[HN Gopher] Latest Mozilla VPN features
___________________________________________________________________
Latest Mozilla VPN features
Author : alexrustic
Score : 203 points
Date : 2021-03-31 11:26 UTC (11 hours ago)
(HTM) web link (blog.mozilla.org)
(TXT) w3m dump (blog.mozilla.org)
| maeln wrote:
| I feel like most of those VPN services are using very borderline
| marketing and like to keep a lot of information blurry.
|
| As far as I know, in a lot of country (like France) it is a legal
| obligation to keep logs and be able to identify one of your
| customer if the police demands it. Therefore, if you have server
| in France or any country with similar rules, you can't operate a
| "0 log" service. And since those kinds of services have servers
| everywhere (and it is even one of their selling point), it is
| extremely unlikely that they don't keep you data and will hand it
| to the police (willingly or not) if requested.
|
| And if their own server get breached, you can get the info of all
| the customers who used the breached server.
|
| So I find the claim of those services that they provide "more
| privacy" pretty lousy. Yes they do hide your IP addresses, but
| that's far from being the only data use to fingerprint you. And
| if it is to protect you against a Wi-Fi that you don't trust or
| your ISP, sure it works, but you move the trust from them to your
| VPN provider.
|
| Fighting against geofencing is good though.
| cyberlab wrote:
| I agree. A VPN should only ever be used for the following:
|
| - Shifting traffic over a VPN when using untrusted/sketchy wifi
| hotspots
|
| - Spoofing your geo-location to use geo-specific content
|
| And that's it. If privacy is your goal, Tor is much more
| suitable since it's not a single-hop proxy like a VPN and
| compartments all your traffic. (But of course Tor is not a
| silver bullet and there are caveats).
| vehemenz wrote:
| Depends on the VPN.
|
| ExpressVPN is HK/CCP owned, so I wouldn't worry too much
| about my privacy being violated for petty copyright
| infringements (BitTorrent).
| mistersquid wrote:
| > ExpressVPN is HK/CCP owned
|
| Thank you for this callout. Had no idea.
|
| Comparing VPN services, I've found ExpressVPN to be highly
| rated. The aforementioned callout means ExpressVPN may not
| be the best service for me.
|
| In lieu of specific technical criteria regarding VPN
| services, who are the go-to (aka "top of mind" or "A list")
| providers that privacy conscious, technically adroit (e.g.
| web dev with some sysadmin knowledge but little networking
| knowhow) users prefer?
|
| In other words, I'm looking for VPN recommendations but no
| longer trust my own Google-fu (advert rabbit hole) to
| discern what is a "good" choice.
| kaba0 wrote:
| I personally use ProtonVPN.
| schmorptron wrote:
| I've never used any vpn myself, but whenever I come
| across the topic in tech circles people seems to
| recommend mullvad. Can't vouch for them or anything, but
| might be worth looking into.
| imposterr wrote:
| Mullvad is probably the best choice for most. It's the
| company Mozilla is relying on for their VPN service as
| well.
| voidmain0001 wrote:
| VPNPro doesn't list ExpressVPN as having Chinese ownership.
| Wikipedia[1] claims it operates in the British Virgin
| Islands, and Quora claims the same. That written, a comment
| on Quora claims that it's owned by the CIA. Ha ha!
|
| [1] https://en.wikipedia.org/wiki/ExpressVPN [2]
| https://www.quora.com/Who-owns-Express-VPN
| vehemenz wrote:
| The company in the British Virgin Islands is a shell
| company with HK ownership, AFAIK.
|
| With the CCP taking over HK, ExpressVPN could be used to
| gather information on domestic dissidents and foreign
| visa holders. Assuming it's not already.
| philliphaydon wrote:
| You don't need to be based in BVI to be registered as a
| business there.
|
| (Weather or not they are owned by CCP or anything like
| that I have no idea, I'm just saying that being
| registered in BVI doesn't mean it's not possible for them
| to be owned by a CCP or anyone else)
| qw3rty01 wrote:
| Tor is _explicitly_ not private, only anonymous. The end node
| can see all the traffic you send through it if it 's not
| encrypted. If privacy is your main concern, tor is definitely
| not the right tool to use.
| cyberlab wrote:
| > TOR is explicitly not private, only anonymous
|
| It depends on how you use Tor. For example, visiting your
| own personal homepage and then using the same relay to
| visit a NSFW site would be bad OPSEC. Also, Tor comes pre-
| installed with HTTPS Everywhere, and you can toggle a
| setting that disables _all_ http traffic if you 're worried
| about sketchy exit nodes analyzing your plaintext traffic.
|
| Remember: Tor can't read your mind. If you want true
| anonymity you have to go through extraordinary lengths to
| achieve it, and even then, you could make mistakes.
| qw3rty01 wrote:
| The caveats you're mentioning are exactly why tor is a
| bad tool if privacy is your main goal. None of those
| concerns would be an issue with a service that focused on
| privacy.
|
| Also HTTPS everywhere isn't enough; you also need ESNI,
| which requires server support.
| xvector wrote:
| And even if ESNI was ubiquitous, a malicious exit would
| simply perform a reverse DNS lookup and have very high
| certainty about which sites you're visiting.
| hnlmorg wrote:
| What about tunnelling into a trusted network?
|
| That's what a VPN is really for. The other uses are more side
| effects exploiting the encryption and tunnelling properties
| of VPN rather than the original intended purpose of a VPN.
| croutonwagon wrote:
| I think hes talking about VPN's in the context of these
| companies selling vpn services under the guise of "privacy"
| or "security". ProtonVPN, Nord, Mozillas, Mullvad and there
| are a ton others, many with less than stellar reputations
| and some that outright lie.
|
| Thats a bit separate from a road warrior, corporate vpn or
| even one that one may host on a VPS that they have full
| control over and are willing to allow the hosting provider
| still see the traffic. As in, they trust the hosting
| provider more than the transit provider. Think
| University/Campus networks, public gov networks, or even
| some ISP's or corp networks.
| hnlmorg wrote:
| I got the context. My point is that the whole "privacy"
| VPN industry is snake oil and people miss the point of
| VPNs when they buy into these services.
