[HN Gopher] Latest Mozilla VPN features ___________________________________________________________________ Latest Mozilla VPN features Author : alexrustic Score : 203 points Date : 2021-03-31 11:26 UTC (11 hours ago) (HTM) web link (blog.mozilla.org) (TXT) w3m dump (blog.mozilla.org) | maeln wrote: | I feel like most of those VPN services are using very borderline | marketing and like to keep a lot of information blurry. | | As far as I know, in a lot of country (like France) it is a legal | obligation to keep logs and be able to identify one of your | customer if the police demands it. Therefore, if you have server | in France or any country with similar rules, you can't operate a | "0 log" service. And since those kinds of services have servers | everywhere (and it is even one of their selling point), it is | extremely unlikely that they don't keep you data and will hand it | to the police (willingly or not) if requested. | | And if their own server get breached, you can get the info of all | the customers who used the breached server. | | So I find the claim of those services that they provide "more | privacy" pretty lousy. Yes they do hide your IP addresses, but | that's far from being the only data use to fingerprint you. And | if it is to protect you against a Wi-Fi that you don't trust or | your ISP, sure it works, but you move the trust from them to your | VPN provider. | | Fighting against geofencing is good though. | cyberlab wrote: | I agree. A VPN should only ever be used for the following: | | - Shifting traffic over a VPN when using untrusted/sketchy wifi | hotspots | | - Spoofing your geo-location to use geo-specific content | | And that's it. If privacy is your goal, Tor is much more | suitable since it's not a single-hop proxy like a VPN and | compartments all your traffic. (But of course Tor is not a | silver bullet and there are caveats). | vehemenz wrote: | Depends on the VPN. | | ExpressVPN is HK/CCP owned, so I wouldn't worry too much | about my privacy being violated for petty copyright | infringements (BitTorrent). | mistersquid wrote: | > ExpressVPN is HK/CCP owned | | Thank you for this callout. Had no idea. | | Comparing VPN services, I've found ExpressVPN to be highly | rated. The aforementioned callout means ExpressVPN may not | be the best service for me. | | In lieu of specific technical criteria regarding VPN | services, who are the go-to (aka "top of mind" or "A list") | providers that privacy conscious, technically adroit (e.g. | web dev with some sysadmin knowledge but little networking | knowhow) users prefer? | | In other words, I'm looking for VPN recommendations but no | longer trust my own Google-fu (advert rabbit hole) to | discern what is a "good" choice. | kaba0 wrote: | I personally use ProtonVPN. | schmorptron wrote: | I've never used any vpn myself, but whenever I come | across the topic in tech circles people seems to | recommend mullvad. Can't vouch for them or anything, but | might be worth looking into. | imposterr wrote: | Mullvad is probably the best choice for most. It's the | company Mozilla is relying on for their VPN service as | well. | voidmain0001 wrote: | VPNPro doesn't list ExpressVPN as having Chinese ownership. | Wikipedia[1] claims it operates in the British Virgin | Islands, and Quora claims the same. That written, a comment | on Quora claims that it's owned by the CIA. Ha ha! | | [1] https://en.wikipedia.org/wiki/ExpressVPN [2] | https://www.quora.com/Who-owns-Express-VPN | vehemenz wrote: | The company in the British Virgin Islands is a shell | company with HK ownership, AFAIK. | | With the CCP taking over HK, ExpressVPN could be used to | gather information on domestic dissidents and foreign | visa holders. Assuming it's not already. | philliphaydon wrote: | You don't need to be based in BVI to be registered as a | business there. | | (Weather or not they are owned by CCP or anything like | that I have no idea, I'm just saying that being | registered in BVI doesn't mean it's not possible for them | to be owned by a CCP or anyone else) | qw3rty01 wrote: | Tor is _explicitly_ not private, only anonymous. The end node | can see all the traffic you send through it if it 's not | encrypted. If privacy is your main concern, tor is definitely | not the right tool to use. | cyberlab wrote: | > TOR is explicitly not private, only anonymous | | It depends on how you use Tor. For example, visiting your | own personal homepage and then using the same relay to | visit a NSFW site would be bad OPSEC. Also, Tor comes pre- | installed with HTTPS Everywhere, and you can toggle a | setting that disables _all_ http traffic if you 're worried | about sketchy exit nodes analyzing your plaintext traffic. | | Remember: Tor can't read your mind. If you want true | anonymity you have to go through extraordinary lengths to | achieve it, and even then, you could make mistakes. | qw3rty01 wrote: | The caveats you're mentioning are exactly why tor is a | bad tool if privacy is your main goal. None of those | concerns would be an issue with a service that focused on | privacy. | | Also HTTPS everywhere isn't enough; you also need ESNI, | which requires server support. | xvector wrote: | And even if ESNI was ubiquitous, a malicious exit would | simply perform a reverse DNS lookup and have very high | certainty about which sites you're visiting. | hnlmorg wrote: | What about tunnelling into a trusted network? | | That's what a VPN is really for. The other uses are more side | effects exploiting the encryption and tunnelling properties | of VPN rather than the original intended purpose of a VPN. | croutonwagon wrote: | I think hes talking about VPN's in the context of these | companies selling vpn services under the guise of "privacy" | or "security". ProtonVPN, Nord, Mozillas, Mullvad and there | are a ton others, many with less than stellar reputations | and some that outright lie. | | Thats a bit separate from a road warrior, corporate vpn or | even one that one may host on a VPS that they have full | control over and are willing to allow the hosting provider | still see the traffic. As in, they trust the hosting | provider more than the transit provider. Think | University/Campus networks, public gov networks, or even | some ISP's or corp networks. | hnlmorg wrote: | I got the context. My point is that the whole "privacy" | VPN industry is snake oil and people miss the point of | VPNs when they buy into these services. | croutonwagon wrote: | I wouldn't go that far. There are some reasons that one | could be useful. I dont personally have a use case cause | I have other mitigations in place but i wouldn't consider | a company like Verizon particularly trustworthy in | general. | | Even Comcast has been known