Techdirt. Stories about "mozilla"

Mozilla Sends Cease And Desist Letter To Commercial Spyware Company For Using Firefox Trademark And Code To Trick Users

Glyn Moody — Fri, 3 May 2013 18:38:00 PDT

Techdirt has written several times about the increasing tendency for governments around the world to turn to malware as a way of spying on people, without really thinking through the risks. One company that is starting to crop up more and more in this context is Gamma International, thanks to its FinFisher suite of spyware products, which includes FinSpy. A recent report by Citizenlab, entitled "For Their Eyes Only: The Commercialization of Digital Spying", has explored this field in some depth. Among its findings is the following:

We identify instances where FinSpy makes use of Mozilla's Trademark and Code. The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest. This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists.

That's pretty serious: Mozilla's trademark is not only being abused, it's being used to trick people into installing malware that might well have serious consequences for them if their government disapproves of their activities. Quite rightly, then, Mozilla is taking legal action, as the organization's privacy and public policy lead, Alex Fowler, announced in a blog post: A recent report by Citizen Lab uncovered that commercial spyware produced by Gamma International is designed to trick people into thinking it's Mozilla Firefox. We've sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.
Choosing Mozilla as the cover for this malware is cynical in the extreme, for reasons Fowler explains: As an open source project trusted by hundreds of millions of people around the world, defending Mozilla's trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission. Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be -- and in several cases actually have been -- used by Gamma's customers to violate citizens' human rights and online privacy.
The only consolation regarding this move to create commercial spyware for sale to governments around the world is that it is possible to use conventional legal instruments like cease and desist letters against the companies behind them when they overstep the mark. Nonetheless, it's a deeply disturbing development that even countries like Germany now seem happy to use FinFisher in order to spy on their citizens by means of malware (original in German.)

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

Mozilla Helped To Stop SOPA In January, Now It's Worried About WCIT

Glyn Moody — Tue, 11 Dec 2012 03:05:00 PST

Mike wrote how both Vint Cerf and Sir Tim Berners-Lee were concerned about the outcome of the WCIT talks currently taking place in Dubai. Those aren't the only important voices being raised. Here, for example, is the Mozilla Foundation, the organization behind the Firefox browser and many other free software projects: The Web lets us speak out, share, and connect around the things that matter. It creates new opportunities, holds governments to account, breaks through barriers, and makes cats famous. This isn't a coincidence. It's because the Web belongs to all of us: We all get a say in how it's built.

Mozilla has made it our mission to keep the power of the web in people's hands. But all this could change on December 3.

Our governments are going to meet in Dubai to decide whether an old treaty, the International Telecommunication Union, can be expanded to regulate -- to control -- the Internet.

The issue isn't whether our governments, the UN, or even the ITU should play a role in shaping the Web. The problem is that they are trying to do it behind closed doors, in secret, without us.

We believe everyone should have a voice. And this site is to help you be heard in Dubai.
As you can see, the Mozilla Foundation isn't just moaning about WCIT, it's giving people tools to help them engage with it -- despite the best efforts of the ITU to shut out the public. As a blog post about Mozilla's position on WCIT explains: The resources we are making available today will give you everything you need to learn about the upcoming meeting and why it matters, craft an effective message to get your government to listen, and engage in the global conversation about how decisions about the future of the Web should be made.
Aside from this very practical help, Mozilla's move is important for another reason. In the past, Mozilla has tended to avoid getting involved with issues that are as much political as technical. The big exception was SOPA, when it took part in the January 18 Blackout, with impressive results: Approximately 30 million people in the US who use the default start page in Firefox received the blacked out page with our call to action

We sent messages out to almost 9 million people via Facebook, Twitter and our Firefox + You newsletter

Our messages were retweeted, shared and liked by over 20,000 people (not counting MC Hammer’s tweet to his 2.4 million followers!)

