Disclaimer: my opinion is entirely MY OWN OPINION and does not reflect Mozilla's opinion or anyone I have worked with in the past. I also acknowledge my lack of deep understanding/insight of any sort but just a tiny bit of what I think I know, so feel free to correct me.
I agree with many of your points because they are in fact excellent arguments. Trust can mean various of things. But in this context, trusting Mozilla is merely trusting Mozilla based on its reputation. Mozilla does not log your password and does not sell you to an advertizing agency so your new shiny Fx Account is really to be used for Mozilla service. At least as far as we know at this point. Mozilla was named #1 most trusted organization [1] but that doesn't mean we should say Mozilla is more trustworthy than Google without considering the context in which the trust is placed in.
The first thing I want to echo is expectation. We expect so and so to do such job and deliver such promises. We expect that when we first sign up the password I pass to Firefox Account and Google Account, my password is hashed and salted with strong hashing algorithm. We expect Mozilla engineers and Google engineers to be honest and professional, so they won't be use MD5 or SHA1 to keep our passwords. But are they? We have to put a bet on Mozilla.
Almost all the Mozilla projects are open-source, meaning they exist somewhere on mozilla-central or on Github. But we can't verify that a server is actually running the code the service provider claims to be using. How can I trust them? I can't. I challenge anyone out there to propose a way to verify server, the same goal we want to have for deterministic build.
Unlike some startup which claim to be secured, Mozilla does not brag about security without hard work. They don't come up with their own new crypto and ask the community to challenge them. They are careful about code changes. With that, we say Mozilla is trusted. Google is therefore also trusted.
There are two kinds of trust:
First, people with first-hand access. They have access to some part, if not, all parts of the infrastructure. If you are running your own Persona identity bridge [2], you can verify yourself that the password you enter is hashed and salted with strong hashing algorithm and iteration. This is a great news for people who are paranoid about a particular website not handling your password properly -- provided that Mozilla sends your data over TLS channel and does not log your encrypted password in the middle.
Second type is based on experience, based on reputation. Google and Facebook employed thousands of engineers. If either is evil, then we would have heard a whistleblower gone on public already. Because there is none (or little) we expect them executing my expectation: my password is hashed and handled properly. So I am happy to stay as a Gmail user and authenticate my Gmail as Persona account. I know both Mozilla and Google will do the communication properly.
I am not an expert in either privacy or security, but I feel like people forget about the mission of the organization. Is Google bad? Is Google evil? The #1 argument is Google is for-profit and Mozilla is non-profit (yes, there is a business entity called Mozilla Corp which exists to handle business contracts like search engine option in Firefox), so Mozilla is more trustworthy, right? Since Mozilla is non-profit and it doesn't talk to advertiser or does not customized your search experience, there is little to no incentive for Mozilla to sell your data and have an advertising agency to customize your experience. With that, Mozilla's reputation is not touched.
Mozilla doesn't about your search query or activity EXCEPT metrics. How many users are experiencing such and such crash? Who is adopting such option and such. How many web servers are still negotiating RC4 cipher? Is Firefox stable? Is people happy with the security and privacy controls?
They don't care if you are bidding a cat on the Internet or voting Doge to be the next President of United States. The expectation of Mozilla is to make good things. For example, Mozilla Firefox should provide Do-Not-Track and private browsing (e.g. search record is not logged in the user's browser history). And Firefox does it. Unfortunately, there are issues but Mozilla are committed to resolve them in the best manner as possible. For example, should the default option for DNT be "tells site I don't want to be tracked" or "don't tell site about my DNT preference?" Currently the latter is the default option. Good or bad? One hand Fx is used by all sorts of users and many sees DNT and DT makes no difference and they might prefer to be tracked. This is why metric is important to a browser vendor like Mozilla. If 90% of the users are aware of DNT, if 90% are adopting DNT and "Tell sites I do not want to be tracked" is high and more and more sites are honoring DNT header, then the default would of course be "tell site DNT." [3] Are there information Mozilla should not be collecting? Probably. And you should challenge Mozilla if you are concerned. While not all Mozillians are created equally - they don't all think alike or agree on everything, one voice can have a snowball effect.
So in terms of interests, Mozilla has a much lower interests in anything else but the number of users able to use Firefox and its related services. After all, Mozilla wants to be the browser that everyone can trust and use. But it doesn't mean Mozilla can override everyone. Some of the proposal Mozilla makes are excellent but often rejected because other vendors proposed something else. Mozilla will have to decide how to resolve such challenge.
So why should you or me trust Mozilla alone?
