Hacker News new | past | comments | ask | show | jobs | submit login
Firefox’s Test Pilot Program Returns (blog.mozilla.org)
283 points by jgrahamc on Sept 10, 2019 | hide | past | favorite | 161 comments

So is this just a VPN that's baked into the browser?

One of the problems with VPNs is that you're putting a lot of faith in your VPN provider. I trust Mozilla, and would gladly pay them for that service (I would use Freedome, but afaik they don't support Linux). However, it would have to be usable outside of my browser.

Tangentually, I wish Mozilla also offered paid email (or email with a premium plan), which is another service that requires a lot of trust. It would help provide alternative sources of income to keep Firefox alive, and Thunderbird could be a stunningly good email client if they had more resources to pour into it.

Mozilla's product is trust and control. Although they are non-profit, I see no issue with them offering paid services.

> So is this just a VPN that's baked into the browser?

No, it's a secure connection to an HTTP/HTTPS proxy being run by Cloudflare. It isn't a general-purpose VPN.

I would love it if Mozilla offered an email service.

As much as I like the idea of baking better privacy tools into the browser, it's hard for me to get enthusiastic about the idea of making Cloudflare even more of an official man-in-the-middle for all network traffic than they already are.

A better question that we should be asking is, how the hell did we get to the point where we need a third party proprietary platform to serve a static file efficiently? I remember a time when mainframes would automatically place orders for their own parts when they broke down and when personal computers empowered people to easily create and remix. Somewhere between then and now we forgot how to make things simple and easy to use. Somehow despite the advances of HTTP/2, WebRTC, the upcoming WebTransport, web hosting is now harder than ever even though things are supposed to be more efficient. Apache and NGINX are far from accessible to your average user. Countless sites depend on proprietary "as a service" oligopolies like Cloudflare and Netlify. Hosting an email server these days are almost an exercise in frustration; what happened to the mythical unikernel? Where is my secure, turnkey email server image? Unikernels were supposed to make ops easier and things more secure. Somehow they never showed up despite all the hype on HN. Zero config self hosting projects like Sandstorm are half dead. It's easy to complain about tech giants, but we are not exactly providing end user alternatives. The world does not need yet another Lisp interpreter, the world needs high quality zero maintenance software that is easy and accessible.

We are so much better at adding complexity than removing it. There are tons of incentives that drive that: the difficulty of upgrading old stuff, the need for companies to invent reasons to exist, bureaucracy, job safety and creating reasons for employment (the personal version of corporate self promotion), featurism and comparison on features, etc. There are almost no incentives pointing the other way.

This is all a sign of growth, most of it for the better.

There are now billions of people accessing the web, so sometimes a web site needs the resources of a company like Cloudflare to handle traffic spikes.

Decentralized email has been a victim of its own success: because there is no central email authority, spammers and bots can easily flood email boxes. If you don't mind the spam, it's actually not hard at all to set up an email server, but most people hate spam, so most people don't want to set up an email server. There is no pure technological solution to spam, so we fall back on companies to help manage it.

Thanks for the reminder about Sandstorm. I intend to try it out sometime. I hope it's not dying.

Sandstorm kind of still there. They discontinued the free tier for their hosted platform because they ran out of money. The founders went to work elsewhere but maintained the project on the side last time I checked.

I think it’s a shame, it’s a lovely concept. The Capability-based security alone is game-changing.

Details here: https://sandstorm.io/news/2018-08-27-discontinuing-free-plan

It's not a sign of growth. Among other things, it's a sign that we have grown complacent about complexity and are not doing our job of keeping it under control.

HashCash.org anyone? Proof of work e-mail.

It's such a shame that Hashcash never took off. It solved many of the problems with decentralized messaging a long time ago.

I am still not sure how much one can trust Cloudflare as an entitiy. At some point people started putting loads of stuff behind Cloudflare, enabling them to be the perfect MITM, which is concerning. Probably only a question of time until some profit seeking people come around and see opportunity in it and then we are screwed even more, than we are already with Google captchas. Then we will not be able to use many more websites any longer, because someone in their incredible wisdom decided to put everything behind Cloudflare. Scary.

You could say the same thing about any CDN - Cloudfront, Fastly, Akamai, etc.

Is it right to say that the only reason Cloudflare is the forefront of this concern is because of their business model of offering the CDN for free, while the others have a much more limited free tier or service or none at all?

I am almost equally worried about other very popular CDNs. However, being the most used CDN makes some people short-circuit and not think about the dangers any longer Just like with captchas from Google. Many people simply put them onto their websites without ever thinking about that, "because everyone does it". If so many people put stuff behind Cloudflare, then at some point the same kind of people, who put captchas without thinking, will put stuff behind Cloudflare without thinking.

Scripts and other stuff from first party usually seem to me at least more trustworthy than something from a third party. It also saves me the mental step of thinking: "Hmmm, why are there scripts loaded from a third party? Is this some kind of ads stuff?"

