I'm excited because VPNs are all about shifting trust: I'm no longer trusting Comcast not to sell my data, I'm now trusting SketchyVPN. If SketchyVPN turns out not to be trustworthy, then I'm paying for something that is worth less than $0 to me, and there's no way to detect that as a user. It's like paying more for organic food in a town where farm stands are paid to lace organic food with arsenic -- why would you?
For VPN service, I trust Mozilla more than to just about anybody: they're nonprofit, have clear and transparent governance, have many mission-driven employees, and would lose more than they could possibly gain by breaking the terms of service on a VPN. They also have a big enough profile that it takes no extra effort to stay up to date on how trustworthy they are -- they do make missteps, but every misstep hits the front page of HN, which is exactly what I want. If they run a VPN, I'm sold that it's worth more than $0.
But the service isn't fully baked yet for me, because they're not explaining how they're enforcing the trustworthiness of ProtonVPN. I have no idea if ProtonVPN is as trustworthy as Mozilla -- maybe it is, but I don't want to learn and stay on top of that. Instead I want premium.firefox.com/vpn/ to convince me that, if I use Mozilla's service, I'm fully benefiting from their trustworthiness.
I'm also interested in this. I cannot help but wonder if the reason is 'because they gave us money to', like Firefox 'partnering' with google to make google search the default provider.
The white paper won't be read by everybody and shouldn't be targeted at everybody, but it will be read by the most knowledgeable folks and be a source of confidence that filters out to everyone else.
This all depends on there actually being an audit -- so far the landing page doesn't even say that! From the text on the page there's no way to tell if Mozilla just read the published policies for a bunch of VPNs and made a recommendation, or has an employee embedded in ProtonVPN's security team and a seat on the board, or somewhere in between. Without knowing the details, it's hard for me to say whether I'm looking for more documentation of the audit that already happened, or a stronger actual relationship behind the endorsement.
The section from the "About" page of Tesonet (26 Apr 2018), which was suddenly removed in June 2018 after the connection between ProtonVPN and Tesonet was made public by the co-founder of PIA:
"For the latest project, Tesonet is working together with an international brand from Switzerland to create a security product that helps users protect their network traffic. As part of this technical partnership, we are collaborating on datacenter and network infrastructure that can easily supply 10 Gbps worth of bandwidth to users around the world. The product is developed using the latest authentication encryption methods and the best practices in the security world."
As late as September 2018, NordVPN and ProtonVPN still become affected by the same extremely rare Windows security bugs at the same time, even though the CTO of ProtonMail claimed here on Hacker News, that they used Tesonet, a data mining company, for developing ProtonVPN, a free VPN service, only as "an office space provider".
3 and 4 are the only things I can see with any weight to them, yet they were brought up by a competitor (red flag), and vague enough not to be considered "evidence".
5 and 6 prove absolutely nothing. Both of these products use OpenVPN, which is what the vulnerability was in.
The vulnerability has nothing to do with Tesonet and I have not seen proof otherwise. Presumably other VPN services that also use OpenVPN could have encountered the same vulnerabilities. What makes you think that both having the same bug, because they use the same open-source system, is any kind of "proof"?
It's interesting how one can seem to provide a huge body of quotes and evidence for something- yet the majority of it easily deflates when viewed directly. We're gonna need more than this, much more. I'm not willing to 100% disbelieve you or dismiss your concerns outright- but if you're trying to convince people, this is a pretty weak effort.
You've made these claims before, you say ProtonMail's response is inadequate- could you elaborate on why? I thought it was relatively thorough and convincing, but am willing to see any holes poked in it
- ProtonVPN UAB lists Tesonet's CEO as a director [after: the company's name was changed multiple times in 2 months, and the director's name was hidden from the public view]
- ProtonVPN UAB is operated from Tesonet's HQ in Vilnius, Lithuania [after: the company's address was changed to a co-working space's located a few streets away, which doesn't require to relocate to use it]
- ProtonVPN UAB uses previous Tesonet's technical employees [after: still true]
- ProtonVPN uses IP address blocks that belong to Tesonet [after: these IP address blocks were assigned to ProtonVPN]
- ProtonVPN Android mobile app was signed by Tesonet [after: still true]
The ProtonMail's response on reddit was modified multiple times and locked, to prevent people from picking the holes in the narrative.
 https://news.ycombinator.com/item?id=17258203 ["showdead" must be enabled in settings to see the entire thread]
There are even photos from Mozilla's visit to Proton HQ in Geneva:
Proton does have an office in Vilnius (one of 6 offices globally), but the bulk of our staff works in our two Swiss offices.
