
Firefox’s Test Pilot Program Returns - jgrahamc
https://blog.mozilla.org/blog/2019/09/10/firefoxs-test-pilot-program-returns-with-firefox-private-network-beta/
======
sha666sum
So is this just a VPN that's baked into the browser?

One of the problems with VPNs is that you're putting a lot of faith in your
VPN provider. I trust Mozilla, and would gladly pay them for that service (I
would use Freedome, but afaik they don't support Linux). However, it would
have to be usable outside of my browser.

Tangentually, I wish Mozilla also offered paid email (or email with a premium
plan), which is another service that requires a lot of trust. It would help
provide alternative sources of income to keep Firefox alive, and Thunderbird
could be a stunningly good email client if they had more resources to pour
into it.

Mozilla's product is trust and control. Although they are non-profit, I see no
issue with them offering paid services.

~~~
portmanteaufu
> So is this just a VPN that's baked into the browser?

No, it's a secure connection to an HTTP/HTTPS proxy being run by Cloudflare.
It isn't a general-purpose VPN.

I would love it if Mozilla offered an email service.

~~~
smacktoward
As much as I like the idea of baking better privacy tools into the browser,
it's hard for me to get enthusiastic about the idea of making Cloudflare even
more of an official man-in-the-middle for all network traffic than they
already are.

~~~
sansnomme
A better question that we should be asking is, how the hell did we get to the
point where we need a third party proprietary platform to serve a static file
efficiently? I remember a time when mainframes would automatically place
orders for their own parts when they broke down and when personal computers
empowered people to easily create and remix. Somewhere between then and now we
forgot how to make things simple and easy to use. Somehow despite the advances
of HTTP/2, WebRTC, the upcoming WebTransport, web hosting is now harder than
ever even though things are supposed to be more efficient. Apache and NGINX
are far from accessible to your average user. Countless sites depend on
proprietary "as a service" oligopolies like Cloudflare and Netlify. Hosting an
email server these days are almost an exercise in frustration; what happened
to the mythical unikernel? Where is my secure, turnkey email server image?
Unikernels were supposed to make ops easier and things more secure. Somehow
they never showed up despite all the hype on HN. Zero config self hosting
projects like Sandstorm are half dead. It's easy to complain about tech
giants, but we are not exactly providing end user alternatives. The world does
not need yet another Lisp interpreter, the world needs high quality zero
maintenance software that is easy and accessible.

~~~
hathawsh
This is all a sign of growth, most of it for the better.

There are now billions of people accessing the web, so sometimes a web site
needs the resources of a company like Cloudflare to handle traffic spikes.

Decentralized email has been a victim of its own success: because there is no
central email authority, spammers and bots can easily flood email boxes. If
you don't mind the spam, it's actually not hard at all to set up an email
server, but most people hate spam, so most people don't want to set up an
email server. There is no pure technological solution to spam, so we fall back
on companies to help manage it.

Thanks for the reminder about Sandstorm. I intend to try it out sometime. I
hope it's not dying.

~~~
WhiteOwlLion
HashCash.org anyone? Proof of work e-mail.

~~~
cosmojg
It's such a shame that Hashcash never took off. It solved many of the problems
with decentralized messaging a long time ago.

------
Someone1234
> whether it’s through phishing emails or data breaches

A VPN won't protect you from those, at all.

> The Firefox Private Network proxy server is provided by our partner
> Cloudflare. Their strong privacy controls limit what data they collect and
> how long they keep it. [...] The data Cloudflare processes for the Firefox
> Private Network is subject to Mozilla’s Privacy Policy and is not covered by
> the Cloudflare Privacy Policy.

So where is Mozilla's privacy policy that Cloudflare's policy says applies
here? Mozilla has an older VPN service with a privacy policy, but I cannot
locate this one.

> You may often find yourself taking advantage of the free WiFi at the
> doctor’s office, airport or a cafe.