If a website does not work without unblocking third party scripts, there is some chance, that I will simply abandon it. When a website's purpose is to inform me about something and I do not see the need for any interactivity, I might also abandon it, if it does not show content without unblocking scripts in general, including first party. Web frameworks, which do not take care of at least presenting something when scripts are not unblocked, thus make a website less trustworthy for me.

If you care about privacy then you SHOULD say the same thing about any CDN. Sucks that there's all this awesome infrastructure that we can't use anymore, but that's the trade off.

Single Point of Failure and Attack Vector, what could possibly go wrong?

This. Many people do not realise that CF can see inside encrypted HTTPS traffic. Your logins, passwords and keys.

If you don't know who you can trust to provide a trustworthy proxy service, then there's a lot to be said for choosing a provider who can already MITM a good chunk of your traffic even before you turn on their proxy.


As I see it, "[i]f you don't know who you can trust to provide a trustworthy proxy service", you distribute trust among multiple providers, such that they must collaborate to pwn you. That's the basis of Tor. And you can do something similar, albeit far weaker, by using nested chains of VPN services.

>a secure connection to an HTTP/HTTPS proxy

Sadly, this is exactly what's being marketed as 'VPN' for about 5-10 years. Not sure who started this and whether we can ever correct this misuse of the term.

Not really. It's what's marketed as "VPN service".

And a key point of VPN services is that they don't share the ISP-assigned IP addresses of their users with anyone else. And they don't retain any logs, which an adversary could obtain in one way or another. Indeed, the best ones run totally in RAM, and don't have writable storage.

Edit: Also, using "VPN" in that context is not at all deceptive. Enterprise VPNs not only provide secure access to private resources. They also provide secure (and yes, often controlled) access to the Internet generally. And that's just what VPN services do. Except, mostly, for the "controlled" aspect. Although some VPN services do feature blocking of malicious sites, malware downloads, etc. Some even block age-inappropriate content.

>It's what's marketed as "VPN service"

It should be called "proxy service" instead. Perhaps "proxy service using VPN technology".

I get the point, but it's rather late for that, I think.

Opera's been using the terminology that way for years now.

Agree. I'll pay for an email service provided by Mozilla.

Right now my only options are Gmail or running my own. I just don't trust other email providers.

And, yes, I've looked at Fastmail, Zoho, Protonmail and others.

You trust Google more than ex. ProtonMail and Rackspace?

Curious about the thought process that made you arrive to this conclusion.

It's like picking the known evil vs the unknown. And, I know it's probably not a good answer logically but more gut driven.

Emails have a lot of information about my life.

I know what Google is doing with my emails, and as far as I can see Google is not going to die or be purchased by another entity.

With companies like Protonmail and others I just don't know. Even if I trust their current T&C, what happens if they are bought.

Also, while it is equally likely for Google to have rogue employees, I believe they will have more stringent safeguards then smaller companies.

Again, as I said, probably not a very good answer, but more gut driven. And, I say this as someone who is very conscious of privacy.

> what happens if they are bought

Not going to happen overnight and even then technically they cannot access your emails because only you hold the password to private keys (if you trust they encrypt your emails with your public key before storing). I prefer keeping my emails local so pop does the job.

Google can access your emails but something like protonmail can't (if you trust them to encrypt your emails).

Sounds good... in theory. Truth is we don't know this, their mail client is proprietary and even if it was open source we still wouldn't know what their servers are logging. I am in a similar situation and I trust Google more than ProtonMail with all that Tesonet data weirdness pointing back to one guy. These shell companies can go and disappear overnight, something to consider.

Protonmail's email encrypted in the browser! Their client is open source:


It is main reason to use ProtonMail over Gmail.

Trust is multiple things. I "trust" that Google will manage my private Gmail account consistent with my expectations—which are effectiveness and long-term durability. I have no expectation of algorithmic privacy and thus there's no trust to break there.

3rd option. Running your own for incoming, using a service for outgoing. You get all the trust benefits of running your own server without having to worry about IP blacklists or any other crap. The nicer ones even generate your SPF, DMARC entries you add to your DNS.

FWIW, I've had a great experience so far with Posteo(.de).

I was going to recommend the same. Happy user here. Much better than my experience with Gmail actually and I have moved most of my accounts to Posteo.

Posteo is also running on green energy and free software, afaik, so that is a plus.

Yeah! I found it when looking for free software-based mail providers, in fact.

Same :D

I like also that it is no problem to use in countries which block VPN, like China. I had no problems accessing Posteo, but no way of accessing Gmail. It also does not nag me every single time I change the VPN server I use, because I seem to be in a different location. I know this is supposed to be a security feature of Gmail, but man is it annoying not to be able to access your mail, because of that. In Posteo you can also activate 2FA afaik, if you like such thing.

It just works, and I am glad to be able to give support to free software, while at the same time I also gain from it, by having an e-mail service, which is ethically way more acceptable than Gmail and is working very well.

> Mozilla email service

Yes, please

> it's a secure connection to an HTTP/HTTPS proxy being run by Cloudflare

How does an HTTPS proxy work? will it be like how cloudflare does https with websites (mitm)?

