Mozilla VPN launches in some countries officially
Mozilla announced the launch of the organization's VPN service, called Mozilla VPN, yesterday on the official blog. Rumors that the official launch was imminent surfaced in June 2020.
The service is available in the United States, Canada, the United Kingdom, Singapore, Malaysia and New Zealand, and available for $4.99 per month. Mozilla plans to expand to other -- unmentioned -- countries later this year. A waitlist is provided for users interested in the VPN that cannot join because of country restrictions-
Tthe VPN is available for Windows, Android and iOS devices currently, but Mozilla promises that Linux and Mac clients are under development and will become available eventually as well.
The network provides access to more than 280 servers in more than 30 countries currently, and does not impose restrictions on bandwidth. Mozilla promises that network activity is not logged, and that it has not partnered with third-party analytics platforms. The VPN solution may be used on up to five devices.
The client uses the cutting edge WireGuard protocol which has a slim code base, is open source, focuses on modern cryptographic techniques, and promises very high speeds when compared to classic VPN protocols.
The VPN network is provided by Mozilla's partner Mullvad, a privacy-focused VPN offered by the Swedish company Mullvad VPN AB.
Mozilla unveiled the VPN solution in 2019, then under the name Firefox Private Network VPN to beta testers from the United States. The organization changed the name because it wants to reach a wider audience with the service and not just Firefox users, and also to better distinguish the device-wide VPN solution from the Firefox Private Network browser extension which adds a VPN-proxy to the Firefox web browser.
Mozilla VPN is one of the main attempts by Mozilla to diversify the organization's income. Most revenue comes from search partner deals in the Firefox web browser, and one of Firefox's main competitors, Google with its Chrome browser, provides most of the income currently.
Mozilla started several projects in the recent past, some of them paid, to diversify the income. Firefox VPN is probably the most promising product at the time of writing as it fits well into Mozilla's privacy-focused image.
Details about the agreement between Mozilla and Mullvad are not available, and it is unclear how much of the $4.99 per month is ending up in Mozilla's pockets.
Now You: Do you plan to use Mozilla VPN?
The easiest test to know if as VPN is allowing OTHERS to record you is to simply go to their web site with an ad-blocker.
While the VPN itself may not collect any data, they allow other analytics packages do their ‘dirty-work’.
For example the professional VPN reviews always rate Nord as the highest:
Here is a typical privacy loophole in the updated privacy policy:
“We provide information about open source third-party software here.
Nord expressly disclaims any warranty or OTHER ASSURANCE to you regarding such third-party software.”
https://my.nordaccount.com/legal/terms-of-service/nordvpn/
The era of inexpensive VPNs is over, as third party analytics are running in both client and on VPN server programs.
Also PIA VPN was sold to a questionable company.
Mozilla is aware of the deteriorating situation:
We know that we are on the right path to building a VPN that makes your online experience safer and easier to manage.
We’ll keep making the right decisions for you guided by our Data Privacy Principles.
This means that we are actively forgoing additional profit-making opportunities by never tracking your
browsing activities and avoiding any third party IN-APP DATA ANALYTICS platforms.
https://blog.mozilla.org/futurereleases/2020/06/18/introducing-firefox-private-network-vpns-official-product-the-mozilla-vpn/
F-Secure Freedome
cloudfront.net
addsearch.com
akamaiedge.com
google.com
https://www.f-secure.com/en/legal/privacy/statement
https://www.f-secure.com/en/legal/privacy/websites
Looking forward to my private usage logs getting slurped up by governments and eventually leaked online. What a time to be alive.
User > Mozilla VPN > Mullvad > SÄPO > N S…
ISP and VPN service logs everything. VPN service > ISP > user. It is easy identifying user: VPN service and ISP share information.
2 × Repeat: Be careful.
https://en.wikipedia.org/wiki/Swedish_Security_Service
https://www.ghacks.net/2020/06/19/mozilla-will-launch-mozilla-vpn-in-the-coming-weeks/
Use Mullvad like most users of this probably will end up doing. If Mozilla’s VPN is a Firefox themed Mullvad interface, it should be fine but why bother?
Mullvad’s new client is vastly better than their old one that seemed to have been made with Notepad but it’s still pretty poor; it looks like some silly phone app with gigantic red and green fonts. They’ve changed their default to minimize instead of close, which the client, that only opens in the middle of your screen and can’t be moved, does if you click anywhere on the screen. A little hard to explain, try it to see. “Where did the client go?” “Why do they hide it?”