Which is why DNS over HTTPS ("DoH") should be the default but isn't. Combine
that with DNS-Sec/Encrypted SNI DoH bootstrap (or better, don't bootstrap and
provide a IP for the DoH endpoint). Then send most traffic via HTTPS and this
is a solved problem, without giving an additional third party/parties access
to your internet traffic.

This is likely the "least objectionable" VPN I've seen. But ultimately
Firefox, if correctly configured, is already a secure browser even over
unsecured WiFi, they just haven't taken the steps to make it secure by
default.

And, yes, they could absolutely do both (secure out-of-box experience AND VPN
product). I am simply pointing out they could solve this for all of their
customers for almost free, Vs. this potentially paid offering.

~~~
resfirestar
>> whether it’s through phishing emails or data breaches

>A VPN won't protect you from those, at all.

They aren't claiming that when you don't take it out of context:

>There are many ways that your personal information and data are exposed:
online threats are everywhere, whether it’s through phishing emails or data
breaches. You may often find yourself taking advantage of the free WiFi at the
doctor’s office, airport or a cafe. There can be dozens of people using the
same network — casually checking the web and getting social media updates.
This leaves your personal information vulnerable to those who may be lurking,
waiting to take advantage of this situation to gain access to your personal
info.

They are trying to claim that public wifi is another threat alongside phishing
and data breaches, not that this product protects you from the latter two.

~~~
Someone1234
So they said something irrelevant to the context. But when I point it out, I
am "taking it out of context." The problem I was raising was that it was
irrelevant to the context and you don't even seem to disagree with that
assertion.

~~~
resfirestar
I disagree that it's irrelevant to the context. They're drawing a comparison
between threats the reader might know about and one the reader might not know
about.

~~~
Someone1234
It isn't a comparison though, it is conflating things this can help with and
things it cannot. For it to be a comparison it would have to contrast them,
but it never does.

------
PatrolX
I just got done testing this, it assigns a U.S. IPv6 address and uses the
CloudFlare Warp network.

My tests showed a very stable download speed of 150.3 Mbps and upload speed of
13.8 Mbps with a latency of 31ms.

~~~
skybrian
Does the assigned IP address change?

------
dessant
Firefox Private Network uses Cloudflare Warp, which discloses to origin IP
address to Cloudflare-enabled websites via a HTTP header [1]. Does Mozilla use
a custom version of Warp which keeps the IP address of users private?

[1]
[https://news.ycombinator.com/item?id=19544845](https://news.ycombinator.com/item?id=19544845)

~~~
mirimir
Ummm, it's not really a "VPN service" if it shares your IP address with
websites. I mean, even high-end proxies don't do that.

Edit: It's pretty clear from the following comment that this is _not_ a "VPN
service", as most people understand it. So Mozilla is being extremely
disingenuous in calling it one.

> > The intended use of the proxy service is to shield HTTP/HTTPS requests
> from eavesdropping by edge network providers such as public WiFi hotspots.
> Avoidance of geographical restrictions on content access is explicitly not a
> goal.

> > The Mozilla extension will always make a secure request to the Cloudflare
> network, regardless if the request is for TLS or plaintext

> (From Cloudflare's privacy notice:
> [https://www.cloudflare.com/mozilla/firefox-private-
> network-p...](https://www.cloudflare.com/mozilla/firefox-private-network-
> privacy-notice/))

[https://news.ycombinator.com/item?id=20930194](https://news.ycombinator.com/item?id=20930194)

~~~
skybrian
On the other hand, from the Firefox announcement: "Firefox Private Network
will mask your IP address providing protection from third party trackers
around the web." [1]

I'm guessing this means the IP address is partially masked, but there is
enough info to determine the region the request comes from? Maybe someone
should test this?

[1] [https://blog.mozilla.org/blog/2019/09/10/firefoxs-test-
pilot...](https://blog.mozilla.org/blog/2019/09/10/firefoxs-test-pilot-
program-returns-with-firefox-private-network-beta/)

~~~
mirimir
Good idea. But you'd need both a Firefox account, and a website that uses
Cloudflare. I have neither.