Is Tesonet's CEO still the director of ProtonVPN UAB, more than 2 years after the incorporation in July 2016? I can no longer check it myself, because the public record is now hidden. But it was still true in June 2018.
And how do you feel about partnering on a free VPN service with a company, which has been sued for multiple patent infringements in "Large-scale web data extraction products and services with residential proxy network" by the founders of another free VPN service, HolaVPN, who have publicly admitted to using it for exactly that?
These are nothing but facts backed by sources anyone can verify by himself.
I agree overall about the benefits of getting more reliable auditing for VPNs, I think that's important and I'd like to see Mozilla release more details.
But I strongly disagree with the "shifting trust" explanation that people use when they talk about VPNs. People bring up this point all the time, that if you can't guarantee trustworthiness, there's no benefit. And it's ridiculous -- even a moderately trustworthy VPN is a benefit over not using a VPN.
VPNs consolidate trust. When you don't use a VPN, you aren't just showing your traffic to your ISP. You're also leaking your IP address to any website you visit. You're also trusting any other networks that you connect to when you open up your laptop in a coffee shop or hotel room not to have a sniffer sitting on them. You're trusting tons of faceless organizations across the entire chain of you to the website you visit to be safe with your data.
The main benefit of a VPN is not just that it hides your data from your ISP (although that alone is a really good benefit because we already know that most US ISPs are untrustworthy). The main benefit is that you only need to trust one company with your IP address instead of every single individual website that you visit, and that you only need to trust one provider not to sniff your traffic, instead of every single ISP that you connect to.
If your VPN is moderately trustworthy, to the same level that you would trust an ISP like Verizon, then it is a strict upgrade in security to use that VPN for all of your traffic, because you're eliminating some of the lowest-hanging network vulnerabilities while you travel and putting a barrier between yourself and the websites you visit so that it's at least slightly harder for them to track you or tie you to a physical location.
As opposed to leaking your VPN's IP address, which is about as meaningful.
> You're also trusting any other networks that you connect to when you open up your laptop in a coffee shop or hotel room not to have a sniffer sitting on them.
True. Which is why a personal VPN to your home network is useful.
> You're trusting tons of faceless organizations across the entire chain of you to the website you visit to be safe with your data.
The connection from the VPN provider still goes through a similar chain.
It's true that the chain will be substantially different if you, say, connect to a service in the US from the UK via an Australian VPN service. On the other hand, the chain will be way longer if you use that Australian VPN to look up your local pizza place's menu.
Unless you're very lucky with providers, your local IP address is good enough for me to get at least your zip code, and if you're particularly unlucky with your provider/network setup there are theoretical attacks that can be used to get even closer to your physical location.
By comparison, the closest VPN address to my physical location is in a different state. That really matters if you care about privacy -- without a VPN you are broadcasting your current town to literally every single site you visit.
> The connection from the VPN provider still goes through a similar chain.
But when it goes through that chain, the request is sent from the VPN provider, not from your own IP address, which is significantly more unique and easier to track, even if you've taken steps to block browser fingerprinting. Request aggregation is by no means a perfect defense against tracking, but it is significantly better than not aggregating requests.
> Which is why a personal VPN to your home network is useful.
Granted. If you've set up a personal VPN to your home network and you're maintaining your own server to make that work, that'll protect you when you browse at a coffee shop. It's also a lot more work for the average user (it's certainly not a viable substitute for what Firefox is doing here), and if done incorrectly a home VPN can make your network vulnerable to attacks because it forces you to open ports.
So my suggestion if you're going down that route would be to buy a 3rd-party server on something like Linode and set up your VPN there. That way a poorly configured server won't make your home network vulnerable. That will also protect you from at least the geolocation attacks I mentioned above. You won't have the advantage of sharing an IP with other people, but I can see that being an acceptable tradeoff for people who want more control.
