> How do you protect against a court order compelling Mozilla to serve malicious JS to a user in order to phish the password ? It's unclear to me if it's any different from getting a court order to land malicious client-side code to extract keys directly from the browser or to phish an encryption passphrase. I think that in either case, it will be a legal question more than a technical one which is why I won't comment more. Here is a great example on how it's less of a technical problem and more of a legal one: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute
Bug 1034526 Comment 21 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
> How do you protect against a court order compelling Mozilla to serve malicious JS to a user in order to phish the password ? It's unclear to me if it's any different from getting a court order to land malicious client-side code to extract keys directly from the browser or to phish an encryption passphrase. I think that in either case, it will be a legal question more than a technical one. Here is a great example on how it's less of a technical problem and more of a legal one: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute