I don't understand. Their partner is Mullvad. Mullvad has servers across the entire god damn globe. Why is this US-only? Why is it US-only going into early 2020, as in, months to provide service to non-US regions in what's probably going to be a limited roll-out to "select regions"? It's not the 90s anymore. It's time to drop the US-centric crap. They're not a publisher. They're not distributing movies or TV series.
It’s pretty normal to test features in one market and then roll it out and solve scaling issues or bugs that crop up. If you have a flawless strategy to scale and roll out a big bug free release across the globe I’m sure a lot of people would be interested in that.
Just like Disney+ that started in the Netherlands months before starting in the US.
I'm not in the US but "It’s pretty normal to test features in one market and then roll it out" and "Just like Disney+ that started in the Netherlands months before starting in the US" make perfect sense to me.
I get that everyone wants everything right now, but if you're not in the US, surely you still understand domestic-market roll out? Doesn't seem like it's worthy of anything more than a passing "damn, too bad."
Bad example, Apple's market share is tiny anywhere besides the US.
And this isn't a new thing. They partnered with an established vpn provider. Horizontal scaling won't be an issue there.
There is really no reason, but I don't really care either
And there is really no reason to not go to the actual provider. Same price and you can use it on all platforms. They even provider a wireguard backend.
What are the legal implications for Mozilla with this? Hand waving that all the technology is available outside the US doesn't absolve Mozilla from Liability or Legal obligations in the US or anywhere else it's offering the service.
It's in Beta, why should they go through all the legal processes to launch the product globally where there's still the potential that the final product might look completely different or never release?
Wireguard isn't US-only in any way. Like, I literally do not understand at all. I can download a working, functional, largely stable Wireguard client on my phone or configure it on my Linux desktop without issue from outside the US. Like, US-based has no bearing on any of this. At all.
Where did you get an implication that Wireguard was US-only. The poster you are replying to is simply stating since Wireguard may still be a bit buggy, they are rolling this out in the US first to iron out any kinks before making it widely available.
But how does rolling it out US only first help with the fact that Wireguard is buggy.
They are already rolling it out slowly via a waiting list. Limiting that to US only doesn't really change how "widely available" it is in order to iron out the kinds. Seem more likely this is regulatory related.
Trying to do support in multiple languages and timezones can be tricky (and surely adds to the cost), I don't know for sure if that's the reason but it's a reasonable one.
Let’s take the fact that they don’t have the resources to launch to every user all at one for the reasons stated in comments near this one. Do you agree with that premise? If so, what do you propose as a more ideal limited rollout strategy? First come first served? That has its own share of problems with user burnout and people feeling annoyed after being left out as well.
I think you might be underestimating the breadth of i18n & l10n for a brand new beta, especially for an organization that is built on not making privacy or legal missteps. They only have 1 / 6 clients ready and zero customers yet, their attention has to be split all over the place, so limiting some variables in the meantime seems like a reasonable idea.
The VPN tech itself is not the only concern. Localization & payments & legal are also huge concerns beyond the US. This is also aimed at not necessarily tech-savvy folks, so that is also a concern.
With the pending sale of PIA to CyberGhost, I was looking for an alternative to Librem Tunnel. A lot of users on the Purism forum suggested Mullvad and it looks like this uses that. I'll definitely be trying this on Linux when it's available.
It's a shame Purism picked PIA to partner with, I want to support the company but Librem Tunnel is the only feature justifying the $7.99/month Librem One fee for me and I don't want any of that going to CyberGhost. I use Librem Mail too, but they don't offer a price package that includes email without VPN.
Mullvad already supports linux wireguard clients if you want to just cut out the firefox middleman and use it internationally too - https://mullvad.net/en/download/#linux
Could you expand on why you, if I understood correctly, distrust CyberGhost?
It's getting hard to identify a trustworthy VPN provider, and CyberGhost seems to rate decently on thatoneprivacysite.net; in which, incidentally, I'm unsure whether to trust, although its VPN evaluation vectors do seem pretty appropriate and complete.
Perhaps Mullvad is great. I don’t know. The whole VPN industry is full of shucksters, and when Mozilla says that Mullvad has “committed” to privacy doesn’t sound like enough heft to me.
Why isn’t Mozilla running their own servers if this really is something worth getting into? They’re one of the few privacy and public good companies we have left.
Consider another angle: Mozilla doesn't have experience running a VPN. There are a lot of terrible mistakes to be made there.
If Mozilla can secure a good contract with folks who have run a VPN, isn't that a better technical scenario? I mean, sure, you have to assume that the contract has teeth to enforce privacy guarantees. But I think that's part of the value proposition here.
Why would WireGuard be important? It's nice technically but the benefits vs mature protocols are not really material in a vpn service's value proposition, compared to other properties.
I recently became a mullvad customer and used wireguard for the first time. Maybe this is a windows thing, but it's so, so much faster than what I was used to from openVPN, ike, etc.
Anyone know if there's something weird about OpenVPN that makes it particularly bad? You'd think crypto + UDP encapsulation at consumer internet speeds would be pretty straightforward to implement performantly in this day and age.