At that point though, you've basically just rolled your own private VPN provider. You can debate whether or not it's better to roll your own provider or use an existing provider, but in either case, you're still using a VPN. Because VPNs are strict upgrade to network security for most people.
I'm curious how this bleeds over into support of ProtonVPN.
If it helps however, ProtonVPN is by the people behind ProtonMail, the security-first email provider. They started in CERN as a mission to provide email to scientists that wouldn't be subject to censorship.
Their entire business - email and VPN both - embodies the same philosophy that Mozilla does.
It's rare that I trust any company but Mozilla and ProtonMail are two of a _very_ short list.
ProtonMail doesn't report security vulnerabilities to the users, when researchers discover them. It has also publicly boasted about hacking a phishing site, when claimed the journalist's report was based on "unsubstantiated rumors". I really hope that it has nothing to do with the philosophy Mozilla embodies.
If you use a laptop, it would rather be: "I'm no longer trusting [home ISP] + [workplace's IT staff] + [workplace ISP] + [family I'm visiting's ISP] + [cellular service provider] + [train station hotspot] not to sell my data, I'm now trusting SketchyVPN".
Mozilla Foundation is non-profit but Mozilla Corporation is for profit. I don't know how that would affect your opinion but it certainly did when I found that that out recently when I wanted to know how much they were paid by search engines.
> For VPN service, I trust Mozilla more than to just about anybody: they're nonprofit, have clear and transparent governance, have many mission-driven employees, and would lose more than they could possibly gain by breaking the terms of service on a VPN.
It seems to me that none of these are reasons to trust either Mozilla or ProtonVPN. The reason to trust Firefox is that it is free software (free as in freedom to run, inspect, share, and modify). If you don't like what Firefox is doing, you have the permission you need to change your copy, or hire someone to vet and/or change the copy you run, and you can help others by distributing your improved version. The seeds of coming to trust Firefox are in its software freedom, not in any public relations effort or perception about Mozilla's employees.
So there's nothing about Firefox that compels you to trust or use ProtonVPN. The limits of how trustworthy you want to make Firefox are up to you individually and other Firefox hackers collectively.
- Google analytics baked into about:addons
- Sending data to Cliqz
- Pocket, as a service being added to the topbar
- Pocket, as a service being added to the default home/newtab page
- Firefox hello
- Completely banning unsigned addons
- Mr. Robot advert
- And now probably this
I want a browser that is reliable, high quality, respects my privacy, and nothing else. I don't want addons baked into it. I don't want to be spied on.
No Mozilla, I don't want to watch your seasonal streaming music concerts. I want you to get on with building a better browser and stop undermining my trust. Sadly the top management think they're running a social experiment.
Edit: just checked and their android version doesn't seem to have implemented password manager support yet. I'm excited for when they do, but its disappointing.
You should personally should choose the lesser of two evils when those are your only choices. Promoting the lesser evil is not such an easy call though.
From a practical standpoint, promoting an evil, even if it's a lesser evil, has the potential for harming your own reputation as a reliable source.
It is also fundamentally morally questionable, of course what is morally right and wrong is a matter of much debate. Suppose a psycopath calls you up and says "I'm going to do one of two things, shoot a random 5 year old named Joseph, or shoot two random 5 year olds named Kate, which should I do?". Assume for the hypothetical that you know they are telling the truth, and there is nothing you can do about the situation but choosing what you say back. In my view of the world saying "shoot Joseph" still makes you morally culpable, even though you were avoiding a worse situation.
- They have telemetry turned as the default
- They are experimenting with TLS over HTTPS and use beloved Cloudflare to handle every DNS request
- They are always in the headlines about some shady 'addon' or 'extension' been sold off and taken over by shady actors
- The TorBundle which is a fork of FF ESR is always in the headlines as been unsecure and way behind FF mainline release
1. Agreed, but at least they do prompt fairly early letting you turn it off.
2. I'm only looking at things in the release version of firefox. As I note elsewhere they treat nightly/beta users much worse. Longterm TLS over HTTPS is great for privacy, and they had to choose some provider, so I'm mostly fine with this.