Wireguard’s very fast but it has the peculiarity that it’s not possible to set it up to not save logs. They’re deleted after a period of time but still.
Mullvad still only takes month by month subscriptions and they can be anonymous, you get a long client number, no email or phone number required. At the end of each month, unless renewed, your subscription expires. Period. No auto renewal BS. The way it should be.
Mullvad’s gone a bit Hollywood; get the client fixed and I’ll try them again, their service is excellent.
VPN’s are supposed to do nothing but provide a secure tunnel and get out of your way. There are so few that actually do that, it’s amazing.
Also a bit amazing how many “knowledgeable” folks don’t understand how a real VPN works. Very simple but all the marketing BS in VPNland confuses to no end.
Yeah, Mullvad’s client is a bit wonky looking, though on Linux (Gnome) it launches where I last killed it at least. I’ve since deleted it and simply used my OS’s own Network Manager, since WireGuard is now natively incorporated into the Linux kernel. Needed to set my own firewall rules for killswitch equivalent, but it’s been way more reliable ever since.
Btw, any success with rolling your own tunnel on DigitalOcean? I recall replying your question on droplet size in another comments thread a little late (like a week late), so maybe you missed it.
Martin, you wrought “and does not impose restrictions on bandwidth. “.
Does this mean at least 1up and also 1 down?
I hope Mullvad aren’t bending over for Mozilla here. They’re one of the handful (literally, I can count trustworthy VPNs with a single hand) of providers I’d trust, or at least semi-trust.
You don’t need to partner with any analytics company for your VPN service/program. Why split the lion share with someone else when your own browser sends everything back to the mothership? To top it all tell the gullible you don’t do it, and they’ll even believe you.
Do remember, default-browser-agent.exe can hook onto everything running on your computer and it runs independently off firefox.
Yuliya said: â€â€“ – – your own browser sends everything back to the mothership [Mozilla → … someone else?]â€
It is scary but reality today.
â€default-browser-agent.exe can hook onto everything running on your computer and it runs independently off firefox.â€
@Yuliya: Do you know is it a same situation in Linux and macOS? Can it prevent (about:config setting or only limiting damages by using other browser like Tor Browser)?
Anonymous said on July 18, 2020 at 8:06 pm
>Do you know is it a same situation in Linux and macOS?
I have no idea. If anything weird were to happen the path to this mozilla crafted malware should be in the same directory with the firefox’s main executable. I can see its presence by just opening the x64 installer for Windows in 7-Zip:
“\Firefox Setup 78.0.2esr\core\default-browser-agent.exe”
“\Firefox Setup 78.0.2esr\core\firefox.exe”
@Yuliya
Thank you for answering.
@DramaQueen
>>> default-browser-agent.exe can hook onto everything running on your computer
And this is what this “can hook onto everything running on your computer” BEAST of Mozillas gets on his hooks:
build_channel: , // ex. "nightly", or "beta", or "release"version: , // ex. "72.0.2"
os_version: , // ex. 10.0.18363.592
os_locale: , // ex. en-US
default_browser: , // ex. "firefox"
previous_default_browser: , // ex. "edge"
notification_type: , // ex. "initial" or "followup"
notification_shown: , // ex. "shown", or "not-shown", or "error"
notification_action: , // ex. "no-action" or "make-firefox-default-button"
Nothing sensational to chew on and opting out of telemetry does disable it → Read the Docs (… Yulia never reads).
I don’t believe that is all mozilla is collecting simply because mozilla does not have a good record on respecting the end user(‘s privacy; and security).
>opting out of telemetry does disable it
Unless you do a clean installation – in which case it is impossible to opt out of it. And again, based on past actions opting out of telemetry does not really opt the user out of telemetry. They have proven this in 2018 when they sent extra telemetry for users who have disabled their nonsense.
But who cares at this point? Really? 3% of declining market share is nothing to stress about. Good fucking riddance.
And really, it’s none of mozilla’s business what else is running on my computer. The fact that you mozillians are defending this shit, disgusts me to no end.
@99% understanding
Because it is totally Mozilla’s business to know my default browser, because it is totally legitimate for a browser to install telemetry tasks on the very OS level… Yeah, sure thing.