Still, if this remains an open question, perhaps it's interesting enough to
setup a website to test. I'd probably need at least an entry-level paid
Cloudflare account, though.

Meanwhile, it'd be great if someone from Mozilla could clarify this. That is,
does Firefox Private Network share users' IP addresses with websites? As Warp
clearly does.

------
Ajedi32
> The intended use of the proxy service is to shield HTTP/HTTPS requests from
> eavesdropping by edge network providers such as public WiFi hotspots.
> Avoidance of geographical restrictions on content access is explicitly not a
> goal.

> The Mozilla extension will always make a secure request to the Cloudflare
> network, regardless if the request is for TLS or plaintext

(From Cloudflare's privacy notice:
[https://www.cloudflare.com/mozilla/firefox-private-
network-p...](https://www.cloudflare.com/mozilla/firefox-private-network-
privacy-notice/))

Now there's an interesting thought. Since the extension is routing requests at
the application layer rather than at the network level, would it be possible
to _only_ route unencrypted HTTP requests through Cloudflare, while leaving
encrypted HTTPS connections unaffected in order to avoid any latency penalty
and save resources on Cloudflare's end?

I'd love an extension/VPN app that runs silently in the background and
automatically routes unencrypted requests through a private connection, while
simultaneously leaving encrypted connections untouched. Maybe even have a
whitelist of trusted Wi-Fi networks where the system is automatically turned
off.

Done right, a service like that could potentially allow users to use
unencrypted Wi-Fi networks without having to worry about MITM attacks, without
imposing any of the downsides that come with leaving a VPN running 24/7.

~~~
kevingadd
The IP mismatch (unencrypted requests going through CF, encrypted through the
user's connection directly) seems like it could cause trouble, though maybe in
the real world most websites wouldn't care?

~~~
Ajedi32
In theory it shouldn't be a problem. HTTP is supposed to be stateless, and
some users will inevitably change their IP pretty frequently anyway when
hopping between mobile and Wi-Fi networks so it's not like that sort of
behavior is unheard of.

In practice though, I have no idea. It's entirely possible there's some subset
of websites making bizarre, incorrect assumptions about the relationship
between users and individual IP addresses, and that dividing HTTP and HTTPS
requests between different IPs could break them.

If it turns out to be a problem, as a mitigation you could set it so that once
you make a plaintext HTTP request to a specific domain without the response
immediately redirecting to HTTPS, any future requests to that domain happen
over the proxied connection for some period of time, regardless of whether
those requests are HTTPS or not. That way full HTTPS sites would benefit from
not needing to go through the proxy, whereas mixed content sites would not.

------
dessant
It would be awesome to see the Firefox extension integrate Tor and connect
through it to the Firefox Private Network, giving us stronger privacy and
finally allowing us to browse the web anonymously, without being subjected to
constant discrimination, and without being blocked from accessing basic
services.

~~~
partialrecall
Unfortunately even if 100% of firefox users became tor users, I think websites
would still decide to block access from known tor endpoints and simply give
the finger to any firefox user. It's evident that many have stopped testing
their websites in firefox already.