1.8 million people came to mozilla.org/sopa to learn more and take action on the issue

600,000 went on to visit the Strike Against Censorship page, hosted by the EFF

Ultimately, 360,000 emails were sent by Mozillians to members of Congress, contributing a third of all the emails generated by EFF’s campaign site.
The action that it is taking over WCIT isn't quite so drastic, and so is unlikely to have such a big impact. But the fact that Mozilla has once again cast aside it usual apolitical position to voice its concerns shows how great they are.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

Meet The Internet Defense League (And Join It, Too)

Mike Masnick — Thu, 19 Jul 2012 07:15:42 PDT

A bunch of the folks who were instrumental in the SOPA/PIPA fight have been working together over the last few months to build The Internet Defense League, which is launching today. Techdirt is a founding member, along with a number of other organizations and sites, including Reddit, Mozilla, Cheezburger, EFF, Fark, Imgur and more. The process is being driven by the awesome folks at Fight for the Future, who were the ones behind the American Censorship Day effort during the SOPA fight. The launch is today, in part because today is also the day that the new Batman movie opens -- and part of the IDL's concept is that when the internet is at risk, it can shine a "cat signal" to alert the internet to jump in and do something: Believe it or not, they've actually put together a few of these cat signals in real life, so look around tonight in a few cities and you might see one.

Taking a page from Kickstarter, the IDL has set up various tiers to which you can donate to get your own personal mini-cat signal or a t-shirt or some other fun offerings.

Earlier this year, I wrote about the Hacking Society gathering, put on by Union Square Ventures. During that discussion, Clay Shirky brought up the idea of an "Internet Volunteer Fire Department" and Tiffiniy Cheng, from Fight for the Future, explained the IDL and how they were already working on it. You can watch that discussion to get a sense of the thinking behind this effort: We're proud and excited to be a part of this effort. We, like many, hope that the IDL is actually a wasted effort and is never actually needed. But, given what we see happening all the time, it seems unlikely that the IDL will never need to be called into action.

Permalink | Comments | Email This Story

Old Habits Or New Envy? Microsoft Bans 3rd Party Browsers On Windows RT

Mike Masnick — Fri, 11 May 2012 06:56:00 PDT

The big antitrust case in the US against Microsoft about a decade ago focused on Microsoft's efforts in the browser war to lock out Netscape. While Microsoft lost that case, regime change at the DOJ meant that Microsoft got a slap on the wrist, rather than being broken up (as was originally proposed). In the long run, this may have been the best solution anyway. The market itself realized soon after that there was a pretty big opening for an innovative and effective web browser, and new competitors sprung up and took market share away from Microsoft: first Mozilla's Firefox, then Apple's Safari and finally Google's Chrome (and, yes, there have been a few smaller players as well, but they're all pretty small). Either way, given that Microsoft technically lost the antitrust case filed against it, and the key reason was its efforts to block the use of Netscape, you would think that the company would be a bit more sensitive about blocking competing browsers.

However, a war of words is brewing between Microsoft and Mozilla over the fact that Microsoft is effectively banning native third party browsers on Windows RT -- which will effectively become the "mobile device" version of Windows. On top of that, the company apparently is blocking the use of certain APIs that would be useful -- and which Microsoft's own browser will be able to use.

It's easy to assume nefarious intent on the part of Microsoft, but reading through the details, it feels more like a case where Microsoft is growing jealous of Apple's control over the iPhone platform, and is effectively looking to do some of the same with its next generation mobile offering. I think that's pretty short-sighted. Denying third party browsers may have worked for now, for Apple, but that's driven (in large part) by the larger than life infatuation with Apple products. I'm not sure any other company can pull it off -- especially Microsoft.

The way to compete with Apple is to attack where it's weakest -- and that's by being more open. Instead, it looks like (in typical Microsoft fashion) Microsoft has decided to try to attack Apple by copying where Apple is strongest -- in its walled garden. And, in the process, the company may end up setting off some antitrust alarm bells. Oh, and also, along the way, it will severely hurt its own platform by limiting the types of useful innovations that others might provide. That doesn't seem like a very smart business plan.

