Mozilla in Asia

Mitchell was interviewed by Bernard Leong and Daniel Cerventus, two of the hosts of This Week in Asia podcast.

This Week in Asia is a podcast that caters to what’s the hot and interesting news dominating the web and tech landscape in Asia. We focus on the latest news on web and technology space, for example, Internet trends, mobile-web news and social media across Asia (China, Korea, Japan, India, Indonesia, Vietnam, Thailand, Malaysia, Singapore, Philippines, Australia, Hong Kong SAR, Cambodia, Laos and Middle East).

This Week in Asia Episode 69: Mitchell Baker Mozilla or via iTunes if you prefer that.

Previously Mark Surman has been on TWIA, as well as myself twice, Episode 39, and Episode 13.

Just a quick note to those who are interested in a status update from Korea. Kim Tong-hyung writes in the Korea Times that a number of major Korean banks are moving towards e-banking systems that will be cross-browser compatible vs. what is available today, which is IE.

The short story is that online banking with Firefox or Chrome is still a long-way off, but we can now foresee such a future, whereas before the changes by the Korea Communication Commission (KCC), such a future was impossible to consider.

“There have been complaints from computer users with non-IE browsers and our goal is to provide our Internet banking services to those with any browser,’’ said an IBK [Industrial Bank of Korea] official.

Existing local regulations require all encrypted online communications to be based on electronic signatures that are enabled through public-key infrastructures. And since the fall of Netscape in the early 2000s, Microsoft’s Active-X technology, used on its Internet Explorer (IE) Web browsers, remains the only plug-in tool used to download public-key certificates onto computers.

This prevented users of non-Microsoft browsers such as Firefox and Chrome from banking and purchasing products online. And computer security experts have also claimed that public-key certificates don’t add anything to security beyond a simple password gateway, which make them worse than useless as they create the illusion of safety where there is none.

and

Pressured by the calls to provide more flexibility in Internet security technologies, the Korea Communication Commission (KCC) announced it would allow other verification methods besides public-key certificates for protecting encrypted communication, which motivated companies like Woori Bank to differentiate.

Woori Bank’s new Internet banking system appears to be well-received, with the bank garnering 40,000 new customers just a month into the changes. And with a variety of banks, including IBK, Shinhan, Kookmin and SC First Bank, already providing non-Microsoft online banking services for smartphones, the transition toward an open Internet banking structure appears to be gaining pace.

Online banking wiggles out of Microsoft chokehold (The Korea Times)

On September 27th, Mitchell Baker visited Jakarta for a number of media interviews and a community gathering organized by Viking Karwur.

This was the first time Mitchell had visited Indonesia for Mozilla, and as such there was high demand to interview her, not only because of the success of Firefox globally, but also because Firefox enjoys a commanding market share in the Indonesian Internet market.

Mitchell started out with an interview at MetroTV with Timothy Marbun. We had originally hoped for Mitchell to get onto MetroTV’s morning news show, Indonesia Now, however, her plane was delayed and she missed the live taping window.

Mitchell prepping for the interview with Timothy Marbun of MetroTV.

Mitchell and Timothy Marbun (MetroTV)

After the TV interview, we traveled to the hotel where the rest of the media interviews were scheduled. Mitchell was interviewed by a number of key media resulting in articles such as:

Wawancara dengan Bos Mozilla Mitchell Baker (Vivanews)

Firefox Siap Hadang Browser Anyar Microsoft (Detik)

Sosok Nyentrik di Balik Kesuksesan Firefox (Detik)

Ponsel Futuristik di Mata Bos Firefox (Detik)

Mozilla Takkan Usung Premium Add-On (Detik)
“Pemasukan Kami dari Google” – Yahoo! Indonesia News

Mitchell Baker, Wanita ‘Rubah Api’ Dibalik Kesuksesan Firefox (Okezone)

Di Negara Asalnya Mozilla Firefox Tidak Populer (Okezone)

Mozilla Kembangkan Layanan Jejaring Sosial? (Okezone)

70% Gunakan Firefox, Indonesia Penting bagi Mozilla (Okezone)

Firefox Mobile Siap Menyasar Semua Platform (Okezone)

After the interviews, we moved on to the community gathering. We had almost 170 people registered to attend and we were concerned about overcrowding because the venue was smaller than this number, but due to very heavy rains in Jakarta that evening a number of people who had planned to attend could not. Still we had well over 100 enthusiastic attendees, including a number of old friends from my May trip.

