Firefox 150 comes with a Free VPN

[Moonchild]

So, yeah. Free VPN? And who is paying for that?
"No extra cost". "extra" implies there's already a cost, though
Anyway. no indication who operates the VPN or what's being logged or where it's routed through or anything. just "here have this free** service"
** pinky promise.

[ownedbywuigi]

So, yeah. Free VPN? And who is paying for that?
"No extra cost". "extra" implies there's already a cost, though
Anyway. no indication who operates the VPN or what's being logged or where it's routed through or anything. just "here have this free** service"
** pinky promise.

“150 releases of Firefox” and 94 of them have gotten progressively worse.

[Gemmaugr]

It's not the same old Mullvad VPN they've used before?

https://embed.kumu.io/9ced55e897e74fd80 ... irefox-vpn

[Moonchild]

It's not the same old Mullvad VPN they've used before?

If it is, it's not advertised anywhere. The only thing that is mentioned anywhere is "Mozilla VPN" which implies their own, but considering the offers, I doubt it is operated by their staff on their infra (they would not have spun up the boasted 500 servers around the world)

[Night Wing]

I do not use a VPN now and I will not be using Firefox's VPN either, free or otherwise.

[Moonchild]

I do not use a VPN now and I will not be using Firefox's VPN either, free or otherwise.

The concern isn't necessarily that they offer it, but rather how they offer it. Baked into Firefox (i.e. vendor lock-in), tied to a Mozilla account, with no information of the operators of the service.

[Gemmaugr]

...tied to a Mozilla account..

Right. I forgot this was a thing for chromium and firefox browsers. I've been using Pale Moon since almost the start. Having browser accounts seem weird and odd to me. Is this a thing for all downstream reskins/rebuilds of the aforementioned browsers?

[ownedbywuigi]

...tied to a Mozilla account..

Right. I forgot this was a thing for chromium and firefox browsers. I've been using Pale Moon since almost the start. Having browser accounts seem weird and odd to me. Is this a thing for all downstream reskins/rebuilds of the aforementioned browsers?

It’s practically impossible to remove Google accounts from Chromium (excluding Ungoogled Chromium), though nearly all FF forks don’t have “Mozilla accounts”

[Mæstro]

just "here have this free** service"
** pinky promise.

What? Don’t you like free stuff? Who doesn’t want free stuff? If it’s free, it’s for me!

[librecat]

They also added widgets for the start page, JS bloat if you ask me

meanwhile pale moon debian avx2 build flies on my machine being 90% of the speed of latest firefox with all the tricks and team, i think its very smart to use SIMD to get parallalization without the securtiy drawbacks

[athenian200]

Firefox seems like it's on the way to becoming some weird niche thing like Tor Browser at this rate... built-in adblockers? Free VPN? What is it trying to be, the browser for shady/illicit activity at this point? Like... yes, it's one thing if users happen to use a VPN or an adblocker, but promoting those kind of uses suggests a certain vibe of explicitly appealing to people who don't like to pay for things and use privacy as an excuse.

[Night Wing]

Like... yes, it's one thing if users happen to use a VPN or an adblocker, but promoting those kind of uses suggests a certain vibe of explicitly appealing to people who don't like to pay for things and use privacy as an excuse.

Concerning "privacy", you have one way to look at it, but I have a different way of looking at it. I'll explain by using an example.

Many people, including me, do not like having tracking cookies put on their computers by websites which are affiliated with other websites in the form of "buttons" when one does not have an account with said company. One example is Facebook (Meta).

Facebook (Meta) places tracking cookies on the computers and devices of people who do not have a Facebook account. This tracking occurs through the extensive network of "Like" buttons, "Share" buttons, embedded content, and the Meta Pixel (formerly Facebook Pixel) present on millions of non-Facebook websites.

When a user visits a site with Facebook integrations, their browser sends a request to Facebook’s servers. Even without an account, a two-year tracking cookie is installed to identify the browser.

Facebook (Meta) records the IP address, browser type, operating system, and the specific website being visited. By collecting this data over time; Facebook (Meta) can build a profile of a user's browsing habits, interests, and location even if they never sign up for an account. This data is used to analyze web traffic, improve security, and show ads encouraging non-users to join the platform.

While logged-out users can sometimes opt-out of ad targeting, non-users generally "cannot opt-out" of the data collection itself. In 2026, Meta is attempting to reduce data sharing for EU users to comply with stricter GDPR regulations, but this tracking remains widespread globally.

On all three of my linux browsers which are Pale Moon, Waterfox and Firefox, I block all cookies from these intrusive websites where I do not have an account, to keep them from following me around when I am on the internet. But I also go one step further.