| croutonwagon wrote:
| I wouldn't go that far. There are some reasons that one
| could be useful. I dont personally have a use case cause
| I have other mitigations in place but i wouldn't consider
| a company like Verizon particularly trustworthy in
| general.
|
| Even Comcast has been known to inject ads. The core
| tenant of these VPN services is trust, with it they dont
| survive, but for an ISP with a de-facto monopoly thats a
| non factor. There are also plenty of sites and services
| that use IP tracking. Google is really bad but others are
| doing it behind the scenes and not telling you. Reddit
| 100% does. Amazon too. To the point that if i proxy my
| connection and try and login to one of my google accounts
| i sometimes have to verify or go through recovery.
|
| So in some cases its better than no vpn. And I wouldn't
| use any authenticated service over tor that i wish to
| keep. There are so many malicious relays and exit nodes.
|
| TOR is easily tracked at the nation-state level. China
| can axe tor traffic, even with bridges and OBFS4
| configured.
|
| With a service like nord, you can get on and do your
| thing to bypass the great wall for the most part. And the
| the great firewall drops that connection you have a very
| large pool to choose from for your next.
|
| So there are definitely some reasons I could understand
| some would use them based on their own assessments/needs.
| hnlmorg wrote:
| I get why people want proxies and such like. I'm just
| saying it's weird how VPNs have become peoples _de facto_
| go to when they want something proxied. Most of the time
| when people think they need a VPN, what they actually
| need is something else that is incidentally provided by
| VPN. As in they 're covered as a side effect of using a
| VPN rather than using a VPN for it's intended purpose.
| But I guess you could argue I'm being elitist and what
| not, which is fine. Literally the only reason I bring it
| up was because it just tickled me when someone posted on
| a nerd forum a list of the purposes of VPNs and actually
| missed off the primary role of a VPN.
| croutonwagon wrote:
| It's less elitist and more it's a simple measure that the
| masses can understand and very simple and easy to
| implement. Security is hard and security/ encryption done
| right is even harder.
|
| I have piholes with dnssec running at least upstream for
| privacy. And a vps I use as both a socks proxy and vpn
| here and there. But I have the technical know how to
| implement that.
|
| Let's say, my parents just wanted a way to make sure
| their traffic was encrypted from either their ISP or Corp
| provided iPhone. I wouldn't tell them to go build a
| Linode or use Pi-hole. They don't care. But a vpn with a
| decent trust rating with nothing more than a login would
| do it and is easily achievable.
|
| Would I still advise them to be congnizant that other
| lower level spyware may be on their Corp phone, sure,
| absolutely. But that's not always the case. My org
| doesn't do that. We give you a phone and pay for service.
| You can use your iCloud and we have the ability to lock
| it/decom it because we own it. And can lock them out of
| email but we can't run find my iPhone on it.
|
| There have been requests to our provider for more traffic
| data for x user. So even I run a vpn when using their
| data.
|
| Another example. I had a buddy going to China for a
| couple months bye wanted advice on how to secure his
| stuff. I advised him to use burner devices and chnage
| passwords yadda yadda. But then the question of accessing
| email, such as gmail came up. The great firewall is
| pretty nuts. I set him up an account on my vps and
| enabled obfs etc on the vpn.
|
| But he also used nord as a backup because he had ton of
| options there geographically dispersed. In the end, all
| he needed was nord at all. And when the firewall dropped
| his states to one node he would just reconnect. It worked
| just fine.
| Deathmax wrote:
| Unfortunately as GP has mentioned, advertising around
| these typical VPN companies (Nord, Proton, ExpressVPN,
| Surfshark and many more) tends to be very misleading. Tom
| Scott put out a good video[1] that tries to debunk
| various marketing claims.
|
| Sure there are use cases like getting around
| georestrictions, and like you mentioned you can use it to
| get around tracking. Except that for privacy and evading
| tracking you need more than just a VPN, you need to be
| doing things like adblocking, tracker blocking, clearing
| all of your cookies, not signing in to anything because
| then the service gets to link your new VPN IP with you
| again. VPN ads that sell "privacy" is snake oil unless it
| is paired with a guide on the additional things you
| should be doing.
|
| [1]: https://www.youtube.com/watch?v=WVDQEoe6ZWY
| sodality2 wrote:
| What about avoiding copyright letters?
| cyberlab wrote:
| If someone is determined enough, they just subpoena the VPN
| and ask for logs. Since a VPN is a single-hop proxy, your
| real IP is trivially exposed. Even if the VPN provider
| claims they don't keep logs. There's no way of proving they
| don't keep logs, and you need to hope the server you
| connect to is not compromised in some way. And VPN
| providers are known to use cheap colocation servers/Virtual
| Private Servers which have questionable security.
| StavrosK wrote:
| > If someone is determined enough
|
| This sweeps the entire benefit under the rug. If someone
| isn't determined enough, a VPN solves your problem.
| lordofgibbons wrote:
| Have there been any known cases of someone being
| identified for copywrite violation while using a VPN
| service?
| ComodoHacker wrote:
| - Routing traffic over untrusted home/office ISP
|
| - Censorship circumvention
| ignoramous wrote:
| > _Censorship circumvention_
|
| In some countries, censorship circumvention usually require
| sophistication that not all VPNs provide. A few like
| getoutline.com, getlantern.io, and psiphon.ca specialize in
| that.
|
| In most countries, VPNs aren't even needed to circumvent
| censorship. Apps like getintra.org, GreenTunnel employ
| simpler techniques to bypass firewalls.
|
| > _Routing traffic over untrusted home /office ISP_
|
| With TLS v1.3 and DoH / DoT, I think VPNs may no longer be
| required if "hiding traffic" is the only need. Hiding IPs,
| however; (of both the client's from the server and the
| server's from the ISP) would continue to require the use of
| VPNs.
| hiq wrote:
| > With TLS v1.3 and DoH / DoT, I think VPNs may no longer
| be required if "hiding traffic" is the only need.
|
| You, as a user, have little control over whether the
| servers you connect to support TLS 1.3 and eSNI / ECH.
| dgellow wrote:
| The entire VPN industry is really shady. Their marketing is
| entirely based on creating literal FUD (fear, uncertainty,
| doubt) and sell their service as the perfect and cheap
| solution. The presence they have on youtube ads and other
| mainstream platform ads is really disturbing.
