(disclaimer I guess I own a company that offers VPN services, it's like ~1% of revenue though).
I think this seems like a bit much. I'd love Firefox to double down on building a great browser, rather than getting into Pocket, VPN, a Phone, IOT, etc.
Sure, a VPN can be really helpful when you're on sketchy open wifi, or other adversarial network conditions. But you're still trusting someone to handle your connections reliably and fairly. Several ISPs have proven themselves to be sketchy: injecting ads, adding tracking headers, etc. But do we really expect VPN providers to not crunch the same numbers and come to the same conclusions?
Note that despite my thinking, it does fit in well with their agenda:
> Mozilla has identified five key issues that are critical to build the open Internet we want:
Privacy and Security
Open Innovation
Decentralization
Web Literacy
Digital Inclusion
Look,you're missing two very important points here.
1) yes,vpn providers crunch the numbers and come at a different conclusion. This is because they sell privacy before anything else. You don't gamble on the heart of your business model unless you intended to sell out your users from the begining. And there are well vetted providers run by well known individuals with a lot to lose if they sell out users.
2) It is in the interest of Mozilla's users for mozilla to diversify it's revenue source. So long at they don't forget to make features optional,I don't see the problem.
This partnership is great because both Mozilla and ProtonVPN have similar business models. Heck,it would even make a lot of sense for Mozilla to operate protonmail. Except unlike with Google and Gmail,they would charge you money and that's it. Give us what we want,to be your customers not your product!
>But do we really expect VPN providers to not crunch the same numbers and come to the same conclusions?
Yes, because those numbers are different -- there's actual competition among the providers, which is not so for ISPs. I agree it's still a gamble, and still requires trust, but if/when that trust is broken, there's someone else ready to fill that void.
> But you're still trusting someone to handle your connections reliably and fairly.
Some of us live in tinpot totalitarian reigemes[x] where ISPs are required by the government to retain "meta data" records of all customer connections and traffic.
It's a privacy win for me just to move the endpoint where my unencrypted traffic (and dns lookups) out of my local jurisdiction, since at least that way I'm not using a service that's required by law to snitch me out to any curious local cop... (Hopefully my chosen VPN provider really isn't keeping logs or snooping y traffic, but even if they are - moving that out of my local legal jurisdiction is an improvement for me...)
[x] That's a little intentionally overhyperboled - but fuck me our Australian politicians are making some insane laws around internet use by the whole population...
Agreed. I switched back from Chrome to Firefox partly because Firefox had a constant reminder of a thing I don't use, Pocket, in the address bar. I don't have anything extra in Chrome that permanently shows up, just a temporary window that pops up asking me if I want to sync when I save passwords, which I'm used to dismissing.
What I don't understand is why everyone needs VPNs all of the sudden. There must be a ton of money in selling VPNs, every YouTuber seems to be sponsored by a VPN provider, and now Mozilla is getting in on the action?
As others have pointed out, Mozilla is a for-profit, and I doubt that they would be able to keep up with the development of Chrome if they where not. That being said I wish I'd keep their focus on the browser part it self, and avoid going in the direction of Chrome, which have basically become an OS without a kernel.
While it is a little hypocritical, I would wish that they'd add Chromecast support to Firefox. That's really the only feature I'm missing.
This seems like another attempt to acquire a new revenue stream for Mozilla. I'm glad it's through something like providing a user-focused VPN as opposed to increased ads and tracking, but I still feel a bit bummed that Mozilla feels the need to do this.
The other day I came to the realization that Firefox is the only portal to the web that's not affiliated with a tech giant. Microsoft has Edge, Google has Chrome, and Apple has Safari. It's so strange that the web is such a huge, important part of our lives, and we only have four ways[1] to access it, three of which are driven by profit-seeking organizations.
[1] I'm not counting forks since those are largely still the same as the original code base, and none of them have gained a significant amount of traction. I'm also not counting experimental browsers since I'm not aware of any that are both largely-compatible with current web platform features and not based on a fork of one of the primary browser engines.
I have mixed feelings about this move. On one hand I like that Mozilla gets additional source of income to support their mission. Plus people will certainly benefit from using a vpn service.
On the other hand though this will redirect people to a particular provider that may not necessarily meet their needs. Proton VPN offers a decent service, but not sure if the best one. I'd be much more comfortable with this if they were suggesting multiple different providers.
And let's not forget that this is also a jump into the abyss of in-browser ads that may be difficult to block even with an add-on. From the screenshots it seems that FF analyzes your behavior (connection to an unprotected network) and displays the ad based on that. I fear what's going to happen when Chrome team picks this idea (e.g. "we see that you are logging into a bank X, how about you try bank Y?")
> I'd be much more comfortable with this if they were suggesting multiple different providers.
I don't see anything saying that they won't. They might only offer ProtonVPN for all of time, but I could also see them adding additional providers down the line. In any case, I'm imagining that the vetting process is relatively costly to perform and keep up, and I'd trust Mozilla more than myself to do it.
Honest question: Why not bundle Tor, instead of relying on a proprietary VPN service? It seems that Tor satisfies the advertised use case ("insecure public WiFi") just as well.
