Site icon Sophos News

Mozilla Private Network VPN gives Firefox another privacy boost

Is this week’s test pilot launch of Mozilla Private Network the moment browser VPNs finally become a must-have privacy feature?

Available as a free beta extension for desktop Firefox, initially in the US only, its arrival is certainly promising.

It’s not the first browser to offer this feature – that honour goes to Opera – but it is the one with the largest user base that promotes privacy for its own sake.

All users need to do is download the extension and sign to their Firefox account (or create a new account). Then it’s a matter of clicking on the extension’s icon in the toolbar and toggling the VPN on or off as needed.

Turning it on routes and encrypts Firefox traffic through a proxy server run by Mozilla’s partner Cloudflare, which means that visited websites can’t see the user’s true IP address or location.

This doesn’t stop websites from ‘fingerprinting’ the user in other ways, however, Firefox recently added other features that make doing that more difficult.

Still, adding a VPN to Firefox is clever because it means the privacy protection is integrated into one application rather than being spread across different services. That integration probably makes it more likely to be used by people who wouldn’t otherwise use one.

There are times when users might want to turn it off, either because the site being accessed rejects VPN connections (streaming services can be fussy) or because using it is having an impact on performance (we don’t know that Mozilla Private Network will have this effect but it’s worth keeping in mind).

Pros and cons

Turning on the VPN will give users a secure connection to a trusted server when using a device connected to public Wi-Fi (and running the gamut of rogue Wi-Fi hotspots and unknown intermediaries). Many travellers use subscription VPNs when away from a home network – the Mozilla Private Network is just a simpler, zero-cost alternative.

However, like Opera’s offering, it’s not a true VPN – that is, it only encrypts traffic while using one browser, Firefox.  Traffic from all other applications on the same computer won’t be secured in the same way.

As with any VPN, it won’t keep you completely anonymous. Websites you visit will see a Cloudflare IP address instead of your own, but you will still get advertising cookies and if you log in to a website your identity will be known to that site.

Cloudflare conundrum

Again, as with any VPN, it’s only as private and secure as the network offering the service, in this case, Cloudflare.

Cloudflare has moved into the privacy space recently, pioneering DNS resolution and privacy through its public 1.1.1.1 DNS resolution service, the 1.1.1.1 mobile app that uses it, and a proposed full VPN service called ‘Warp’ announced some months back.

These are also being used to trial a new privacy technology called DNS-over-HTTPS (DoH), which encrypts DNS traffic so that ISPs et al can’t easily see which websites users are visiting.

Not coincidentally, Mozilla has also just announced support for this in Firefox, with Google adding the same technology to Chrome too.

But it’s still important to check any VPN provider’s privacy policy, which in Cloudflare’s case amounts to limited logging which is discarded after 24 hours (see DNS resolution policy for Firefox).

Should users trust this?

There’s no reason to suspect Cloudflare isn’t acting in good faith (and presumably Mozilla has done its due diligence) but through its CDN (Content Distribution Network) and DNS services, it is in the box seat for an enormous amount of web traffic already.

There’s a small caveat, however – like Mozilla, Cloudflare is a US company. That could mean having to comply with US government demands for access to data on its users, backed by the force of law.

Assuming it disposes of data as quickly as it says it does (and Mozilla gathers very little), it’s hard to see that this would be useful to the feds, but it’s still worth mentioning.

And mobile?

Mozilla hasn’t said when the Mozilla Private Network will be available for mobile users although when it appears it will presumably look something like Cloudflare’s own 1.1.1.1 app, perhaps built into Mozilla’s mobile privacy browser, Focus.

Exit mobile version