Subscribe
Share
Share
Embed
Firefox now has a free built-in VPN with 50GB of bandwidth per month. In this interview, Henry sits down with Ajit Varma, Head of Firefox at Mozilla, to break down exactly how it works, what Mozilla can and can't see, the difference between Firefox VPN and Mozilla VPN, and why no other major browser is likely to follow Mozilla's lead on this.
🔗 SOURCES & LINKS
• Firefox VPN: https://www.mozilla.org/firefox/features/vpn/
• Mozilla VPN: https://www.mozilla.org/products/vpn/
⏱️ TIMESTAMPS
🎥 VIDEO
Watch on YouTube
🧡 SUPPORT TECHLORE
Keep Techlore Talks independent & growing: ★ Support this podcast ★
🔗 SOURCES & LINKS
• Firefox VPN: https://www.mozilla.org/firefox/features/vpn/
• Mozilla VPN: https://www.mozilla.org/products/vpn/
⏱️ TIMESTAMPS
🎥 VIDEO
Watch on YouTube
🧡 SUPPORT TECHLORE
Keep Techlore Talks independent & growing: ★ Support this podcast ★
Creators and Guests
What is Techlore Talks?
Techlore Talks brings you in-depth conversations with the experts at the forefront of privacy, security, and digital rights. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode features meaningful discussions with the people building, researching, and advocating for digital freedom.
From cybersecurity researchers and privacy tool developers to open-source advocates and digital rights activists—if they're shaping how we protect ourselves online, they're on this show.
Topics include: privacy tools and technologies, cybersecurity threats and defenses, open-source software, surveillance and digital rights, encryption, tech policy, and digital sovereignty.
New episodes released regularly. Subscribe and join the community at techlore.tech.
We have constraints because we wanted to build it in a way that was sustainable.
Our North Star is, it's free.
We don't sell data.
This is rooted in our...
Mozilla's been making a lot of big moves lately.
And so I've been trying to understand the direction they're going.
And so today I'm happy to introduce Ajit Farma, who's the head of Firefox, to unpack the philosophy driving their current privacy stack, the difference between Firefox VPN and Mozilla VPN, which is actually what originally inspired this interview as I made a recap of Firefox VPN.
and I wanted to understand a bit more what their idea was behind it.
This conversation is going to go through the overall Firefox philosophy,
what they're prioritizing in the years to come,
and also where Firefox VPN and other tools fit into that tech stack.
So let's get into it.
Today I want to welcome on Ajit from the Firefox team.
Do you want to just start by introducing yourself
and just filling people in on where your role is on the Mozilla team?
Yeah, thanks for having me.
I am the overall head of Firefox, which means I oversee product engineering design for one of the core products in Mozilla, which is our Firefox browser and a couple of other smaller adjacent things like Mozilla VPN relay, some products that we have in the privacy space.
I have been here for about a year and a half.
The first year I was focused purely on product management.
So it's been about six months in this in this new role.
Nice. And so can you kind of explain to me the philosophy? Because this has been something that's hard for me to follow as well back here. Because back in the day, you all released Relay. And now you have Firefox VPN. So I'm starting to see a bit more of an ecosystem around just the browser. So do you want to maybe expand on what the philosophy is behind the tools you're choosing to implement? And where you want them to go from here, potentially, and who you're trying to serve?
Yeah. And I'll talk a little bit about the history as well. So right now we are focused on building the best browser. And for us, then privacy is a really big part of that value proposition that we can offer. And it's especially something that we don't think a lot of the big tech companies will offer because of just the business models and the constituents and shareholders they have to serve.
So when we thought about what is the things that we need to enable or build in order to make a more private experience, that's where you see a lot of the features that we have prioritized and that are building.
You can now start to see it.
So that's things like VPN, which I think most people know about VPN.
But then there's Firefox Relay, which is a email masking service.
So you sign up for different sites.
You can give it an anonymized email.
And we actually just expanded the number of free masks that are available from five to 50.
So anyone who uses Firefox can get 50 free email masks.
