Also, "free": "If you're not paying for it, you're the product being sold"
This is such a un-nuanced take.
In this case Firefox's route-to-market is the product. It's a distribution channel where some people who receive the free version will upgrade.
Free tiers for products where some will pay to upgrade seems like a reasonable compromise, but it does depend on how the deal is structured.
If Mullvad pays Firefox for the free users then Firefox's incentives are aligned with its users.
If Mullvad pays per conversion then it's a different story.
The other aspect is I expect it would stain the IP pool further. VPN IPs often end up on various blacklists due to abuse and introducing a wave of free users would only make it worse for paying customers.
[1] https://mullvad.net/en/pricing
> Why no free plan? "Free" services nearly always come at some cost, whether that be the time you spend watching an intro ad, the collection of your data, or by limiting the functionality of the service. We don't operate that way – at all.
People think Mullvad is special but it's same shit as all the others in most cities/markets, I wish they would use some of their big ad money spend to deleverage from these typical dodgy scam hosting ASNs.
From OMG Ubuntu
Two huge reasons people use VPNs is piracy and saying things/accessing content that's not legal in their country. If that company has a legal presence in your country, then they'll hand over that data to the police should you criticize the wrong person or download a movie without permission. At which point a VPN becomes kind of pointless.
I probably won't use Mozilla's offering, because i want any VPN to cover the whole system, not just the browser (correct me if i've made a bad assumption here)
I agree in principle, but we interact with hundreds of companies per day. Which ones are honest and which ones are taking advantage of us? I really don't have the cycles to run it all down, and keep up with it over time. Perhaps Firefox VPN will be totally private initially and then violate privacy 2 years in? Would I ever know? Maybe? I need to err on the side of caution for a lot of these decisions because so many companies are bad actors. I'm sure I don't always err correctly, but I don't have better options.
It's still correct though. In this context Mozilla uses the firefox-users as their test and demo base. At the end is commercial benefit.
And I think the core criticism still applies. Mozilla gave up on the browser years ago, let's be honest. It may be interesting from a historic point of view to find out how, when and why, but meanwhile the rest of the world has moved on already, so ...
They push million lines of new code every year, push thousands of patches, and regularly achieve performance measurable performance boosts to Webrender, the JavaScript and CSS rendering engines, on rapid release cycles that have improved speed and memory usage.
There are a lot of criticisms leveled at Mozilla some fair some unfair, but the amount of work poured into the browser is so extensively documented that there's no excuse for not knowing.
In this case, you stent being sold. They are providing a limited free version and hoping you upgrade.
Now, from where this cost is going to be recouped, how seamless the integration will be (in-browser translation is useful but the UX is not good enough), or if their VPN exit points aren't flagged to death as bad IPs; will remain to be seen.
The other thing about this feature, is that it will prove interesting in France and the UK; where it could be seen as a circumvention technique of the currently in place age restriction laws. And at the very least, it will bring those topics back into discussion.
Also, "free": "If you're not paying for it, you're the product being sold"
> HN is "free" too. :)
Indeed: you deliver valuable information about market trends, market sentiments, technology, ... to SV startups and investors.
Additionally, Hacker News is basically a marketing expense of YC.
For example, when you use the Google search engine, you are the product (Google's customers are advertisers). I hope you derive sufficient (average) value from each Google search so that you consider this to be worth it.
Y combinator absolutely profits from encouraging group think and positive attitudes about things they're involved in.
How else would you get a large part of the tech world to somehow believe that suckling on the teat of Venture capital until that elusive "exit" is the holy grail of business models?
This must apply to Firefox itself, right?
Why do you think google buys the rights to firefox's search bar (as a default setting)?
"The service is free. Am I the product?"
That is a valid thing to ask. Even with FOSS sometimes.
Some FOSS projects are backed by companies, then yes, plausible to ask.
Otherwise, I would answer with a clear no.
(Projects can still collect telemetry and other data and sell that, though the sell part should be very rare, imo...)
Edit: Was that a bad faith argument or a honest question?
Sometimes I can't tell, maybe because of old or ESL...
