quote
If governments have direct access to ISP's what's the point of being worried about access to your software
Alecto 14th January 2014, 19:40 Quote
Meh, I warn against recent Mozilla bloatware :( Their most recent versions (4.x which they now call 26 instead of 4.0.26 for some reason ...) cannot even be customized to the level of 3.x series, they ahve fewer configuration options and perform worse. Too bad there isn't a single decent alternative that doesn't have some kind of UI issue (IE), rendering issues (Opera, recent Firefox) or stability issues (Safari, Chrome etc.) that could finally replace the 1-2 year old 3.6.28 workhorse :-(
impar 15th January 2014, 11:09 Quote
Greetings!
Quote:
Originally Posted by Alecto
... cannot even be customized to the level of 3.x series, they ahve fewer configuration options and perform worse.
Just change it to your liking:
https://addons.mozilla.org/en-US/firefox/extensions/
Firefox is still the best browser out there. IE11 is getting close, though.
Assassin8or 15th January 2014, 23:52 Quote
Quote:
Originally Posted by Alecto
Meh, I warn against recent Mozilla bloatware :( Their most recent versions (4.x which they now call 26 instead of 4.0.26 for some reason ...) cannot even be customized to the level of 3.x series, they ahve fewer configuration options and perform worse. Too bad there isn't a single decent alternative that doesn't have some kind of UI issue (IE), rendering issues (Opera, recent Firefox) or stability issues (Safari, Chrome etc.) that could finally replace the 1-2 year old 3.6.28 workhorse :-(

I find that I have more problems with Chrome trying to render like IE than I have with Firefox rendering properly.

Look out for Firefox in the coming 4 months. By then a lot of the snappy and javascript work should be paying off and the browser will be somewhere in the region of Chrome/IE11 for snappiness and rendering speed.

Firefox's UI will be altering again soon. Although I've never really understood the need for people to fiddle with their browser layouts too much. I make tweaks, sure, but I don't fret too much because I use keyboard shortcuts a lot and the tweaks I make are just simple functionality tweaks (IE9+ with a whole row for tabs, FF with my plugins where I want them in the addons bar in in the navigation toolbar).

Personally, Firefox(I donated to Mozilla recently too because I like what I see them doing for privacy) will remain my go to browser for the plugins, mostly privacy and anti-ad ones, and for Panorama/Tab Groups. How times change, I'd hate to try to run Chrome with some 30 odd plugins and some 100 tabs open; even with 18GB RAM it might be a stretch.
Umbra 16th January 2014, 00:42 Quote
Quote:
Originally Posted by Assassin8or
I find that I have more problems with Chrome trying to render like IE than I have with Firefox rendering properly.

Look out for Firefox in the coming 4 months. By then a lot of the snappy and javascript work should be paying off and the browser will be somewhere in the region of Chrome/IE11 for snappiness and rendering speed.

Firefox's UI will be altering again soon. Although I've never really understood the need for people to fiddle with their browser layouts too much. I make tweaks, sure, but I don't fret too much because I use keyboard shortcuts a lot and the tweaks I make are just simple functionality tweaks (IE9+ with a whole row for tabs, FF with my plugins where I want them in the addons bar in in the navigation toolbar).

Personally, Firefox(I donated to Mozilla recently too because I like what I see them doing for privacy) will remain my go to browser for the plugins, mostly privacy and anti-ad ones, and for Panorama/Tab Groups. How times change, I'd hate to try to run Chrome with some 30 odd plugins and some 100 tabs open; even with 18GB RAM it might be a stretch.

FF + All in one sidebar, Download Helper, Adblock plus and Fire FTP.
FF has it's issues but those add-ons are priceless and I'll stick with FF as long as they are available and updated for future FF versions.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums