back to article Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks

Patting itself on the back for blocking more than one trillion web tracking requests through its Enhanced Tracking Protection tech, Mozilla on Tuesday continued its privacy push with a further test of its Firefox Private Network service, an update to Firefox Preview Beta for Android, and the debut of its latest desktop browser, …

    1. RegGuy1 Silver badge

      Re: Can you trust FFox?

      Well I for one am sticking with Firefox. If you think I'm moving to Chrome you're delusional.

      1. bombastic bob Silver badge
        Meh

        Re: Can you trust FFox?

        chrome is open source like FF but doesn't even PRETEND to not try to track you, etc..

        However, dumping the chrome cache is pretty easy. It's all in the same directory. Just wipe it out, and the entire history and cache goes byby. THAT is pretty convenient, though ti should be an item in the menu to do that while the browser is running. [maybe it is NOW, but I've never seen it in the past]

        I like chrome for SOME things, like 'slack' [which I use for work-related things sometimes]. But if the only thing running in chrome are those things you don't care about script/tracking with, it's 'ok' I guess...

        (is there a 'noscript'-like plugin that would work with chrome?)

        1. Teiwaz Silver badge

          Re: Can you trust FFox?

          chrome is open source like FF but doesn't even PRETEND to not try to track you, etc..

          Chrome is bankrolled by Google, Surely using it and worrying that you might be tracked is like wading hip deep in unprocessed sewage and chemical waste armed with a packet of wet wipes?

          Sure you're not thinking of Chromium?

        2. Anonymous Coward
          Anonymous Coward

          Re: Can you trust FFox?

          Chrome has plenty of closed source bits. Chromium, which Chrome is based on, is open source.

      2. Sven Coenye
        FAIL

        Re: Can you trust FFox?

        Agent Tick does have a valid point. What is not mentioned in TFA is that with 71 (and beyond), each update will create a new profile. The only way to retain access to saved passwords, autofill, etc. is by handing your data to Mozilla. There is no provision to do a local import from an older FF version.

        1. Havin_it

          Re: Can you trust FFox?

          Agent Tick does have a valid point. What is not mentioned in TFA is that with 71 (and beyond), each update will create a new profile. The only way to retain access to saved passwords, autofill, etc. is by handing your data to Mozilla. There is no provision to do a local import from an older FF version.

          Got a source for this? I can find no details about this anywhere.

          1. Sven Coenye

            Re: Can you trust FFox?

            Sorry for the late response. I installed 71 (the day before this article) and that is what it says on two splash pages on its first run.

            Looks like the change was introduced with 67, but 71 is the first one stating a Sync account is the only way to retain access to your information across versions.

            https://support.mozilla.org/en-US/kb/dedicated-profiles-firefox-installation

            It may be possible to wrangle the Profile Manager to regain access, but for how long? And how many regular users even know that thing exists?

    2. LateAgain

      Re: Can you trust FFox?

      If by "trust" you mean "don't break anything I care about" then they are almost as bad as chrome.

  1. DrXym Silver badge

    I find VPNs very useful

    I can't recall the number of times I've been a bar / restaurant / hotel and their stupid wifi either blocks sites, or tampers with the content (e.g. to inject ads). A very large number of American news websites even block European IP addresses rather than fix the site to comply with privacy rules. And video streaming & game services can get very annoying if they think you're in the wrong country.

    So having a VPN is a very handy tool even if you aren't in an oppressive regime. I can't say I use them all the time, but I like to have one available for when its needed.

    1. Roj Blake

      Re: I find VPNs very useful

      VPNs also mean you don't have to ask for permission to view certain specialist sites every time you change mobile or broadband provider.

      1. Anonymous Coward
        Anonymous Coward

        Re: I find VPNs very useful

        Ah yes, the "I am over 18 I swear" specialist sites.

      2. Anonymous Coward
        Anonymous Coward

        Re: I find VPNs very useful

        For when you want to browse websites single-handed

        1. I sound like Peter Griffin!!
          Pint

          Re: I find VPNs very useful

          Phone in one hand, and pint in t'other of course!