| xvector wrote:
| Mullvad doesn't do this, most providers do but I agree that
| this generalization is unfair to the VPN being discussed
| here.
| kfreds wrote:
| I hear what you're saying but that generalization isn't fair.
|
| Check out IVPN for instance. They do a lot of things right:
|
| https://www.ivpn.net/ethics/
| kibwen wrote:
| You're correct that scummy, overselling advertisements make the
| whole VPN industry look bad, but Mozilla's VPN is provided by
| Mullvad, who doesn't engage in those sorts of advertisements.
|
| FWIW, I've looked into Mullvad and even had beers with some of
| their programmers (all of whom appeared to be Scandinavian
| anarchist/anti-authoritarian types) and I think Mozilla made an
| good choice with that partnership. (Of course, don't take my
| word for it; do your own research, or just host your own VPN.)
| 2OEH8eoCRo0 wrote:
| Mullvad is the bees knees. The cats meow.
| edm0nd wrote:
| A real humdinger
| dahfizz wrote:
| Another benefit is that VPNs raise the bar for investigation.
| You are not safe from the FBI or interpol, but for "petty
| crimes" like pirating you are safe(r).
|
| Comcast basically has automated the process of sending you a
| cease and desist if they detect you are torrenting something
| you shouldn't. Mozilla doesn't.
| kfreds wrote:
| > As far as I know, in a lot of country (like France) it is a
| legal obligation to keep logs and be able to identify one of
| your customer if the police demands it.
|
| Not for all types of services. ISPs are sometimes under
| obligation to log, but VPN services don't belong in that
| category.
|
| I can't speak for others but we have contacts with legal
| experts (in a few jurisdictions) that alert us to changing
| laws. Ultimately if a country required us to start logging we
| would just cancel all of our machines there and leave.
|
| On the topic of trustworthiness, you are completely right of
| course that VPN users put a lot of trust in their VPN provider.
| There is also the lemon market aspect - the information and
| competence asymmetry between user and operator. That begs the
| question of how to ascertain trustworthiness.
|
| We think things like this help:
|
| https://mullvad.net/blog/2018/10/17/signals-trustworthy-vpns...
|
| https://mullvad.net/blog/2019/6/3/system-transparency-future...
| potency wrote:
| I would love to use Mullvad, but I need split tunneling on a
| per-process basis (Windows), since there is the occasional
| website that hates VPN-based servers. I have a special
| browser installation I use for such occasions, but few VPN
| providers offer per-process VPN exceptions. Any chance
| Mullvad is considering this feature?
| xvector wrote:
| Have you considered running a SOCKS proxy outside of
| Mullvad (ie on a Raspberry Pi or in the cloud?)
|
| You could then use Firefox Multi-Account Containers to bind
| a container to the SOCKS proxy, and whenever you need to
| access a site that doesn't support a VPN you can just open
| it with in said container.
| chelmzy wrote:
| Are you an employee at Mullvad? Just want to say thank you
| for the excellent product and does Mullvad plan to except
| Monero in the future?
| kfreds wrote:
| Hi! Thank you. I'm pretty sure it's on the roadmap.
| [deleted]
| warabe wrote:
| Off topic, but...
|
| Is Mozilla VPN going to be available in other countries in near
| future? I would like to hear the roadmap from Mozilla folks. I
| live in Japan and am wondering when it would become available in
| my country...
| Shadonototro wrote:
| what's the added value compared to just using mullvad?
|
| seems like a way for mozilla to gain shares without much effort?
| kinda disappointing
| [deleted]
| opheliate wrote:
| It's really disappointing to me that Mozilla VPN didn't support
| Linux from the get-go, and even now, from their FAQ [1],
| apparently only supports Ubuntu. The code for the client is open
| source, and can be built on other distributions, but the more
| pressing question to me is why their own client is necessary at
| all. Mullvad (which this VPN is based on) allows you to just
| download WireGuard/OpenVPN config files, which you can use with
| your own, more widely used/trusted client. The only reason I can
| see for Mozilla to require the use of their own client is to
| enforce their device limit, which really leaves a sour taste in
| my mouth. I don't think their desire to impose the device-limit
| should outweigh the security implications of disallowing me from
| using the standard WireGuard client.
|
| I _want_ to give Mozilla my money for this, but it 's really
| annoying how unfriendly its implementation is.
|
| 1: https://www.mozilla.org/en-GB/products/vpn/#faq-
| compatibilit...
| zaarn wrote:
| The device limit is enforce on Mullvad's side already. It's 5
| devices, even if you use other client (tracked by simultanously
| connecting IPs IIRC with some leeway for spikes).
| Spivak wrote:
| Like it's absolutely wild that their VPN implementation
| _requires_ their client to work. Basically every other VPN
| provider will expose endpoints for IPSec, OpenVPN, WireGuard,
| etc. etc. for instant compatibility with clients that can 't
| run your pretty app.
|
| Sad that PIA tanked their rep because their Linux support was
| top notch. They even had a script that would set up
| NetworkManager profiles for you.
| fullstop wrote:
| They still have scripts for generating configs manually --
| maybe not NetworkManager, but I use it on a server to
| establish a wireguard tunnel.
|
| https://github.com/pia-foss/manual-connections
| pnutjam wrote:
| What "tanked their reputation"? I've been using them for
| years.
| DanAtC wrote:
| https://news.ycombinator.com/item?id=21612488
| kfreds wrote:
| Hi! I'm one of Mullvad's founders.
|
| I can't speak for Mozilla, but we have our own desktop and
| mobile apps because it enables us to do more privacy-preserving
| things with a higher assurance. Consider for instance DNS
| leaks, Teredo leaks, IPv6 leaks, esoteric DHCP directives that
| can hack your routing tables, and so on.
|
| And these are just a few of the things we were early in
| mitigating correctly. Consider also the tight relationship
| between UX and security, and it is clear that we can't rely on
| "generic VPN clients" to always agree with our design and
| security preferences. That doesn't mean they are wrong and we
| are right of course. It's just that we have a very specific
| mission.
|
| One architecture decision we made for our app was to write its
| backend in Rust, and integrate tightly with the firewalls on
| Windows, macOS, and Linux. It facilitates stability and
| therefore reduces the risk of states where data leak outside of
| the tunnel. Check it out, it's open source. As all security-
| related things should be.