Mozilla is an open-source organization and therefore almost everything they do is publicly listed. Many project meetings are open and publicly documented (but of course there are exceptions -- sometimes people don't remember they can make such meeting public, or because it's security/corporation/business confidential). But eventually, Mozilla releases notice about decisions they are making. This is not something Google or Facebook is likely going to do. But that's fine. Google and Facebook are much much larger than Mozilla and are entirely for-profit. Take Chrome vs Firefox. Yes, not Chromium. Chrome is closed-source, building upon Chromium. There is no closed-source Firefox releases by Mozilla. Since Firefox code can be viewed publicly, anyone can audited the code. I believe gps is working on deterministic build [4]. Since Fx Account is also publicly readable on Github and mozilla-central, the security of Fx account is both theoretically and practically more trustworthy than Chrome's Google Account implementation (though I believe Chromium users can connect to Google services the same way Google Chrome allows) -- provided that you put a bet on Mozilla's ability to take care of the infrastructure and is actually hosting the version it claims to use. If Persona is ever integrated into Fx Account, then it would be much nicer than Google Account in Chrome, since one can authenticate against one's own identity provider, not Google's or Mozilla's.
Furthermore, it is amazing to see how much Mozilla is capable of doing. It doesn't have 30k employees but Mozilla is capable of keeping data safe. I haven't really heard of Mozilla compromised (community servers, yes) yet. Somehow, this is strange to me. I might be too young to remember such incident, but in the recent years, officially? I haven't heard of one. So people at Mozilla are running a nice farm. I can trust the skill these people have.
Lastly, I do agree that UX is important. Google, Facebook and LinkedIn all have some awful UX to control security and privacy. Some features are not opt-out-able easily; some require deleting an account or disabling access to other core products. I urge everyone, including myself, to make the ability to control security and privacy settings as easily as possible. I think such improvement can make any organization more trustworthy - after all, if I can't opt in/out easily, I am locked in with default settings.
With that, I say I can trust Mozilla. I can trust Google, I can trust Facebook. I can trust many websites out there. But if there is an option and if time allowed, I'd work hard to harden my own identity. With that, I think Mozilla is trustworthy. If we continue to make control of privacy and security a priority over complex feature, some people will trust XYZ more.
I agree with many of your points because they are in fact excellent arguments. Trust can mean various of things. But in this context, trusting Mozilla is merely trusting Mozilla based on its reputation. Mozilla does not log your password and does not sell you to an advertizing agency so your new shiny Fx Account is really to be used for Mozilla service. At least as far as we know at this point. Mozilla was named #1 most trusted organization [1] but that doesn't mean we should say Mozilla is more trustworthy than Google without considering the context in which the trust is placed in.
The first thing I want to echo is expectation. We expect so and so to do such job and deliver such promises. We expect that when we first sign up the password I pass to Firefox Account and Google Account, my password is hashed and salted with strong hashing algorithm. We expect Mozilla engineers and Google engineers to be honest and professional, so they won't be use MD5 or SHA1 to keep our passwords. But are they? We have to put a bet on Mozilla.
Almost all the Mozilla projects are open-source, meaning they exist somewhere on mozilla-central or on Github. But we can't verify that a server is actually running the code the service provider claims to be using. How can I trust them? I can't. I challenge anyone out there to propose a way to verify server, the same goal we want to have for deterministic build.
Unlike some startup which claim to be secured, Mozilla does not brag about security without hard work. They don't come up with their own new crypto and ask the community to challenge them. They are careful about code changes. With that, we say Mozilla is trusted. Google is therefore also trusted.
There are two kinds of trust:
First, people with first-hand access. They have access to some part, if not, all parts of the infrastructure. If you are running your own Persona identity bridge [2], you can verify yourself that the password you enter is hashed and salted with strong hashing algorithm and iteration. This is a great news for people who are paranoid about a particular website not handling your password properly -- provided that Mozilla sends your data over TLS channel and does not log your encrypted password in the middle.
Second type is based on experience, based on reputation. Google and Facebook employed thousands of engineers. If either is evil, then we would have heard a whistleblower gone on public already. Because there is none (or little) we expect them executing my expectation: my password is hashed and handled properly. So I am happy to stay as a Gmail user and authenticate my Gmail as Persona account. I know both Mozilla and Google will do the communication properly.