Again; using Facebook (Meta) as an example, I have every address for Facebook (Meta) known to me from searches which includes mobile addresses, put into my Hosts file in both of the two linux distros I am now using at the time of this posting which are MX Linux and Debian. This way, no one can reach Facebook (Meta) if they are using my computer in any of my three linux browsers. Hence, no tracking cookies.

Since Facebook (Meta) thinks of me as a non user "shadow account", I treat Facebook (and other websites) who use this method as "pariahs", in my opinion, when it comes to privacy (shadow accounts).

[Moonchild]

Night Wing... I think you're missing the point.

Also, tracking cookies are irrelevant if Mozilla gets to sit between you and the internet. Just like about every other "free VPN" out there, they get a click-by-click detailed tracking profile from you if you agree to route every single navigation request through their VPN. That is just the nature of redirected networking. No cookies or local storage needed -- all Mozilla VPN users get to give all the behavioural data to Mozilla and whomever is operating the VPN for them under the hood, automatically.

Once again: who is paying for this built-in VPN? Probably your data is the value here.

[athenian200]

Concerning "privacy", you have one way to look at it, but I have a different way of looking at it. I'll explain by using an example.

Many people, including me, do not like having tracking cookies put on their computers by websites which are affiliated with other websites in the form of "buttons" when one does not have an account with said company. One example is Facebook (Meta).

Facebook (Meta) places tracking cookies on the computers and devices of people who do not have a Facebook account. This tracking occurs through the extensive network of "Like" buttons, "Share" buttons, embedded content, and the Meta Pixel (formerly Facebook Pixel) present on millions of non-Facebook websites.

[...]

I think what I'm trying to say here is, Mozilla's VPN won't help you stay private online, and neither will blocking cookies with an ad-blocker. If you really want to do that, you're at the point where you probably can't use a mainstream browser with DoH, and may also want to use a custom DNS resolver that is setup to block all IPs associated with a particular domain. A good firewall designed for privacy can also help. What VPNs are good for, though... is getting around geoblocking restrictions, torrenting, and generally making it harder for average people with legitimate complaints about your online behavior to figure out who your ISP is and get something done about it. They generally won't do much to stop a Google or a Meta, though.

I’m not saying these tracking methods are unstoppable. But they don't live in the browser, so simple tools like cookie blocking or hosts files don’t address them. If you want to mitigate them, you have to move up to network‑level defenses. My point, is that Mozilla's marketing doesn't help here. They're still presenting cookie controls and VPN subscriptions as if cookies were the primary tracking vector. Meanwhile, Firefox itself quietly enabled a new tracking mechanism ("Privacy Preserving Attribution") by default. There are so, so many ways of tracking people now that do not involve cookies, that worrying about cookies is basically fighting yesterday's war at this point.

[Basilisk-Dev]

After learning how much telemetry data Firefox collects out of the box (it collects even more telemetry data than Chrome does), I am doubtful that a free VPN service, regardless of if it is ran by Opera, ProtonVPN, Mozilla, or something else is truly free. Someone is paying for this. Most likely this data is paid for through user metrics and telemetry data. Someone will need to review the source code of the VPN part of Firefox, as well as do an audit of Mozilla's VPN servers/provider to say with 100% certainty.

[Mæstro]

There are so, so many ways of tracking people now that do not involve cookies, that worrying about cookies is basically fighting yesterday's war at this point.

Elaborating about this would be interesting for many users here, and could even attract others to us. Canvas fingerprinting is perhaps the most famous of these, and Pale Moon notable for guarding against it sooner than most.
There are also beacons, Google’s many abortive programmes like cohorts…

[moonbat]

Most people who only lately discover problems related to privacy and anonymity are clueless about threat modeling & jump to the opposite extreme - locking down everything and getting paranoid as though they're Jason Bourne and the 3 letter agencies are out to get them. The biggest problem the average user in a democratic country faces is the utter nuisance of advertising and tracking. Both of these are effectively neutralized on a PC with a properly configured adblocker that blocks the scripts that make these possible (given that relying only on host based blocking is largely an obsolete strategy now).

Beyond that comes the need for VPNs; beyond trying to access geographically restricted content, the average joe on the internet isn't being specially targeted so as to need one. And if you need a VPN, a free one definitely isn't the way to go for reasons already listed above.

My approach has always been "I will use your services and I definitely will also block your every attempt to track me or serve me ads."
So I've been blocking ads since 1999 when I discovered that that was possible (using AtGuard firewall that blocked requests at the network level and hence blocked ads in adware that was common in those days) and using Yahoo mail and Gmail via IMAP. Protonmail etc is overkill if you're not a person of interest for government or other powerful entities.