Crowd sourced Development and Quality Assurance for something multiple companies, governments and the military are using.
i would default to this being the truth, until demonstrated otherwise. Call it cynical, but it's the cynical that survive.
To give you an example. Try to use Google Search without sending your data to Google. You cannot use the product without it, you cannot opt out. Firefox, you can use just fine with Google not being your search engine.
It's not a binary toggle - firefox is selling you as a source of revenue for themselves. They're just not making it as extreme as it is possible to be - in the hopes that you don't switch away.
You can compare same situation with safari in iOS. Except google pays a lot more, since you cannot switch away in iOS as easily, and culturally there's more reluctance compared to firefox users. This makes google pay more for iOS traffic, as those users are worth more.
The sense in which you are the product on Firefox is that they want to maintain a large enough user base that search licensing is valuable enough to sell to Google.
Google is paying Mozilla to be the default search engine. Google is only paying Mozilla because Firefox has users, regardless if they use the default search engine or not. So, indirectly everyone is the 'product'.
I'm sure if 95% of people did swap to ddg, then google may change their mind.
Also I believe there is the possibility Google also pays Mozilla to offer competition so Chrome isn't considered a monopoly (but maybe Edge has changed that to some extent?)
well, a benefit is a benefit. It doesn't really matter how it manifests does it? It's not a donation, as it is not altruistic.
I didn't say you being a product is bad - but it does not align customer with software company. You may be OK with being sold as a product to google, as this relationship currently isn't damaging. But what if a future offer which would damage you is taken by mozilla because it's profitable?
All of this crap that everyone keeps pulling into their browsers needs to be ripped back out and made a plugin or an extension. Stop shoving it in the core damn browser. I didn’t need the waste of space and I’m never going to touch it.
And for many non technical users that is very useful, if they can get that with a click. To get geoblocked content, etc.
Mozilla has done way worse things, much more distracting from their core mission - building a browser that people want to use and trust.
The bigger issue with browser VPNs for me is that they don't help against DPI at all. I'm in a country where the ISP fingerprints wireguard traffic and drops it - a browser VPN connecting to a known mullvad endpoint gets blocked just as fast. You need protocol-level obfuscation for that, which is a completely different problem.
Edge also has some Microsoft VPN with a very small amount of bandwidth for the free tier.
I'm fine with this kind of stuff as long as people are aware it doesn't offer the same connectivity as a full paid VPN.
What's the difference when you're accessing it through a browser?
> I'm fine with this kind of stuff as long as people are aware it doesn't offer the same connectivity as a full paid VPN.
Are you talking about it not reaching out and affecting other programs, or is there a restriction within the browser?
A proxy isn't as secure as a full VPN. I had previously read a really good article on it but I hunted and hunted but couldn't find it.
This explains it well enough though:
https://www.quora.com/Is-Opera-browser-with-built-in-VPN-a-g...
However, reading the write up from Opera it's actually pretty decent tech that they've had audited by a third party and the whole nine:
Why browsing with Opera’s VPN is safer https://blogs.opera.com/security/2025/07/opera-vpn-is-safe/
Hopefully no one will start with the whole "they're Chinese owned" argument. If anybody is still on that whole trip, see this (and go watch SomeOrdinaryGamer's video on the subject) but in short it's really nothing to worry about.
Debunking misinformation about Opera’s browsers https://blogs.opera.com/security/2023/07/debunking-spyware-m...
Yes because it's VPN for the browser. I can do the same kind of targeting with most VPN software. Applying it to specific programs doesn't make it stop being a VPN.
> This explains it well enough though:
Which answer? The dumb bot that contradicts itself? The first human answer says it is a VPN. Though that "cyber security expert" is also not someone I would trust since they seem to think AES 128 versus 256 is actually an important difference.
The first human "no" says it's not encrypted and I don't believe that for a second.
To say more about the bot answer, it basically repeats three times that only Opera traffic goes through the VPN as its main reason. And then it says it "doesn't offer split tunneling". Come on... The rest of the answer isn't much more grounded in reality.