~~~
dessant
In this case websites would see traffic coming from the Firefox Private
Network, which uses Cloudflare.

~~~
partialrecall
Okay I get it now. Would non-firefox tor users also be able to route their
exit traffic through cloudflare?

------
ndidi
"Send all your browsing data through cloudflare" is not exactly what I think
of when I want privacy

~~~
ubercow13
It’s like “send all your data through your ISP”. It’s up to you which is
better. Neither is going to be as good as tor or similar.

~~~
addicted
Does Cloudflare have the same sort of legal restrictions that Comcast or other
ISPs, which are regulated by the FCC, have? [PS this isn't a rhetorical
question. I'm genuinely curious]

I understand that the current FCC is basically intentionally toothless, but
that wasn't the case a few years ago, and doesn't necessarily need to be the
case a few years from now.

------
rgbrenner
So in Mozilla's vision of the web, we would send all our DNS queries to
Cloudflare, and then pipe all of our web traffic through Cloudflare too.

If Mozilla want's to turn Firefox into a front end for Cloudflare, I will
happily delete it right now.

Why is it a company with $500m/year in revenue can't run a few servers for
this themselves? They have to outsource it to a company 1/5th their size.

~~~
OrgNet
I officially lost fate in Firefox (because cloudflare can't be trusted with
all the traffic)... but I have no alternative. (I have been a Firefox user
since v1 and never switched to chrome)

edit: yeah, downvote me, corporate kids, welcome to the hacker prude
network... and stay quiet /s

~~~
auslander
Safari

------
atonse
Seems like it's based on CloudFlare. Is this the same as CloudFlare's
wireguard-based VPN (Warp)?

I'm still 100k+ on the wait-list for that one.

~~~
mehhh
How does Warp deal with IP based ratelimiting (eg: Google) and geographic
restrictions (Netflix and Youtube)?

Also curious if Cloudflare is using fully audited and libre systems like some
VPN providers do, so as o ensure privacy claims are worth the paper they are
written on.

~~~
mirimir
It explicitly _doesn 't_ deal with geographic restrictions. Indeed, it
guarantees that websites can implement them.

~~~
goatsi
Only if they use Cloudflare. Nobody else gets the originating IP:
[https://news.ycombinator.com/item?id=19544845](https://news.ycombinator.com/item?id=19544845)

~~~
mirimir
OK, right.

But increasingly, that's a damn small "Nobody else".

------
AlphaWeaver
Based on this [0] terms page, it looks like this could be some sort of paid
offering with ProtonVPN? Not sure how I feel about this.

[0]: [https://www.mozilla.org/en-
US/about/legal/terms/vpn/](https://www.mozilla.org/en-
US/about/legal/terms/vpn/)

~~~
portmanteaufu
That's an unrelated offering:
[https://premium.firefox.com/vpn/](https://premium.firefox.com/vpn/)

The article describes Firefox Private Network[1], which gives you a secure
connection to an HTTP/HTTPS proxy server being run by Cloudflare. It's not a
general purpose VPN and it is currently free. You can read Cloudflare's
privacy notice here[2]. Some highlights:

> The intended use of the proxy service is to shield HTTP/HTTPS requests from
> eavesdropping by edge network providers such as public WiFi hotspots.
> Avoidance of geographical restrictions on content access is explicitly not a
> goal.

> Cloudflare is a data processor for the Firefox Private Network, which means
> Cloudflare may only process the data according to Mozilla’s instructions.
> .... The data Cloudflare processes for the Firefox Private Network is
> subject to Mozilla’s Privacy Policy and is not covered by the Cloudflare
> Privacy Policy.

> When requests are sent to the Cloudflare proxy, Cloudflare will observe your
> IP address (known as the source IP address), the IP address for the Internet
> property you are accessing (known as the destination IP address), source
> port, destination port, timestamp and a token provided by Mozilla that
> indicates that you are a Firefox Private Network user (together, “Proxy
> Data”). All Proxy Data will be deleted within 24 hours.

[1] [https://private-network.firefox.com/](https://private-
network.firefox.com/)

[2] [https://www.cloudflare.com/mozilla/firefox-private-
network-p...](https://www.cloudflare.com/mozilla/firefox-private-network-
privacy-notice/)

------
ignoramous
Here's the landing page for the accelerated L7 Proxy aka Firefox Private
Network (powered by Cloudflare): [https://private-
network.firefox.com/](https://private-network.firefox.com/)

I quite like the fact that once this goes mainstream, it'd help limit
surveillance and bypass censorship on the web in one fell swoop without having
to install or trust 3p other than the implicit trust in Mozilla and its
partners (in this case, Cloudflare). Knowing Cloudflare, I'm sure this proxy
is as much abt speed and latency as privacy and security.