They can just forward the encrypted bytes (I don't know if that's how they actually do it). Cloudflare does mitm decryption in order to inject its own code and captcha in the pages.

Worth noting is that it is not a transparent proxy. Firefox is aware of the mitm, and cooperates with it to achieve security.

> Although they are non-profit, I see no issue with them offering paid services.

I believe that's the goal. They're introducing a lot of services in the relatively short time span: Firefox Notes, Lockwise (password manager), Send (file-sharing service), Screenshots (image sharing service), and now a VPN.

After all these projects mature a bit, they're probably gonna slap a subscription on top and offer Firefox for free, Firefox + services for a price.

I'm personally totally fine with that way of diversifying their income. I already donate to Mozilla somewhat regularly, so the only thing that might prevent me from taking that offer is a steep price.

EDIT: Technically speaking, Pocket is kind of a bookmarking service with a built-in premium option already, but they're really, really not giving it love. "login with Google" button still has the lowercase "g" icon. That's like a two-minute fix that hasn't happened since 2015.

i hope they get the pricing right, which by my estimation is probably 2-tier pricing (on top of the free browser). an inexpensive base tier, maybe $3/month, and a premium tier at ~$10/month.

diversity of donors/customers has long-term benefits (better market insights, for example), so that lower tier is important to attract the less affluent. the higher tier is for techies like us who can better afford to support a more free and open internet.

> Tangentually, I wish Mozilla also offered paid email hot (or email with a premium plan), which is another service that requires a lot of trust. It would help provide alternative sources of income to keep Firefox alive.

1. If Mozilla email is used to support Firefox in part, then it will be overpriced. I am not sure if many would like to pay more than a token amount for charity.

2. Generally, software companies have increased tendency and incentive to horizontally expand because of the low barriers of entry. These incentives and tendencies are exactly what led to Microsoft and Google become these monopolies that exploit other players in the market to their advantage. I would rather Mozilla remain small, neither vertically integrated (like that attempt at FirfoxOS), or horizontally integrate (like offering email on top of a browser). I say this as someone who uses Thunderbird as their primary email client. The bazaar model of software development protects user freedoms more than the Cathedral model.

> 1. If Mozilla email is used to support Firefox in part, then it will be overpriced.

That's true only if a typical commercial email provider has no profit margin, which I don't believe to be the case.

Firefox is successfully funded by Google through selling default search options. Unless Firefox's revenue were to suddenly and dramatically drop I don't see why they'd need to increase new product prices to fund an already funded project.

And Google, of course, with a 50 state anti-trust probe opening against them, would probably fund Firefox for free just to desperately promote the idea of competition. I'm reminded about how Microsoft funded Apple during the MS monopoly era as a "see, we have competition" response to investigators.



Totally agree on email. I've long been saying that they should just acquire/partner with FastMail, seems like a great fit and would allow Mozilla to better align their revenue stream with their users.

Also, this constant killing and reviving of the Test Pilot brand looks incredibly short-sighted and stupid to me.

I love both Firefox and FastMail, but I'd never want one to acquire the other. Vertical integration introduces lock-in. Even if it's not intentional, it's far too easy for developers to introduce "conveniences" that only work if you're fully adopting their ecosystem.

I think it's down to who wants to work on the Test Pilot program. If someone has some ideas to test and the time to work on it, then it's active.

Maybe Firefox should work on their spell checker.

> whether it’s through phishing emails or data breaches

A VPN won't protect you from those, at all.

> The Firefox Private Network proxy server is provided by our partner Cloudflare. Their strong privacy controls limit what data they collect and how long they keep it. [...] The data Cloudflare processes for the Firefox Private Network is subject to Mozilla’s Privacy Policy and is not covered by the Cloudflare Privacy Policy.

So where is Mozilla's privacy policy that Cloudflare's policy says applies here? Mozilla has an older VPN service with a privacy policy, but I cannot locate this one.

> You may often find yourself taking advantage of the free WiFi at the doctor’s office, airport or a cafe.

Which is why DNS over HTTPS ("DoH") should be the default but isn't. Combine that with DNS-Sec/Encrypted SNI DoH bootstrap (or better, don't bootstrap and provide a IP for the DoH endpoint). Then send most traffic via HTTPS and this is a solved problem, without giving an additional third party/parties access to your internet traffic.

This is likely the "least objectionable" VPN I've seen. But ultimately Firefox, if correctly configured, is already a secure browser even over unsecured WiFi, they just haven't taken the steps to make it secure by default.

And, yes, they could absolutely do both (secure out-of-box experience AND VPN product). I am simply pointing out they could solve this for all of their customers for almost free, Vs. this potentially paid offering.

>> whether it’s through phishing emails or data breaches

>A VPN won't protect you from those, at all.