Permalink | Comments | Email This Story

Head of Mozilla Says ACTA Is 'A Bad Way To Develop Internet Policy'

Glyn Moody — Wed, 15 Feb 2012 16:02:26 PST

One telling sign of the widespread concern about SOPA/PIPA was that the non-profit Mozilla Foundation, which oversees the open source Firefox and Thunderbird projects, abandoned its non-interventionist policy, and came out strongly against the bills. It first signed a joint letter sent to the key sponsors of both bills, and then modified its home page, pointing to further information about SOPA. That, in its turn, linked to a post entitled "PIPA/SOPA and Why You Should Care," written by Mitchell Baker, the Chair of the Mozilla Foundation.

Baker has now written another, entitled "ACTA is a Bad Way To Develop Internet Policy", which explicitly links ACTA and SOPA/PIPA:

One aspect of the controversy about ACTA is the closed process where only a tiny subset of people affected by the law were allowed to participate. Another great controversy is about the actual content of ACTA. We know that the goal of stopping unauthorized access to digital content can lead to very dangerous results. The proposed SOPA and PIPA legislation in the U.S made this abundantly clear. This is an area where even good intentions can lead to imbalanced and dangerous results.

The post is fairly restrained, and basically recommends that people should find out more about ACTA and "make their voice heard." But it's a further indication that people from all sectors are waking up to the problems with ACTA, just as they did with SOPA/PIPA.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

Facebook, Twitter, eBay & Other Big Internet Companies Come Out Against SOPA

Mike Masnick — Tue, 15 Nov 2011 10:44:00 PST

While Google has been pretty vocal about its complaints concerning PROTECT IP and SOPA, and Yahoo, LinkedIn and Zynga have expressed concerns elsewhere, the silence of large companies like Facebook, Twitter, eBay, Mozilla and AOL had been unfortunate. That appears to be changing. As a group, they have now all sent a letter to the key sponsors of both bills, arguing that the approach here is the exact wrong approach, and will do significant damage to the parts of the economy that are innovating and creating jobs today:

We are very concerned that the bills as written would seriously undermine the effective mechanism Congress enacted in the Digital Millenium Copyright Act (DMCA) to provide a safe harbor for Internet companies that act in good faith to remove infringing content from their sites. Since their enactment in 1998, the DMCA's safe harbor provisions for online service providers have been a cornerstone of the U.S. Internet and technology industry's growth and success. While we work together to find additional ways to target foreign "rogue" sites, we should not jeopardize a foundational structure that has worked for content owners and Internet companies alike and provides certainty to innovators with new ideas for how people create, find, discuss, and share information lawfully online.

We are proud to be a part of an industry that has been crucial to U.S. economic growth and job creation. A recent McKinsey Global Institute report found that the Internet accounts for 3.4% of GDP in the 13 countries that McKinsey studied, and, in the U.S., the Internet's contribution to GDP is even larger. If Internet consumption and expenditure were a sector, its contribution to GDP would be greater than energy, agriculture, communication, mining, or utilities. In addition, the Internet industry has increased productivity for small and medium-sized businesses by 10%. We urge you not to risk either this success or the tremendous benefits the Internet has brought to hundreds of millions of Americans and people around the world.

Can't wait to see the usual commenters stop by to insist that basically every big company on the internet is only saying this because they're dedicated to infringement. But the real question is: at what point does Congress realize that there's real opposition to this bill from one of the few industries out there that's actually doing well these days?