Tor and Firefox are working together to make Tor network the default within private browsing mode. A number of privacy-related patches from Tor have already landed in Firefox (example: Firefox now has first-party isolation). It's a slow progress, but it's on its way.
Well, "Tor Browser", which shares code in both directions with the Firefox project, is already available. So that's already an option.
It's not ideal though. A large fraction of the web blocks access from Tor relays, or makes you jump through extra hoops, like completing onerous captchas. It's not a great experience.
Because bundling Tor in Firefox would generate so much traffic it would take down the network. Tor needs to grow significantly before that integration is possible.
TBH, I'd be more comfortable using insecure public wifi than I would be using Tor.
Tor hides the source of your communication, and evades filtering. It does not protect the contents of your communications from eavesdropping. It's trivial to set up Tor exits to log traffic, and people do.
ProtonVPN is simply the best choice for a VPN if your goal includes anonymity / privacy; I place zero stock in this.
1. No other VPN that I'm aware of has any of its own data center infrastructure.
2. Even though ProtonVPN (and essentially all VPNs) works with untrustworthy companies like Leaseweb to provide many of their servers, SecureCore allows you to route traffic through their own data center infrastructure to another exit node server.
3. Public-facing CEO who has a verifiable history. You know his name, his face, he's given a talk. This helps with accountability.
When will people stop dragging this bs article over the internet? There aren't any physical facts showing that ProtonVPN or NordVPN shouldn't be trusted! Only these false accusations spread by competitor troll band. Or are u one of them?
Isn't there at least some controversy about that (perhaps it's only a disgruntled competitor who jumps on every second post I see mentioning them, but I'm 99% sure I've seen a few questions/accusations levelled at them...)
Having said that - seeing them vouched for by the Mozilla Foundation seems to be a significantly better indicator of their trustworthiness than this post from a day or two ago: https://news.ycombinator.com/item?id=18260920 - I _mostly_ trust Mozilla to not be guided just by whoever offers them money, and hopefully to have learnt from their dumb Mr Robot fuckup...
There doesn't seem to be a way to sign up for this directly. If one wants to support Mozilla through this, it looks like one has to be in the U.S. (or fake being in the U.S. with a free account of ProtonVPN) and hope to be picked up by random for this experiment.
Anyone from Mozilla or ProtonVPN reading this and can confirm that this understanding is correct?
This is a little vague on the technicals, but it sounds like you would be downloading and installing the full VPN service as if you had obtained it directly from ProtonVPN? i.e. this isn't a browser plugin? It'd be interesting if there were some tie-ins with the browser, like perhaps separate VPN connections per container (not sure this is possible, I'm no expert).
I'd prefer it if it used some kind of way to proxy traffic through WireGuard instead (which ProtonVPN does not yet support while they should if not just for performance reasons alone [1])
I haven't completely read it but I did spot one difference:
"These subscriptions will be billed directly by Mozilla and the majority of the revenue from these subscriptions will go to Mozilla, directly supporting Mozilla’s mission."
Mozilla was less clear about how it'd be distributed.
preinheimer|7 years ago
I think this seems like a bit much. I'd love Firefox to double down on building a great browser, rather than getting into Pocket, VPN, a Phone, IOT, etc.
Sure, a VPN can be really helpful when you're on sketchy open wifi, or other adversarial network conditions. But you're still trusting someone to handle your connections reliably and fairly. Several ISPs have proven themselves to be sketchy: injecting ads, adding tracking headers, etc. But do we really expect VPN providers to not crunch the same numbers and come to the same conclusions?
Note that despite my thinking, it does fit in well with their agenda:
> Mozilla has identified five key issues that are critical to build the open Internet we want:
badrabbit|7 years ago
1) yes,vpn providers crunch the numbers and come at a different conclusion. This is because they sell privacy before anything else. You don't gamble on the heart of your business model unless you intended to sell out your users from the begining. And there are well vetted providers run by well known individuals with a lot to lose if they sell out users.
2) It is in the interest of Mozilla's users for mozilla to diversify it's revenue source. So long at they don't forget to make features optional,I don't see the problem.
This partnership is great because both Mozilla and ProtonVPN have similar business models. Heck,it would even make a lot of sense for Mozilla to operate protonmail. Except unlike with Google and Gmail,they would charge you money and that's it. Give us what we want,to be your customers not your product!
intopieces|7 years ago
Yes, because those numbers are different -- there's actual competition among the providers, which is not so for ISPs. I agree it's still a gamble, and still requires trust, but if/when that trust is broken, there's someone else ready to fill that void.
bigiain|7 years ago
Some of us live in tinpot totalitarian reigemes[x] where ISPs are required by the government to retain "meta data" records of all customer connections and traffic.
It's a privacy win for me just to move the endpoint where my unencrypted traffic (and dns lookups) out of my local jurisdiction, since at least that way I'm not using a service that's required by law to snitch me out to any curious local cop... (Hopefully my chosen VPN provider really isn't keeping logs or snooping y traffic, but even if they are - moving that out of my local legal jurisdiction is an improvement for me...)