3. This isn't their fault, the same applies to chrome. An extension is a third party piece of software you choose to install.
4. Again, a third party piece of software, not under their control. Further they are actively working to improve this situation and bring Tor onto mainline firefox!
Sorry I meant DNS over HTTPS
Currently Tor is behind mainline Firefox in terms of security because it's a fork of Firefox ESR. Pay attention to this part:
> Unlike other release channels, ESRs are not updated with new features every six weeks. They are instead supported for more than a year, updating with major security or stability fixes.
Firefox is my primary browser on Windows, and I'd love to have this stuff removed, but I'm really not at a point where I can be compiling the code myself.
I recommend that you look into what you're getting with software freedom -- the single most important aspect that makes Firefox different from Google Chrome, Microsoft's web browsers, Opera, or Apple Safari. All of the items on your list can be changed by using your software freedom. And this doesn't have to involve you learning to program (though that wouldn't be a bad idea). It could involve you asking programmers nicely to help you out, or hiring programmers to improve Firefox to be what you think it should be, or getting funds together with others who share your views to collectively fund programmers who work on your shared goals.
As it stands your desire reads selfishly because it is indistinguishable from you saying that you want programmers to develop a free software (free as in freedom to run, inspect, share, and modify) web browser you trust without you doing anything to help vet its trustworthiness or modify the software until it becomes software you trust. We don't have to settle for doing nothing; software freedom lets us have as much control over free software as we wish to have. The limits are on us to make things better.
I do not have the time or the money to personally develop a secure web browser for the rest of the world, nor does any other individual. Your demand is unreasonable.
Moreover, I'm not demanding that Mozilla do something. I'm explaining what would have to change for me to be able to promote Firefox and contribute to reversing the declining market share. Short of not breaking the law I make no claims that Mozilla must do anything.
PS. Chromium is also free software. The difference is how Mozilla develops it's free software.
Apparently some people do, that's why we have Firefox derivatives like the Tor browser and GNUZilla, among others. Also, I made a recommendation not a demand. I continue to recommend that you consider what software freedom grants you in light of what you say you want other programmers to do for you.
- Public search for sources of other people's breached personal data via monitor.firefox.com (eg, you can enter anyone's email and see results, and not just your own, as there's no verification that you own the email until you sign up for continuous alerting)
That said, I love Firefox itself and think Mozilla usually try to do the right thing. Someone just lost the security vs usability debate there I guess.
Apparently informing people who won't check their email for a link but will enter their email into a form trumps protecting people who don't know the site exists from stalkers and other malicious actors.
That page is powered by haveibeenpwned.com. Mozilla just made a fantastic security tool available to user who don't know about Troy's site.
> you can enter anyone's email and see results
This data is all very easily available online anyway. It's just aggregating leaks that already public, and neither HIBP or the Mozilla page provide the _actual_ personal info that was leaked.
> Someone just lost the security vs usability debate there I guess.
That's the thing though; this _is_ a valid security tool. And a powerful and valuable one at that. HIBP has been used for years by thousands of users to secure their accounts after data breaches.
The argument of "Others are being irresponsible, so we should be irresponsible as well" does not stand up very well.
The only valid use case for providing this information is for when a user no longer has access to the email address in question.
In this case, they should still require it to be sent via email, and they should still send a notification to the email address being requested which includes details about the request like the IP it is made from and the email it would forward to, perhaps with a delay-and-prevent option so that someone who still owns the email can prevent the exfiltration by responding to the notice quickly.
Otherwise, this enables anyone to solicit unauthorized PII data about basically anyone else from Mozilla.
Even HIBP somewhat acknowledge the potential damage this can do, from the way they censor some results like the Ashley Madison data breach. They've made the decision that some personal information linked to a person's email address is more worthy of protection than other bits of personal information, which really shouldn't be up to them.
They get away with it because of weak data protection laws and the fact that this caters to individual users who are more likely to opt themselves out if they become aware of it than to file a lawsuit or otherwise apply pressure to make them change.
Firefox now shows you ads on your home page by default. It's diabolical.
I trust a well-configured Chrome (and with that I mean using the options dialog, not the cryptic about:config) more than Firefox. Even after having a well configured about:config, they managed to remotely install the Mr. Robot advertisement addon on my computer. I freaked out when I saw it.
