When more bugs can mean tighter security

Summary:Mozilla Europe's president Tristan Nitot explains why having fewer disclosed vulnerabilities doesn't mean Internet Explorer is safer than the open-source web browser

...if you want to read the files. This is digital rights management. This is my computer, my copy of Windows, this is my data. I don't want any company, and not just Microsoft, to dictate what I do with my files.

Since then I've not used Windows on a regular basis. A computer is a fantastic tool for connecting to the internet. My whole life is in there — songs, movies, pictures, text, my blog posts. It links my friends through instant messaging and social networks. For many of us it would be impossible to work without a computer.

This is a tool I want to keep control of. I had the choice of either not updating Windows with SP2, which wouldn't have been secure, or not accepting the contract. So I moved to Linux, and when that machine died I switched to a Mac.

What is the current state of play with open-source development?
Open source is amazingly successful. I have a cracked iPhone running BSD, and a Nokia N80 tablet running Gecko 1.9. At home all my routers run Linux.

When I was younger I was fully addicted to computing, and I pictured myself in the future surrounded by Unix machines. I'm a bit geeky. But actually this has happened. Now we're surrounded by Unix and Linux machines, all connected to the internet. We have open source everywhere.

What are the main future challenges for the open-source community?
The open-source community needs to figure out the user experience part and the marketing part. With product quality and reliable operating systems, open source has won hands down. However, today, most open source is built by engineers for engineers, which makes the products not very user-friendly. This is something we've figured out in Firefox. Now this needs to be figured out in other projects.

So which distributions are user-friendly, and which aren't?
Ubuntu is interesting — users can use Ubuntu. The tricky part is Windows power users, who get lost on Linux. The inner workings of Linux are not easy to understand if you're coming from XP.

Why is marketing a problem for open source?
Open-source communities have way less marketing budget than proprietary software vendors, especially Microsoft, which reportedly spent $500m (£250m) launching Vista.

Mozilla released the first beta for Firefox 3 a month ago, and the second beta on Tuesday. You can work on web applications offline with Firefox 3. Will this work for all web applications?
The Firefox 3 beta has an API that tells the web app that it's offline, so it can store things locally, and sync back later. This implies the web app knows how to leverage the API, so [if it doesn't] it has to be updated.

How much is this a security feature? Do Web 2.0 applications open up new attack vectors?
A browser is a window onto the internet, which is why we take security so seriously. [But] I don't think Web 2.0 applications are particularly dangerous in terms of security. In terms of privacy they are, as seen on Facebook recently.

Are you talking about Beacon [Facebook's ad-tracking feature, which it withdrew], and if so, was it a bad idea?
Beacon was probably a bad idea, if the users think so. People see and adopt so-called "free services", but they do have a cost — a huge cost — to develop and run such systems. People are paying for them by giving up their privacy.

In many cases their privacy is more valuable than the service they get in return, because there's no price tag on privacy. It's hard to balance what you give with what you get. It's hard to understand whether you're getting a good deal. Right now I don't think users are getting a good deal.

There is a price per user to running a social-networking site, and social-networking site executives know that price — probably a couple of pounds per year. What you give in exchange is your age, your location, people you know, websites you visit, things you buy — this all gives a precise profile of you. It enables very variable targeted advertising, probably worth much more than a couple of pounds per year. With Beacon, I would have been the first to sign a petition [to stop it].

Topics: Security


Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.