I am not an expert in either privacy or security, but I feel like people forget about the mission of the organization. Is Google bad? Is Google evil? The #1 argument is Google is for-profit and Mozilla is non-profit (yes, there is a business entity called Mozilla Corp which exists to handle business contracts like search engine option in Firefox), so Mozilla is more trustworthy, right? Since Mozilla is non-profit and it doesn't talk to advertiser or does not customized your search experience, there is little to no incentive for Mozilla to sell your data and have an advertising agency to customize your experience. With that, Mozilla's reputation is not touched.
Mozilla doesn't about your search query or activity EXCEPT metrics. How many users are experiencing such and such crash? Who is adopting such option and such. How many web servers are still negotiating RC4 cipher? Is Firefox stable? Is people happy with the security and privacy controls?
They don't care if you are bidding a cat on the Internet or voting Doge to be the next President of United States. The expectation of Mozilla is to make good things. For example, Mozilla Firefox should provide Do-Not-Track and private browsing (e.g. search record is not logged in the user's browser history). And Firefox does it. Unfortunately, there are issues but Mozilla are committed to resolve them in the best manner as possible. For example, should the default option for DNT be "tells site I don't want to be tracked" or "don't tell site about my DNT preference?" Currently the latter is the default option. Good or bad? One hand Fx is used by all sorts of users and many sees DNT and DT makes no difference and they might prefer to be tracked. This is why metric is important to a browser vendor like Mozilla. If 90% of the users are aware of DNT, if 90% are adopting DNT and "Tell sites I do not want to be tracked" is high and more and more sites are honoring DNT header, then the default would of course be "tell site DNT." [3] Are there information Mozilla should not be collecting? Probably. And you should challenge Mozilla if you are concerned. While not all Mozillians are created equally - they don't all think alike or agree on everything, one voice can have a snowball effect.
So in terms of interests, Mozilla has a much lower interests in anything else but the number of users able to use Firefox and its related services. After all, Mozilla wants to be the browser that everyone can trust and use. But it doesn't mean Mozilla can override everyone. Some of the proposal Mozilla makes are excellent but often rejected because other vendors proposed something else. Mozilla will have to decide how to resolve such challenge.
So why should you or me trust Mozilla alone?
Mozilla is an open-source organization and therefore almost everything they do is publicly listed. Many project meetings are open and publicly documented (but of course there are exceptions -- sometimes people don't remember they can make such meeting public, or because it's security/corporation/business confidential). But eventually, Mozilla releases notice about decisions they are making. This is not something Google or Facebook is likely going to do. But that's fine. Google and Facebook are much much larger than Mozilla and are entirely for-profit. Take Chrome vs Firefox. Yes, not Chromium. Chrome is closed-source, building upon Chromium. There is no closed-source Firefox releases by Mozilla. Since Firefox code can be viewed publicly, anyone can audited the code. I believe gps is working on deterministic build [4]. Since Fx Account is also publicly readable on Github and mozilla-central, the security of Fx account is both theoretically and practically more trustworthy than Chrome's Google Account implementation (though I believe Chromium users can connect to Google services the same way Google Chrome allows) -- provided that you put a bet on Mozilla's ability to take care of the infrastructure and is actually hosting the version it claims to use. If Persona is ever integrated into Fx Account, then it would be much nicer than Google Account in Chrome, since one can authenticate against one's own identity provider, not Google's or Mozilla's.
Furthermore, it is amazing to see how much Mozilla is capable of doing. It doesn't have 30k employees but Mozilla is capable of keeping data safe. I haven't really heard of Mozilla compromised (community servers, yes) yet. Somehow, this is strange to me. I might be too young to remember such incident, but in the recent years, officially? I haven't heard of one. So people at Mozilla are running a nice farm. I can trust the skill these people have.
Lastly, I do agree that UX is important. Google, Facebook and LinkedIn all have some awful UX to control security and privacy. Some features are not opt-out-able easily; some require deleting an account or disabling access to other core products. I urge everyone, including myself, to make the ability to control security and privacy settings as easily as possible. I think such improvement can make any organization more trustworthy - after all, if I can't opt in/out easily, I am locked in with default settings.
With that, I say I can trust Mozilla. I can trust Google, I can trust Facebook. I can trust many websites out there. But if there is an option and if time allowed, I'd work hard to harden my own identity. With that, I think Mozilla is trustworthy. If we continue to make control of privacy and security a priority over complex feature, some people will trust XYZ more.
[1]: https://blog.mozilla.org/blog/2013/01/28/privacy-day-2013/
[2]: http://identity.mozilla.com/post/46374271364/persona-is-dist...
[3]: https://dnt-dashboard.mozilla.org/
[4]: https://bugzilla.mozilla.org/show_bug.cgi?id=885777