We also are looking at other ways to help people feel more secure.
So if you look at your password manager, we are looking at how do we integrate a product that we have called Monitor,
which is a way to really understand if you've had any passwords breached or any of your private information on the dark web and things like that.
and then helping users understand how to remove it.
We also have a lot of stuff that we just have done for a long time
that a lot of people aren't aware of.
So we cannot see any of your browsing history.
All that information is encrypted end-to-end,
which is not true for any other browser.
We do a lot of stuff that is only local,
that is not ever synced to the cloud.
There's a lot of stuff that is off by default
in terms of allowing third-party trackers, third-party cookies.
And we have different privacy modes.
So you can go from like anywhere from a more relaxed one that makes sites more compatible to a strict kind of privacy mode that might have some compatibility issues, but it really emphasizes privacy more.
And one thing that I have seen over the last year that I've been here is that Mozilla and Firefox, we've done a lot of things, but it's very hard for most people to understand what those things mean.
They're very technical.
They're behind the scenes.
We haven't done a good job of explaining it.
And so part of what we are prioritizing is not just building these great privacy features,
but also how do we help explain it to users and make it much more accessible.
So you can see one of the reasons we built Firefox VPN was actually so that you could
have a one toggle option directly within a browser without having to download additional
software.
And there's like some tradeoffs, but it makes it more accessible to more people.
And so a lot of kind of what we're doing is not just being the most private, but also
So how do we communicate that and make it easy for people to understand why that's important and also accessible?
Got it. Yeah, I want to touch a lot more on the Firefox VPN side of things.
That's the biggest wildcard for me.
And that's why I reached out and I said, hey, I want to get you guys on and really talk about this.
I guess just to expand on this a bit more before we dive into that.
This might be, and I don't mean this in a condescending way, but I'm a person that is using SimpleLogin for aliasing.
I might use more dedicated tools.
I'm more familiar with these tools.
I like my own tools.
And so this is more of a question to just see,
who is your target demographic
that's using the Firefox version of these tools?
Is it maybe more regular users?
Or do you expect this to also be used
by maybe more technical people
who have their own preferences?
Yeah, so where I think we sit today
is it is more of like a mass market kind of user
who maybe doesn't want to pay for more premium tools,
maybe doesn't want the more complicated aspects
of installing an add-on, installing an extension.
And so what I'd like to think is it is accessible
and out of the box and making it great functionality,
more powerful functionality,
applicable and usable by more people.
But over time, I do think that we will start to add
more and more sophistication and functionality
to serve even more sophisticated users.
And so we do have things like a Relay product that's paid
that allows unlimited masks.
There are more features and functionality.
But you'll see this with a lot of products like Password Managers.
They were, at one point, a separate tool that was largely paid,
and then now Password Managers are more accessible.
And so I think a lot more people use Password Managers,
which is good for everybody.
And so I would think of it in kind of that realm of we're trying to get,
I think important features to more people.
Yeah, I think actually something I still get FOMO over
because I guess technically I'm using Mulvad right now
through the tailscale exit node integration.
It's a whole thing, but essentially I'm using Mulvad.
And there's one feature you guys have in Mozilla VPN,
even though you guys are technically using Mulvad behind the scenes,
which is your containers integration.
So then you can have only certain containers in Firefox
go through Mulvad and not others.
That's cool.
And I think that's maybe actually a really good example that I can think of how you have built like a really technical feature that no, not no, but very few mass market people will probably stumble on.
So is that the kind of thing that you kind of imagine eventually ending up in more of your tools?
We want more power, but how much we surface it is, I think, still something that we think a lot about.
So as we're launching features, like we're launching some other integrations with, for instance, if somebody wants to use like an AI feature.
And so we are going to put it in things like settings where you can put a whole local feature with you is like maximally privacy preserving.
But then we are going to make it so it's like more abstracted and like a simpler cloud model for other people.
And so I think with Mozilla VPN, like it is a paid service.
And so it does have a lot more power and has all the production.
but it comes at a cost.
Like you have to have a separate download.
