Identity at Mozilla

Home of the Mozilla Identity team

  1. Persona and Surveillance

    Jun 11, 2013 — by benadida

    Over the last few days, news reports indicate that US government agencies are involved in broad surveillance of phone and Internet traffic. The exact extent of this surveillance is not fully understood. The Mozilla Identity Team joins the rest of Mozilla in calling for a thorough investigation of these surveillance activities. We also join security professionals like Bruce Schneier in highlighting the importance of transparency of surveillance activities:

    Knowing how the government spies on us is important. Not only because so much of it is illegal — or, to be as charitable as possible, based on novel interpretations of the law — but because we have a right to know.

    So, with that said, let’s talk about Mozilla Persona in this context, and more broadly about Mozilla-provided user services. Mozilla stores some user data to provide these services. As per our privacy policy, we store only what we must to provide the features we build and validate with users and developers. Mozilla’s Manifesto clearly shows how we focus on user sovereignty, whether we’re discussing Firefox or Persona.

    Some have called on us to move Persona servers outside the US to escape the now-revealed surveillance activity. We don’t think that would help, and even if it did a bit, we think we can be much more productive by focusing on other areas. First, it’s not clear to us that other governments have any less intrusive surveillance activities. Second, as a US company, Mozilla is subject to US Laws, wherever we host our servers. Third, we’d rather not engage in an arms-race with US government agencies. We’d rather focus on efforts to change the Law to respect user data wherever it lives.

    It’s also worth pointing out that we do take certain technical measures to limit the data we collect. We’ve designed Persona so that the identity provider – including the fallback Identity Provider that we run – does not learn your browsing history. We consider that a good security practice, not specifically because of surveillance, but generally because collecting data without a user benefit just creates risk.

    Mozilla will always do its utmost to serve and protect users, with a combination of technology and policy. We want to make sure the Law helps us do that. Help us by signing the petition.