I don't believe they would simply close in that case; I strongly believe that they would instead choose to remain open under the logic that compromised but still working for user security / web "openness" is superior to folding and losing a force which aims to work for the "greater good". I believe this given their past choices in things like H264 and EME.

Given that, though, I also believe that enough smart people are in Mozilla that they would try to prevent themselves from being in a position where they would be a target such that they would face the dilemma. Which might be why they're only hosting middle relays, and not exits or guards :)

regarding H264 and EME, there are legitimate reasons for them having conceded on those fronts. Content providers do have a legitimate interest in protecting copyrighted work. Likewise, H264 is widely deployed and is already a sunk cost for most consumers and migrating away from it will take at least a decade, it was never going to work to forcefully go cold turkey; not everyone can pull an Apple and yank Flash support.

while those choices certainly limit user freedom (as in choice), they do not compromise user security (assuming EME is properly sandboxed, etc)

i don't think they would just up and close, they'd likely just sunset/curtail the services which would be subject to interception. in Lavabit's case, that was the entire business.

>Content providers do have a legitimate interest in protecting copyrighted work

Except DRM in the browser doesn't really accomplish that, does it? Hit The Pirate Bay or Google up a torrent and done. Things like Netflix DRM are only one step above HDCP.

If you really have to trust Mozilla here someone is doing something wrong.

Presumably these hosts will be part of a relay family and so tor will not select multiple of them in constructing a circuit.

When it comes down to it no matter how trustworthy mozilla has been in the past, any service they offer could be compromised going forward in a multitude of ways. This is why its important that systems and software be designed to be secure even without trust. (Then, add in some trust for good measure too).

trust is always a fun topic, as people are still unaware of how much stuff they trust today.

Let's say you trust TOR. Great.

Now you have to trust Mozilla's software if thats what you run. Let's say you trust Mozilla too, great.

Now you have to trust your whole OS. Lets say you do that. Great.

Now you have to trust the various devices connected to your computer. Lets say you trust that too. Great.

Now you have to trust the various companies that made all the various chips on your main bus, CPU. And the RAM and many other components. And don't forget the dynamically loadable firmwares running on them.

Good luck with that!

[note: this might have needed to be a reply to the parent post]

At least Mozilla doesn't have a 'business model' which is strongly dependant on you handing your data over to them, or other opaque/closed activities or software.

Lavabit could do it because they were a small shop (under 10 employees). Do you really think Mozilla is going to pull the pin with over 1000 employees?

More likely would be that they relocate. But relocating over 1000 people would be a massive feat.

how they handle their moral and legal obligations to 1,000+ people is up to them and i am sure those 1,000 people will be able to get as much assistance as they need to hold them over. 1,000 people keeping their jobs is statistically insignificant to the tens (hundreds?) of millions of compromised, faithful users. i dont think it would even be a question for them if the circumstances allowed for no other options. i believe their users would fully expect them to do this.

"I really wish Ladar Levison handed NSA the SSL keys so I could keep my email"

-- no Lavabit user, ever.

> mozilla, like few other companies, has my full faith that they would pull a Lavabit and close up shop before letting something like this completely erode their users' trust.

That trust is an exceptional asset, a unique competitive advantage for Mozilla. None of their for-profit[1] competitors can hope to compete in that area and I think it's especially valuable now that users are becoming aware of privacy and when the behavior of the competition often is so egregious. Mozilla has a chance to solidify their brand for the long term as the IT provider users can trust. If they can do that, IMHO they have a leg up in every market.

[1] I know Mozilla Corp. is for-profit, but profit is not their primary objective.

>pull a Lavabit

So, silently comply with warrants and other requests until a high-profile case comes along, then refuse to cooperate until a judge gets you to hand over everyone's data and your master keys, then turn that into a big PR show? OK.

> then turn that into a big PR show

if protecting whistle-blowers requires a PR show, i'll buy a front-row seat and pass me that popcorn. i believe what happened with the snowden request was not the same as other requests, obvious why in retrospect. http://www.wired.com/2013/09/lavabit-snowden-pen-register/

> So, silently comply with warrants and other requests

so are you suggesting, for the purpose of avoiding accusations of hypocrisy, all businesses should either comply unconditionally or close immediately and relocate to another country? what he did was unorthodox and perhaps somewhat PR motivated, but he did ultimately close his primary (only?) source of income on moral grounds. i'm not sure how much shit-slinging he deserves here.

anyhow, i think you took the analogy too literally.

Hopefully they simply don't back an architecture where the only option is to pull the plug.

the only type of architecture that is resistant to this would have to be distributed. for anything centralized and under control of a US company, the US laws can compel them to install intercept devices. sadly, not everything can be distributed, there will be centralization somewhere.

So people should start using it and hope that when the US compels them to do something, it is done in a way where Mozilla can resist it politically?

it's hard to answer this with a blanket statement because it's one company that does many things and builds many products. i'm not sure what the law says about requiring a company to continue to operate a service just for the sake of intercepting traffic, when the morals/mission of the company would otherwise terminate the service. i'd be interested to see if something like this has been tested in court.

the general rule of thumb is, don't base critical parts of your business or personal life on third-party cloud products that may go away for whatever reason, without your control and without notice. this includes Google's random termination of APIs, encrypted email services, etc. have a plan B if for some reason the Tor relays need to be suddenly taken offline, forever.

Company morals, mission statements, constitutions etc are marketing material and not law. If the law requires a company to comply but their mission statement goes against this, the law will win every time.

This is why the right place to put this sort of thing if you're really serious about it is in the corporate charter. Then it does become law as far as the company is concerned, since it's only chartered to operate under the terms of the charter.

Unfortunately, some jurisdictions don't allow sufficient customization of corporate charters to do this yet. It's been getting a bit better recently.

i dont think i claimed their morals would allow them to not comply with the law. but a company's past conduct is pretty important to evaluate in the context of how such situations will be handled. i'm unaware of a law that requires companies to continue providing compromised services to their users, for example.

I still don't see why someone worried about the US government would even start using a service where the best outcome of a warrant is that the service gets shut down.