Like there's just more for people to do.
So I do think like a big part of what we want
is we want choice.
We want customizability.
And so one thing that I am excited about
is that there's this idea that we're thinking about
is can you make it easy to share a link
so someone can share their setup of Firefox
easily to everybody else?
And so an example is like, say, if you're like,
you really believe in these extensions,
this new tab experience,
these privacy settings,
can you just create that for yourself?
You have a link and then you share it
with your audience or your friends
and then they can just download and they trust you.
And so then this makes it again simpler
to even get into these powerful settings.
But that is something,
how do we just balance power with accessibility?
Got it. Okay, yeah, thanks for expanding.
And now I'd love to ask more about Firefox VPN.
And to start with, I think the biggest thing I,
the first thing I wanted to figure out
was if it's using Mulvad behind the scenes.
And I found out very quickly it's not.
And nowhere did you guys claim it was.
I just wanted to double check.
So do you want to maybe touch on the behind the scenes infrastructure
and just explain the differences between Firefox VPN and Mulvad?
Or sorry, Mozilla VPN.
Because I know that can cause some confusion for people.
Yeah, so with the terminology,
I think there's a lot of debate on what does a VPN mean.
And there is like a very like technical understanding of like this is what a VPN means.
And that's like historical when people were using art and like enterprise security use cases and things like that is somewhere where it started.
But then in other ways, like the term has been a little bit more genericized to say, like, I want it from more of like a privacy angle.
And so we have products that serve both needs.
One is Mozilla VPN and one is Firefox VPN.
Mozilla VPN is the traditional VPN that someone who's probably more technical would understand,
which is it is a installation that happens on your device and it is whole device protection.
And it is managing like all the traffic that is coming from your computer.
That is built on top of Moldod.
And then we have our layers, as you mentioned, with containers that we're building on top of it
and other kind of like Mozilla aspects of it.
But then there's more functionality that comes with that.
Like, for instance, you can do multi-hops.
And so just to explain to people what that means is the more hops that you have, the more further you're abstracting your own current location away from any one person knowing where it is.
If it's a single hop, then that person could theoretically know the origination and the destination.
And someone could subpoena that person and then they could theoretically give that information up.
So then on the Firefox VPN side, it is what was more technically a proxy.
And so that is, you have your IP address that's on your computer.
We partner with Fastly, which has data centers all around the world.
We buy IP addresses.
We provision those IP addresses.
We then host those IP addresses on Fastly servers.
We send the traffic to Fastly, tell them the site that you want to go to, and then it goes to the site.
So the site itself can't tell where you're coming from.
So from the privacy aspect, it obfuscates your location.
And so for a lot of like the privacy preserving aspects, and what I'd say is like the more typical, like day to day use that somebody might want to turn on VPN, it's it's very simple to turn on.
But the benefits are then you don't have this like heavyweight code that needs to get shipped with either Firefox browser or as a separate client.
And so some of the criticism around like VPNs that are, you know, the heavier weight VPNs that are built in the browser is that you might just want a browser, but instead you're downloading all the VPN software and you're getting a lot more, you know, like heaviness of the browser and stuff like that as kind of a tradeoff.
Whereas for us, actually, you don't have any trade-off.
In some ways, it's actually even faster because you might get a server that's closer to the data center that the content is in.
And so you're going back and forth at a much closer location.
And so there are benefits.
The reason also that this is important is that's how the costs are significantly lower for us in order to be able to give away the 50 gigabytes for free, which is a considerable amount.
But the big reason is then there's trade-offs around,
we're not doing any trade-offs with privacy,
we're not selling the data,
and this is where you see other free VPNs in order to pay for it.
Oftentimes, they're compromising on the privacy principles,
which is the whole reason a lot of people want a VPN.
And so this is kind of how we found out a way
to actually give a service that satisfies a lot of
what people would expect from a free VPN.
Yeah, thank you for expanding on the proxy versus VPN side of things.
I've been leaning a lot more into these tools
because I've always been a more hardcore
just installing the local VPN software on my computer.