to inject ads. The core | tenant of these VPN services is trust, with it they dont | survive, but for an ISP with a de-facto monopoly thats a | non factor. There are also plenty of sites and services | that use IP tracking. Google is really bad but others are | doing it behind the scenes and not telling you. Reddit | 100% does. Amazon too. To the point that if i proxy my | connection and try and login to one of my google accounts | i sometimes have to verify or go through recovery. | | So in some cases its better than no vpn. And I wouldn't | use any authenticated service over tor that i wish to | keep. There are so many malicious relays and exit nodes. | | TOR is easily tracked at the nation-state level. China | can axe tor traffic, even with bridges and OBFS4 | configured. | | With a service like nord, you can get on and do your | thing to bypass the great wall for the most part. And the | the great firewall drops that connection you have a very | large pool to choose from for your next. | | So there are definitely some reasons I could understand | some would use them based on their own assessments/needs. | hnlmorg wrote: | I get why people want proxies and such like. I'm just | saying it's weird how VPNs have become peoples _de facto_ | go to when they want something proxied. Most of the time | when people think they need a VPN, what they actually | need is something else that is incidentally provided by | VPN. As in they 're covered as a side effect of using a | VPN rather than using a VPN for it's intended purpose. | But I guess you could argue I'm being elitist and what | not, which is fine. Literally the only reason I bring it | up was because it just tickled me when someone posted on | a nerd forum a list of the purposes of VPNs and actually | missed off the primary role of a VPN. | croutonwagon wrote: | It's less elitist and more it's a simple measure that the | masses can understand and very simple and easy to | implement. Security is hard and security/ encryption done | right is even harder. | | I have piholes with dnssec running at least upstream for | privacy. And a vps I use as both a socks proxy and vpn | here and there. But I have the technical know how to | implement that. | | Let's say, my parents just wanted a way to make sure | their traffic was encrypted from either their ISP or Corp | provided iPhone. I wouldn't tell them to go build a | Linode or use Pi-hole. They don't care. But a vpn with a | decent trust rating with nothing more than a login would | do it and is easily achievable. | | Would I still advise them to be congnizant that other | lower level spyware may be on their Corp phone, sure, | absolutely. But that's not always the case. My org | doesn't do that. We give you a phone and pay for service. | You can use your iCloud and we have the ability to lock | it/decom it because we own it. And can lock them out of | email but we can't run find my iPhone on it. | | There have been requests to our provider for more traffic | data for x user. So even I run a vpn when using their | data. | | Another example. I had a buddy going to China for a | couple months bye wanted advice on how to secure his | stuff. I advised him to use burner devices and chnage | passwords yadda yadda. But then the question of accessing | email, such as gmail came up. The great firewall is | pretty nuts. I set him up an account on my vps and | enabled obfs etc on the vpn. | | But he also used nord as a backup because he had ton of | options there geographically dispersed. In the end, all | he needed was nord at all. And when the firewall dropped | his states to one node he would just reconnect. It worked | just fine. | Deathmax wrote: | Unfortunately as GP has mentioned, advertising around | these typical VPN companies (Nord, Proton, ExpressVPN, | Surfshark and many more) tends to be very misleading. Tom | Scott put out a good video[1] that tries to debunk | various marketing claims. | | Sure there are use cases like getting around | georestrictions, and like you mentioned you can use it to | get around tracking. Except that for privacy and evading | tracking you need more than just a VPN, you need to be | doing things like adblocking, tracker blocking, clearing | all of your cookies, not signing in to anything because | then the service gets to link your new VPN IP with you | again. VPN ads that sell "privacy" is snake oil unless it | is paired with a guide on the additional things you | should be doing. | | [1]: https://www.youtube.com/watch?v=WVDQEoe6ZWY | sodality2 wrote: | What about avoiding copyright letters? | cyberlab wrote: | If someone is determined enough, they just subpoena the VPN | and ask for logs. Since a VPN is a single-hop proxy, your | real IP is trivially exposed. Even if the VPN provider | claims they don't keep logs. There's no way of proving they | don't keep logs, and you need to hope the server you | connect to is not compromised in some way. And VPN | providers are known to use cheap colocation servers/Virtual | Private Servers which have questionable security. | StavrosK wrote: | > If someone is determined enough | | This sweeps the entire benefit under the rug. If someone | isn't determined enough, a VPN solves your problem. | lordofgibbons wrote: | Have there been any known cases of someone being | identified for copywrite violation while using a VPN | service? | ComodoHacker wrote: | - Routing traffic over untrusted home/office ISP | | - Censorship circumvention | ignoramous wrote: | > _Censorship circumvention_ | | In some countries, censorship circumvention usually require | sophistication that not all VPNs provide. A few like | getoutline.com, getlantern.io, and psiphon.ca specialize in | that. | | In most countries, VPNs aren't even needed to circumvent | censorship. Apps like getintra.org, GreenTunnel employ | simpler techniques to bypass firewalls. | | > _Routing traffic over untrusted home /office ISP_ | | With TLS v1.3 and DoH / DoT, I think VPNs may no longer be | required if "hiding traffic" is the only need. Hiding IPs, | however; (of both the client's from the server and the | server's from the ISP) would continue to require the use of | VPNs. | hiq wrote: | > With TLS v1.3 and DoH / DoT, I think VPNs may no longer | be required if "hiding traffic" is the only need. | | You, as a user, have little control over whether the | servers you connect to support TLS 1.3 and eSNI / ECH. | dgellow wrote: | The entire VPN industry is really shady. Their marketing is | entirely based on creating literal FUD (fear, uncertainty, | doubt) and sell their service as the perfect and cheap | solution. The presence they have on youtube ads and other | mainstream platform ads is really disturbing. | xvector wrote: | Mullvad