>>>Because it is totally Mozilla’s business to know my default browser
The entire internet knows YOUR default browser, I even don’t have to mention the name …
@99
Do I really have to make it explicit to you that there is a monumental difference between myself voluntarily publishing my default browser on a public forum, and Mozilla collecting the default browser telemetry silently behind users’ collective backs? I mean, seriously?
Do I really have to make it explicit to you that the topic is @Yulias
>>> default-browser-agent.exe can hook onto everything running on your computer
an obvious false claim:
Read the Docs (… that you and Yulia never read).
This “collecting silently behind users’ collective backs” – as you called it – is outstandingly publicly documented
https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/index.html
A fact that you both notoriously ignore to the point where dialogue and understanding become impossible.
@Anon
Linux = No
Not from the version you get from the Fedora, Ubuntu/Mint or Arch repositories, at least. Probably also No for Debian, but they tend to stick with ESR versions whereas the others I mentioned keep FF releases in sync with Mozilla (usually a day or two late at worst, due to code vetting and repackaging). Not sure about the Snap or Flatpak versions though, but I wouldn’t touch those in any case.
I didn’t remember this or perhaps I didn’t read it before.
search default-browser-agent.exe:
https://www.ghacks.net/2020/04/09/mozilla-installs-scheduled-telemetry-task-on-windows-with-firefox-75/
@Iron Heart & Matti
Thank you.
@Anonymous
The default browser agent does not exist on macOS and Linux yet, but with Mozilla, it’s better to always stay on the watch. Or switch to something sane like Waterfox Currrent, maybe.
I am running both Brave and Ungoogled Chromium, so I have no stake in this discussion, my own setup you can find here: https://www.ghacks.net/2020/07/05/behave-for-chrome-and-firefox-warns-you-of-port-scans-and-local-attacks/#comment-4467393
I’m not gullible.. That’s why I don’t trust anything you say.
VPN is nothing but snake oil for ordinary internet user.
Such extreme claims are nothing but hype from boring internet users.
With VPN you are taking your data away from your ISP and turning it over to the VPN provider.
All it takes is a knock from the Gov to get your data…
They only case VPN would be somewhat useful is if you are in a country with extreme censorship. Even then, those countries regularly block VPN providers.
or if Netflix doesn’t let you see a movie, in that case, you should ditch that crappy service and just pirate it.
EDIT: My bad, misread that they are NOT partnering with any 3rd part analytics platform.
> “Details about the agreement between Mozilla and Mullvad are not available, and it is unclear how much of the $4.99 per month is ending up in Mozilla’s pockets.”
I would’ve loved to see how much are they getting out of this $4.99 but I’m glad they’re taking steps towards the end goal of becoming financially independent.
> “Mozilla promises that network activity is not logged, and that it has not partnered with third-party analytics platforms.”
What third party analytics platform? What information is logged and where is it processed and stored? Who is it shared with? What information is “not logged”? Using a VPN for the sake of privacy requires trust and these unanswered questions don’t inspire a lot of it.
I’m aware they’ve just started and I really hope they do well with this VPN but I also expect these types of questions to be clear from the beginning.
I don’t plan to use Mozilla VPN, nor any VPN by the way. I’d join the masked ball only if organized in TOR’s place! One thing which disturbs me with VPN is that I have no grip on blacklists at the system level and on the browser level I’d have to rely on a dedicated tool such as ‘uBlock Origin’. Not to mention DL/UL speeds. At this time I only encrypt DNS requests with DNSCrypt-proxy (which handles blocklists). As I said, otherwise it’d be Tor and nothing else.
@ Tom Hawack
You can make your web browsing TOTALLY PRIVATE if you would only just switch to Windows 10! Then you wouldn’t need a VPN at all, ’cause Win 10 is so reliably private!! Stop being so obstinent!!! Jeeze… you young folks and your electronic gadgets… ;)
@Valrobex, you must be right but I admit my confusion when I read elsewhere the opposite, certainly explainable by a total ignorance of a company’s ethics when it comes to its users’ privacy.
PS, it’s been some time I haven’t had the pleasure to read you :=)
@ Tom Hawack
Good hearing from you, as well.
I’ve been staying busy playing around with Raspberry Pi and also converted to Linux Mint a while ago, which I recommend. It’s an easy transition from Win 7 and does everything I need. And the Linux version of Firefox can be configured however you want which I know is your strength.