I made a video a while ago, though,
where I was like, well, I'm getting frustrated now
because my banking app or my banking site
doesn't work with my VPN or I get captured into oblivion.
And it's a lot harder to do a website exception
or a split tunnel for just a specific domain.
Normally it's per piece of software
and depending on your operating system,
it doesn't even exist.
If you're on macOS, split tunneling is practically non-existent.
But when you're using an extension in your browser,
you guys have the same feature where you just click
and just exclude it on that site.
And then you can have two tabs open.
Tab number one, you're connected to the VPN or the proxy.
And the second one, you're not.
And I think that is one of the most powerful things
that it unlocked for me.
And then once I started playing with that,
I realized the speed differences that you're talking about.
So I started uploading, especially the upload speeds,
for me at least, with the extension I was using
versus the desktop client was totally different.
So yeah.
Yeah, I think that's like a great solution.
Like this is where I just go back to like,
there's two flavors.
Like if somebody wants the full device protection
and is willing to spend the extra,
say five to $10 a month from a VPN service,
then there are like great extensions
and it works really well.
But then there are a lot of people
who don't want to pay that,
that we still want to have a more private solution.
And so there isn't like a one size fits all,
But I'd say like, I think our VPN is more for if you're a casual user, if you're traveling, if you have like one off sites that you're trying to like access that you are not able to, it works well for that.
And then we actually are seeing a lot of people now graduating into the paid VPN as well.
And so that wasn't an intentional reason we created this, which I think is a side, I guess, benefit for us is that we are actually seeing people who dip their toes into it, then decide that they do understand the value of even more powerful VPN and some of those users decide to pay for it.
Nice, nice.
And yeah, I want to definitely touch on that a little bit more.
That was going to be one of my questions later.
Was this designed to be a freemium thing?
We can touch on that maybe later on as well.
We can double click on that.
But I did want to quickly ask,
because we're talking about this proxy extension thing.
Did you do any market research beforehand?
Because to me, this seems like an emerging trend.
We have Apple with private relay.
I'm assuming that's quite popular
if they're still doing it years later
and it's part of the main subscription.
So I just want to kind of check in there.
Do you guys see demand for this based on kind of what the competitors are doing?
Yeah, and this is actually something that we have a longer history with.
And so there was actually like a Firefox private network that we had launched like five plus years ago.
The challenge previously is that we just couldn't get the costs to work.
And so it is like very expensive.
And so we tried it and there's like no way to scale it up unless it was just like a really not a compelling offering.
And so I think that the main difference now versus in the past was actually more on the infrastructure side and the cost side, where now we can actually make the map, quote unquote, work to actually give away a free service, which we weren't able to do in the past.
And I don't know if that's just because more companies are offering it.
So people are doing it more.
Apple is actually partnering with Fastly as well.
And so I think maybe you might see this like infrastructure is being built out.
So it's actually the costs go down.
But I think that's at least brought us the primary change for why we're able to do it now versus several years ago.
Got it. And then another quick question on private relay, because it's actually very well appreciated by a lot of experts because of the implementation and how it goes through two parties.
And neither party knows where a person's coming from and where they're going.
Do you guys implement that relay aspect of things or are you just one hop essentially for the free Firefox VPN?
Yeah, so we are one hop right now. And primarily, you get to multiple hops, you actually it's not just about the hops, it's about who owns the hops. And so for us, like do multiple hops on a third party is easy, but then the third party actually knows the hops that you've done. And so to properly do this, you would have to actually have a network that you own. And like, so you would have to build out your data centers and your infrastructure. And then you would have to have a part that you do not own.
And then that's where the costs get more expensive. And so for anyone who wants multi-hop, like that's Mozilla VPN is the right solution for that. And so Mozilla VPN does have the multiple hop solution. And in the same way, like Apple doesn't have private relay for free, like it is part of a paid service, because it just goes back to like, then the costs start to go up once you have to like build out your whole infrastructure as well.
But we think there's a lot of people out there who want a lot of the benefits from having another IP address, but maybe not as concerned about all the security aspects.