doesn't do this, most providers do but I agree that | this generalization is unfair to the VPN being discussed | here. | kfreds wrote: | I hear what you're saying but that generalization isn't fair. | | Check out IVPN for instance. They do a lot of things right: | | https://www.ivpn.net/ethics/ | kibwen wrote: | You're correct that scummy, overselling advertisements make the | whole VPN industry look bad, but Mozilla's VPN is provided by | Mullvad, who doesn't engage in those sorts of advertisements. | | FWIW, I've looked into Mullvad and even had beers with some of | their programmers (all of whom appeared to be Scandinavian | anarchist/anti-authoritarian types) and I think Mozilla made an | good choice with that partnership. (Of course, don't take my | word for it; do your own research, or just host your own VPN.) | 2OEH8eoCRo0 wrote: | Mullvad is the bees knees. The cats meow. | edm0nd wrote: | A real humdinger | dahfizz wrote: | Another benefit is that VPNs raise the bar for investigation. | You are not safe from the FBI or interpol, but for "petty | crimes" like pirating you are safe(r). | | Comcast basically has automated the process of sending you a | cease and desist if they detect you are torrenting something | you shouldn't. Mozilla doesn't. | kfreds wrote: | > As far as I know, in a lot of country (like France) it is a | legal obligation to keep logs and be able to identify one of | your customer if the police demands it. | | Not for all types of services. ISPs are sometimes under | obligation to log, but VPN services don't belong in that | category. | | I can't speak for others but we have contacts with legal | experts (in a few jurisdictions) that alert us to changing | laws. Ultimately if a country required us to start logging we | would just cancel all of our machines there and leave. | | On the topic of trustworthiness, you are completely right of | course that VPN users put a lot of trust in their VPN provider. | There is also the lemon market aspect - the information and | competence asymmetry between user and operator. That begs the | question of how to ascertain trustworthiness. | | We think things like this help: | | https://mullvad.net/blog/2018/10/17/signals-trustworthy-vpns... | | https://mullvad.net/blog/2019/6/3/system-transparency-future... | potency wrote: | I would love to use Mullvad, but I need split tunneling on a | per-process basis (Windows), since there is the occasional | website that hates VPN-based servers. I have a special | browser installation I use for such occasions, but few VPN | providers offer per-process VPN exceptions. Any chance | Mullvad is considering this feature? | xvector wrote: | Have you considered running a SOCKS proxy outside of | Mullvad (ie on a Raspberry Pi or in the cloud?) | | You could then use Firefox Multi-Account Containers to bind | a container to the SOCKS proxy, and whenever you need to | access a site that doesn't support a VPN you can just open | it with in said container. | chelmzy wrote: | Are you an employee at Mullvad? Just want to say thank you | for the excellent product and does Mullvad plan to except | Monero in the future? | kfreds wrote: | Hi! Thank you. I'm pretty sure it's on the roadmap. | [deleted] | warabe wrote: | Off topic, but... | | Is Mozilla VPN going to be available in other countries in near | future? I would like to hear the roadmap from Mozilla folks. I | live in Japan and am wondering when it would become available in | my country... | Shadonototro wrote: | what's the added value compared to just using mullvad? | | seems like a way for mozilla to gain shares without much effort? | kinda disappointing | [deleted] | opheliate wrote: | It's really disappointing to me that Mozilla VPN didn't support | Linux from the get-go, and even now, from their FAQ [1], | apparently only supports Ubuntu. The code for the client is open | source, and can be built on other distributions, but the more | pressing question to me is why their own client is necessary at | all. Mullvad (which this VPN is based on) allows you to just | download WireGuard/OpenVPN config files, which you can use with | your own, more widely used/trusted client. The only reason I can | see for Mozilla to require the use of their own client is to | enforce their device limit, which really leaves a sour taste in | my mouth. I don't think their desire to impose the device-limit | should outweigh the security implications of disallowing me from | using the standard WireGuard client. | | I _want_ to give Mozilla my money for this, but it 's really | annoying how unfriendly its implementation is. | | 1: https://www.mozilla.org/en-GB/products/vpn/#faq- | compatibilit... | zaarn wrote: | The device limit is enforce on Mullvad's side already. It's 5 | devices, even if you use other client (tracked by simultanously | connecting IPs IIRC with some leeway for spikes). | Spivak wrote: | Like it's absolutely wild that their VPN implementation | _requires_ their client to work. Basically every other VPN | provider will expose endpoints for IPSec, OpenVPN, WireGuard, | etc. etc. for instant compatibility with clients that can 't | run your pretty app. | | Sad that PIA tanked their rep because their Linux support was | top notch. They even had a script that would set up | NetworkManager profiles for you. | fullstop wrote: | They still have scripts for generating configs manually -- | maybe not NetworkManager, but I use it on a server to | establish a wireguard tunnel. | | https://github.com/pia-foss/manual-connections | pnutjam wrote: | What "tanked their reputation"? I've been using them for | years. | DanAtC wrote: | https://news.ycombinator.com/item?id=21612488 | kfreds wrote: | Hi! I'm one of Mullvad's founders. | | I can't speak for Mozilla, but we have our own desktop and | mobile apps because it enables us to do more privacy-preserving | things with a higher assurance. Consider for instance DNS | leaks, Teredo leaks, IPv6 leaks, esoteric DHCP directives that | can hack your routing tables, and so on. | | And these are just a few of the things we were early in | mitigating correctly. Consider also the tight relationship | between UX and security, and it is clear that we can't rely on | "generic VPN clients" to always agree with our design and | security preferences. That doesn't mean they are wrong and we | are right of course. It's just that we have a very specific | mission. | | One architecture decision we made for our app was to write its | backend in Rust, and integrate tightly with the firewalls on | Windows, macOS, and Linux. It facilitates stability and | therefore reduces the risk of states where data leak outside of | the tunnel. Check it out, it's open source. As all security- | related things