According to Mozilla CTO Brendan Eich and VP of mobile and R&D Andreas Gal, the solution is to use open-source software whose source code can and has been audited by independent security experts.
"Every major browser today is distributed by an organization within reach of surveillance laws. As the Lavabit case suggests, the government may request that browser vendors secretly inject surveillance code into the browsers they distribute to users" they pointed out in a blog post, but added that they "have no information that any browser vendor has ever received such a directive."
They, naturally, touted the company's Firefox browser as the best option, given that IE is completely, and Safari and Chrome partially, based on closed-source code.
Also, anyone who knows how to do it can verify that Firefox' source code has not been tampered with by building Firefox from source and comparing the built bits with the official distribution.
They have then invited and urged security researchers and organizations to audit Mozilla source and verified builds on a regular basis, and to develop automated systems that can verify official Mozilla builds from source, so that an alert can be raised as soon as possible if they don't match.
The company will also create such a verification system, and will ask people from around the world to participate. But, as they themselves say, "software vendors — including browser vendors — must not be blindly trusted," and they therefore ask independent security researchers to do it also.
Finally, they raised the possibility of audited browsers becoming "trust anchors" able to authenticate fully-audited open-source Internet services, and asked people who have attempted to do something similar to share their experience with them.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.