We assume that the server is compromised, so the extension wouldn't interpret just any JS from the server, whether or not it was delivered by HTTPS. Our idea is to require a committee to review and sign the code, and the extension would only execute code signed by the committee in consensus. This is just as secure as shipping all of the program logic in the extension, except in the case where all the signing committee member keys get compromised, which is unlikely.
My point in the previous comment was that dragnet surveillance wouldn't work at all unless the client's code was compromised, but there isn't a good way for the NSA to compromise ALL OR MOST of the clients' code without it being detected by those users who use the extension. Remember the TorMail episode where malicious javascript was injected in the response? If some users had a Firefox extension that checked to make sure that all the JS code was signed by a committee, then they would have raised the flag and alerted everyone not to use TorMail.
So far, i've failed to see a reliable committee-signing trust system. Moxie's Convergence blows chunks all over my network connections in practice.
Committee depends on things like number of nodes in the network and integrity of the nodes, not to mention you can still do analysis on who was sending or receiving something at a particular time (which may not be enough to stand up in court, but it's enough for the NSA to know that Mike is talking to Jeff, or whomever).
At the end of the day, the best method currently available for clandestine activity on the internet is one-time anonymous drop boxes, and luck.
My point in the previous comment was that dragnet surveillance wouldn't work at all unless the client's code was compromised, but there isn't a good way for the NSA to compromise ALL OR MOST of the clients' code without it being detected by those users who use the extension. Remember the TorMail episode where malicious javascript was injected in the response? If some users had a Firefox extension that checked to make sure that all the JS code was signed by a committee, then they would have raised the flag and alerted everyone not to use TorMail.