|
| https://github.com/mullvad/mullvadvpn-app
| Spivak wrote:
| But it throws compatibility with devices that don't support
| your client out the window. Like I might want to have an
| entire VLAN on my home network route all traffic through the
| VPN which would happen through my router. But my router only
| supports common VPN protocols like IPSec, OpenVPN, and
| WireGuard.
|
| Sure, I _could_ make it work with a separate Linux server
| running your app and some routing but that 's far more work
| than most other VPN providers.
|
| I'm fine with warnings in your UI about connections with
| these protocols being "less secure" like how Zoom handles E2E
| with phones.
| purjolok wrote:
| Mullvad also provides OpenVPN and Wireguard config files.
|
| https://mullvad.net/sv/help/tag/other-vpn-software/
| Spivak wrote:
| So then what's with all the claims that Mozilla VPN
| doesn't work with them? I held off trying Moz's VPN
| service because of people saying it didn't work and not
| finding any official support.
| opheliate wrote:
| While Mullvad provide those configuration files to
| customers who use their service directly, customers who
| are subscribed to Mozilla VPN don't have access to these
| configuration files, which is what makes it especially
| irritating to me.
| wintermutestwin wrote:
| I think the market segmentation is that more savvy users
| would bypass Mozilla and sub directly with Mullvad.
| Spivak wrote:
| Which is fine except that I would go with Moz VPN
| specifically because I want to give them money.
|
| Mozilla seems to make it really hard to pay them for
| goods and services.
| opheliate wrote:
| Hi, thanks for the response. I'm a big fan of Mullvad's
| approach to creating a VPN, and I'm hopeful that more
| companies will follow in your path. I've been using your
| service for a few months now, and I'm really satisfied with
| it.
|
| I should perhaps have been clearer when I referred to generic
| VPN clients, I was talking about the original WireGuard
| implementation by Jason Donenfeld, not just some random
| software, which I would hope you agree is a (sufficiently)
| secure implementation when used by technically proficient
| users? I do appreciate that there are reasons for having a
| specific client for your service, and it is absolutely
| necessary for those who are new to VPN apps, but I would hope
| you appreciate the reasons for providing implementation-
| agnostic WireGuard/OpenVPN config files, since your own
| service does so?
|
| Regardless, thanks again for the work you're doing in this
| sector, and best of luck for the future.
| kfreds wrote:
| Thanks! Yes, I completely recognize that many users prefer
| to download a generic configuration file for WireGuard or
| OpenVPN. In our case we want to support that use case. At
| the same time encouraging use of our own app allows us to
| invent to a much greater extent. And mitigate risks.
|
| There are plenty of VPN clients, some by big enterprise-y
| networking companies, that at least historically have
| behaved in ways that leaks the user's traffic when
| interfaces change, on DHCP issues, tunnel disconnections.
| It's just easier to make our own app and be able to say
| what it does and doesn't. And that nothing will change
| tomorrow because of someone else's design decision. :)
| input_sh wrote:
| I absolutely love your service and will definitely renew it
| considering my one-year license is close to expiry.
|
| Any reason why you don't use a PPA or something to auto-
| release updates? I've postponed an update quite a few times
| because the friction of going to your website, downloading
| it, and then upgrading the package is just a bit too much in
| certain situations.
|
| Other than that my only gripe with the app is that I can't
| close it from the app indicator, but have to re-open it,
| click on the settings, and _then_ choose "quit app".
| kfreds wrote:
| Hi! I'm glad to hear that! Regarding PPA etc I can't say
| for sure since I don't lead the app team and don't want to
| interrupt their work day. I'll relay your comment though. I
| hope that's OK.
| IgorPartola wrote:
| This is great to see. I highly recommend your team look
| into it. Setting up a PPA (or even just your own APT repo
| on S3) is extremely simple and is a robust way to push
| out updates. I would be happy to do a few hours of
| consulting for your team to help get this done.
| tgragnato wrote:
| This is great for non-techies, but I want to control my own
| traffic, customize the behavior of my VPNs, ...
|
| Any deviation from the standard implementation, open source
| or not, is a hindrance.
| trillic wrote:
| Mullvad allows you to use any Wireguard public key you want
| on your account, you can just use the standard client,
| generate your own keys, and do your own config.
|
| Not an employee I just like the service.
| wintermutestwin wrote:
| I thought Mullvad recommends WireGuard and that your app uses
| OpenVPN? On Mac, WireGuard is certainly faster to connect and
| more stable than the Mullvad app.
| kfreds wrote:
| Hi! No, our app uses WireGuard by default.
|
| https://mullvad.net/en/help/wireguard-macos-app/
| jrootabega wrote:
| No warrant canary, from what I can see.
| rubyist5eva wrote:
| Killswitch and split tunneling are the only things that are
| keeping me from using it, I want to give Mozilla my money...come
| on man.
| fulafel wrote:
| What does split tunneling mean in context of a public VPN?
| jonny383 wrote:
| Mozilla: a corporation funded by a spying company with a recent
| shady record of injecting stuff into products secretely (hello Mr
| robot). What could go wrong in this thought crime?
| kijin wrote:
| I would prefer something a bit more granular than changing my
| device's network configuration and sending all of its traffic
| through the same VPN. Just because I want to watch a movie
| through a server in another country doesn't mean that I also want
| my video chat app or stock trading app to take the same detour.
|
| Since this is Mozilla, how about a Firefox extension that passes
| all Firefox traffic through a VPN, like Tor Browser does, but
| doesn't touch any other app? That would differentiate it from
| most of the other VPN offerings out there. Currently my go-to
| solution is to set up a local SOCKS proxy with an SSH tunnel and
| point Firefox at it. It's good enough for testing, but not all
| services work properly when accessed that way.
| npteljes wrote:
| I completely agree with this. If Firefox worked this way, or
| even just some special tabs of it, that would be great. Brave
| has TOR tabs AFAIR. Also an easy to use app would be great that
| can manage other apps' network connections - some could be
| blocked, some could be redirected through a VPN, etc.
| acatton wrote:
| I genuinely don't understand what is the incentive for using
| Mozilla VPN? I'm a Mozilla and Firefox fanboy, but this new
| product had me sceptical since the beginning. They literally
| bring nothing to the table except their brand name. They don't
| even do the server side, but just resell Mullvad's infrastructure
| with their brand.