And do we even know if Opera uses internal network addresses for its "VPN"?
I think I'm willing to say that routing all internet traffic from a program through a tunnel can be called either a VPN or a proxy.
What worries me is this will get adoption and they're start talking about profiting from it via "differential privacy"
Or, even worse for the web is a more realistic problem: Firefox is notoriously hard to manage in an enterprise fleet. Their biggest hurdle to marketshare is just that, chrome works well with windows, linux and mac a like and lends itself to management. I'm frequently fighting to be allowed to use Firefox already personally. This poses a direct threat to enterprise security policies. Anyone who bans random free vpns in their networks, now has to include Firefox to that list. And I don't need to mention how bad that is for the web given Google will effectively be the gatekeeper of the entire internet, even the tiny marketshare Mozilla has will be crushed. I wonder if in retrospect, this seemingly mundane feature would be the death-blow to the only alternative browser ecosystem.
[1] https://developer.apple.com/support/alternative-browser-engi...
Well that doesn't seem true?
Mullvad, Proton, Private Internet Access, NordVPN, ExpressVPN etc are all VPNs. You can use them for whatever protocol you want.
Granted, its been a lomg time since I used Nord, not sure if they still offer that service.
the two most commons protocols used for proxying traffic support arbitrary tcp traffic. socks is quite self explanatory but http is not limited to https either!
Of course most providers might block non https traffic by doing DPI or (more realistically) refusing to proxy ports other than 80/443 but nothing is inherent to the protocol.
edit: this is also mentioned on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...
> Aside from enabling secure access to websites behind proxies, a HTTP tunnel provides a way to allow traffic that would otherwise be restricted (SSH or FTP) over the HTTP(S) protocol.
> If you are running a proxy that supports CONNECT, restrict its use to a set of known ports or a configurable list of safe request targets
> A loosely-configured proxy may be abused to forward traffic such as SMTP to relay spam email, for example.
Over the past year, Pornhub had to make the difficult decision to block access to users in the following American states due to Age Verification laws:
Alabama
Arizona
Arkansas
Florida
Georgia
Idaho
Indiana
Kansas
Kentucky
Mississippi
Missouri
Montana
Nebraska
North Carolina
North Dakota
Oklahoma
South Carolina
South Dakota
Tennessee
Texas
Utah
Virginia
WyomingSecondly, porn ≠ abuse. It's an actual industry and so obviously the treatment of women varies by company.
Simply put, if you don't like porn, DON'T WATCH IT. Don't try to shove your personal beliefs on everyoje else.
2. That's from 5 years ago; who knows if this is even still the case, even assuming it's as widespread as the opinion piece claims.
3. See my second point.
I understand that a number of people in both the US and the UK is struggling right now and may not be able to affort a VPN, but their primary need is to avoid age restriction, while a large number countries are censoring the internet for political reasons. That latter seems more important to address.
Why don't they need it? There is widespread corporate and government surveillance in those countries. Privacy is a major issue. What is your standard?
This can expose users to legal risks, but but can also add plausible deniability at the same time "it wasn't me, it was someone on VPN".
https://support.mozilla.org/en-US/kb/what-happened-firefox-s...
Could they please stop integrating services into Firefox? Thank you.
Yeah no shit, when you have browser vendors shipping features that have no place in browser, it's hardly surprising.
Why does a browser need screen sharing built in? Why does it need a vpn client?
You know there's a fucking operating system running under the browser that can run those things without worrying about how they impact on a fucking browser, right?
Is that maybe used for video calls?
Do think your web browser also should not have SOCKS and HTTP Proxy support? What about DNS-over-HTTPS?
A vpn is a network layer tunnel. Does your browser also include its own built in ip stack? Maybe it should have its own window system.
DNS arguably would also be best left to the OS, yes.
Like Apple's iCloud Private Relay not working in China, UAE/Dubai etc. or letting Facebook and TikTok secretly track you across devices and reinstalls with their iCloud Keychain API
They WILL leak our shit to the highest bidder or the biggest stick
Sadly no countries are mentioned where such VPN is really needed (due to strict internet censorship).