Friday, September 6, 2013

What the NSA revelations say about our online safety

This blog is many things; one of them is apolitical. I have assiduously avoided direct commentary on the Edward Snowden saga here because I think we have a plurality of views on the topic and frankly I don't want to derail our main and most important focus, which is to continue the maintenance of a functional, useful and above all secure browser package for PowerPC OS X.

The latest revelation from the Guardian, however, directly touches that last attribute: the National Security Agency (USA NSA) and Government Communications Headquarters (UK GCHQ) are not only gathering encrypted traffic from the Internet, they are able to decrypt large portions of it either through brute force or (and this is the most worrisome part) deliberate weaknesses clandestinely introduced into encryption algorithms, i.e., back door attacks.

Some of you may say, well, planners gotta plan, soldiers gotta fight and codebreakers gotta break codes. But the possibility of back doors in common encryption methods is terrifying because who says they haven't yet been detected by criminals, or worse? Even if the NSA or GCHQ have the absolute best of intentions and are working entirely within their mandate -- discussions we're not going to have on this blog -- the best weapon of anyone looking to loot your bank account is to grab your authentication information over the connection you previously believed was ironclad. As quoted in the article, "[an] encrypted communications system with a lawful interception back door is far more likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users."

Mozilla's leadership in security is clear; both Firefox and Chrome use NSS, which originated with Mozilla, for encryption and certificate management. I am confident that we'll see Firefox and thus TenFourFox evolve more robust encryption methods out of reach of present-day brute force computation and beyond the taint of the NSA or NIST. I am concerned about Classilla; evolving its encryption to a later version of NSS may be beyond the capabilities of CodeWarrior or Mozilla 1.3.1, and I don't believe it serves the community to continue evolving a product with a security issue I know I can't solve with the tools available. This is a situation we need to watch very carefully.


  1. I'm also concerned because many people don't seem to understand yet that the NSA is likely their smallest problem in the long haul. Even though all the fuss is about the NSA/GCHQ right now. I wonder what SSL certificates are worth now. Or S-MIME. Or everything to do with cloud computing. Think of Google docs. VPNs. Cisco. Those are technologies that companies and private persons use to exchange sensible information nowadays. I wonder if there's a backdoor in Apple's disk image encryption that's e.g. used for File Vault if Apple (like Microsoft, who admitted it) was forced to bend to NSA demands.

  2. Where-ever there is centralization there is easy opportunity for government infiltration and control, as for example with the public-certificate (PKI) structure used for most ssl traffic. As I understand it, that's what is driving the people in the MonkeySphere project ( - who are working out a way to use the peer-to-peer GPG system as an alternative to PKI.

  3. An off-topic question. What are the chances to incorporate HTML5/H.264 support (like Tobias did in Aurorafox) *before* Mozilla does it officially (i.e. as soon as possible? I know there are legal concerns, but there might be a way for advanced users to compile the browser themselves with that option, if they get a little help. Or to offer "contributed" builds with H.264 enabled. I'd be willing to invest a considerable amount of time to get this done. The reason is that more and more audio and video platforms (Radio/TV media libraries, Vimeo etc.) offer HTML5 support if no Flash plugin is detected. Great! But it's all H.264 (sorry, WebM, you've clearly lost the war), and it works perfectly in Safari 5. It's hardware accelerated, so video is smooth and the browser is very responsive. TenFourFox, of all browsers, needs H.264 support.

    1. At the rate I'm going with Baseline, it's gonna be a bit. We can't ship without a JIT, even a sucky one. About 3/4rs of the tests pass, but we still have some big failures. After that Australis and Ion, and maybe then take a whack at H.264.

    2. (Of course, if *you* get it working in TenFourFox, I'll certainly seriously consider it, especially if it won't be too difficult to transition to Mozilla's official support "whenever that is.")

  4. I was a contractor at Netscape during the Glorious Browser War of 1997. Our internal Security Team were the most passionate computer security experts that I have ever known. Sixteen years ago, and they were pushing for digitally-signed JavaScript etc.

    Many of those people are still active at Mozilla. Of those who moved on to other projects, the architecture they laid down still informs the design of web-standard security today.

    Frankly, these are the sort of people who would quit rather than cave to government pressure for weakened security. So: did they do so? I can't be sure.

    But I note that MOZILLA IS THE ONLY COMPLETELY OPEN-SOURCE BROWSER remaining of the major players. (I can't recall if Opera is entirely open-source.) When Mozilla published the source code back in early 1999, I was shocked. Within *hours* of that first code drop, a team in Australia had added stronger encryption. This was back when it was not legal to export stronger security from within the USA. Another days or so passed, and I had found some obvious memory leaks -- but these bugs were getting fixed *faster* than I could submit bug reports.

    So: Mozilla inherits a tradition of strong security, and the code is open for the entire world to audit.

    Certainly, there remains the non-trivial threat that the best research in computer security is secretly held by the NSA. But the best we can possibly do is to use a strong, open-source, publically-audited code base.

    And adhere to best-practices such as two-factor authentication and strong passwords. Such end-user policies apply to any computer system. But of the factors that we can control, Mozilla is the best web browser option we have.

    1. Maybe one day Opera's source code will be released, though it may just be Presto. It's closed for now, though. Good to hear from a former Netscape person (I don't suppose you were an extra in Code Rush, were you? :).


Due to an increased frequency of spam, comments are now subject to moderation.