But again, I would say it definitely does matter for a lot of users.
And that's why I feel like it's, I don't know if a free VPN out there that does that, could be wrong.
But I think that that's where you get into more of the realm of the paid VPNs, which we offer Mozilla VPN.
Yeah, no, I think you're right on that one.
And I mean, Proton has their secure core servers,
which is kind of their multi-hop,
but that's also paywalled.
So I can't think of one either.
So it's a good point.
And just a few more questions I have here.
So if somebody's listening to this and they hear,
hey, you're mentioning that it's Fastly,
it's not actually owned by you all at Mozilla.
How can I trust that?
How do I know that Fastly is a trusted party?
Can they see all my traffic?
What does that look like behind the scenes?
Yeah, so the thing that's really important
is to know like what vector you're trying to protect against.
And so nothing is ever like stored.
So basically we look at it as like minimal data collection.
And so it's just like enough data
in order to like fulfill your request
for like a website and getting that traffic back.
As soon as that content is then provided to you,
then it's all no longer like stored or preserved anywhere.
And the thing is, I'd say this is like a spectrum.
And so there is using no VPN, no using no option.
And then anyone can see your like the site can see where you're coming from.
Your ISP can see where you're coming from.
Your, you know, your desktop, any software could potentially see where you're coming from.
And so there's just more and more parties that can see it.
Now, with a proxy, you then change.
It is one person could see it, but now every single site that you're visiting can no longer see it like that information.
So, again, like it is, I think, much more private than anything that you probably previously would have had.
But there are even more private options.
And then even, you know, you could even go to like Tor Network and things that are even more private.
That's like encrypting everything, even from like ISPs.
So it's definitely it's like a spectrum.
And I know this is like hard for users, a lot of people to like understand.
So I'd say it's good for people to educate themselves and ultimately decide on like what is the solution that's best for them.
but I think some amount of privacy is definitely better than no privacy at all.
Yeah, that's a good way to put it.
It's a transfer of trust rather than having to trust hundreds of sites
with your IP address, you just trust one party.
A lot of aliasing services kind of follow this model as well.
People are like, well, I don't know if I trust SimpleLogin or Privacy.com
or MySudo, it doesn't insert any service,
but it's always the same trade-off of you're using one service
and then you don't have to trust dozens of people.
Are you guys struggling with that behind the scenes?
Is it hard to communicate to users the realistic protection that they're being offered while still assuring them that they are getting real protection?
How do you walk that line from a marketing perspective?
I'll talk about what we see happening, but then also another aspect that I think is important that people aren't asking.
Well, on the first side, the use case that most people have for VPNs is in a lot of ways, a lot of ways, like just simpler use cases where it's I want to have a more private browsing session for this particular session, or I want to like access content that for some reason I can't access.
So, for example, I was traveling to France like about a month ago and I needed to access my pharmacy in order to like update a prescription.
and this is CVS which is a big retailer in the US and it was all blocked and so for me there's no
way that I can do anything and to me I'm like I'm not like it's just like I am trying to do something
so what I get back from my trip it is my prescriptions available and so with the Firefox
VPN solution it is one tap I click and then I can now fulfill my my prescription there's other things
that come up where people talk about there's price discrimination that happens. Like if you're
visiting a site from a location that is more expensive, like say San Francisco or New York,
there are sites now that do price discrimination and show users more expensive prices for things,
which is also unfair. With a VPN, a lot of these cases are where we see a lot of the adoption,
where you can think of it as like someone kind of vaguely understands that sites are profiling them
and tracking them and doing things that they don't want.
And they kind of like lost agency
for how they want to experience the internet.
And so then they can really quickly turn on a VPN
and they can get the experience that they want.
And so we see a lot of these,
what I'd say is like these maybe privacy curious,
privacy explorers, or just, they just have a blocker
and they need to figure out how to get through the block.
And this is an easy way to get through it.
And then the Mozilla VPN side is where it is much more
if someone who's familiar with security understands surveillance tech and understands what whole
device protection really means.