    2. Roland6 Silver badge

      Re: I find VPNs very useful

      The use of VPN's when using public hotspots (WiFi or fixed line) is well established over several decades, because it does increase the security of communications over the local hotspot infrastructure.

      However, the "makes tracking more difficult." claim is a little over egged. Yes, only the VPN provider will see the IP address of the hotspot you are at, but is this style of tracking an everyday cause for concern? I suggest not when compared to tracking cookies et al.

      The circumvention of geoblocking is also a well known feature of VPN's, provided you can use a VPN that puts you inside the relevant geo-fenced region.

      1. e^iπ+1=0

        Re: I find VPNs very useful

        'only the VPN provider will see the IP address'

        Possibly makes you harder to track - sites like Google might see many connections from the VPN exit point, rather than from your "home" IP address.

    3. Mephistro Silver badge

      Re: I find VPNs very useful

      For those tasks you listed, the Tor browser is more than enough, I think. And it's free!

      1. EnviableOne Silver badge

        Re: I find VPNs very useful

        and based on firefox, mozilla are just backporting some of the protections from the Tor Browser into mainline FF

        1. Roland6 Silver badge

          Re: I find VPNs very useful

          >mozilla are just backporting some of the protections from the Tor Browser into mainline FF

          Well if Mozilla are minimising new development, that would mean FF & FF VPN are just a consumer friendly versions of the Tor Browser and VPN connection to the Tor network(*)...

          (*) Not saying that connecting to Tor is difficult, just that it requires a little effort - something many (non-IT) people find difficult and easy to put off.

          1. Mephistro Silver badge

            Re: I find VPNs very useful

            Nowadays the installer takes care of everything, quickly and effortlessly. The biggest issue I see with the Tor browser is that non-IT-knowledgeable users might think that it's a total solution to every form or tracking and not understand how -or when- to tweak the security settings either to prevent breaking the target webpage's functionality or to prevent advanced tracking methods.

            I mainly use it for preventing geoblocking and finding health issues related info, but if I were a dissident in a dictatorship, I'd be extremely careful and only visit "safe-ish pages" that can be used with the highest browser security settings.

    4. tip pc Silver badge

      Re: I find VPNs very useful

      you don't need a vpn you need a proxy

    5. Kiwi Silver badge
      Pint

      Re: I find VPNs very useful

      A very large number of American news websites even block European IP addresses rather than fix the site to comply with privacy rules.

      TBH I can understand them doing that. If they're not under European laws and not trading with European citizens, then those laws simply should not apply. You're coming to my place to view my site, not me going there.

      I'd probably ignore such laws myself, but may put in a disclaimer to say that NZ is my jurisdiction, and anyone visiting agrees to act in accordance with NZ laws. You'd have to do the same if you came to my house anyway :) A different matter if I sell something (I see some sites get around those issues by only shipping locally)

  2. Anonymous Coward
    Anonymous Coward

    inviting US users of the Firefox desktop browser with Firefox Accounts

    pretty ironic they offer you "privacy", as long as you give it up to them (and obviously, they'll keep all the logs to make sure your privacy can be shared for various reasons from "optimizing our performance" to "appropriate legal requests". In other words, instead of having your data captured by google, it will be captured by mozilla. For your own good, no doubt.

    1. Inkey
      IT Angle

      Re: inviting US users of the Firefox desktop browser with Firefox Accounts

      "sure your privacy can be shared for various reasons from "optimizing our performance"

      I think you will find that you can opt out of pretty much all FF telemetry and performance data gathering...

      You cannot do that with Google or M$ products short of breaking their functionality..

      1. Anonymous Coward
        Anonymous Coward

        Re: inviting US users of the Firefox desktop browser with Firefox Accounts

        why should I have to "opt out"? Why should I have to assume that the default "partnership" is my "partner" extending an invisible arm to search my pockets, unless I say "don't fucking do that"?