They aren't claiming that when you don't take it out of context:

>There are many ways that your personal information and data are exposed: online threats are everywhere, whether it’s through phishing emails or data breaches. You may often find yourself taking advantage of the free WiFi at the doctor’s office, airport or a cafe. There can be dozens of people using the same network — casually checking the web and getting social media updates. This leaves your personal information vulnerable to those who may be lurking, waiting to take advantage of this situation to gain access to your personal info.

They are trying to claim that public wifi is another threat alongside phishing and data breaches, not that this product protects you from the latter two.

So they said something irrelevant to the context. But when I point it out, I am "taking it out of context." The problem I was raising was that it was irrelevant to the context and you don't even seem to disagree with that assertion.

I disagree that it's irrelevant to the context. They're drawing a comparison between threats the reader might know about and one the reader might not know about.

It isn't a comparison though, it is conflating things this can help with and things it cannot. For it to be a comparison it would have to contrast them, but it never does.

>> whether it’s through phishing emails or data breaches

>A VPN won't protect you from those, at all.

There has been a ton of misinformation about VPNs, spread in particular by commercial VPN marketing teams. They've been paying people like prominent youtube content creators to say outlandish shit like "without a VPN, you can't securely check your gmail on wifi." Due to the nature of their advertising with content creators, it's hard to determine if the exaggerations and falsehoods are coming from the companies themselves or if they're coming from over-enthusiastic content creators who earnestly don't understand the matter themselves, but in either case I consider the companies responsible since they approve of the misleading messaging.

None of that explains why Mozilla is essentially using the same tactics.

I suspect that the commercial VPN messaging has modified/manipulated the general public's understanding of the matter so thoroughly, that the Mozilla employees who wrote/approved that text were themselves mislead by those commercials and unwittingly perpetuated the falsehoods.

DoH is being rolled out as the default: https://blog.mozilla.org/futurereleases/2019/09/06/whats-nex...

So where is Mozilla's privacy policy that Cloudflare's policy says applies here?


That's what I quoted. That's the exact article that points to Mozilla's (seemingly non-existent?) privacy policy:

> The data Cloudflare processes for the Firefox Private Network is subject to Mozilla’s Privacy Policy and is not covered by the Cloudflare Privacy Policy.

It's not hard to find Mozilla's privacy policy. From here https://www.mozilla.org/en-US/privacy/firefox-private-networ... it links directly to https://www.mozilla.org/en-US/privacy/ The contract with Cloudflare seems to be a lot stricter about which data they can collect.

> This is likely the "least objectionable" VPN I've seen.

This "VPN" (which at least isn't explicitly called a VPN by Mozilla or Cloudflare) apparently shares the ISP-assigned IP addresses of users with Cloudflare-using websites.

How does that make it "least objectionable"? Because it doesn't obscure users' IP addresses?

I just got done testing this, it assigns a U.S. IPv6 address and uses the CloudFlare Warp network.

My tests showed a very stable download speed of 150.3 Mbps and upload speed of 13.8 Mbps with a latency of 31ms.

Does the assigned IP address change?

Firefox Private Network uses Cloudflare Warp, which discloses to origin IP address to Cloudflare-enabled websites via a HTTP header [1]. Does Mozilla use a custom version of Warp which keeps the IP address of users private?

[1] https://news.ycombinator.com/item?id=19544845

I can no longer edit the comment, but I've just tested the Firefox extension, and both CF-Connecting-IP and X-Forwarded-For are set to a Cloudflare IP address, so the user's IP address is hidden. CF-IPCountry contains the location of the Cloudflare IP address.

The requests appear to be routed through the nearest Cloudflare data center [1], so the service likely reveals the coarse location of users through these proxy IP addresses.

I do not have an Enterprise account to check the True-Client-IP [2] header.

[1] https://www.cloudflare.com/network/

[2] https://support.cloudflare.com/hc/en-us/articles/206776727-W...

Damn. So you need an Enterprise account in order to determine whether this thing reveals users' IP addresses. And that probably isn't cheap, and can't be created anonymously.

Someone from Mozilla really needs to clarify this.

True-Client-IP looks like an alias for CF-Connecting-IP, so far everything points to the design goals of Firefox Private Network being respected.

If that's true, those goals are dangerous, and not clearly disclosed. They should prominently disclose something like this: "This extension does not hide your IP address from websites that use Cloudflare." And not leave it for people to discover that themselves.

The extension does hide the user's IP address from all websites, as stated in their marketing material and privacy policy. What it cannot be used for is to evade geoblocking, which is also stated in the privacy policy.

> What it cannot be used for is to evade geoblocking

By it you mean Firefox Private Network or Cloudflare Warp?

It would be disappointing if either are unable to help circumvent censorship.

To answer my own question, Cloudflare has made it clear that Warp / Firefox Private Network can't be used to access geo-blocked content like on Netflix. It may; however, help bypass government censorship not enforced by web entities themselves.

If it hides user's IP from all websites, how can it not be used to evade geoblocking? Where in the setup would evasion of geoblocking be prevented?

Ummm, it's not really a "VPN service" if it shares your IP address with websites. I mean, even high-end proxies don't do that.

