To ensure that no one can inject undetected surveillance code into Firefox, security researchers and organizations should:
In the best case, we will establish such a verification system at a global scale, with participants from many different geographic regions and political and strategic interests and affiliations.
- regularly audit Mozilla source and verified builds by all effective means;
- establish automated systems to verify official Mozilla builds from source;
- raise an alert if the verified bits differ from official bits.
Security is never “done” — it is a process, not a final rest-state. No silver bullets. All methods have limits. However, open-source auditability cleanly beats the lack of ability to audit source vs. binary.
Through international collaboration of independent entities we can give users the confidence that Firefox cannot be subverted without the world noticing, and offer a browser that verifiably meets users’ privacy expectations.