Ghacks is my favorite tech blog site and I continue to learn a lot. But, Martin has to blog on all sorts of technology (including Win 10 – yuck!) And now that Win 7 is on the down slope and I’m using Linux, there are fewer articles for me to directly respond to.
Take care.
@ Tom Hawack
I’ve been real busy using Windows 10 (not…)
Actually, I’ve been playing around with Raspberry Pi and am now using Linux Mint, which I recommend. Mint is a fairly easy transition from Win 7 and you can still use Firefox with all the security adjustments.
Ghacks is still my favorite blog site but unfortunately, Martin has to write about everything (including Win 10…) so there hasn’t been as many articles for me to “interact†with now that Win 7 is on a downward slope.
Geo-blocked VPN wrapper for Mullvad, this won’t go anywhere (financially).
EDIT: Also, their marketing here is misleading, this arguably only protects browser traffic, but it’s very far from “Secure your entire device […]”… No, it doesn’t “secure” your entire device.
EDIT2: It’s only a proxy in the browser, it’s an actual VPN on the OS level. It doesn’t protect your entire traffic unless you use the VPN application on the OS level as well.
@Iron Heart
Even better is having a VPN on your router, this is if your router is any good.
@nibbler
Can’t argue with that.
The VPN is a full VPN solution that protects the entire device. The browser extension only protects the browser; this announcement is about the VPN.
How often do they write about trust in the marketing article? Trust is either there, or it isn’t.
I doubt mozilla gets more than 30% revenue share. Let’s say they get 20$ per customer per year. Then they need 1 million paying customers to make this a worthwhile endavour. But I doubt they even will get to 100k paying customers.
The problem is that the market for VPN is already saturated to the extreme. Those who just want a cheap VPN – PIA or Surfshark – don’t care about the technical details or a “trusted brand”.
Those who are privavy conscious already know and use services like Mullvad.
@Anonymous
> How often do they write about trust in the marketing article?
Four times, I’ve counted, and they usually use the word in relation to themselves, or to themselves being supposedly better than others. But there is more food for the gullible in there:
> That’s because the Mozilla VPN is based on modern and lean technology, the WireGuard protocol’s 4,000 lines of code, is a fraction in size of legacy protocols used by other VPN service providers.
How many lines of code a software has is no indication of whether it’s modern or not. DOS programs had very few lines of code, just saying.
> In a market crowded by companies making promises about privacy and security, it can be hard to know who to trust.
Us of course! Our track record is clean, is it not?
> Mozilla has a reputation for building products that help you keep your information safe.
Are they referring to the default settings, i.e. the state in which they ship their products, or the modifications experienced users usually make? If it’s the former, lol.
> We follow our easy to read, no-nonsense Data Privacy Principles which allow us to focus only on the information we need to provide a service. We don’t keep user data logs.
Wow, you don’t keep data logs (as if I could monitor that)? You are the absolute only one doing that bare minimum for privacy, I will totally start to use your service now. /s
> We don’t partner with third-party analytics platforms who want to build a profile of what you do online.
Except when we do, we just don’t do it in this particular case (hopefully).
> a mission-driven company
The mission of promoting censorship, or the mission of idly standing by when Google introduces heavy duty DRM? Which is it? Nonsense.
> you can trust that the dollars you spend for this product will not only ensure you have a top-notch VPN, but also are making the internet better for everyone.
How does being part of the minority that cares to protect their online privacy (not that of others) “make the internet better for everyone”. Marketing gobbledegook.
> In a world where unpredictability has become the “new normal,â€
You mean incidents like randomly deactivating the add-ons oof users because a closed garden certificate wasn’t renewed, making them opt into nefarious FF experiments for a quick fix? Or Mr Robot stuff appearing randomly, making users think their browser was infected with malware? That kind of unpredictable? Historic incidents, I know, but Mozilla calling others out on supposedly being unpredictable takes balls of steel indeed.
> we know that it’s more important than ever for you to feel safe,
There is a distinction between actually being safe and only feeling safe, careful and correct choice of words here.
> and for you to know that what you do online is your own business.
When can we expect a tracking blocker that actually deserves the name and uses more resources than the weak Disconnect list? Also, as said, in relation to this service, I can’t monitor what they log anyway, so it’s really just “trust”.
Examining Mozilla marketing is fun, knowing their track record.