should be. | | https://github.com/mullvad/mullvadvpn-app | Spivak wrote: | But it throws compatibility with devices that don't support | your client out the window. Like I might want to have an | entire VLAN on my home network route all traffic through the | VPN which would happen through my router. But my router only | supports common VPN protocols like IPSec, OpenVPN, and | WireGuard. | | Sure, I _could_ make it work with a separate Linux server | running your app and some routing but that 's far more work | than most other VPN providers. | | I'm fine with warnings in your UI about connections with | these protocols being "less secure" like how Zoom handles E2E | with phones. | purjolok wrote: | Mullvad also provides OpenVPN and Wireguard config files. | | https://mullvad.net/sv/help/tag/other-vpn-software/ | Spivak wrote: | So then what's with all the claims that Mozilla VPN | doesn't work with them? I held off trying Moz's VPN | service because of people saying it didn't work and not | finding any official support. | opheliate wrote: | While Mullvad provide those configuration files to | customers who use their service directly, customers who | are subscribed to Mozilla VPN don't have access to these | configuration files, which is what makes it especially | irritating to me. | wintermutestwin wrote: | I think the market segmentation is that more savvy users | would bypass Mozilla and sub directly with Mullvad. | Spivak wrote: | Which is fine except that I would go with Moz VPN | specifically because I want to give them money. | | Mozilla seems to make it really hard to pay them for | goods and services. | opheliate wrote: | Hi, thanks for the response. I'm a big fan of Mullvad's | approach to creating a VPN, and I'm hopeful that more | companies will follow in your path. I've been using your | service for a few months now, and I'm really satisfied with | it. | | I should perhaps have been clearer when I referred to generic | VPN clients, I was talking about the original WireGuard | implementation by Jason Donenfeld, not just some random | software, which I would hope you agree is a (sufficiently) | secure implementation when used by technically proficient | users? I do appreciate that there are reasons for having a | specific client for your service, and it is absolutely | necessary for those who are new to VPN apps, but I would hope | you appreciate the reasons for providing implementation- | agnostic WireGuard/OpenVPN config files, since your own | service does so? | | Regardless, thanks again for the work you're doing in this | sector, and best of luck for the future. | kfreds wrote: | Thanks! Yes, I completely recognize that many users prefer | to download a generic configuration file for WireGuard or | OpenVPN. In our case we want to support that use case. At | the same time encouraging use of our own app allows us to | invent to a much greater extent. And mitigate risks. | | There are plenty of VPN clients, some by big enterprise-y | networking companies, that at least historically have | behaved in ways that leaks the user's traffic when | interfaces change, on DHCP issues, tunnel disconnections. | It's just easier to make our own app and be able to say | what it does and doesn't. And that nothing will change | tomorrow because of someone else's design decision. :) | input_sh wrote: | I absolutely love your service and will definitely renew it | considering my one-year license is close to expiry. | | Any reason why you don't use a PPA or something to auto- | release updates? I've postponed an update quite a few times | because the friction of going to your website, downloading | it, and then upgrading the package is just a bit too much in | certain situations. | | Other than that my only gripe with the app is that I can't | close it from the app indicator, but have to re-open it, | click on the settings, and _then_ choose "quit app". | kfreds wrote: | Hi! I'm glad to hear that! Regarding PPA etc I can't say | for sure since I don't lead the app team and don't want to | interrupt their work day. I'll relay your comment though. I | hope that's OK. | IgorPartola wrote: | This is great to see. I highly recommend your team look | into it. Setting up a PPA (or even just your own APT repo | on S3) is extremely simple and is a robust way to push | out updates. I would be happy to do a few hours of | consulting for your team to help get this done. | tgragnato wrote: | This is great for non-techies, but I want to control my own | traffic, customize the behavior of my VPNs, ... | | Any deviation from the standard implementation, open source | or not, is a hindrance. | trillic wrote: | Mullvad allows you to use any Wireguard public key you want | on your account, you can just use the standard client, | generate your own keys, and do your own config. | | Not an employee I just like the service. | wintermutestwin wrote: | I thought Mullvad recommends WireGuard and that your app uses | OpenVPN? On Mac, WireGuard is certainly faster to connect and | more stable than the Mullvad app. | kfreds wrote: | Hi! No, our app uses WireGuard by default. | | https://mullvad.net/en/help/wireguard-macos-app/ | jrootabega wrote: | No warrant canary, from what I can see. | rubyist5eva wrote: | Killswitch and split tunneling are the only things that are | keeping me from using it, I want to give Mozilla my money...come | on man. | fulafel wrote: | What does split tunneling mean in context of a public VPN? | jonny383 wrote: | Mozilla: a corporation funded by a spying company with a recent | shady record of injecting stuff into products secretely (hello Mr | robot). What could go wrong in this thought crime? | kijin wrote: | I would prefer something a bit more granular than changing my | device's network configuration and sending all of its traffic | through the same VPN. Just because I want to watch a movie | through a server in another country doesn't mean that I also want | my video chat app or stock trading app to take the same detour. | | Since this is Mozilla, how about a Firefox extension that passes | all Firefox traffic through a VPN, like Tor Browser does, but | doesn't touch any other app? That would differentiate it from | most of the other VPN offerings out there. Currently my go-to | solution is to set up a local SOCKS proxy with an SSH tunnel and | point Firefox at it. It's good enough for testing, but not all | services work properly when accessed that way. | npteljes wrote: | I completely agree with this. If Firefox worked this way, or | even just some special tabs of it, that would be great. Brave | has TOR tabs AFAIR. Also an easy to use app would be great that | can manage other apps' network connections - some could be | blocked, some could be