The Mozilla Corporation would do very well with a big change of leadership.
The unfortunate part of this is that how much weight you assign to the twos actions is subjective, so I can't tell other people "you should definitely be using firefox instead" in good faith.
> Pocket, as a service being added to the default home/newtab page
Is that really worse than Mozilla allowing all of your Google searches (from the new tabs) to go through Google? At least it owns Pocket.
Mozilla needs to make money somehow. Promoting its own services doesn't seem nearly as bad as the partnership with Google, in my opinion.
But I'm happy Firefox did Pocket because I view that as a cross-platform readability and bookmark strategy that other companies makeup for through their platform. Even if Pocket ultimately folds, I'd want Mozilla to do something else in that place. Like if Mozilla knows that iOS users by wide margins use Safari, how are they supposed to get their bookmarks to them?
So that's the point; don't bake features into my browser that point me to one company when the whole purpose of a browser in the first place is to be able to visit web pages... like https://protonvpn.com/.
This is about only one thing: money (affiliate sales).
We live in a world where VPN are a must if you want to have any expectation of privacy. Giving people easier access to these services is not a bad thing. Mozilla has a privacy-minded vision for the internet. Regardless if you agree with their vision, they are at least following it.
Also, if it's true that Mozilla is auditing ProtonVPN, that is a huge benefit to everyone. The biggest issue with VPNs are you're forced to trust this new company that they'll do as they say with your data (namely that they don't harvest or store any of it). To me, that's a huge thing.
My other concern with centralized VPN is that Cloudflare, with its appetite seemingly focused on being the biggest pipe (by a large measure) for Internet traffic, might soon come up with a free VPN service and kill most others. I'm certainly not a fan of large companies becoming large enough and entrenched enough to put up insurmountable barriers against disruption (this could end up being a futile hope).
for example, i can see the ProtonVPN is hosted in Switzerland, and that Switzerland cooperates with Five-Eyes countries (according to Privacy International) by sharing intelligence information regarding citizens of Five-Eyes countries (including the US). this is a relatively mild concern, compared to VPNs hosted in one of the Fourteen-Eyes countries.
i can also see they use AES-256 for all data encryption. good. however, their terms of service and marketing material contain conflicting language regarding what information is logged, and details are not provided about how long logs are kept and whether these logs are personally identifiable. (running a truly "no logs" VPN service isn't really possible.)
at the network level, they appear to follow open standards and everything is implemented in a predictable manner. bandwidth looks good, but speeds and pricing are sub-par.
i've used ProtonVPN. i appreciate that they expose the details necessary to configure VPN using the built-in OS-level or router-level configuration screens, rather than requiring that you use their custom app. ultimately, the low speed (compared to similarly-priced VPN services) is what turned me away. it is neither the most privacy-conscious, nor most capable, nor highest value solution in the VPN market and i'm surprised to see this offering come through Mozilla. it's a weird endorsement.
Switzerland has _extremely_ good banking privacy laws so they can't be required to disclose credit card details, so that's an identifying link not available to Five-Eyes. Plus, you can pay in BTC.
I'm not sure about what's required for a company in Switzerland to be compelled to share information with Five-Eyes but I expect they would have to be ordered to by the Federal government; a hard feat given how privacy friendly they are, and how the Cantonal government of Geneva have additional privacy laws.
The number of people installing adblock should tell them that their users don't want to see advertising.
Their outreach, web literacy, and STEM education work is also not cheap and is doing amazing work.
It would be nice for them to list two or three VPNs they've audited though. Their endorsement goes a long way for many people and we would still have a choice then.
2. Also, is ProtonVPN such a stronger contender than the rest of the field that Mozilla would endorse them?
3. And what is Mozilla's final relationship between you and ProtonVPN? Why are they relevant as a middleman?
Also, Mozilla actually audited ProtonVPN. I have no idea whether any other VPN have been audited by independent third-parties.
Nord was pretty good but I got rid of them when they removed the ability to see the distances to the servers in their app.
Second question: no, it's not a general-purpose VPN. It's purely for cloaking traffic to and from anywhere on the internet.