[intherdfield]

>> one has to trust Mozilla not to do that. > > Exactly. One has to trust Mozilla every time one visits > the page. They could easily configure it to be malicious > one time out of a million (say); what are the odds that > they would be caught?

Bear in mind they also make the web browser.

[hypervis0r]

Sure, but that's open source and you can disable automatic updates, meaning they can't change the code whenever they feel like doing so. And if they do, the code will be kept in the source code control history, and will eventually be caught.

It's wildly different from a JS file that's loaded every time you visit the website.

[intherdfield]

It's pretty close to being the same thing. You're downloading Firefox at some point and not verifying the binaries you get match the source.

Unless Firefox provides fully reproducible builds on your platform from an open source compiler, you have no guarantee that the binary you have is built from the public source code. You have to trust Mozilla.

Without reproducible builds, compiling the source yourself would be the way to go.

Anyway, I agree that it should be clear that this file sharing service, while convenient, essentially requires you to trust Mozilla with your data. The claim "Mozilla does not have the ability to access the content of your encrypted file..." is fragile.

[cyphar]

If you are running on Linux, then Firefox is built by your distribution. So attacks like that are much harder to accomplish, because the distribution of software like Firefox is (for lack of a better word) distributed. I'm not going to get into all of the techniques that distributions use to make these things safer, the crux of the point is that you should always use distribution packages because we generally have much better release engineering than upstream (as we've been doing it for longer).