And so I'd say it's very much a different category of solution.
Now, going back to, I think, what users are asking, I think that a lot of times users
just ask the question of what they see discussed.
And maybe some things are important, maybe some things aren't important.
But this is also where I think inspectability is really important.
And so with our code, like with Firefox, it's all open source.
People can see what we're doing.
Whereas in something like, in theory, like a closed source component of a browser, like
if you have Chrome, you're really trusting the company to say that, well, all these layers
are closed source.
What's actually happening in the layers?
You don't actually know you're, again, having to trust the company.
And so I think that that's why I think it's important for us to just be transparent on
What does a proxy do?
What does a VPN do?
So ideally people can just make the decision
of what's best for them.
But just like information is just really critical.
And then I think if you're like say a journalist
in a risky country,
I would 100% say pay the extra $5 for VPN.
It is worth it because governments 100%
could be targeting you.
But if someone is like, I want to access my pharmacy,
well, I should say for me,
if I want to access my pharmacy,
like I just need to change something.
And it's a different use case.
But again, I have both and I use both depending upon the use case.
Cool.
Yeah, no, I think it's a good way to put it.
Different threat models, different use cases, different devices, different situations.
You mentioned kind of the safety.
You know, if someone's curious what they are trusting you with, like what's kind of the logging policy?
I think I did see in the blog that it connects like success and failures of the connection.
But I know a lot of people want to ask about the logging policy of VPNs.
And so what does Firefox VPN look like?
The main thing is that we have a 50 gigabyte limit and that refreshes every month at the start of the month.
And so we're not like recording any of your site data, any data that you visit.
So we can't definitely sell it because we don't record any of it.
We don't sell it to anyone.
No one can access that data.
It's completely private.
But we do meter how much usage a person has in order to control like access and abuse.
And so that's basically what we log is just for the metering purpose.
Very cool.
And then back when I tested it, I think it was like the day you all released it.
There was no way for me to even see visually inside of the extension which location I was actually connected to.
Is that something you plan to keep that way?
Has it already been changed?
It might have already changed if it did.
Like, what's your long term plan for that?
So you might see it on Nightly if you're on Nightly, which is our kind of like early beta build.
but May 19th is when we have our next release of Firefox and with that release this functionality
will then be available fingers crossed nothing slips no bugs but that's our current plan and then
once we have that kind of like visibility we also are planning to allow you to change your location
as well and so right now your location just goes back to wherever you signed up and so for me like
I signed up in the U.S. so when I travel to France it defaults back to the U.S. in this next release
you're going to have the ability to then pick.
And right now we are available in five locations.
In June, we are looking to expand to, say, another 20, 25 locations.
And so that'll just expand the location capabilities.
What are locations?
If I open up Firefox and let's say I'm on Nightly and I see this right now,
are these cities, countries, how granular does that get?
So right now it's regions.
we are provisioning IP addresses
there's like again I'll go back to like it takes
lead time it takes money it's just like a cost
aspect to set up locations so we're trying to still see what
people need and so there's I think two thoughts
and obviously I would love feedback if people have
preferences but one is that we do what's called
like a pizza delivery test if you have an IP
that's basically in the range that you can get a
pizza delivered from like that location and you just
every single place in the world with that kind of like piece of delivery test. The other thing is
that people don't really care about that as much. And they actually want more of like the privacy.
And so instead you do a region. And so in the US, that'd be like, you have West region,
Central region, Mountain region, East Coast region. And so to start, we are looking more
of like a regional, a region level. And so in some places like say Germany, it'd probably only be
like a country level, just given the size. And so we're going to start with like, I'd say region
slash country level. But then we are deciding whether users really want a lot more granular
or does that matter or not? Got it. And then when this launched, did it launch available to anyone
around the world? Is it a global feature or is it only in specific regions that people can start
using this? So it's only in five regions. When we launched, it was in four regions, which is UK,
France, Germany, and U.S.
We just rolled out to Canada a couple of weeks ago,
but we were also slowly rolling it out
to just understand capacity and demand.