        1. IGotOut Silver badge
          Mushroom

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          "why should I have to "opt out"? Why should I have to assume that the default"

          Translation:

          I'm having a rant without a fucking clue what I'm on about.

          When you install it, these options are VERY clearly presented to you, with decent descriptions of what they do and what they are used for. They are not hidden options you have to spend hours looking for.

          1. Anonymous Coward
            Anonymous Coward

            Re: inviting US users of the Firefox desktop browser with Firefox Accounts

            It appears you missed my point, why should my default position be to ask my new business partner NOT to go through my pockets? Is this a standard default for a relationship?

        2. Anonymous Coward
          Anonymous Coward

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          Ah, another commentard assuming that the internet is free.......<sigh>

    2. Phil O'Sophical Silver badge

      Re: inviting US users of the Firefox desktop browser with Firefox Accounts

      pretty ironic they offer you "privacy", as long as you give it up to them

      Yes, when I read "FPN creates a secure tunnel from the user's browser or device to the internet," my first thought was "to which particular bit of the internet?". A VPN needs two endpoints, and I'm not convinced that one which terminates on a Mozilla host will necessarily improve things in terms of tracking and marketing.

    3. Oengus Silver badge

      Re: inviting US users of the Firefox desktop browser with Firefox Accounts

      exactly what I came here to say... As soon as a "service" wants me to create an account so I can use it, where I don't believe one is necessary, I avoid it. I use Firefox currently but don't have a Firefox account because I don't give a damn about sharing stuff between devices.

      1. No Yb

        Re: inviting US users of the Firefox desktop browser with Firefox Accounts

        Quite disappointed when they stopped doing firefox sync with no registration required. Enter about 14 letters to match those shown by your main browser, and then they'd link with no account information required. Supposedly encrypted on the server, too.

        Now it's "login to Firefox to sync, so we know where you are."

        1. Loyal Commenter Silver badge

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          Presumably, they dropped that because it's not really that secure, and FF sync can sync things like saved passwords, which you definitely wouldn't want someone to get hold of because they happen to have compromised the machine you're using and screen-grabbed the address bar of your browser. Or taken a picture over your shoulder, or whatever.

          1. eldakka Silver badge

            Re: inviting US users of the Firefox desktop browser with Firefox Accounts

            happen to have compromised the machine you're using and screen-grabbed the address bar of your browser. Or taken a picture over your shoulder, or whatever.

            if they're doing that, they can probably get your firefox account credentials anyway...

        2. eldakka Silver badge

          Re: inviting US users of the Firefox desktop browser with Firefox Accounts

          You can set up your own sync server.

          There are (rough/unsupported) instructions on the mozilla website for how to do it.

          edit: here it is: https://github.com/mozilla-services/syncserver

          and: Run your own Firefox Accounts Server

          1. Havin_it
            Boffin

            Re: inviting US users of the Firefox desktop browser with Firefox Accounts

            In fact you have to run (build, configure and keep updated to maintain client compatibility) your own sync server (python), accounts server and content server (both nodeJS). With, last I looked, public docs that are an afterthought and you're doing very well indeed if you don't have to throw yourself on the mercy of the services-dev mailing list before long. Then there's the client configuration ... [twitch, dribble]

            I gave it a red hot crack and it did work for a while but honestly, life's too short especially if you're not conversant in python, node (and mailing-lists). I thought I cared, but given my data is all encrypted client-side I really don't care enough to justify that much ongoing grief.

      2. Purple-Stater

        Re: inviting US users of the Firefox desktop browser with Firefox Accounts

        Since they're planning on charging for the use of their VPN, how do you propose that they regulate this without having people create an account of some sort?

        If you don't want to use it, you don't need an account. It's hardly an imposition.

  3. Jimmy2Cows Silver badge

    Patting itself on the back for blocking more than one trillion web tracking requests

    Which Mozilla can only know by tracking its users...