redirected through a VPN, etc. | acatton wrote: | I genuinely don't understand what is the incentive for using | Mozilla VPN? I'm a Mozilla and Firefox fanboy, but this new | product had me sceptical since the beginning. They literally | bring nothing to the table except their brand name. They don't | even do the server side, but just resell Mullvad's infrastructure | with their brand. | | I'm already a Mullvad customer, and if I were to switch to | Mozilla VPN: | | * It would not be available in my country (Germany) right away | | * I would have to join a waitlist | | * I would have to pay with my credit card, instead of cash-by- | mail. (Great privacy improvement! /s) | | * I would have to use Mozilla's GUI instead of the wg-quick CLI. | (The use of wg-quick is documented by Mullvad in addition to | Mullvad's GUI, but I haven't found any wg-quick documentation on | Mozilla VPN) | | All of this for the same infrastructure, the same service (number | of devices, ...) at the same price. What the hell are you doing | Mozilla?! | unethical_ban wrote: | >They bring their brand name | | To someone who isn't a leet hacker or SW dev, that is the ball | game. Firefox and Mozilla aren't household, but millions of | less-technical people know of them. Rather than getting their | VPN (if they even know the value proposition) from some podcast | advertisement, Mozilla is saying "Hey, this kind of service | gives you privacy and we stand behind it". | | I use it upon occasion. It's dead simple to purchase, set up on | any OS and I trust Mozilla not to send me to a shady backend. | | If you already have VPN and they don't offer it in your | country, they clearly aren't targeting you. | jraph wrote: | > It would not be available in my country (Germany) right away | | You could use a VPN to make it look like you are in a supported | country. | Iv wrote: | > They literally bring nothing to the table except their brand | name. | | Isn't it the most important thing for a VPN provider? You want | a company that is privacy-conscious, not one that logs your | traffic and sells it or open it to the various TLAs of the | world. | givemeanaccount wrote: | >* I would have to pay with my credit card, instead of cash-by- | mail. (Great privacy improvement! /s) | | Do you download your configurations from the Mullvad website | over Tor via their onion service 100% of the time? | | Do you connect to Tor before connecting to Mullvad in your VPN | client? | dewey wrote: | It's as simple as that: You are not the target group. | | If a regular consumer searches for a VPN product they get a | million results, all with different deals and they'd have to | figure out how to find the best one and will still be around in | a year. If they already trust the Mozilla brand they'll go with | that. Just like people go with stock apps on their computer | over some maybe better third party app. | JohnBooty wrote: | If a regular consumer searches for a VPN product | they [...] have to figure out how to find the best | one and will still be around in a year. | | Yep! It's a Mozilla product, so there's no guesswork and no | worry. You _know_ it won 't be around in a year! | wnevets wrote: | > They literally bring nothing to the table except their brand | name. | | That has been enough for me. I generally trust Mozilla when | they say privacy first and if I'm going to give my money to a | VPN provider I rather give it to Mozilla than say NordVPN. | [deleted] | baseballdork wrote: | I was also a mullvad customer and wanted to switch to Mozilla | VPN specifically because it seems to be one of the only ways to | support the browser. At the time they didn't support linux at | all, but someone wrote a tool[0] to squirt out the necessary | configs to use with wg-quick. When I saw that, I pulled the | trigger and haven't looked back. | | [0] https://github.com/NilsIrl/MozWire | lucideer wrote: | > _it seems to be one of the only ways to support the | browser_ | | Is this the case? Is income from Mozilla VPN put toward | Firefox development? | | If it is, that info should be front-and-centre; they'd have a | lot more customers I think. | passivate wrote: | >I genuinely don't understand what is the incentive for using | Mozilla VPN? I'm a Mozilla and Firefox fanboy, but this new | product had me sceptical since the beginning. They literally | bring nothing to the table except their brand name. They don't | even do the server side, but just resell Mullvad's | infrastructure with their brand. | | The incentive for you is that Mozilla will keep Mullvad under | close watch and make sure promises are kept - so you don't have | to. Furthermore, there is no limitation for Mozilla to not seek | other partnerships and/or develop the server side service | themselves - they have the in-house dev talent to do so. | | So, yes, they do bring quite a lot to the table besides their | brand name. | IgorPartola wrote: | I signed up for Mozilla VPN instead of Mullvad for a two | reasons: | | 1. It was priced in USD. | | 2. The price is a flat monthly $5. They don't offer discounts | for longer contracts. | [deleted] | jorvi wrote: | > 2. The price is a flat monthly $5. They don't offer | discounts for longer contracts. | | This is something Mulvad has been doing since 2009.. | | https://mullvad.net/en/pricing | IgorPartola wrote: | Ah yes, that's correct. My bad, I confused them with | someone else I was also looking at, at the time. | Black101 wrote: | If Mullvad doesn't know who the customers are, that would be | the only possible upside? | Cu3PO42 wrote: | But they don't really know that anyway. Your account is just | a number and when you mail cash you include a token that they | can tie to your account number. | | Obviously they could log your IP address (which they promise | not to), but that's an issue even if you go through Mozilla | to purchase the service. | jdiez17 wrote: | I wonder if the cash-by-mail payment option creates some | kind of legal liability for Mullvad. If it suddenly became | very popular, I would imagine the financial authorities | would be rather unsatisfied with "oh, we receive a bunch of | cash from anonymous customers by mail, nothing dodgy | here..." | duxup wrote: | I like Mullvad and supporting Mozilla. | Fergusonb wrote: | If you're using mullvad you have likely already done a lot of | research on which provider you want to use. | | A lot of consumers are interested in a quality VPN but wouldn't | do this kind of research. | | Mozilla provide additional eyeballs and billing support, and | mullvad provides the service itself. It's a mutually beneficial | transaction. | | They're not in competition for your money, they're targeting | different demographics. | lucideer wrote: | > _they 're