Permalink | Comments | Email This Story

Homeland Security Demands Mozilla Remove Firefox Extension That Redirects Seized Domains

Mike Masnick — Thu, 5 May 2011 14:59:33 PDT

Apparently, the folks at Homeland Security are not at all pleased with the very, very simple Firefox extension, called MAFIAAfire, that negates ICE's domain seizures, by automatically rerouting users to alternate domains. Apparently, DHS demanded that Mozilla take the extension down from its listing of Firefox extensions claiming that the add-on "circumvented" DHS's seizure orders. Thankfully, Mozilla didn't just fold, but instead left it up and sent DHS a list of questions concerning the request. The list of questions is really fantastic, as it goes way beyond the direct request to really get to the heart of the questionable nature of ICE's activity with domain seizures:

To help us evaluate the Department of Homeland Security's request to take-down/remove the MAFIAAfire.com add-on from Mozilla's websites, can you please provide the following additional information:

1. Have any courts determined that MAFIAAfire.com is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings)

2. Have any courts determined that the seized domains related to MAFIAAfire.com are unlawful, illegal or liable for infringement in any way? (please provide relevant rulings)

3. Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.

4. Has DHS, or any copyright owners involved in this matter, taken any legal action against MAFIAAfire.com or the seized domains, including DMCA requests?

5. What protections are in place for MAFIAAfire.com or the seized domain owners if eventually a court decides they were not unlawful?

6. Can you please provide copies of any briefs that accompanied the affidavit considered by the court that issued the relevant seizure orders?

7. Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down MAFIAAfire.com is based?

8. Please identify exactly what the infringements by the owners of the domains consisted of, with reference to the substantive standards of Section 106 and to any case law establishing that the actions of the seized domain owners constituted civil or criminal copyright infringement.

9. Did any copyright owners furnish affidavits in connection with the domain seizures? Had any copyright owners served DMCA takedown notices on the seized domains or MAFIAAfire.com? (if so please provide us with a copy)

10. Has the Government furnished the domain owners with formal notice of the seizures, triggering the time period for a response by the owners? If so, when, and have there been any responses yet by owners?

11. Has the Government communicated its concerns directly with MAFIAAfire.com? If so, what response, if any, did MAFIAAfire.com make?

It's always nice to see some organizations not just roll over when the government comes calling. Kudos to Mozilla for not just refusing to takedown MAFIAAfire, but for also asking serious questions of DHS. Of course, DHS has refused to respond at all...

Permalink | Comments | Email This Story

Disappointing: Mozilla Siding With Bogus EU Antitrust Action Against Microsoft

Mike Masnick — Wed, 11 Feb 2009 05:51:00 PST

Last month, it seemed silly that EU regulators were pursuing Microsoft for antitrust violations in the browser market for bundling IE. It was clear that some of the initial complaints had come from Opera -- an also-ran in the browser market. However, it seemed silly because there is vibrant and growing competition in the marketplace. Firefox has continued to grow its market share, and in the past few years we've seen new entrants in the browser market from Apple and Google -- both of whom have established small, but significant footholds.

So, it's especially disappointing to read that the Mozilla Foundation appears to be siding with the regulators, complaining about Microsoft's actions. Obviously, Mozilla is competing with Microsoft in this space, so at a first pass it may seem in their best interests to lobby the EU to punish Microsoft. But it's disingenuous to say the least. Mozilla got where it did because it competed effectively. It built a better, more secure browser that many people made the choice to support over IE. In fact, Firefox's chief architect, apparently unaware of what his "bosses" were cooking up, seems to have recently contradicted the Mozilla Foundation's new position, where he admitted that he couldn't see how anyone with a straight face could claim that Microsoft's ability to bundle created a monopoly, noting that Firefox's success in growing marketshare showed that making yourself "demonstrably better" worked. Oops.

Permalink | Comments | Email This Story

Is Firefox Missing The Point In Its Response To Google Chrome?

Blaise Alleyne — Tue, 16 Sep 2008 02:19:54 PDT

Seth Godin thinks Firefox is missing the point by launching new features in response to Google Chrome. He says the problem now is that "when your friends switch to Firefox, your life doesn't get better." Firefox needs to provide people with an incentive to spread it, so that the more people use it, the better it gets for users (think of a social networking site -- you have a better experience if more of your friends join). He suggests new communication and collaboration features that only work if you have Firefox.

I think he's missing the point.