The openvpn community is pretty nonexistent. Core is about 10 guys (half on loan from the for-profit company) and they're multiple years behind on where the development should be.
2.4 release: currently 3 years old, decently robust, but limited.
2.5 release: 38 of 51 blockers still open, no release date in sight.
3.0 release: roadmap was written in 2010, no release date in sight.
OpenVPN 2.5 is where we'll have per-user tls-crypt. tls-auth/tls-crypt in 2.4 means when the PSK (that all clients share) leaks, you have to rotate a PSK for ALL users all at once. Or you could not use that PSK at all and just get DoS'ed over UDP all the time.
OpenVPN 3 is where they're looking at being multithreaded. Let that sink in for a minute, because the devs haven't. You share one core with EVERYONE who's connected. openvpn is, performance-wise, a glorified openssl-pipe-to-nc at that point.
These are features that any server admin should be dying to have, because they're what let you scale from "my cute little tunnel from my home to my cloud instance" to "endpoints that can scale."
Tuning to get solid performance means getting the client config right with a lot of low-level tweaks, a lot of iperf and network-ops knowledge, shipping it out to the userbase, and hoping it works in their situation. Tuning later because you screwed anything up is hit and miss: some features you can 'push' out and fix, some you can't. The devs can't imagine tunnels where someone who isn't as immersed in the code as them doesn't control all endpoints and all configs, or where there's no burden to walking around and changing every user's config. I'm years into this and I'm still finding things to adjust or submit patches for, to make my users happier.
OpenVPN has one thing that other VPNs severely lack: a ABSOLUTELY SUPERB hook system. You want to have actions trigger scripts, they got u fam. You can do a lot of serverside and clientside magic because of that, integrating with your SSO and ACL management. Wireguard is much more in the beautiful-in-its-simplicity-but-that-still-means-simple 'static definition' camp (for now).
I'm way below the technical skill average on HN, so can I prevale upon someone to correct me?
This is just a vpn right? My existing vpn is already putting all device traffic through its servers (though it would actually be nice to turn it off for some apps, as I can't order takeaway because everyone thinks I'm in Iceland).
And its $5 a month, which is about what I already pay.
Plus its not available except on windows 10 (where its beta).
And its US only
What is Firefox/Mozilla offering me here that I don't get from NordVpn (who I hifhly recommend)?
You mean the NordVPN that was hacked for god knows how long, knew about it themselves for months, and both deliberately hid that information from their customers and failed to fix the issue in a reasonable timeframe? [0]
With Mozilla you get someone you can hopefully trust (hopefully being the operative word).
I'm curious about the parent's question, but consider that Mullvad is about $5 on its own anyways. It also already supports international customers and multiple platforms. So I'm not sure why you would buy it through FF and not directly from Mullvad? It just seems like a middleman with no benefits.
I would like to buy it through Mozilla in order to support the Mozilla Foundation, because I want to support their work and help them break their dependency on Google for funding.
I can justify this, but I'm wondering why Mullvad doesn't give them a slightly better deal. It is basically the same deal that you get if you pay with crypto, except you -- the user -- lose all the benefits of that. So why not charge something like $4.50? Or $4? They are bringing bulk to Mullvad. One of them, or both, could eat the cost until the price stabilized. I'm sure at Mozilla's scale they could push Mullvad's operating price down.
But the fact is that this does create more links in the VPN, and thus more security risks. Which isn't a big deal for the 99% of us that are just using them to torrent and prevent Comcast from seeing our data, but there's still a principle thing, which is part of why people are jumping from PIA before the merger has even happened.
Again, I'm happy to be corrected, but I thought that affected 1 server out of 1000s? Errors will inevitably happen with any system on that scale. Will Mozilla be more forthcoming or secure? Maybe but surely 1 error per 1000 servers is a manageable known risk vs Mozilla "may be perfect or terrible"?
NordVPN was mainly criticized for how they handled the disclosure. They didn't admit to the server breach until a whistleblower revealed it publicly a year later.
> The breach was done by “exploiting a vulnerability of one of our server providers, which hadn’t been disclosed to us,” according to the company [NordVPN]’s statement.
Laying the blame on an undisclosed vulnerability is pretty ironic of them
Best I can find is the primatives "Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams but that suite isn’t supported by OpenVPN"...
They use Wireguard a new better VPN, faster and safer. It also deals better with interuptions in the connection. This should work fine one Linux but they seem to be working on their own client.
Mullvad is a great company they help finance development for Wireguard VPN, I don't know about NordVPN.
Firefox Private Network full-device protection is a VPN built by Firefox using global WireGuard servers provided by Mullvad, which has committed not to keep logs of any kind."
Mozilla need to clarify their relationship and perspective with ProtonVPN, especially because they always stay above the dirt slinging with the CEO of PIA claiming on HN and Reddit that ProtonVPN is a low credibility business.
But is Mozilla dropping mention of ProtonVPN due to a loss of confidence after the PIA CEO engaged in mud slinging on public forums? It’s noticeable that Mozilla never really defended their “associate”.
No, and this is supported by the timing. PIA made the inaccurate (and now withdrawn) allegations in July. Mozilla was aware of the allegations, visited Proton in Geneva, looked into said allegations, and announced the Proton partnership in October.