    At least Firefox let's users disable telemetry (so long as it disables all, not just some).

    1. DiViDeD Silver badge

      Re: Patting itself on the back for blocking more than one trillion web tracking requests

      At least Firefox let's users disable telemetry

      AAAAAAARGHH!11!

      The Apostrophe Protection Society isn't even cold in its grave yet, and already its influence is waning!

  4. FrogsAndChips Silver badge
    Linux

    Mozilla is inviting US users [...] to try FPN

    Darn, I'm gonna need a VPN to be able to try Mozilla's VPN...

    1. The Oncoming Scorn Silver badge
      Coat

      Re: Mozilla is inviting US users [...] to try FPN

      GALAHAD: He says they've already got one!

      ARTHUR: Are you sure he's got one?

      FRENCH GUARD: Oh, yes. It's very nice-a. (I told him we already got one.).

  5. Harry Stottle

    Is Joepie91 fer real??

    Regular Regitards will be familiar with the substance of this response but I include the detail for the benefit of any newbies wanting a quick guide to achieving reasonable privacy online.

    That GitHub post almost looks like a schill.

    No, VPN is not THE solution to privacy but it's a major component. Especially if you randomise your choice of server.

    No, You can't trust VPN providers without performing some serious due diligence.

    Generally speaking, in the world of security, nothing less than a formal security "reduction" (proof) is considered convincing, but in the case of my own preferred supplier (PIA - see this review) proof of the pudding comes by way of their survival of at least two State based attacks - one in Russia, where their servers were seized and no user details were retrieved; and one in the USA where the court determined that they were unable to comply with demands for user data. That's at least as convincing as a formal security proof and, arguably, more so!

    No, VPN alone will not prevent tracking,

    You need to throw about half a dozen other weapons at that problem, including switching on the Do Not Track options, DNS over Https, ad blocking via Ublock Origin (my preference) or Adblock Plus, script controls with Umatrix or Noscript (or similar), Sandboxed browsing with automatic deletion of web traces (eg Sandboxie, though I'm a bit nervous about their new owners) and Canvas fingerprint blocking. On the subject of which, my private experiments recently tipped me back into Firefox (along with other improvements in V70) and away for SRWare Iron when, after testing various Canvas fingerprint blockers using Panopticlick to confirm their effects, I discovered that NONE of those available for Chrome engines actually did much good. Yes they change or mask your fingerprint but they don't do the only thing which works, which is to randomise it. Only Canvas Blocker in Firefox passed that test.

    But the issue that angers me most, especially when the source is another technically literate contributor like the author of that github post, is their wilful ignorance of the threat posed by the combination of the Surveillance State and Surveillance Capitalism.

    His 2nd "legitimate" use of VPN is:

    "You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters."

    which implies that he's perfectly content with "government sanctioned adversaries". Most of us who visit these pages, however, recognise that government adversaries are, by far, the biggest threat. (I only recently bleated on a similar issue in a recent Reg discussion) and they are easily my own major reason for using the above countermeasures (and a few others).

    And the point that is most often glossed over by such pillocks is that the single biggest advantage to be gained by widespread adoption of things like VPN and secure private email (I strongly recommend Protonmail) is "Herd Protection". There are millions of legitimate reasons to oppose and campaign against the forces of internal repression (occasionally called "governments") and that makes all of us prepared to voice such opposition potential targets for their digital surveillance. The more of us who use masking and privacy protocols, the more protection we supply to each other, not just ourselves.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is Joepie91 fer real??

      I don't think mozilla gives a fuck about my privacy, they implement vpn, because "privacy" is becoming an issue discussed more and more in media, and therefore, mainstream users start to ask questions. It's like the current fad, therefore, "must include", particularly if your competitors make it available already (opera). Never mind how much real protection it gives you, it's VEE! PEE! EN!!! WE!!! PROTECT!!! YOU!!! CLICK!!!! HERE!!!

    2. Long John Silver
      Pirate

      Re: Is Joepie91 fer real??

