As a result of laws in the US and elsewhere, prudent users must interact with Internet services knowing that despite how much any cloud-service company wants to protect privacy, at the end of the day most big companies must comply with the law. The government can legally access user data in ways that might violate the privacy expectations of law-abiding users. Worse, the government may force service operators to enable surveillance (something that seems to have happened in the Lavabit case).
Worst of all, the government can do all of this without users ever finding out about it, due to gag orders.
… Mozilla has one critical advantage over all other browser vendors. Our products are truly open source. Internet Explorer is fully closed-source, and while the rendering engines WebKit and Blink (chromium) are open-source, the Safari and Chrome browsers that use them are not fully open source. Both contain significant fractions of closed-source code.
… To ensure that no one can inject undetected surveillance code into Firefox, security researchers and organizations should:
- regularly audit Mozilla source and verified builds by all effective means;
- establish automated systems to verify official Mozilla builds from source; and
- raise an alert if the verified bits differ from official bits.
In the best case, we will establish such a verification system at a global scale, with participants from many different geographic regions and political and strategic interests and affiliations. [X]
So Mozilla is saying that users need to monitor the source code of it’s product, Firefox, because the government could force it to spy on the public. If such code is found, Mozilla wants a public alarm sent out so users know they are being spied on. While it’s disgusting that the government can force a company to violate it’s user agreement and put a gag order on preventing the company from revealing that at least it’s possible for Firefox to be monitored by users unlike other browsers like Chrome or Explorer.