Edit: It's pretty clear from the following comment that this is not a "VPN service", as most people understand it. So Mozilla is being extremely disingenuous in calling it one.

> > The intended use of the proxy service is to shield HTTP/HTTPS requests from eavesdropping by edge network providers such as public WiFi hotspots. Avoidance of geographical restrictions on content access is explicitly not a goal.

> > The Mozilla extension will always make a secure request to the Cloudflare network, regardless if the request is for TLS or plaintext

> (From Cloudflare's privacy notice: https://www.cloudflare.com/mozilla/firefox-private-network-p...)


On the other hand, from the Firefox announcement: "Firefox Private Network will mask your IP address providing protection from third party trackers around the web." [1]

I'm guessing this means the IP address is partially masked, but there is enough info to determine the region the request comes from? Maybe someone should test this?

[1] https://blog.mozilla.org/blog/2019/09/10/firefoxs-test-pilot...

Good idea. But you'd need both a Firefox account, and a website that uses Cloudflare. I have neither.

Still, if this remains an open question, perhaps it's interesting enough to setup a website to test. I'd probably need at least an entry-level paid Cloudflare account, though.

Meanwhile, it'd be great if someone from Mozilla could clarify this. That is, does Firefox Private Network share users' IP addresses with websites? As Warp clearly does.

> Edit: It's pretty clear from the following comment that this is not a "VPN service", as most people understand it. So Mozilla is being extremely disingenuous in calling it one.

I couldn't find "vpn" anywhere in the article. I don't think they are calling it one.

Touché :)

But they are also not being at all clear that it's not a VPN service. They say:

> Internet Protocol (IP) addresses are hidden so it’s harder to track you – Your IP address is like a home address for your computer. One of the reasons why you may want to keep it hidden is to keep advertising networks from tracking your browsing history. Firefox Private Network will mask your IP address providing protection from third party trackers around the web.

Sure, you get to the end of that, and you see "providing protection from third party trackers around the web". But the bullet starts with talk about keeping your IP address hidden. How many will realize that it's not hidden from websites that you visit? Not many, I think. It's a dark pattern deception.

So if you use cloudflare for your website, they'll give you extra information. Bad for users, but also bad for the people that run websites and the internet overall.

Mozilla encourages users and server operators to consolidate the internet around Cloudflare. I'm sure Cloudflare is loving Mozilla's enthusiasm in helping them build a new monopoly on the web.

De-anonymization seems like a pretty bad anti-feature of Warp, I hope that Mozilla would demand better of Cloudflare for Firefox users.

Certain VPN providers have moved to fully libre Power based servers and are working to enable a fully user auditable production VPN server, which should become the baseline among VPN providers IMO.

> The intended use of the proxy service is to shield HTTP/HTTPS requests from eavesdropping by edge network providers such as public WiFi hotspots. Avoidance of geographical restrictions on content access is explicitly not a goal.

> The Mozilla extension will always make a secure request to the Cloudflare network, regardless if the request is for TLS or plaintext

(From Cloudflare's privacy notice: https://www.cloudflare.com/mozilla/firefox-private-network-p...)

Now there's an interesting thought. Since the extension is routing requests at the application layer rather than at the network level, would it be possible to only route unencrypted HTTP requests through Cloudflare, while leaving encrypted HTTPS connections unaffected in order to avoid any latency penalty and save resources on Cloudflare's end?

I'd love an extension/VPN app that runs silently in the background and automatically routes unencrypted requests through a private connection, while simultaneously leaving encrypted connections untouched. Maybe even have a whitelist of trusted Wi-Fi networks where the system is automatically turned off.

Done right, a service like that could potentially allow users to use unencrypted Wi-Fi networks without having to worry about MITM attacks, without imposing any of the downsides that come with leaving a VPN running 24/7.

The IP mismatch (unencrypted requests going through CF, encrypted through the user's connection directly) seems like it could cause trouble, though maybe in the real world most websites wouldn't care?

In theory it shouldn't be a problem. HTTP is supposed to be stateless, and some users will inevitably change their IP pretty frequently anyway when hopping between mobile and Wi-Fi networks so it's not like that sort of behavior is unheard of.

In practice though, I have no idea. It's entirely possible there's some subset of websites making bizarre, incorrect assumptions about the relationship between users and individual IP addresses, and that dividing HTTP and HTTPS requests between different IPs could break them.

If it turns out to be a problem, as a mitigation you could set it so that once you make a plaintext HTTP request to a specific domain without the response immediately redirecting to HTTPS, any future requests to that domain happen over the proxied connection for some period of time, regardless of whether those requests are HTTPS or not. That way full HTTPS sites would benefit from not needing to go through the proxy, whereas mixed content sites would not.

It would be awesome to see the Firefox extension integrate Tor and connect through it to the Firefox Private Network, giving us stronger privacy and finally allowing us to browse the web anonymously, without being subjected to constant discrimination, and without being blocked from accessing basic services.