targeting different demographics_ | | This is the question though: who are these demographics? | | I know Mozilla likely have a lot more data on this than I, | but who is using Firefox / interested enough in Mozilla to | read their marketing & research their VPN offerings, but is | simultaneously not someone who would research VPN providers | in general / use Mullvad? What is this techie/non-techie | interested/not-interested hybrid person? | ruined wrote: | that demographic is huge. most people under 40 today have | grown up watching the surveillance industry establish | itself, and those with any consciousness of their own | vulnerability want to take action to minimize their surface | area. until recently that's been extremely difficult and | technical, but now firefox with container extensions, | adblockers, and a VPN are all easily approachable for the | average person, and they're all under one brand. | kovac wrote: | I think most under 40 don't know that Google Chrome and | Google Search are two separate things let alone VPNs and | containers. | | When these people say "surveillance" they mean they think | that Facebook magically hears it when they say something | out loud and they start seeing ads for it. We engineers | overestimate the awareness average user has about | technology. | hu3 wrote: | > that demographic is huge. | | I just asked "who knows what VPN means" in IM group of | non tech savvy folks, most under 35. No one knows. | | Perhaps among us Firefox users that's different but | certainly "most people under 40 today" wouldn't know even | what VPN means. | oarsinsync wrote: | > most people under 40 today have grown up watching the | surveillance industry establish itself | | I'm not sure "watching" is the correct word. | | > those with any consciousness of their own vulnerability | want to take action to minimize their surface area | | This is a pretty small minority, as demonstrated by the | number of people that continue to use Google and Facebook | properties by choice (refering to their actual services, | not their pervasive tracking around the Internet at | large) | | > firefox with container extensions | | As a more-technical-than-average person, my experience is | that attempting to get all Google services running in a | specific google-only firefox container is a non-trivial | and extremely painful experience, as there doesn't appear | to be a way to simply add *.google.com to the 'always | open in this container' list, so each subdomain needs to | be added individually. And then youtube. | | > adblockers | | Adblocks can break the check-out flow on multiple | ecommerce sites. "Don't shop there" doesn't fly when | that's the only online outlet that has the shoes she | wants. What's the workaround? Spend a while working out | what's causing the flow to break, and find a way to | explicitly whitelist that domain for that site? Nope, | just disable the adblock entirely and hope you remember | to re-enable it once you're done. | lucideer wrote: | > _now firefox with container extensions, [...] are all | easily approachable for the average person_ | | I think you might be in a bubble of you think the average | person is using container extensions. There aren't even | that many average people using Firefox anymore, least of | all any extensions beyond adblockers (which still only | reach at most 20% in general, including the all round | more average Chrome users) | | <off-topic-rant> Add to that there aren't even any | container extensions that work well: the official Mozilla | one doesn't support management of domain lists, and the | best alternative (Containerise) is still limited and | poorly supported (has outstanding bugs with things as | simple as the www prefix). As for the individual site- | specific options, the Google one is an all or nothing | affair; there is no way to separate your traffic within | Google's ecosystem, nor outside it: there's effectively | two "zones", similar up Private Mode. | | I wouldn't recommend containers to an average user in | their current state | karmickoala wrote: | I'm one of those incongruent persons. Being wary of many | VPN services, I never committed to using one, although I | really wanted to start. Of course, I am aware of Mullvad | and I could still skip the intermediary. However, I trust | Mozilla more, as I've been following them for so long. | | It sounds funny, because I do acknowledge exactly what | you're saying. I'm in tech, interested in using VPN for | years. I researched some, but was put off if they would | mishandle my data. In the end, it will be Mullvad who will | be dealing with my data, after all. But now I kinda trust | them more after Mozilla. | | I know it sounds illogical, just explaining how I feel | about this. | ivanhoe wrote: | I for one would trust far more to Mozilla foundation's | brand than any random small VPN company to not abuse the | user's trust or lie about its actual practices. From what | I've been reading most of VPNs on the market actually have | some level of privacy flows, so it's not such an easy | choice as it might seem - especially for people outside of | US. | recursive wrote: | Me. I trust the Mozilla name, yet have never heard of | mullvad. | mplewis wrote: | Anyone who uses Firefox as their browser, wants to start | using a VPN, and has not yet done significant research on a | VPN. | kyawzazaw wrote: | > A lot of consumers are interested in a quality VPN but | wouldn't do this kind of research. | | In that case, they will probably use NordVPN or ProtonVPN | CharlesW wrote: | Wait, is NordVPN something an educated VPN consumer should | not use? I switched from PIA after their acquisition, so | now I'm wondering what I missed. | Karunamon wrote: | They had a pretty wicked breach (for nearly an entire | year) a while back: https://nordvpn.com/blog/official- | response-datacenter-breach..., and I've also heard their | rather expansive marketing (the usual youtube | personalities) brought up as a negative, but that one | doesn't register much for me. | ev1 wrote: | No one educated should be using NordVPN, more or less. At | best it might be acceptable to throw a ton of torrents on | as long as you don't use their terrible proprietary | client. | | Even the front page is already freely giving away tons of | data to multiple analytics providers. | | Basically any VPN with an affiliate scheme you should | stay away from. NordVPN, Ivacy, VPN Unlimited, | FastestVPN, etc explicitly, run like fuck. The more "YOU | ARE UNPROTECTED REGISTER NOW!" the faster you should run. | | NB: I am a power user/developer, but I do not use either | company. Objectively, a basic eyeball comparison (match | bullet point indexes): | | Mullvad: | | - Says "Not