[x] That's a little intentionally overhyperboled - but fuck me our Australian politicians are making some insane laws around internet use by the whole population...
benatkin|7 years ago
mrweasel|7 years ago
As others have pointed out, Mozilla is a for-profit, and I doubt that they would be able to keep up with the development of Chrome if they where not. That being said I wish I'd keep their focus on the browser part it self, and avoid going in the direction of Chrome, which have basically become an OS without a kernel.
While it is a little hypocritical, I would wish that they'd add Chromecast support to Firefox. That's really the only feature I'm missing.
unknown|7 years ago
[deleted]
jopsen|7 years ago
Can you actually check if a VPN provider logs data? No, but Mozilla certainly has more sway than I do.
dstaley|7 years ago
The other day I came to the realization that Firefox is the only portal to the web that's not affiliated with a tech giant. Microsoft has Edge, Google has Chrome, and Apple has Safari. It's so strange that the web is such a huge, important part of our lives, and we only have four ways[1] to access it, three of which are driven by profit-seeking organizations.
[1] I'm not counting forks since those are largely still the same as the original code base, and none of them have gained a significant amount of traction. I'm also not counting experimental browsers since I'm not aware of any that are both largely-compatible with current web platform features and not based on a fork of one of the primary browser engines.
Skunkleton|7 years ago
jacekm|7 years ago
And let's not forget that this is also a jump into the abyss of in-browser ads that may be difficult to block even with an add-on. From the screenshots it seems that FF analyzes your behavior (connection to an unprotected network) and displays the ad based on that. I fear what's going to happen when Chrome team picks this idea (e.g. "we see that you are logging into a bank X, how about you try bank Y?")
svrtknst|7 years ago
I don't see anything saying that they won't. They might only offer ProtonVPN for all of time, but I could also see them adding additional providers down the line. In any case, I'm imagining that the vetting process is relatively costly to perform and keep up, and I'd trust Mozilla more than myself to do it.
IngoBlechschmid|7 years ago
r3bl|7 years ago
Tor and Firefox are working together to make Tor network the default within private browsing mode. A number of privacy-related patches from Tor have already landed in Firefox (example: Firefox now has first-party isolation). It's a slow progress, but it's on its way.
If you're interested about more, the project is called Project Fusion: https://wiki.mozilla.org/Security/Fusion
There was a discussion here a few months ago: https://news.ycombinator.com/item?id=17205441
LeoPanthera|7 years ago
It's not ideal though. A large fraction of the web blocks access from Tor relays, or makes you jump through extra hoops, like completing onerous captchas. It's not a great experience.
jvehent|7 years ago
ryan-c|7 years ago
Tor hides the source of your communication, and evades filtering. It does not protect the contents of your communications from eavesdropping. It's trivial to set up Tor exits to log traffic, and people do.
unknown|7 years ago
[deleted]
huhtenberg|7 years ago
intopieces|7 years ago
tom4000|7 years ago
Why does Mozilla trust in Tesonet and why should their users do?
http://vpnscam.com/heres-why-you-cant-trust-nordvpn-and-prot...
Kaveren|7 years ago
1. No other VPN that I'm aware of has any of its own data center infrastructure.
2. Even though ProtonVPN (and essentially all VPNs) works with untrustworthy companies like Leaseweb to provide many of their servers, SecureCore allows you to route traffic through their own data center infrastructure to another exit node server.
3. Public-facing CEO who has a verifiable history. You know his name, his face, he's given a talk. This helps with accountability.
I've said it before on HN and I'll say it again, their reply to this situation satisfied me completely, and nobody has said anything against this reply: https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...
There is simply not a better option than ProtonVPN.
Yes, I sound like a shill, but the facts are still the facts.
Jobjobbing|7 years ago
vvilliam0|7 years ago
bigiain|7 years ago
Having said that - seeing them vouched for by the Mozilla Foundation seems to be a significantly better indicator of their trustworthiness than this post from a day or two ago: https://news.ycombinator.com/item?id=18260920 - I _mostly_ trust Mozilla to not be guided just by whoever offers them money, and hopefully to have learnt from their dumb Mr Robot fuckup...
p1necone|7 years ago
fabrice_d|7 years ago
kiriakasis|7 years ago
yarrel|7 years ago
mido22|7 years ago
Spivak|7 years ago
jvehent|7 years ago
wtmt|7 years ago
Anyone from Mozilla or ProtonVPN reading this and can confirm that this understanding is correct?
sys_64738|7 years ago
kiriakasis|7 years ago
clusmore|7 years ago
Fnoord|7 years ago
[1] https://www.wireguard.com/performance/
unknown|7 years ago
[deleted]
buzzy_hacker|7 years ago
jvehent|7 years ago
berbec|7 years ago
Fnoord|7 years ago
I haven't completely read it but I did spot one difference:
"These subscriptions will be billed directly by Mozilla and the majority of the revenue from these subscriptions will go to Mozilla, directly supporting Mozilla’s mission."
Mozilla was less clear about how it'd be distributed.
[1] https://protonvpn.com/blog/mozilla-partnership/