Unfortunately even if 100% of firefox users became tor users, I think websites would still decide to block access from known tor endpoints and simply give the finger to any firefox user. It's evident that many have stopped testing their websites in firefox already.

In this case websites would see traffic coming from the Firefox Private Network, which uses Cloudflare.

Okay I get it now. Would non-firefox tor users also be able to route their exit traffic through cloudflare?

TorButton started that way, but Tor project had to patch the browser with multiple extra toggle and features to strengthen privacy. So it's not the best choice to try it with normal Firefox.

This thing is a simpler Cloudflare proxy that will get banned just like Tor from some places. Just give it time.

"Send all your browsing data through cloudflare" is not exactly what I think of when I want privacy

It’s like “send all your data through your ISP”. It’s up to you which is better. Neither is going to be as good as tor or similar.

Does Cloudflare have the same sort of legal restrictions that Comcast or other ISPs, which are regulated by the FCC, have? [PS this isn't a rhetorical question. I'm genuinely curious]

I understand that the current FCC is basically intentionally toothless, but that wasn't the case a few years ago, and doesn't necessarily need to be the case a few years from now.

Even Tor isn't great for plaintext HTTP, as it requires you to put an anonymous, unaccountable middleman (the exit node) between you and the internet. The fact that that middleman doesn't know your real IP address is little comfort when they can read and modify all data you send over their connection.

Granted, it's not too bad for Tor browser, where all browsing sessions are strictly anonymized and JavaScript access is heavily restricted so MITM attackers are limited in what they can do provided you never transmit anything sensitive or download any files over plaintext, but for general purpose browsing I definitely wouldn't recommend it (even ignoring the performance issues).

Consumers have, numerous times, rated Comcast as the worst or least trustworthy company in America. Cloudflare need only convince consumers they are more trustworthy than a company like Comcast. That shouldn't be too hard.

And if you are not in the US and your ISP is not Comcast, like in most of the world, and US for you is a particularly untrustworthy country?

It may be the case that people in other regions have different concerns that nevertheless are addressed by the same sort of technology. For instance, other people may want a way around government mandated pornography blockers, local ISPs with their own bad reputations, etc.

Of course if somebody has none of these concerns, the Firefox Private Network is optional and they can decide not to use it.

If you are not in the US then this will not be your default.

And if you are in the US and your ISP is not Comcast, then it's probably Spectrum, ATT, Charter instead. Not highly trustworthy companies either

Then you would still need to figure out what ISP your doctor's office has?

The proposition for VPN or proxy services makes most sense when you don't trust your home/mobile ISP (a good portion of the world is in this situation) and for public wifi, which is increasingly managed by companies like Zenreach and Facebook with the goal of silently tracking where users go to provide "insights" for business owners and targeted advertising.

Simply connecting to these hotspots opens you up to location tracking unless you're able to randomize your MAC address, but after you connect it seems like common sense to prevent these companies from harvesting your browsing data as well.

What's Cloudflare been doing that's not privacy-friendly?

Independently of what they may or may not have done, Cloudflare is one company. Tunneling everyone’s data through one company creates an enormous concentration of power, i.e. putting all the world’s privacy eggs in one basket, so to speak.

That's true. And they'll have even more data when DNS-over-HTTPS via Cloudflare becomes the default.

You need to consider that the status quo is "send all your browsing data to everyone, in cleartext".

(where "browsing data" is defined in both cases by the contents of DNS requests)

At minimum I'm more likely to trust that Cloudflare will uphold their contract with Mozilla than that my ISP (Spectrum) isn't happily selling out my browsing data -- and the ISP, unlike Cloudflare, knows my name and address.

So in Mozilla's vision of the web, we would send all our DNS queries to Cloudflare, and then pipe all of our web traffic through Cloudflare too.

If Mozilla want's to turn Firefox into a front end for Cloudflare, I will happily delete it right now.

Why is it a company with $500m/year in revenue can't run a few servers for this themselves? They have to outsource it to a company 1/5th their size.

Why would they run something in-house that takes so much logistics, expertise, and cost?

Security, and privacy etc that derive from it.

If it's not under your physical control, it's not really your server.

You can change your DoH provider. Also you can disable DoH complitely.

I officially lost fate in Firefox (because cloudflare can't be trusted with all the traffic)... but I have no alternative. (I have been a Firefox user since v1 and never switched to chrome)

edit: yeah, downvote me, corporate kids, welcome to the hacker prude network... and stay quiet /s


sorry not from CA

Presumably you disable them. IMO that should be easier to disable, but it is possible at least and should remain so given Mozilla's history.

Seems like it's based on CloudFlare. Is this the same as CloudFlare's wireguard-based VPN (Warp)?

I'm still 100k+ on the wait-list for that one.

How does Warp deal with IP based ratelimiting (eg: Google) and geographic restrictions (Netflix and Youtube)?

Also curious if Cloudflare is using fully audited and libre systems like some VPN providers do, so as o ensure privacy claims are worth the paper they are written on.

It explicitly doesn't deal with geographic restrictions. Indeed, it guarantees that websites can implement them.