      That is a very clear exposition leaving nothing to quarrel over. I raise some connected general points.

      There likely is no such thing as absolutely assured online anonymity and/or privacy. Also, bear in mind that people doing dodgy dealings (e.g. illicit drugs) using generally pretty secure tools like Tor/Whonix are usually reported caught by traditional investigative techniques rather than computer wizardry. A vulnerability in security occurs at points where the digital world intersects the physical world e.g. drugs must be paid for (even Bitcoin is not wholly anonymous) and delivered (trust a postal service or trust meeting a stranger in a dark alley). People active in discussion fora may become traceable elsewhere through fingerprinting their vocabulary, spelling, grammar, punctuation, sentence construction, linguistic idiosyncrasies, and topics of interest to them. Linkage to physical identity results from painstaking observation of activity by trained human investigators rather than automated processes and encryption cracking derring-do.

      Investigation of that nature is resource intensive, not least of which is human operatives, and its use must be well-targeted and have prospect of success. Thus, very serious crime, espionage, terrorism, and suchlike enter the spotlight. Somebody using BitTorrent to download the latest Hollywood offering to culture or via Sci-Hub 'stealing' from Elsevier that which actually is communal shared property has nothing to fear from the likes of GCHQ and the NSA. Attacks upon so-called 'pirates', that is on individuals rather than black market providers of 'content', are sponsored by copyright rentier industries using private sector companies; these are easily deflected.

      Thus, online security is a balance between resources invested by individuals/organisations and those invested by legitimate security/crime investigative agencies. It becomes a matter of horses for courses. Simple file sharing, assuming not state secrets or highly criminal 'content', can be undertaken without fear of consequence by using easily obtained tools of which VPN is one. Even should a disreputable VPN provider keep detailed logs and submit to civil action demands for revealing user activities the best that copyright rentiers could achieve would be sending out speculative invoices; even within context of USA jurisdiction it's highly likely evidence of wrongdoing and causation of damage would not suffice for civil litigation.

      The report giving rise to comments begs the question of why anyone with even rudimentary nous would opt to pay for Mozilla's within-browser VPN service. Even should it provide a 'secure' channel for all activities on a device it is unnecessary for browsing and with Mozilla being under US jurisdiction potentially a risk. Simple browsing of harmless intent is far more convincingly protected by Tor. Also, although not suited to Torrenting Tor is acceptable for ordinary file download but probably not streaming. Tor is easily installed on mobile devices (e.g. 'app' for Android). The greater the number of people using Tor the more quickly it will become established as a confidential (but not top secret) parallel WWW.

    3. Doctor Syntax Silver badge

      Re: Is Joepie91 fer real??

      which implies that he's perfectly content with "government sanctioned adversaries"

      I understood it to mean simply that he expected random VPN provider to fold if leaned on by such adversaries.

  6. Mike Rodgers

    And the !@#$%^&* tabs are on the top again...

    1. arctic_haze

      I got used to download a new version of CustomCSSforFx after FF upgrades.

      BTW, use tabs_below_navigation_toolbar_fx65_v2.css if you do not want borderless tabs.

    2. eldakka Silver badge

      Tree Style Tab addon for Firefox, one of the best addons ever (outside privacy addons like uMatrix/NoScript/uBlock).

  7. chucklepie

    Why pay $3.99 a month for a browser based VPN with limited servers, when for less you can get a full VPN with lots of servers that works on any data?

    1. Anonymous Coward
      Anonymous Coward

      Because you're technically illiterate and don't mind paying for convenience.

  8. developer_xxl

    facebook container

    it'd be nice to have a open bunch of bookmarks in a container

  9. headrush

    Is it just me or has the term VPN been coopted to be equivalent to proxy server? I always understood a VPN to be the mechanism whereby you could connect securely over the public Internet to another server /device that you controlled. Using one to browse the net via a third parties server is not a good description of a a private network.

    Lawn, NO!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020