Mozilla Indonesia Community Meetup: Jakarta, Indonesia | Sep 27

Kumi and Mozilla Indonesia Community Meetup

So how on earth did Firefox reach 70% market share in Indonesia?

The community meetup was a chance to make a number of announcements including,

- the winner of the mascot naming contest; ‘Kumi’ is the Indonesian Firefox mascot’s name.

- the announcement that Mozilla will partner with Pesta Blogger 2010 and Gen Kanai and William Quiviger from Mozilla will participate;

Cake made by a friend of the Indonesian Firefox localizer Romi Hardiyanto AND the papercraft ‘Kumi fox’ mascot of the Mozilla Indonesia community.

We will be distributing the papercraft doll via PDF asap from the Mozilla Indonesia community site so you can print and make your own.

Mitchell and Viking Karwur

Thank you to Viking and Romi and everyone else who helped make this first official Mozilla event a big success. We’ll be back for PestaBlogger and are actively considering what to do for 2010 and beyond.

Also additional photos by Naif Al’as

Mozilla Indonesia Community Meetup

Japanese girl blogger, Mamipeko, has browser icons custom painted onto her nails. The nail artist only knew the IE icon, sadly.

もしかして世界初？痛ネイルアート「ブラウザ」

Photo by Pietro Zuco.

Photo by Mamipeko.

via Asiajin and tuttie-cutie.

Bernard Leong and Daniel Cerventus of This Week in Asia interviewed me last week in advance of the Echelon 2010 conference in Singapore on June 1-2.  I will be speaking at Echelon about browser customizations and how they can help startups retain users and grow usage of your website/ webservice.

If you’re going to Echelon, I look forward to seeing you.

This Week in Asia Episode 39: Gen Kanai from Mozilla

I made one error in the interview that I need to clarify.

I said that the Firefox 4 alphas are not yet available. That is incorrect. They are available today as Mozilla Developer Preview (Gecko 1.9.3 alpha).

I got confused between the Firefox for Android builds, which were pre-alpha at the time of the interview but is now available as a nightly build for testing.

Kim Tong-hyung, staff reporter for the Korea Times, is the only reporter providing English-language coverage of the news on the Microsoft monopoly in S. Korea.

I wanted to share two recent articles from Kim Tong-hyung, one covering the event that Mozilla’s Lucas Adamski attended at the end of April and another covering the “anti-virus” industry in Korea, which is one of the incumbent industries that would be significantly negatively affected if the Korean government moved away from the current PKI-based encryption architecture.

Experts Say Specific Tech Mandates Make [Korean] Internet Banking Vulnerable

“There is danger in relying on technology too much, and specific technology in that,” Schneier said, stressing that the government should be commanding “results,” rather than technologies, from banks and credit-card companies in their efforts to provide better user protection.

“Once a law mandates specific technologies such as protocol, applications or software, innovation stops. Companies know they will be okay as long as they do everything that the law says, and they will not figure out ways to make things more secure.

and

Lucas Adamski, who heads the software security team at Mozilla, which backs the Firefox Web browser, said online banking and e-commerce providers should consider redesigning their Web pages to support HTTPS, or HTTP Secure.

“Supporting HTTPS comes with many benefits. The server is authenticated to ensure the user is talking to the server they think are talking to, before any content is sent or received,” Adamski said.

“The browser will not normally send or receive any content from a Web site with an invalid or expired certificate or if the certificate does not match the server name. This means that there is no opportunity for a man-in-the-middle (MITM) injection attack to happen in the first place.”

Is AhnLab to blame for online banking mess?