using Mullvad" / "Using Mullvad" (a neutral | statement) | | - Shows their company address and registered location at | the bottom of every page | | - No on-page analytics | | - No third party includes | | - One price | | NordVPN: | | - "Your Status: Unprotected" | | - "Copyright NordVPN.com" only | | - Multiple on-page analytics and third parties | | - Loads google tag manager, google analytics, bing | marketing, youtube, third party web surveys, zendesk, | twitter ad pixel, google ads, bing, cloudflare, ada | chatbot, ravenjs, processout, multiple fingerprinting and | persistent device identification/tracking services (also | performs webgl/font iteration/plugin iteration/canvas | fingerprinting, etc) | | - Repeated upsells, lying to you about price (see JS for | fake "sale ends in x seconds" countdown timers that | attempt to induce FOMO and more), packed with dark | patterns; "9 hours left easter special TODAY ONLY" - same | sale that has been running for years | CharlesW wrote: | Thanks, I appreciate the thoughtful reply! Do you use | Mullvad? ( _kyawzazaw_ , I'm interested in what you use | as well.) | gsich wrote: | Depends. If you only need a VPN to get around geo- | restrictions you can use anything. | bassdropvroom wrote: | That's right. I use NordVPN because I got suckered into | it using their terrible tactics (the whole 67% off for a | limited time only offer that's been running for the past | what, 3 years?), because stupidly I didn't do any | research, but in general I only use NordVPN for _ahem_ | torrents. All else, I 'd trust my ISP more than NordVPN. | scrose wrote: | I used to use Mullvad, but a lot of their servers were | blocked for shows my wife wanted to watch and even on | Netflix. I've had much better luck with ProtonVPN for that | reason. | Semaphor wrote: | I think for Netflix there are dedicated VPNs where | privacy is less important than frequent IP changes ;) | xvector wrote: | Mullvad is simply better than Nord and Proton by a lot. | Their policies are more detailed, you can pay with cash and | crypto, your accounts aren't associated with any | identifying information or email, they describe what | exactly is stored in their database tables, they support | WireGuard by default, their client engineering team seems | more knowledgeable, etc. | miniyarov wrote: | If anyone wants to have a mobile app that creates VPN on | DigitalOcean, AWS or GCP checkout ZudVPN.com | (https://github.com/zudvpn/ZudVPN) | | Completely transparent server cloud init: | https://github.com/zudvpn/ZudVPN/blob/master/src/providers/D... | skinkestek wrote: | > I genuinely don't understand what is the incentive for using | Mozilla VPN? | | Supporting browser development instead of Mozilla Foundation. | | This way at least they pass through the hands of the | organization that does the most important work. | | (Nothing against the other issues but right now the browser | should be their top priority and I was massively annoyed when I | found that donations towards the foundation _couldn 't be used | for browser development_ and the browser.) | [deleted] | pmurt7 wrote: | I switched to Brave, I feel it's the new Firefox really (both | Brave and Firefox were founded by Brendan Eich). IPFS, Tor, | built-in ad blocker in Rust, crypto, that's what I want in my | browser. VPN is so 2010. | approxim8ion wrote: | >VPN is so 2010 | | https://brave.com/firewall-vpn/ | gregjw wrote: | I honestly just thought this was a reskin on top of Mullvad | jdewitt wrote: | I can't find a single reason why Mozilla should be wasting | resources on VPN when there are already plenty of companies on | that grind. | | I can't find any good reason for encouraging people to circumvent | network controls, or throw more networking complexity into what | was previously very simple for users. | | The constant marketing of 'you need a vpn' is super counter | productive for users because they have no idea what it even is, | what it can break, or why they needed it in the first place. I've | run into plenty of folks that said they use vpn because someone | offered it to them for free, not because they needed it for any | reason. | | It's stupid shit like this that makes the development of their | key software languish. | IgorPartola wrote: | I didn't need a VPN until I did: | | Recently visited family in a different state and stayed with | them for a week. They had a fast internet connection but | something in their router made establishing a new TCP | connection take forever. I bought a subscription to Mozilla VPN | and viola, now my TCP connections open quickly again. Also | bonus: I don't pollute their ad results with my searches. | | While yes I could dig into their router problem, they had no | issues with how things worked and I needed to get work done. | yoavm wrote: | I don't understand what can be so hard about "supporting" more | countries? It's the internet. Anyone can access your servers. | International credit card charging was invent decades ago. Take | my money. | eli wrote: | Don't a bunch of countries have laws about VPNs? | tyingq wrote: | Probably that fraud detection doesn't work well enough in some | countries to make more money than you spend. AVS, for example, | is only available in the US, UK, and Canada. It sucks, but for | some types of services, there's an army of people trying to use | stolen CC numbers. | anoncake wrote: | The only three countries that have sufficient fraud | protection for AVS are anglophone? I don't think that is the | (only) reason here. | tyingq wrote: | Not speculating on why, but yes, those are the only | countries that do AVS. Though AVS is just part of it. They | support Singapore, which doesn't do AVS. So apparently | whatever fraud protection is available there suffices. | | Also, it's available in New Zealand, but not Australia, | which is a fairly large anglophone population. | f6v wrote: | From their website: | | > No logging of your network activity | | Does it mean I can torrent whatever I want? I mean, if there's a | copyright notice, how're they going to know it was me? | notRobot wrote: | > Does it mean I can torrent whatever I want? | | Yes | edm0nd wrote: | Just use a private tracker site. Copyright and DMCA notices are | a thing of the past if you are using private torrent groups and | trackers. | f6v wrote: | I was just wondering how they'll respond to any copyright | notices if they don't log network activity. | hexis wrote: | Why would anyone trust Mozilla with their private browsing data? | https://blog.mozilla.org/blog/2021/01/08/we-need-more-than-d... | kaba0 wrote: | Supporting the transparency of politics has nothing to do with | user privacy. Mozilla has an excellent track record on the | latter and they