For time being, it looks like this is available only in the US and only on
desktop versions.

I'd like to point out though, that, one could run a Tor proxy (it also has a
VPN mode) on their phones [0] today to workaround censorship and surveillance;
anonymity is a bit tricky over tor-as-a-proxy.

The speeds over Tor are decent and nothing you can't tolerate whilst casual
web browsing. It is probably going to be free forever unlike Firefox's
_private network_.

Interestingly, Google has bundled _WiFi Assitant_ (VPN) for free on Pixel
devices sometime now:
[https://support.google.com/nexus/answer/6327199](https://support.google.com/nexus/answer/6327199)

[0] [https://guardianproject.info/apps](https://guardianproject.info/apps)

------
NilsIRL
The way Mozilla is pushing their Firefox accounts is really scaring me.

I don't see what they get from you having an account with them if it isn't
targeted advertising.

And example of this is Firefox send which requires an account to raise the
download limit from 1.

~~~
glandium
I can't talk about Firefox Send, but in this case, AIUI, an account is
required to generate a token to use with the VPN (proxy, really) provider.
Otherwise, the provider would just be providing an open proxy. Which could
then happily be abused by spammers and whatnot. (Come to think of it, it's
probably a similar reason for Firefox Send ; you don't want anonymous
unlimited hosting)

~~~
NilsIRL
Yes, but what prevents you from creating fake firefox accounts?

------
mikro2nd
US desktop users only at this stage.

~~~
rbdeveloper
That's really a pity (I am from Europe and would love to participate too!)

------
ocdtrekkie
While this seems like a generally good thing, I'm irritated by the constant
encroachment of the web browser in trying to control the whole network stack,
or occasionally, such as here, just use it's own and ignore the OS settings.

For one, presumably Firefox-based traffic will go one way whereas network
traffic from other apps will go elsewhere, which may provide either unexpected
problems or be the cause of unintended data leakage as people believe their
whole network experience is protected. I have similar concerns about the rumor
Firefox is going to start defaulting to its own choice of DNS provider, which
will tamper with both my personal ad blocking strategy (Pi-hole) and my
corporate network strategy (internal DNS for internal apps).

I would rather web browsers browse websites and components that mess with
networking be separate installable components that properly interact with the
system's networking APIs.

~~~
TeMPOraL
According to [0], your company should be able to work around DOH, there's
fallback for internal queries, and you can apply parental controls. The way
your company will be able to work around it seems to be [1] or [2], which
means I'm about to become a single-person enterprise, because I 100% agree
with you and don't like how browsers try to become operating systems
disenfranchising users to such extremes that 90s-era Windows looks like GNU
system in comparison.

\--

[0] - [https://blog.mozilla.org/futurereleases/2019/09/06/whats-
nex...](https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-
making-dns-over-https-the-default/)

[1] - [https://support.mozilla.org/en-US/kb/customizing-firefox-
usi...](https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-
policy-windows)

[2] - [https://support.mozilla.org/en-US/kb/customizing-firefox-
usi...](https://support.mozilla.org/en-US/kb/customizing-firefox-using-
policiesjson)

~~~
ocdtrekkie
Oh sure, none of this is insurmountable and Firefox is pretty good about being
configurable. But they're examples of how this mindset interferes with
legitimate use and impacts long-held conventions on how software should work.

------
Scoundreller
> It’s worth noting that Opera, too, includes a free built-in VPN service,
> which includes the ability to set your location to either the Americas,
> Europe or Asia.

I’ve found that Opera’s VPN would never work when I set myself to “Americas”,
and always place me in the Netherlands.