Proton doesn't support Wireguard which is the protocol Mozilla wanted to use. This was a conscious decision because Wireguard is UDP only, which poses a significant problem for many Proton users which are based in countries with strict censorship and UDP VPN protocols are easier to block. Therefore, Proton's VPN focus has shifted to working on TCP based solutions which can resist DPI.
While Proton and Mozilla's VPN focuses have diverged, there is still collaborations and discussions in other areas. For example, Thunderbird is integrating Enigmail, which is based upon the OpenPGPjs library that Proton maintains.
Proton and Mozilla have similar missions, and will continue to support each other in the future.
Only someone from Mozilla could tell you for sure, but I think it's more likely that Mozilla didn't choose ProtonVPN for FPN because ProtonVPN doesn't currently support WireGuard.
> Firefox Private Network full-device protection is a VPN built by Firefox using global WireGuard servers provided by Mullvad, which has committed not to keep logs of any kind.
I might be paranoid a bit - I'm skeptical about "you can pick your location" feature. And generally I have a very little trust in US-based VPN service providers.
No matter the location, they'll keep logs forever for the gov or some other equally unreliable entity.
I thought WireGuard was not yet ready for primetime, why is it being used here? I've been wanting to stand up a VPN at work to make my life easier than SSH tunneling but I was waiting for a 1.0 release of WG.
Looking on the WireGuard site, it says that it's still a work in progress that "may contain security quirks", but they also say "already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry." Both statements could be true, but I guess it's up to you whether or not you want to wait for a 1.0 release.
Whatever it takes to get reduce their reliance on Google. Mozilla’s goals are at odds with the direction in which Google is taking Chrome, so their dependency on Google is unhealthy at best.
This. And since I've been looking for a new VPN provider after recent issues with PIA and NordVPN, I'd be happy to pay Mozilla for it. I've also heard a lot of good things about Mullvad so I'm definitely a customer when it's available here.
I still have a PIA subscription for a few months, which I'm now planning on using until this becomes available in more regions (+ on more platforms, Linux and Android in my case), but as soon as it does, I'll be happy to switch over.
It's a great idea to use Firefox like Wirecutter, as a recommendation for the best of each service type. Combine that with some thin interface over the top, like an OS, to control all the services you subscribe to with unified billing. Password leaks, manager, file sharing, bookmark sync, vpn, dns, newsfeed. Now a new person starting out on the internet doesnt need to learn about haveibeenpwned, dropbox, mullvad, cloudflare, and facebook/pocket. They can let Firefox (hopefully) select the best of each product type, and white label it as part of the Firefox family.
I feel we have reached peak Firefox. I have no qualms about supporting Mozilla by going with their VPN offering, even it costs a little more. I don't particularly have any objections to some of the recent features like Monitor, DoH, Sync etc. Once the rollout of their VPN product is complete, sometime next year, I would expect them to work with what they have at hand, rather than having too many balls in the air ie. instead of chasing down Chrome or integrating even more services, I hope they will concentrate on staying close to their values and committed to strengthening the core products.
Mullvad actually charges €5/month, which is about $5.54. (This doesn't take into account the 10% discount if you pay with Bitcoin or Bitcoin Cash.)
The $4.99 rate would be a 55 cent discount over the standard rate, which matches the cryptocurrency discount and would likely help support Firefox financially.
Mozilla has been trying to diversify its revenue for a long time:
So what is the benefit of getting this through Firefox instead of Mullvad? They want my email to sign up for the waitlist, but Mullvad requires nothing. Seems like it may even be linked to your Firefox account.
If you already use Mullvad, Firefox Private Network probably won't be an improvement for you.
However, this partnership would most likely benefit both Firefox and Mullvad. Firefox gets a stream of revenue (independent of Google) that would be used to finance development, and Mullvad acquires additional customers through the partnership who would otherwise not know about it.
One the one hand, I'm glad they are using a trusted partner like Mullvad. On the other hand, why would you join a waitlist for a service that requires you to link your account to a US credit card--when you can literally mail cash to Mullvad and be completely anonymous.
I guess it is Mozilla's name behind it... but... I guess fundamentally... you still can't use shit like netflix or any other media services because they actively block vpns.
They've been pivoting the Firefox name to encompass many privacy-minded tools for a while now. I would argue that a Firefox VPN strengthens that branding.
Frankly, very few people know Mozilla. Many people know Firefox. There's been lots of brand research into this.
So, for many years now, "Firefox" has been morphing into a brand that encompasses many online tools beyond the browser that are all intended to be tied together by Mozilla's mission & manifesto.
Does Mullvad offer ad-blocking dns (like AdGuard)? Maybe Mozilla should start a beta program for this considering they are considered fairly trustworthy.
>Does Firefox Private Network log my browsing history?
>Firefox is committed to protecting your privacy. Our privacy policy describes how we handle your data. The VPN is provided in partnership with Mullvad, who is committed to not monitoring or logging your browsing or network history.
So in other words, Mullvad doesn't track you but Mozilla does. Is that interpretation correct?