He ignores the Firefox community. The life of a Firefox user does improve as the user base grows. A more vibrant community means better add-ons, bug fixes, security patches, phishing reports, translations/dictionaries, etc. -- all members benefit. Mozilla is already providing the sort of incentive he describes. Sure, there may be ways to improve, but I don't think they're missing the point.

Plus, "only for Firefox users" isn't the Mozilla approach. Mozilla wants to improve the web for everyone -- not just Firefox users. Mozilla thinks your browser should be like your phone or your car; it shouldn't matter if your friends or co-workers are using the same product. You don't need to consider which phone carrier your friend uses before making a call, or which car your co-worker has before providing directions; you shouldn't have to think about what browser someone uses before communicating with them online. People don't need special browser-specific features in order to communicate browser-to-browser, that's what web services (or add-ons) are for. Those kinds of features would make life on the web more difficult for everyone if they were Firefox specific, and if they weren't, Google could just implement them in Chrome.

The community is one thing Firefox has that Chrome can't copy overnight.

If you read some responses to Chrome from people at Mozilla, it doesn't seem like they're missing the point. Competition in the browser market is validation of Mozilla's mission for Firefox, and Mozilla plans to compete by continuing to innovate and to involve the community. Seth Godin makes a great observation about giving people an incentive to spread your product -- "people will recommend something if adoption improves their lives" -- but he doesn't mention the ways in which Mozilla has already taken that to heart. How do you think Firefox became popular in the first place?

Permalink | Comments | Email This Story

Is The Google/Firefox Relationship A Conflict Of Interest?

Timothy Lee — Fri, 2 Nov 2007 06:28:00 PDT

CNET's Chris Soghoian raises some concerns about Google's close relationship with the Mozilla Foundation, the non-profit that owns the Firefox trademark. He points out that the vast majority of Mozilla's revenue comes from Google, and notes a number of ways that Firefox is configured to use Google as the default for various online services. Soghoian is right that close scrutiny of these sorts of relationships is healthy. However, it's pretty hard to get too worked up about the specific problems he cites. First, he notes that Mozilla has chosen not to include a couple of ad- and cookie-blocking plugins with the default Firefox package. Soghoian thinks that's a sign of something fishy going on, since those products would deprive Google of revenue. But there are thousands of plugins out there, and all sorts of reasons they might have chosen to exclude any given one. Soghoian offers no evidence it was at Google's behest. But more to the point, even if it were Google's doing, I don't understand why that would be a bad thing. Google makes a profit by selling advertising and shares a significant share of those revenues with Mozilla, which Mozilla then spends on making Firefox better. That sounds like a win-win-win proposition to us. Finally, given Google's excellent track record of making ads actually useful, relevant, and non-intrusive, it's not at all clear that users even want Firefox to block its ads. As long as Mozilla doesn't try to stop users from installing ad-blocking plugins themselves, I don't see the problem.

Soghoian also objects to the fact that Google controls Firefox's phishing blacklist. At least one prominent security researcher claims that one of Google's sites has a serious security flaw that they've refused to fix, and they've also refused to add themselves to the Mozilla phishing blacklist. Obviously, unfixed security flaws are a bad thing, but this doesn't seem to have all that much to do with the Google-Firefox relationship per se. Google is not a fly-by-night operation, and it's highly unlikely they're leaving unfixed security flaws on their site as a matter of corporate policy. More likely, any unfixed security problems are the result of honest oversights or bureaucratic incompetence. The solution, then is to put pressure on Google to fix the problem. Even if someone else controlled the blacklist, it's likely they'd be reluctant to take the drastic step of blacklisting a Google-owned site.

Free software projects like Firefox rely on contributions from a wide variety of individuals and organizations. Many of them participate for self-interested reasons, and there's absolutely nothing wrong with that. Of course, it's important to scrutinize such relationships to ensure that they don't subvert the broader goals of the organization. But I see little reason to think that describes either of Soghoian's examples. And it would be a mistake to let a general distrust of for-profit companies undermine opportunities to make free software better.

Permalink | Comments | Email This Story