And so we just rolled it out to 90% of people
in those countries last Monday, actually.
And so we're not quite at 100% yet,
but 90% of people in those areas
should have access to it now.
Very nice.
And how has the reception been?
Is it, if you don't mind sharing,
Is it more popular than you guys expected?
Less?
Like, how are people receiving it?
So I always say, sick.
It's always hard to tell.
I don't know if we do a great job estimating.
But it's definitely exceeded our internal goals and expectations,
where there are a lot of people who are engaging it, using it.
And it's a lot of casual users, actually.
So I think there was a big question of, like, would lots of people hit the limit?
Like, we wanted to give a high limit.
But the vast majority of people who are using it are actually well under the limits.
And so I just go back to like, I think the point is like, I think that the people who
are more privacy conscious and security conscious and want a full feature solution are going
to the paid solutions.
And this is really like hitting a spot with people who want a free VPN, but they don't
want all the negatives that happen with many free VPNs, like free VPNs showing you ads,
free VPNs selling your data, free VPNs like paywalling you and doing like sketchy things.
This is where I think what we really want to build our reputation on is being like a
very trusted free VPN.
There are some limitations that come with us being able to provide that, but none of the limitations come at the cost of a user's privacy or experience.
They're just the amount of gigabytes, really, that we're constraining.
I have just a couple more technical questions before I kind of want to zoom out a little bit more here.
So first, do you guys have any plans for mobile or is this always going to be a desktop thing?
Yes, we are actively working on it on mobile, and we are hoping to launch that, at least on Android, and hopefully iOS after, in June.
Got it. And I assume for that, you can't just do something within the browser.
We'd have to take up the VPN slot on the device.
No, so we can still actually do that within the browser.
And again, that's just the difference between a proxy and a VPN.
And so for the full VPN, you'd have to download a separate piece of software, which is a Mozilla VPN.
But this would be more of a proxy.
And so you're not actually having to install additional software or having to make the Firefox client more heavy for this more lightweight obfuscation, like more private relay-like obfuscation.
I haven't seen, and I might just not know, I haven't seen a mobile browser that's implemented a proxy on mobile within just the browser.
except Safari, but even Brave, I think, uses Guardian,
which goes through a third-party app.
So do you know of anyone else doing this,
or is that kind of a first outside of Safari?
So I am not aware of any.
There's a lot of browsers out there,
so I don't want to say there's none.
But definitely none of the major browsers.
This isn't something that Chrome, Edge,
or any of the new AI browsers,
None of them offer a solution like this for sure.
Yeah, that's pretty impressive.
I'm pretty excited to see that.
Again, I haven't personally used,
outside of Safari,
I haven't used anything on mobile that does it this way.
So that should be fun to try.
You kind of mentioned this earlier
because you mentioned it's not Tor.
There's the spectrum of,
and I guess just to summarize
this whole technical section,
it seems like you have a pretty strong position right now
with the mainstream users,
people who maybe have never even heard of a VPN
or are curious about a VPN.
Now they have access to this tool.
a lot of the paid users, maybe they still have a use case for it, but they are probably using a
better tool. But then you also mentioned Tor kind of being on the higher end of that spectrum in
terms of safety. Correct anything I said there if you think I got something wrong. And it's like
the one thing is like safety versus privacy. And so I think safety is, you could still have safety
issues, but it's more just who are you worried about and like man in the middle and stuff attacks
and things like that. So just to, what's your formal correction there? Like how would you kind
of relay what I said. Many people have less privacy needs because say if you're like, you know,
are you someone who's likely to be targeted by like Pegasus level, you know, like zero day,
like exploit or not. And so when you look at things like Apple has like a more secure mode
that you can like toggle on. But I'd say like for many people, like just the normal encryption of an
Apple device works. But for some people, like you're definitely going to want like the more
secure version. Whereas I think VPNs are a little bit more on the privacy side.