|
| I'm already a Mullvad customer, and if I were to switch to
| Mozilla VPN:
|
| * It would not be available in my country (Germany) right away
|
| * I would have to join a waitlist
|
| * I would have to pay with my credit card, instead of cash-by-
| mail. (Great privacy improvement! /s)
|
| * I would have to use Mozilla's GUI instead of the wg-quick CLI.
| (The use of wg-quick is documented by Mullvad in addition to
| Mullvad's GUI, but I haven't found any wg-quick documentation on
| Mozilla VPN)
|
| All of this for the same infrastructure, the same service (number
| of devices, ...) at the same price. What the hell are you doing
| Mozilla?!
| unethical_ban wrote:
| >They bring their brand name
|
| To someone who isn't a leet hacker or SW dev, that is the ball
| game. Firefox and Mozilla aren't household, but millions of
| less-technical people know of them. Rather than getting their
| VPN (if they even know the value proposition) from some podcast
| advertisement, Mozilla is saying "Hey, this kind of service
| gives you privacy and we stand behind it".
|
| I use it upon occasion. It's dead simple to purchase, set up on
| any OS and I trust Mozilla not to send me to a shady backend.
|
| If you already have VPN and they don't offer it in your
| country, they clearly aren't targeting you.
| jraph wrote:
| > It would not be available in my country (Germany) right away
|
| You could use a VPN to make it look like you are in a supported
| country.
| Iv wrote:
| > They literally bring nothing to the table except their brand
| name.
|
| Isn't it the most important thing for a VPN provider? You want
| a company that is privacy-conscious, not one that logs your
| traffic and sells it or open it to the various TLAs of the
| world.
| givemeanaccount wrote:
| >* I would have to pay with my credit card, instead of cash-by-
| mail. (Great privacy improvement! /s)
|
| Do you download your configurations from the Mullvad website
| over Tor via their onion service 100% of the time?
|
| Do you connect to Tor before connecting to Mullvad in your VPN
| client?
| dewey wrote:
| It's as simple as that: You are not the target group.
|
| If a regular consumer searches for a VPN product they get a
| million results, all with different deals and they'd have to
| figure out how to find the best one and will still be around in
| a year. If they already trust the Mozilla brand they'll go with
| that. Just like people go with stock apps on their computer
| over some maybe better third party app.
| JohnBooty wrote:
| If a regular consumer searches for a VPN product
| they [...] have to figure out how to find the best
| one and will still be around in a year.
|
| Yep! It's a Mozilla product, so there's no guesswork and no
| worry. You _know_ it won 't be around in a year!
| wnevets wrote:
| > They literally bring nothing to the table except their brand
| name.
|
| That has been enough for me. I generally trust Mozilla when
| they say privacy first and if I'm going to give my money to a
| VPN provider I rather give it to Mozilla than say NordVPN.
| [deleted]
| baseballdork wrote:
| I was also a mullvad customer and wanted to switch to Mozilla
| VPN specifically because it seems to be one of the only ways to
| support the browser. At the time they didn't support linux at
| all, but someone wrote a tool[0] to squirt out the necessary
| configs to use with wg-quick. When I saw that, I pulled the
| trigger and haven't looked back.
|
| [0] https://github.com/NilsIrl/MozWire
| lucideer wrote:
| > _it seems to be one of the only ways to support the
| browser_
|
| Is this the case? Is income from Mozilla VPN put toward
| Firefox development?
|
| If it is, that info should be front-and-centre; they'd have a
| lot more customers I think.
| passivate wrote:
| >I genuinely don't understand what is the incentive for using
| Mozilla VPN? I'm a Mozilla and Firefox fanboy, but this new
| product had me sceptical since the beginning. They literally
| bring nothing to the table except their brand name. They don't
| even do the server side, but just resell Mullvad's
| infrastructure with their brand.
|
| The incentive for you is that Mozilla will keep Mullvad under
| close watch and make sure promises are kept - so you don't have
| to. Furthermore, there is no limitation for Mozilla to not seek
| other partnerships and/or develop the server side service
| themselves - they have the in-house dev talent to do so.
|
| So, yes, they do bring quite a lot to the table besides their
| brand name.
| IgorPartola wrote:
| I signed up for Mozilla VPN instead of Mullvad for a two
| reasons:
|
| 1. It was priced in USD.
|
| 2. The price is a flat monthly $5. They don't offer discounts
| for longer contracts.
| [deleted]
| jorvi wrote:
| > 2. The price is a flat monthly $5. They don't offer
| discounts for longer contracts.
|
| This is something Mulvad has been doing since 2009..
|
| https://mullvad.net/en/pricing
| IgorPartola wrote:
| Ah yes, that's correct. My bad, I confused them with
| someone else I was also looking at, at the time.
| Black101 wrote:
| If Mullvad doesn't know who the customers are, that would be
| the only possible upside?
| Cu3PO42 wrote:
| But they don't really know that anyway. Your account is just
| a number and when you mail cash you include a token that they
| can tie to your account number.
|
| Obviously they could log your IP address (which they promise
| not to), but that's an issue even if you go through Mozilla
| to purchase the service.
| jdiez17 wrote:
| I wonder if the cash-by-mail payment option creates some
| kind of legal liability for Mullvad. If it suddenly became
| very popular, I would imagine the financial authorities
| would be rather unsatisfied with "oh, we receive a bunch of
| cash from anonymous customers by mail, nothing dodgy
| here..."
| duxup wrote:
| I like Mullvad and supporting Mozilla.
| Fergusonb wrote:
| If you're using mullvad you have likely already done a lot of
| research on which provider you want to use.
|
| A lot of consumers are interested in a quality VPN but wouldn't
| do this kind of research.
|
| Mozilla provide additional eyeballs and billing support, and
| mullvad provides the service itself. It's a mutually beneficial
| transaction.
|
| They're not in competition for your money, they're targeting
| different demographics.
| lucideer wrote:
| > _they 're targeting different demographics_
|
| This is the question though: who are these demographics?
|
| I know Mozilla likely have a lot more data on this than I,
| but who is using Firefox / interested enough in Mozilla to
| read their marketing & research their VPN offerings, but is
| simultaneously not someone who would research VPN providers
| in general / use Mullvad? What is this techie/non-techie
| interested/not-interested hybrid person?
| ruined wrote:
| that demographic is huge. most people under 40 today have
| grown up watching the surveillance industry establish
| itself, and those with any consciousness of their own
| vulnerability want to take action to minimize their surface
| area. until recently that's been extremely difficult and
| technical, but now firefox with container extensions,
| adblockers, and a VPN are all easily approachable for the
| average person, and they're all under one brand.
| kovac wrote:
| I think most under 40 don't know that Google Chrome and
| Google Search are two separate things let alone VPNs and
| containers.
|
| When these people say "surveillance" they mean they think
| that Facebook magically hears it when they say something
| out loud and they start seeing ads for it. We engineers
| overestimate the awareness average user has about
| technology.
| hu3 wrote:
| > that demographic is huge.
|
| I just asked "who knows what VPN means" in IM group of
| non tech savvy folks, most under 35. No one knows.
|
| Perhaps among us Firefox users that's different but
| certainly "most people under 40 today" wouldn't know even
| what VPN means.
| oarsinsync wrote:
| > most people under 40 today have grown up watching the
| surveillance industry establish itself
|
| I'm not sure "watching" is the correct word.
|
| > those with any consciousness of their own vulnerability
| want to take action to minimize their surface area
|
| This is a pretty small minority, as demonstrated by the
| number of people that continue to use Google and Facebook
| properties by choice (refering to their actual services,
| not their pervasive tracking around the Internet at
| large)
|
| > firefox with container extensions
|
| As a more-technical-than-average person, my experience is
| that attempting to get all Google services running in a
| specific google-only firefox container is a non-trivial
| and extremely painful experience, as there doesn't appear
| to be a way to simply add *.google.com to the 'always
| open in this container' list, so each subdomain needs to
| be added individually. And then youtube.
|
| > adblockers
|
| Adblocks can break the check-out flow on multiple
| ecommerce sites. "Don't shop there" doesn't fly when
| that's the only online outlet that has the shoes she
| wants. What's the workaround? Spend a while working out
| what's causing the flow to break, and find a way to
| explicitly whitelist that domain for that site? Nope,
| just disable the adblock entirely and hope you remember
| to re-enable it once you're done.
| lucideer wrote:
| > _now firefox with container extensions, [...] are all
| easily approachable for the average person_
|
| I think you might be in a bubble of you think the average
| person is using container extensions. There aren't even
| that many average people using Firefox anymore, least of
| all any extensions beyond adblockers (which still only
| reach at most 20% in general, including the all round
| more average Chrome users)
|
| <off-topic-rant> Add to that there aren't even any
| container extensions that work well: the official Mozilla
| one doesn't support management of domain lists, and the
| best alternative (Containerise) is still limited and
| poorly supported (has outstanding bugs with things as
| simple as the www prefix). As for the individual site-
| specific options, the Google one is an all or nothing
| affair; there is no way to separate your traffic within
| Google's ecosystem, nor outside it: there's effectively
| two "zones", similar up Private Mode.
|
| I wouldn't recommend containers to an average user in
| their current state
| karmickoala wrote:
| I'm one of those incongruent persons. Being wary of many
| VPN services, I never committed to using one, although I
| really wanted to start. Of course, I am aware of Mullvad
| and I could still skip the intermediary. However, I trust
| Mozilla more, as I've been following them for so long.
|
| It sounds funny, because I do acknowledge exactly what
| you're saying. I'm in tech, interested in using VPN for
| years. I researched some, but was put off if they would
| mishandle my data. In the end, it will be Mullvad who will
| be dealing with my data, after all. But now I kinda trust
| them more after Mozilla.
|
| I know it sounds illogical, just explaining how I feel
| about this.
| ivanhoe wrote:
| I for one would trust far more to Mozilla foundation's
| brand than any random small VPN company to not abuse the
| user's trust or lie about its actual practices. From what
| I've been reading most of VPNs on the market actually have
| some level of privacy flows, so it's not such an easy
| choice as it might seem - especially for people outside of
| US.
| recursive wrote:
| Me. I trust the Mozilla name, yet have never heard of
| mullvad.
| mplewis wrote:
| Anyone who uses Firefox as their browser, wants to start
| using a VPN, and has not yet done significant research on a
| VPN.
| kyawzazaw wrote:
| > A lot of consumers are interested in a quality VPN but
| wouldn't do this kind of research.
|
| In that case, they will probably use NordVPN or ProtonVPN
| CharlesW wrote:
| Wait, is NordVPN something an educated VPN consumer should
| not use? I switched from PIA after their acquisition, so
| now I'm wondering what I missed.
| Karunamon wrote:
| They had a pretty wicked breach (for nearly an entire
| year) a while back: https://nordvpn.com/blog/official-
| response-datacenter-breach..., and I've also heard their
| rather expansive marketing (the usual youtube
| personalities) brought up as a negative, but that one
| doesn't register much for me.
| ev1 wrote:
| No one educated should be using NordVPN, more or less. At
| best it might be acceptable to throw a ton of torrents on
| as long as you don't use their terrible proprietary
| client.
|
| Even the front page is already freely giving away tons of
| data to multiple analytics providers.
|
| Basically any VPN with an affiliate scheme you should
| stay away from. NordVPN, Ivacy, VPN Unlimited,
| FastestVPN, etc explicitly, run like fuck. The more "YOU
| ARE UNPROTECTED REGISTER NOW!" the faster you should run.
|
| NB: I am a power user/developer, but I do not use either
| company. Objectively, a basic eyeball comparison (match
| bullet point indexes):
|
| Mullvad:
|
| - Says "Not using Mullvad" / "Using Mullvad" (a neutral
| statement)
|
| - Shows their company address and registered location at
| the bottom of every page
|
| - No on-page analytics
|
| - No third party includes
|
| - One price
|
| NordVPN:
|
| - "Your Status: Unprotected"
|
| - "Copyright NordVPN.com" only
|
| - Multiple on-page analytics and third parties
|
| - Loads google tag manager, google analytics, bing
| marketing, youtube, third party web surveys, zendesk,
| twitter ad pixel, google ads, bing, cloudflare, ada
| chatbot, ravenjs, processout, multiple fingerprinting and
| persistent device identification/tracking services (also
| performs webgl/font iteration/plugin iteration/canvas
| fingerprinting, etc)
|
| - Repeated upsells, lying to you about price (see JS for
| fake "sale ends in x seconds" countdown timers that
| attempt to induce FOMO and more), packed with dark
| patterns; "9 hours left easter special TODAY ONLY" - same
| sale that has been running for years
| CharlesW wrote:
| Thanks, I appreciate the thoughtful reply! Do you use
| Mullvad? ( _kyawzazaw_ , I'm interested in what you use
| as well.)
| gsich wrote:
| Depends. If you only need a VPN to get around geo-
| restrictions you can use anything.
| bassdropvroom wrote:
| That's right. I use NordVPN because I got suckered into
| it using their terrible tactics (the whole 67% off for a
| limited time only offer that's been running for the past
| what, 3 years?), because stupidly I didn't do any
| research, but in general I only use NordVPN for _ahem_
| torrents. All else, I 'd trust my ISP more than NordVPN.
| scrose wrote:
| I used to use Mullvad, but a lot of their servers were
| blocked for shows my wife wanted to watch and even on
| Netflix. I've had much better luck with ProtonVPN for that
| reason.
| Semaphor wrote:
| I think for Netflix there are dedicated VPNs where
| privacy is less important than frequent IP changes ;)
| xvector wrote:
| Mullvad is simply better than Nord and Proton by a lot.
| Their policies are more detailed, you can pay with cash and
| crypto, your accounts aren't associated with any
| identifying information or email, they describe what
| exactly is stored in their database tables, they support
| WireGuard by default, their client engineering team seems
| more knowledgeable, etc.
| miniyarov wrote:
| If anyone wants to have a mobile app that creates VPN on
| DigitalOcean, AWS or GCP checkout ZudVPN.com
| (https://github.com/zudvpn/ZudVPN)
|
| Completely transparent server cloud init:
| https://github.com/zudvpn/ZudVPN/blob/master/src/providers/D...
| skinkestek wrote:
| > I genuinely don't understand what is the incentive for using
| Mozilla VPN?
|
| Supporting browser development instead of Mozilla Foundation.
|
| This way at least they pass through the hands of the
| organization that does the most important work.
|
| (Nothing against the other issues but right now the browser
| should be their top priority and I was massively annoyed when I
| found that donations towards the foundation _couldn 't be used
| for browser development_ and the browser.)
| [deleted]
| pmurt7 wrote:
| I switched to Brave, I feel it's the new Firefox really (both
| Brave and Firefox were founded by Brendan Eich). IPFS, Tor,
| built-in ad blocker in Rust, crypto, that's what I want in my
| browser. VPN is so 2010.
| approxim8ion wrote:
| >VPN is so 2010
|
| https://brave.com/firewall-vpn/
| gregjw wrote:
| I honestly just thought this was a reskin on top of Mullvad
| jdewitt wrote:
| I can't find a single reason why Mozilla should be wasting
| resources on VPN when there are already plenty of companies on
| that grind.
|
| I can't find any good reason for encouraging people to circumvent
| network controls, or throw more networking complexity into what
| was previously very simple for users.
|
| The constant marketing of 'you need a vpn' is super counter
| productive for users because they have no idea what it even is,
| what it can break, or why they needed it in the first place. I've
| run into plenty of folks that said they use vpn because someone
| offered it to them for free, not because they needed it for any
| reason.
|
| It's stupid shit like this that makes the development of their
| key software languish.
| IgorPartola wrote:
| I didn't need a VPN until I did:
|
| Recently visited family in a different state and stayed with
| them for a week. They had a fast internet connection but
| something in their router made establishing a new TCP
| connection take forever. I bought a subscription to Mozilla VPN
| and viola, now my TCP connections open quickly again. Also
| bonus: I don't pollute their ad results with my searches.
|
| While yes I could dig into their router problem, they had no
| issues with how things worked and I needed to get work done.
| yoavm wrote:
| I don't understand what can be so hard about "supporting" more
| countries? It's the internet. Anyone can access your servers.
| International credit card charging was invent decades ago. Take
| my money.
| eli wrote:
| Don't a bunch of countries have laws about VPNs?
| tyingq wrote:
| Probably that fraud detection doesn't work well enough in some
| countries to make more money than you spend. AVS, for example,
| is only available in the US, UK, and Canada. It sucks, but for
| some types of services, there's an army of people trying to use
| stolen CC numbers.
| anoncake wrote:
| The only three countries that have sufficient fraud
| protection for AVS are anglophone? I don't think that is the
| (only) reason here.
| tyingq wrote:
| Not speculating on why, but yes, those are the only
| countries that do AVS. Though AVS is just part of it. They
| support Singapore, which doesn't do AVS. So apparently
| whatever fraud protection is available there suffices.
|
| Also, it's available in New Zealand, but not Australia,
| which is a fairly large anglophone population.
| f6v wrote:
| From their website:
|
| > No logging of your network activity
|
| Does it mean I can torrent whatever I want? I mean, if there's a
| copyright notice, how're they going to know it was me?
| notRobot wrote:
| > Does it mean I can torrent whatever I want?
|
| Yes
| edm0nd wrote:
| Just use a private tracker site. Copyright and DMCA notices are
| a thing of the past if you are using private torrent groups and
| trackers.
| f6v wrote:
| I was just wondering how they'll respond to any copyright
| notices if they don't log network activity.
| hexis wrote:
| Why would anyone trust Mozilla with their private browsing data?
| https://blog.mozilla.org/blog/2021/01/08/we-need-more-than-d...
| kaba0 wrote:
| Supporting the transparency of politics has nothing to do with
| user privacy. Mozilla has an excellent track record on the
| latter and they put up a great fight in a seemingly lost
| battle.
| JustFinishedBSG wrote:
| Can someone explains what's the point of "VPNs" (VPT in reality,
| there's no network here, just a tunnel) ?
|
| I see the point of having a VPN to my own network but paying for
| a tunnel to some random place.... why ?
| ajsfoux234 wrote:
| A few use-cases I can think of: GeoIP spoofing (watching
| streaming shows not available in your country), bypassing IP
| bans from places, preventing DMCA letters from torrenting, and
| getting past restrictive firewalls that block websites
| Aaronmacaron wrote:
| Here's a few reasons:
|
| - You trust the VPN provider more than your ISP
|
| - You want to circumvent geoblocking (Netflix, Sports
| broadcasts, etc...)
|
| - You have to use an untrusted Wi-Fi
|
| - You want to circumvent your government blocking certain
| websites/services
| ForHackernews wrote:
| Here, I'll get this over with quick:
|
| Argle bargle Mozilla bad something something Pocket integration,
| Firefox isn't even that fast grr Brendan Eich, one time
| Thunderbird loaded a tracking pixel.
| vehemenz wrote:
| You forgot dropping XUL extension support
| tored wrote:
| If you as a company, like Mozilla, pushes for deplatforming and
| similar anti-freespeech measures, demand for VPN services will
| definitely increase. So congrats on your new VPN service,
| Mozilla, and hats off to the 4D chess players at the marketing
| division.
| natch wrote:
| What deplatforming and anti free speech measures is this
| talking about?
| zo1 wrote:
| I was curious about the above question, so I did a basic
| google search out of curiosity. Not sure if this is
| disturbing, ironic or funny, but here is a blog post from
| Mozilla: "We need more than deplatforming by Mitchell Baker"
|
| https://blog.mozilla.org/blog/2021/01/08/we-need-more-
| than-d...
|
| Edit. Added title of the link.
| teddyh wrote:
| The way I always hear it, the title of a Mozilla blog post
| was " _We need more than deplatforming_ "1, which was/is
| interpreted by some to be an endorsement of deplatforming.
|
| 1) https://blog.mozilla.org/blog/2021/01/08/we-need-more-
| than-d...
| akalsz wrote:
| > which was/is interpreted by some to be an endorsement of
| deplatforming.
|
| How else could one interpret it? I'm genuinely curious, as
| I thought they were pretty clear about it (emphasis mine):
|
| > We need solutions that don't start after untold damage
| has been done.
|
| > Changing these dangerous dynamics requires _more_ than
| just the temporary silencing or permanent removal of bad
| actors from social media platforms.
|
| > _Additional_ precise and specific actions must _also_ be
| taken:
| teddyh wrote:
| Imagine that you wanted to advocate _against_
| deplatforming, specifically by suggesting better ways to
| accomplish common laudable goals. However, you can't
| argue directly _against_ deplatforming, as this instantly
| labels you a Trump supporter (and might get you
| deplatformed). So what could you do?
|
| I am not claiming any secret knowledge about what Mozilla
| was or is thinking, but what they wrote can certainly
| also be interpreted in this light, too.
| duxup wrote:
| I'm not sure how to ask this, but do you really believe this
| "4D chess" theory?
| cyberlab wrote:
| I don't like that it's tied to your Mozilla account, which I
| never used anyway because I like to keep strictly local copies of
| my credentials using Keepass. Storing secrets in the cloud comes
| with a risk. Someone (hello NSA) will use your encrypted cloud-
| based vault as target practice and try to crack it. With a local
| copy, only I can access it.
| miniyarov wrote:
| If anyone wants to have a mobile app that creates VPN on
| DigitalOcean, AWS or GCP checkout ZudVPN.com
| (https://github.com/zudvpn/ZudVPN)
|
| Completely transparent server cloud init:
| https://github.com/zudvpn/ZudVPN/blob/master/src/providers/D...
| theshrike79 wrote:
| Isn't Mozilla VPN just rebranded Mullvad? The only difference is
| that you can get Mullvad anywhere and pay anonymously without any
| accounts.
| forgotpwd16 wrote:
| Also Mullvad's app has been audited.
| zo1 wrote:
| I'm curious - Have their servers and processes been subjected
| to any audit like that?
| kfreds wrote:
| https://mullvad.net/en/blog/tag/audits/
| zo1 wrote:
| Thanks for the link!
| Thursday032521 wrote:
| It looks like it uses Mullvad servers, but is otherwise its own
| software.
|
| It uses WireGuard, an open VPN protocol, so it's not
| necessarily forever anchored to Mullvad.
| nargek wrote:
| Mullvad provides both OpenVPN and Wireguard.
| RL_Quine wrote:
| "Being its own software" is sort of meaningless.
|
| It's Mozilla white labeling an anonymous VPN service (ie, we
| don't know who runs it).
| NikolaNovak wrote:
| >>"we don't know who runs it"
|
| I thought it's owner regularly comments / joins in on
| hacker news... I didn't feel like I don't know who's
| running it?
|
| Edit : quick search turns two very relevant posts:
|
| https://news.ycombinator.com/item?id=24169684
|
| https://news.ycombinator.com/item?id=23567530
| RL_Quine wrote:
| The website of Mullvad itself has essentially no
| identifying information, and that's fine and perfectly
| reasonable, it's just got to be part of your threat model
| of using the thing. Mozilla whitelabeling the service and
| giving it a well known reputation is another thing
| entirely.
| NikolaNovak wrote:
| Hmm... I may not fully understand what you're looking
| for. From their website:
|
| "Who owns Mullvad? The Mullvad VPN service is operated by
| Mullvad VPN AB which is a subsidiary of Amagicom AB. Both
| companies are 100% owned by founders Fredrik Stromberg
| and Daniel Berntsson."
|
| Location, Company name, individual names of
| founders/owners. What other "identifying information"
| would satisfy?
|
| I found their FAQ, blog and guides tremendously helpful,
| transparent and upfront. There's a wealth of info with
| just a couple of clicks.
| admax88q wrote:
| The rise of VPNs signals to me that we as an industry have given
| up on end to end encryption. Instead VPNs try to encrypt the
| "first hop" with the assumption or hope that the networks further
| down the line are "secure"
|
| Being on an "unsecured" local network shouldnt be an issue for
| security.
| EveYoung wrote:
| How has the industry given up on encryption? In recent years,
| HTTPS became the new standard and most apps are forced to use
| encrypted connections as well. Just because VPN ads are calling
| local networks "unsecure" doesn't mean that they are a true
| risk.
| admax88q wrote:
| Not encryption in general, but end to end encryption.
___________________________________________________________________
(page generated 2021-03-31 23:00 UTC)