Only if they use Cloudflare. Nobody else gets the originating IP: https://news.ycombinator.com/item?id=19544845

OK, right.

But increasingly, that's a damn small "Nobody else".

The irony that we'll be using CloudFlare to connect to websites where we are blocked by CloudFlare for using an VPN.

It would be interesting to reuse Cloudflare's VPN as an exit for Tor traffic...

Based on this [0] terms page, it looks like this could be some sort of paid offering with ProtonVPN? Not sure how I feel about this.

[0]: https://www.mozilla.org/en-US/about/legal/terms/vpn/

That's an unrelated offering: https://premium.firefox.com/vpn/

The article describes Firefox Private Network[1], which gives you a secure connection to an HTTP/HTTPS proxy server being run by Cloudflare. It's not a general purpose VPN and it is currently free. You can read Cloudflare's privacy notice here[2]. Some highlights:

> The intended use of the proxy service is to shield HTTP/HTTPS requests from eavesdropping by edge network providers such as public WiFi hotspots. Avoidance of geographical restrictions on content access is explicitly not a goal.

> Cloudflare is a data processor for the Firefox Private Network, which means Cloudflare may only process the data according to Mozilla’s instructions. .... The data Cloudflare processes for the Firefox Private Network is subject to Mozilla’s Privacy Policy and is not covered by the Cloudflare Privacy Policy.

> When requests are sent to the Cloudflare proxy, Cloudflare will observe your IP address (known as the source IP address), the IP address for the Internet property you are accessing (known as the destination IP address), source port, destination port, timestamp and a token provided by Mozilla that indicates that you are a Firefox Private Network user (together, “Proxy Data”). All Proxy Data will be deleted within 24 hours.

[1] https://private-network.firefox.com/

[2] https://www.cloudflare.com/mozilla/firefox-private-network-p...

I am also not sure how I feel about it, but one thing that immediately pops out to me is:

You may cancel your subscription to this VPN service at any time by clicking the “Cancel Subscription” link in any email that we send you. If you choose to cancel, your access to the service will stop immediately, and Mozilla will refund you for any unused portion of the service period within your then-current billing cycle. This means Mozilla will prorate your refund based on the remaining full days of the subscription period.

That's the quality and user centered experience I expect from Mozilla, I still remember trying to cancel my audible subscription, and I ended up having to google it because it was so obfiscated.

Here's the landing page for the accelerated L7 Proxy aka Firefox Private Network (powered by Cloudflare): https://private-network.firefox.com/

I quite like the fact that once this goes mainstream, it'd help limit surveillance and bypass censorship on the web in one fell swoop without having to install or trust 3p other than the implicit trust in Mozilla and its partners (in this case, Cloudflare). Knowing Cloudflare, I'm sure this proxy is as much abt speed and latency as privacy and security.

For time being, it looks like this is available only in the US and only on desktop versions.

I'd like to point out though, that, one could run a Tor proxy (it also has a VPN mode) on their phones [0] today to workaround censorship and surveillance; anonymity is a bit tricky over tor-as-a-proxy.

The speeds over Tor are decent and nothing you can't tolerate whilst casual web browsing. It is probably going to be free forever unlike Firefox's private network.

Interestingly, Google has bundled WiFi Assitant (VPN) for free on Pixel devices sometime now: https://support.google.com/nexus/answer/6327199

[0] https://guardianproject.info/apps

The way Mozilla is pushing their Firefox accounts is really scaring me.

I don't see what they get from you having an account with them if it isn't targeted advertising.

And example of this is Firefox send which requires an account to raise the download limit from 1.

I can't talk about Firefox Send, but in this case, AIUI, an account is required to generate a token to use with the VPN (proxy, really) provider. Otherwise, the provider would just be providing an open proxy. Which could then happily be abused by spammers and whatnot. (Come to think of it, it's probably a similar reason for Firefox Send ; you don't want anonymous unlimited hosting)

Yes, but what prevents you from creating fake firefox accounts?

US desktop users only at this stage.

That's really a pity (I am from Europe and would love to participate too!)

Interesting because mobile is probably from where I connect to the internet the most.

While this seems like a generally good thing, I'm irritated by the constant encroachment of the web browser in trying to control the whole network stack, or occasionally, such as here, just use it's own and ignore the OS settings.

For one, presumably Firefox-based traffic will go one way whereas network traffic from other apps will go elsewhere, which may provide either unexpected problems or be the cause of unintended data leakage as people believe their whole network experience is protected. I have similar concerns about the rumor Firefox is going to start defaulting to its own choice of DNS provider, which will tamper with both my personal ad blocking strategy (Pi-hole) and my corporate network strategy (internal DNS for internal apps).

I would rather web browsers browse websites and components that mess with networking be separate installable components that properly interact with the system's networking APIs.

According to [0], your company should be able to work around DOH, there's fallback for internal queries, and you can apply parental controls. The way your company will be able to work around it seems to be [1] or [2], which means I'm about to become a single-person enterprise, because I 100% agree with you and don't like how browsers try to become operating systems disenfranchising users to such extremes that 90s-era Windows looks like GNU system in comparison.