Kim Kee-chang, a Korea University law professor who had led a series of unsuccessful lawsuits against the government over the overwhelming Active-X use, is absolutely merciless when describing the role of AhnLab and other anti-virus firms in the whole mess.

“Anti-virus firms are the only ones who are benefiting from the current Internet banking structure, which itself happens to be the biggest fraud of all. This system is all about creating an illusion of security that essentially does nothing other than allowing these software makers to make easy money off aging technology,” Kim said in a recent interview with The Korea Times.

“It’s depressing to see these so-called Internet technology experts sinking so low, sacrificing their morality to the last ounce in pursuit of profit. They have government officials in their pockets, as nobody ever accuses bureaucrats of having a bright understanding of technology,” he said, emphasizing that it was the anti-virus firms that chose plug-ins as the method to provide the required security programs to banks and computer users.

For those of you who have followed my blog, you know that it has been 3 years since I first reported on the fact that Korea does not use SSL for secure transactions over the Interent but instead a PKI mechanism that limits users to the Windows OS and Internet Explorer as a browser. Nothing fundamentally has changed but there are new pressures on the status quo that may break open South Korean for competition in the browser market in the future.

In fact, one of the new pressures on the status quo has been the popularity of the iPhone in South Korea, which wasn’t available officially until late 2009 due to a different Korean software middle-ware requirement, WIPI, which has since been deprecated. With WIPI dead and buried, Apple released the iPhone to great fanfare in the Korean market and Blackberry has also launched in the Korean market.

Another pressure on the status quo was a recent report out from 3 researchers (Hyoungshick Kim, Jun Ho Huh and Ross Anderson) from the University of Oxford’s Computing Laboratory, “On the Security of Internet Banking in South Korea.”

South Korean Internet banking systems have a unique way of enforcing security controls. Users are obliged to install proprietary security software – typically an ActiveX plugin that implements a bundle of protection mechanisms in the user’s browser. The banks and their software suppliers claim that this provides trustworthy user platforms. One side-effect is that almost everyone in Korea uses IE rather than other browsers.

We conducted a survey of bank customers who use both Korean and other banking services, and found that the Korean banks’ proprietary mechanisms impose significant usability penalties. Usability here is strongly correlated with compatability: Korean users have become stuck in an isolated backwater, and have not benefited from all the advances in mainstream browser and security technology. The proprietary mechanisms fail to provide a trustworthy platform; what’s more, alternative strategies based on trustworthy computing techniques are quite likely to suffer from the same usability problems. We conclude that transaction authentication may be the least bad of the available options.

The popularity of the iPhone (the press claims 500,000 units sold in the few months since it was released) resurfaced the issue that only Windows and IE can be used to make secure transactions with Korean Internet services. iPhone/Blackberry/Android users in Korea (not to mention Firefox/Opera/Safari/Chrome users) cannot bank online or purchase items online or do any secure transaction with the smartphone browser because Korean services only support the PKI mechanism that only works with Active-X in IE and Windows.

Dr. Keechang Kim of Korea University has been working tirelessly for many years to try to change the status quo in Korea around browsers and the reliance on a PKI mechanism that is tied to one platform. With concern being raised by different parts of the Korean government, including the Korean Communications Commission as well as the Office of the President of Korea, Keechang has gathered a very interesting panel of presentations for April 29th in Seoul.  The panelists will be addressing the (Korean) Financial Supervisory Service (FSS) which is the regulatory body in Korea that is currently mandating the PKI mechanism that is in place today (which requires Active-X, etc.)  Unless the FSS relaxes or changes their regulations, Korean banks cannot offer other mechanisms for Korean users to bank online, etc.  In short, unless the FSS changes their stance, nothing will change in Korea.

“Security Issues of Online Banking & Payment in Korea” is an open public meeting (registration recommended) starting at 10 AM on April 29th at COEX Conference Hall E1 and will feature:

• Bruce Schneier (Chief Security Technology Officer, BT) on “Security: What Works, What Doesn’t, and Why”
• Hyoungshick Kim, Jun Ho Huh (Univ. of Oxford) “What’s the danger of mandating proprietary security solutions?”
• Lucas Adamski (Dir. Security Engineering, Mozilla) on “Securing Browser Interactions”

Again this meeting is open to the public. Anyone is welcome to attend.