put up a great fight in a seemingly lost | battle. | JustFinishedBSG wrote: | Can someone explains what's the point of "VPNs" (VPT in reality, | there's no network here, just a tunnel) ? | | I see the point of having a VPN to my own network but paying for | a tunnel to some random place.... why ? | ajsfoux234 wrote: | A few use-cases I can think of: GeoIP spoofing (watching | streaming shows not available in your country), bypassing IP | bans from places, preventing DMCA letters from torrenting, and | getting past restrictive firewalls that block websites | Aaronmacaron wrote: | Here's a few reasons: | | - You trust the VPN provider more than your ISP | | - You want to circumvent geoblocking (Netflix, Sports | broadcasts, etc...) | | - You have to use an untrusted Wi-Fi | | - You want to circumvent your government blocking certain | websites/services | ForHackernews wrote: | Here, I'll get this over with quick: | | Argle bargle Mozilla bad something something Pocket integration, | Firefox isn't even that fast grr Brendan Eich, one time | Thunderbird loaded a tracking pixel. | vehemenz wrote: | You forgot dropping XUL extension support | tored wrote: | If you as a company, like Mozilla, pushes for deplatforming and | similar anti-freespeech measures, demand for VPN services will | definitely increase. So congrats on your new VPN service, | Mozilla, and hats off to the 4D chess players at the marketing | division. | natch wrote: | What deplatforming and anti free speech measures is this | talking about? | zo1 wrote: | I was curious about the above question, so I did a basic | google search out of curiosity. Not sure if this is | disturbing, ironic or funny, but here is a blog post from | Mozilla: "We need more than deplatforming by Mitchell Baker" | | https://blog.mozilla.org/blog/2021/01/08/we-need-more- | than-d... | | Edit. Added title of the link. | teddyh wrote: | The way I always hear it, the title of a Mozilla blog post | was " _We need more than deplatforming_ "1, which was/is | interpreted by some to be an endorsement of deplatforming. | | 1) https://blog.mozilla.org/blog/2021/01/08/we-need-more- | than-d... | akalsz wrote: | > which was/is interpreted by some to be an endorsement of | deplatforming. | | How else could one interpret it? I'm genuinely curious, as | I thought they were pretty clear about it (emphasis mine): | | > We need solutions that don't start after untold damage | has been done. | | > Changing these dangerous dynamics requires _more_ than | just the temporary silencing or permanent removal of bad | actors from social media platforms. | | > _Additional_ precise and specific actions must _also_ be | taken: | teddyh wrote: | Imagine that you wanted to advocate _against_ | deplatforming, specifically by suggesting better ways to | accomplish common laudable goals. However, you can't | argue directly _against_ deplatforming, as this instantly | labels you a Trump supporter (and might get you | deplatformed). So what could you do? | | I am not claiming any secret knowledge about what Mozilla | was or is thinking, but what they wrote can certainly | also be interpreted in this light, too. | duxup wrote: | I'm not sure how to ask this, but do you really believe this | "4D chess" theory? | cyberlab wrote: | I don't like that it's tied to your Mozilla account, which I | never used anyway because I like to keep strictly local copies of | my credentials using Keepass. Storing secrets in the cloud comes | with a risk. Someone (hello NSA) will use your encrypted cloud- | based vault as target practice and try to crack it. With a local | copy, only I can access it. | miniyarov wrote: | If anyone wants to have a mobile app that creates VPN on | DigitalOcean, AWS or GCP checkout ZudVPN.com | (https://github.com/zudvpn/ZudVPN) | | Completely transparent server cloud init: | https://github.com/zudvpn/ZudVPN/blob/master/src/providers/D... | theshrike79 wrote: | Isn't Mozilla VPN just rebranded Mullvad? The only difference is | that you can get Mullvad anywhere and pay anonymously without any | accounts. | forgotpwd16 wrote: | Also Mullvad's app has been audited. | zo1 wrote: | I'm curious - Have their servers and processes been subjected | to any audit like that? | kfreds wrote: | https://mullvad.net/en/blog/tag/audits/ | zo1 wrote: | Thanks for the link! | Thursday032521 wrote: | It looks like it uses Mullvad servers, but is otherwise its own | software. | | It uses WireGuard, an open VPN protocol, so it's not | necessarily forever anchored to Mullvad. | nargek wrote: | Mullvad provides both OpenVPN and Wireguard. | RL_Quine wrote: | "Being its own software" is sort of meaningless. | | It's Mozilla white labeling an anonymous VPN service (ie, we | don't know who runs it). | NikolaNovak wrote: | >>"we don't know who runs it" | | I thought it's owner regularly comments / joins in on | hacker news... I didn't feel like I don't know who's | running it? | | Edit : quick search turns two very relevant posts: | | https://news.ycombinator.com/item?id=24169684 | | https://news.ycombinator.com/item?id=23567530 | RL_Quine wrote: | The website of Mullvad itself has essentially no | identifying information, and that's fine and perfectly | reasonable, it's just got to be part of your threat model | of using the thing. Mozilla whitelabeling the service and | giving it a well known reputation is another thing | entirely. | NikolaNovak wrote: | Hmm... I may not fully understand what you're looking | for. From their website: | | "Who owns Mullvad? The Mullvad VPN service is operated by | Mullvad VPN AB which is a subsidiary of Amagicom AB. Both | companies are 100% owned by founders Fredrik Stromberg | and Daniel Berntsson." | | Location, Company name, individual names of | founders/owners. What other "identifying information" | would satisfy? | | I found their FAQ, blog and guides tremendously helpful, | transparent and upfront. There's a wealth of info with | just a couple of clicks. | admax88q wrote: | The rise of VPNs signals to me that we as an industry have given | up on end to end encryption. Instead VPNs try to encrypt the | "first hop" with the assumption or hope that the networks further | down the line are "secure" | | Being on an "unsecured" local network shouldnt be an issue for | security. | EveYoung wrote: | How has the industry given up on encryption? In recent years, | HTTPS became the new standard and most apps are forced to use | encrypted connections as well. Just because VPN ads are calling | local networks "unsecure" doesn't mean that they are a true | risk. | admax88q wrote: | Not encryption in general, but end to end encryption. ___________________________________________________________________ (page generated 2021-03-31 23:00 UTC)