[0] - https://blog.mozilla.org/futurereleases/2019/09/06/whats-nex...

[1] - https://support.mozilla.org/en-US/kb/customizing-firefox-usi...

[2] - https://support.mozilla.org/en-US/kb/customizing-firefox-usi...

Oh sure, none of this is insurmountable and Firefox is pretty good about being configurable. But they're examples of how this mindset interferes with legitimate use and impacts long-held conventions on how software should work.

It makes sense though. HTTP has been amazingly flexible, and we as a community have kind of done this to ourselves. Email and chat are already primarily done through a browser now, assuming people even bother with that when they have the likes of facebook. Even games are beginning to migrate there. Things like Chromebooks not only exist, but are wildly popular- and they're basically just web browsers in a box.

When everything is moving towards one standard (for better or worse) it makes sense to put your eggs in that basket. Especially when that standard is also your bread & butter as is the case with Mozilla.

The people that this will appeal to will like this just fine I bet.

That all said, I don't like it much either. But I don't know if that's just resistance to change or actual technical reasons.

> That all said, I don't like it much either. But I don't know if that's just resistance to change or actual technical reasons.

IMO it's technical reasons, all right. Problem being, software engineers are being sidelined as a subclass of users on the Internet, as the vast majority of traffic is now non-technical people accessing commercial services on-line. Under this influence, Internet is turning increasingly into cable TV.

> It’s worth noting that Opera, too, includes a free built-in VPN service, which includes the ability to set your location to either the Americas, Europe or Asia.

I’ve found that Opera’s VPN would never work when I set myself to “Americas”, and always place me in the Netherlands.

Your connections are likely routed to where Opera has available resources to handle servicing you.

Bandwidth in Asia and parts of the Americas is very expensive, whereas bandwidth in European datacenters is close to free.

Asia works well, it says I’m in Singapore.

“Americas” should be big enough for them to find something cheap to host a rack.

S3 certainly charges the least for US bandwidth.

It's just an ad for Cloudflare.

Ah yes, the Mozilla Private Network Virtual Private Network.


Don't forget "Beta" on the end.

That seems to be Techcrunch doing in that link. The Firefox website keeps the two phrases separate https://private-network.firefox.com/

Not once in their announcement did Mozilla mention VPN's.

If Mozilla offered an email service, VPN, and legit password manager for a bundled price, I'd totally pay it. I trust them more than Google...

I'd like to draw your attention to this eerily prescient comment I noticed on a related story only 3 days ago (downvoted heavily, presumably due to disbelief?):


I wish that Mozilla begged for donations with more fervour. Surely people understand these days that when it comes to tech, very little is "free".

Even my parents understand that cheap devices such as TVs spy on you as a tradeoff (or for greed. I'm not quite sure which it truly is)

Congratulations on shipping!

Just signed up with a new Firefox account and tried it on Nightly on Windows.

Looks very nice.

Fast.com reports:

Your Internet speed is 420 Mbps Latency

Unloaded 10 ms Loaded 71 ms Upload Speed 300 Mbps

Client [redacted] Server(s) Open Connect, Netflix

did clouldflare buy mozilla?

There will have been a lunch.

Using a public Wi-Fi as an argument for VPN in a point of history when you can hardly find a site without https is getting ridiculous.

HTTPS still reveals the domain you've requested, which is an important piece of information to keep private. In the absence of encrypted DNS I'll take the VPN knowing my domain history instead.

I can't see any reasonable threat model which makes an attacker on public wi-fi seeing someone accessing particular domain more dangerous than ISP or VPN provider seeing same.

Anybody know what address/ports this service uses? Seems to be blocked where I am.


Can anyone from Mozilla explain why a Firefox Account is required to use this?

(I don't work for Mozilla) The rumor I've heard on HN over the past few months is that Mozilla eventually intends to sell a paid version of Firefox with a VPN included. I'm suspecting this may involve a Firefox Account in the future.

I would be very happy to pay for a secure browser. I'm really tired of "free" products that we sell our private lives to.

This is part of why I decided to go outside of the norm and made a fresh Outlook account I dont share with anybody or any websites, and paid for storage. Eventually I want to have my email under my domain hosted by Microsoft just because they're not the same mess of Google, and I get all of the Office suite included.

I looked into the hosting domain by Microsoft, but for the non business version they require your domain registrar be godaddy and I'm just not into that. It's kind of a stupid thing they have, why can't they do a dns thing like anyone else, why do they require your domain registar be godaddy?

I know right! I used to have domains.microsoft.com and that gave me 500 free emails for any domain... I'm waiting for them to fix this. I just want my email under NameCheap + Microsoft. GoDaddy was such an awful experience, and then years later they supported SOPA? No thanks.

Well, it's part of the test program in beta, for one.

Accountability? (Pun may or may not be intended)

Sticking to Safari, I guess.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact