I think this seems like a bit much. I'd love Firefox to double down on building a great browser, rather than getting into Pocket, VPN, a Phone, IOT, etc.
Sure, a VPN can be really helpful when you're on sketchy open wifi, or other adversarial network conditions. But you're still trusting someone to handle your connections reliably and fairly. Several ISPs have proven themselves to be sketchy: injecting ads, adding tracking headers, etc. But do we really expect VPN providers to not crunch the same numbers and come to the same conclusions?
Note that despite my thinking, it does fit in well with their agenda:
> Mozilla has identified five key issues that are critical to build the open Internet we want:
Privacy and Security
Open Innovation
Decentralization
Web Literacy
Digital Inclusion1) yes,vpn providers crunch the numbers and come at a different conclusion. This is because they sell privacy before anything else. You don't gamble on the heart of your business model unless you intended to sell out your users from the begining. And there are well vetted providers run by well known individuals with a lot to lose if they sell out users.
2) It is in the interest of Mozilla's users for mozilla to diversify it's revenue source. So long at they don't forget to make features optional,I don't see the problem.
This partnership is great because both Mozilla and ProtonVPN have similar business models. Heck,it would even make a lot of sense for Mozilla to operate protonmail. Except unlike with Google and Gmail,they would charge you money and that's it. Give us what we want,to be your customers not your product!
Yes, because those numbers are different -- there's actual competition among the providers, which is not so for ISPs. I agree it's still a gamble, and still requires trust, but if/when that trust is broken, there's someone else ready to fill that void.
There's simply no way for customers to tell if their VPN provider is selling them out.
This puts them in the same boat as say, IKEA.
Some of us live in tinpot totalitarian reigemes[x] where ISPs are required by the government to retain "meta data" records of all customer connections and traffic.
It's a privacy win for me just to move the endpoint where my unencrypted traffic (and dns lookups) out of my local jurisdiction, since at least that way I'm not using a service that's required by law to snitch me out to any curious local cop... (Hopefully my chosen VPN provider really isn't keeping logs or snooping y traffic, but even if they are - moving that out of my local legal jurisdiction is an improvement for me...)
[x] That's a little intentionally overhyperboled - but fuck me our Australian politicians are making some insane laws around internet use by the whole population...
As others have pointed out, Mozilla is a for-profit, and I doubt that they would be able to keep up with the development of Chrome if they where not. That being said I wish I'd keep their focus on the browser part it self, and avoid going in the direction of Chrome, which have basically become an OS without a kernel.
While it is a little hypocritical, I would wish that they'd add Chromecast support to Firefox. That's really the only feature I'm missing.
Can you actually check if a VPN provider logs data? No, but Mozilla certainly has more sway than I do.
The other day I came to the realization that Firefox is the only portal to the web that's not affiliated with a tech giant. Microsoft has Edge, Google has Chrome, and Apple has Safari. It's so strange that the web is such a huge, important part of our lives, and we only have four ways[1] to access it, three of which are driven by profit-seeking organizations.
[1] I'm not counting forks since those are largely still the same as the original code base, and none of them have gained a significant amount of traction. I'm also not counting experimental browsers since I'm not aware of any that are both largely-compatible with current web platform features and not based on a fork of one of the primary browser engines.
If you need a console browser with picture, JS, color, and table support, consider Browsh [2] instead: "Browsh is a fully-modern text-based browser. It renders anything that a modern browser can; HTML5, CSS3, JS, video and even WebGL."
And let's not forget that this is also a jump into the abyss of in-browser ads that may be difficult to block even with an add-on. From the screenshots it seems that FF analyzes your behavior (connection to an unprotected network) and displays the ad based on that. I fear what's going to happen when Chrome team picks this idea (e.g. "we see that you are logging into a bank X, how about you try bank Y?")
I don't see anything saying that they won't. They might only offer ProtonVPN for all of time, but I could also see them adding additional providers down the line. In any case, I'm imagining that the vetting process is relatively costly to perform and keep up, and I'd trust Mozilla more than myself to do it.
Tor and Firefox are working together to make Tor network the default within private browsing mode. A number of privacy-related patches from Tor have already landed in Firefox (example: Firefox now has first-party isolation). It's a slow progress, but it's on its way.
If you're interested about more, the project is called Project Fusion: https://wiki.mozilla.org/Security/Fusion
There was a discussion here a few months ago: https://news.ycombinator.com/item?id=17205441
That's always the con of revenue streams, they impede Mozillas independence and ability act on behalf of users.
It's not ideal though. A large fraction of the web blocks access from Tor relays, or makes you jump through extra hoops, like completing onerous captchas. It's not a great experience.
Tor hides the source of your communication, and evades filtering. It does not protect the contents of your communications from eavesdropping. It's trivial to set up Tor exits to log traffic, and people do.
Grabbing a page from my website over tor and over normal network:
curl http://mywebsite
curl https://mywebsite
curl --proxy socks://127.0.0.1:9050 http://mywebsite
curl --proxy socks://127.0.0.1:9050 https://mywebsite
0.028s / http
0.063s / https
0.394s / tor http
1.079s / tor https
0.302s / tor http
0.598s / tor httpsWhy does Mozilla trust in Tesonet and why should their users do?
http://vpnscam.com/heres-why-you-cant-trust-nordvpn-and-prot...
1. No other VPN that I'm aware of has any of its own data center infrastructure.
2. Even though ProtonVPN (and essentially all VPNs) works with untrustworthy companies like Leaseweb to provide many of their servers, SecureCore allows you to route traffic through their own data center infrastructure to another exit node server.
3. Public-facing CEO who has a verifiable history. You know his name, his face, he's given a talk. This helps with accountability.
I've said it before on HN and I'll say it again, their reply to this situation satisfied me completely, and nobody has said anything against this reply: https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...
There is simply not a better option than ProtonVPN.
Yes, I sound like a shill, but the facts are still the facts.
Having said that - seeing them vouched for by the Mozilla Foundation seems to be a significantly better indicator of their trustworthiness than this post from a day or two ago: https://news.ycombinator.com/item?id=18260920 - I _mostly_ trust Mozilla to not be guided just by whoever offers them money, and hopefully to have learnt from their dumb Mr Robot fuckup...
I fully agree that ProtonVPN seems like a poor choice, considering all the controversy around them, especially when its backed up by that much evidence. Mullvad, Private Internet Access, TorGuard etc. would have been a better choice, but perhaps Mozilla didn't want to look like it was picking sides among 'established' VPNs..
For better or worse, Mozilla managed to brand itself as the equivalent of the open internet and an organisation that would put the users first.
This is quite important in today's world that's full of Googles, Facebooks, Microsofts etc.
That doesn't mean that Mozilla has done nothing wrong. I'm just saying that I would feel much better having a VPN service run by Mozilla as opposed to a VPN being run by Facebook.
Anyone from Mozilla or ProtonVPN reading this and can confirm that this understanding is correct?
(but I don't know if Proton looks at these requests, the last response from administrators was in 2016).
I haven't completely read it but I did spot one difference:
"These subscriptions will be billed directly by Mozilla and the majority of the revenue from these subscriptions will go to Mozilla, directly supporting Mozilla’s mission."
Mozilla was less clear about how it'd be distributed.