~~~
mehhh
Your connections are likely routed to where Opera has available resources to
handle servicing you.

Bandwidth in Asia and parts of the Americas is very expensive, whereas
bandwidth in European datacenters is close to free.

~~~
Scoundreller
Asia works well, it says I’m in Singapore.

“Americas” should be big enough for them to find something cheap to host a
rack.

S3 certainly charges the least for US bandwidth.

------
jedisct1
It's just an ad for Cloudflare.

------
deadbunny
Ah yes, the Mozilla Private Network Virtual Private Network.

Catchy.

~~~
dmix
Don't forget "Beta" on the end.

That seems to be Techcrunch doing in that link. The Firefox website keeps the
two phrases separate [https://private-network.firefox.com/](https://private-
network.firefox.com/)

------
garysahota93
If Mozilla offered an email service, VPN, and legit password manager for a
bundled price, I'd totally pay it. I trust them more than Google...

------
userbinator
I'd like to draw your attention to this eerily prescient comment I noticed on
a related story only 3 days ago (downvoted heavily, presumably due to
disbelief?):

[https://news.ycombinator.com/item?id=20902283](https://news.ycombinator.com/item?id=20902283)

------
switch007
I wish that Mozilla begged for donations with more fervour. Surely people
understand these days that when it comes to tech, very little is "free".

Even my parents understand that cheap devices such as TVs spy on you as a
tradeoff (or for greed. I'm not quite sure which it truly is)

------
mcny
Congratulations on shipping!

Just signed up with a new Firefox account and tried it on Nightly on Windows.

Looks very nice.

Fast.com reports:

Your Internet speed is 420 Mbps Latency

Unloaded 10 ms Loaded 71 ms Upload Speed 300 Mbps

Client [redacted] Server(s) Open Connect, Netflix

------
type-2
did clouldflare buy mozilla?

~~~
yarrel
There will have been a lunch.

------
Hitton
Using a public Wi-Fi as an argument for VPN in a point of history when you can
hardly find a site without https is getting ridiculous.

~~~
kibwen
HTTPS still reveals the domain you've requested, which is an important piece
of information to keep private. In the absence of encrypted DNS I'll take the
VPN knowing my domain history instead.

~~~
Hitton
I can't see any reasonable threat model which makes an attacker on public wi-
fi seeing someone accessing particular domain more dangerous than ISP or VPN
provider seeing same.

------
virusduck
Anybody know what address/ports this service uses? Seems to be blocked where I
am.

~~~
Snawoot
firefox.factor11.cloudflareclient.com:2486

------
atonse
Can anyone from Mozilla explain why a Firefox Account is required to use this?

~~~
giancarlostoro
(I don't work for Mozilla) The rumor I've heard on HN over the past few months
is that Mozilla eventually intends to sell a paid version of Firefox with a
VPN included. I'm suspecting this may involve a Firefox Account in the future.

~~~
rosybox
I would be very happy to pay for a secure browser. I'm really tired of "free"
products that we sell our private lives to.

~~~
giancarlostoro
This is part of why I decided to go outside of the norm and made a fresh
Outlook account I dont share with anybody or any websites, and paid for
storage. Eventually I want to have my email under my domain hosted by
Microsoft just because they're not the same mess of Google, and I get all of
the Office suite included.

~~~
rosybox
I looked into the hosting domain by Microsoft, but for the non business
version they require your domain registrar be godaddy and I'm just not into
that. It's kind of a stupid thing they have, why can't they do a dns thing
like anyone else, why do they _require_ your domain registar be godaddy?

~~~
giancarlostoro
I know right! I used to have domains.microsoft.com and that gave me 500 free
emails for any domain... I'm waiting for them to fix this. I just want my
email under NameCheap + Microsoft. GoDaddy was such an awful experience, and
then years later they supported SOPA? No thanks.

------
auslander
Sticking to Safari, I guess.

