Two aspects of Mozilla’s close ties with Google over development of the Firefox browser have Chris Soghoian concerned about a conflict of interest in play.
People who adopt Firefox as a replacement for Microsoft’s Internet Explorer think they are turning aside a monopolist in favor of a more secure and open browsing alternative. It may not be as open as we think.
I missed a little bit of semantic nuance back in May, when Mozilla’s Asa Dotzler commented on my speculation that Mozilla could be pressured via Google by a company like Verizon. As Asa commented, and I’ve emphasized in bold:
Can Google (or any one, for that matter) effectively pressure Mozilla to change course on a Mozilla Labs project that they’re not directly involved with? Absolutely not.
Now look at the context Soghoian brings to the Mozilla and Google topic, and how Dotzler’s choice of words appear to fit five months later.
“The close relationship between Google and Mozilla leads to a number of serious conflicts of interest. The end result is that users’ online privacy and security take a backseat to the protection of Google’s revenue streams,” Soghoian wrote at CNet.
One conflict of interest comes in the form of ad blocking, the other in phishing toolbars. Soghoian wondered why Firefox’s developers haven’t integrated two of the most popular add-ons for the browser, AdBlock Plus (and the Filterset G Updater), and CustomizeGoogle.
“Even if Mozilla were contractually free to include anti-Google-tracking features, it would not be a wise move, business-wise. After all, it is not too smart to anger the company that provides more than 85 percent of your financing,” said Soghoian.
His phishing assessment shows an even greater concern for Firefox users. A documented flaw in gmodules.com, as found by well-known security researcher RSnake, has been dismissed by Google as a feature, not a bug.
It’s funny when Jimmy Neutron calls his robotic dog Goddard’s ability to explode a feature instead of a bug. On the Internet, the joke isn’t quite as laugh-inducing.
Soghoian charged, based on RSnake’s experience and findings, that no anti-phishing product will enter the market with a Google domain on a blacklist. Google domains won’t be placed in the blacklist it maintains for Firefox, either.
The problem comes not just from the revenue stream Google provides to Firefox, most recently $56 million in 2006. Soghoian noted how Googlers spend a lot of time building Firefox, including lead developer Ben Goodger, a Google software engineer. (UPDATE: Asa Dotzler said in an email neither Goodger nor other Google staffers have been major contributors in some time.)
Google contributes time, people, and money, the three essential parts of any project. Mozilla CEO Mitchell Baker has claimed Mozilla can quit Google any time it wants.
If they really want to keep the trust of Firefox users, it may be time for a divorce. It won’t be as easy as driving through a quickie divorce shop in Reno, but for the long term good of the project it may be necessary.
Unless, of course, they really can’t leave $56 million and scads of talented Googler developer time on the table.