While I have no illusions that one meeting will get the key Korean government entities to do a 180 from their current stance, I do think this will be an important opportunity to bring external, Korean and non-Korean security expertise to Korea to discuss the current state of affairs and show that a PKI-based security architecture is only as secure as the computers that those certificates are used on.  If the computers are compromised, and at least one security services provider, Network Box, claims that S. Korea is the largest source for malware in the world, (Korea reigns as king of malware threats) then there is no way to be sure that the person in control of those personal certificates is the legitimate owner.

The deletion of the requirement for WIPI in Korean mobile phones opened the Korean market to the iPhone and the Blackberry and Android phones from outside of Korea.  Korean users of these new smartphones realized that they could not bank online, buy online, etc. and are now pressuring the Korean government to change the current laws which mandate a PKI-based mechanism that has been implemented with Active-X.  As the popularity of smartphones that cannot make use of the current PKI-based architecture for encryption/authentication grows in Korea, the pressure for the government to change their regulations will only mount.  The key question for Mozilla is whether the Korean government will open up to a point where Firefox and Fennec can be used in the future for secure transactions in Korea.

Thank you to Keechang and everyone in the OpenWeb.or.kr community for your tireless efforts to try to break open the Korean market. Thank you also to Channy Yun who has put aside his own schedule in order to participate and guide Lucas in Seoul.  There is still a long road to walk to an open, competitive market in S. Korea for browsers, but I am starting to see the light at the end of the tunnel.

Disturbing news from the US.

Windstream Communications, a large ISP based on the East Coast of the US, has been caught using DNS redirection of the search results from the Google Toolbar in Firefox. Users using the Google Toolbar in Firefox were served a Windstream search results page, not a Google search results page. I’m not clear how this could even be done but this should never ever happen.

Windstream Hijacking Firefox Google Toolbar Results – Users kick back, Windstream promises correction tonight

Once their customers started complaining, Windstream representatives posted at dslreports.com that

“I won’t go into the technical details, but this was not a desired result to modify the Firefox search field regardless of which search provider is used in the browser.”

Somehow I can’t give this company the benefit of the doubt.

Edit:

Firefox redirects to windstream communications search results when I do a Google search in the search bar. (Mozilla Firefox support forums)

and

How do I remove a web search redirect? (Google Web Search Help Forum)

Chris Grams interviews Chris Blizzard at opensource.com on the topic of building community in open source. The five questions in question are:

1. When I first met you ten years ago, you were a Red Hat employee with a day job keeping the redhat.com website up and running, and, even then, you were hacking on Mozilla for fun in your spare time. Now you run developer relations for Mozilla, and you’ve had some other amazing experiences, including working on the One Laptop Per Child project, along the way.It strikes me that you are a great case study of someone who has achieved success in the meritocracy of open source by doing good work. Knowing what you know now, if you were starting from ground zero as a community contributor, how would you get started?

2. Firefox is arguably the most successful open source project from a mainstream consumer standpoint. Meaning, it not only has an active community of developers, but it also attracts a broad community of users from all walks of life. Why has Firefox succeeded at reaching a mainstream audience when other open source projects (like the Linux desktop) have struggled?

3. Mozilla has a noble mission, beautifully articulated here, of “encouraging choice, innovation and opportunity online.” What role to do you feel this mission plays in attracting developers to work on Mozilla projects? Are most developers oblivious to it and just want to work on cool technology? Or is the mission meaningful to them?

4. What’s the dumbest thing a company can do when trying to build an active, engaged community of contributors?

5. And what’s the smartest thing?

Five questions about building community with Chris Blizzard of Mozilla | opensource.com

Channy Yun, Mozilla’s community leader in Korea and the Korean Firefox localization leader has been selected as a Mindtouch “Most Powerful Voice” in open source.  Congrats to Channy for his tireless efforts to push web standards, the open web, and promote open source in both Korea and the world.