If someone has access, if you're
a government that has access to every ISP out there, it's very little you can do
unless you're on a tour network. If you're multi-hop or multiple-hop,
your ISP is still going to see your traffic. And so it just really
depends on what is this particular vulnerability that you might be worried about
and then what's the technical solution to match that.
Just to be more direct, maybe the technical users will appreciate this.
Reading between the lines of what you're saying is what you're saying
that you don't see VPNs anymore as the security tool that they're commonly marketed as
where they add encryption on public Wi-Fi networks
and you're saying the real use case for most people
is the fact they hide your IP address from most websites that you're accessing.
I guess that goes into the question I was getting into, which is Tor.
Brave has their Tor integration that you can do an incognito window with Tor.
They say on their own site it's not as anonymous as the official Tor browser because Tor browser adds the anonymity benefits with the browser itself on top of the network.
But is that something you guys have at all considered? Is that out of scope for what you think Firefox provides?
Or is that something that you think is the Tor project's job since they're also based on Firefox?
Yeah, so right now we've been mostly deferring to something like the Tor project, which, as you mentioned, is built on top of Firefox.
We're not actively looking at that level of encryption.
But the thing is, like I said, I'm very happy that projects like that exist
because it makes sure that there's options for people.
And one big thing is choice.
And so I think choice matters.
And ultimately, the market decides what actually is relevant or not.
And we'll see what the future holds, but nothing actively being developed right now.
Cool.
Yeah, and I guess to zoom out a little bit here.
Earlier, I did want to ask this, which is kind of,
I like to try to think about what organizations are thinking about
when they release new products.
And so even in my first look review, my speculation is that,
yes, Firefox VPN is by itself a standalone product.
50 gigabytes is probably a lot for the average user maybe,
unless maybe they're streaming a lot of stuff on YouTube
or Disney Plus or whatever.
But do you think Firefox VPN even works with streaming services
or do you think they block that pretty quickly?
I guess we'll find out.
Obviously, I mean, it's like a whack-a-mole kind of thing.
And I don't think that we are going to, you know, do residential proxies and things like that in order to like really get it.
But again, it comes down to it's very expensive to want residential proxies.
And so we're not we're not specifically targeting that use case.
But yes, there's a period of time you're under the radar and things may work that may not work in the future.
And so with that, I kind of assumed that this could be a nice funnel to MOLVAT VPN.
And I speculated, I didn't actually do it.
I wasn't going to just spam 50 gigabytes.
So if your bills weren't as high, you have me to thank for that.
But when someone hits 50 in Firefox VPN, does it prompt them to upgrade to Mozilla VPN?
Or does it just cap them out and that's it?
And then you said that wasn't the intention.
So what was the original intention behind this?
Yeah, so right now we don't really have a lot of the upgrade flows built, but we do think it's not a great experience because if you are a heavy user, you don't want to be like forced and not have an option.
And so we will start to build out those like upgrade flows to make it a little bit more seamless.
But the genesis of this is what can we build within Firefox that we think is good for users and good for an open internet and just like the values that we believe in, which comes from like our open source and like developer roots that we don't think competitors are likely going to copy.
And so the reality is like a lot of features that we can do.
Like we did vertical tabs.
We launched it probably a year before Chrome launched it.
But now Chrome has vertical tabs.
And so it's like, well, it's hard for a lot of features because companies have thousands of engineers.
And so it's easy for them to say, oh, this seems to be a good feature that Firefox built.
We'll copy it.
But with something like VPN, there is a privacy aspect that many of the other browser builders are not incentivized to follow the path on because of the impact that it has on the 99% of the revenue that the company otherwise makes.
For us, like we are a organization that's owned by a nonprofit.
We're owned by a nonprofit foundation.
And so a lot of times what we talk about is it's not maximizing for profit.
We do like look at what is our double bottom line, which means that we are looking at like, what is the societal benefit?
What is the benefit to humanity and not just like maximizing for profits?
And so that allows us to pursue things like a free VPN.
And it's kind of a genesis, like really pushing ourselves to say, like, what are things that we can build that aren't easily copied and can be more differentiated?
Yeah, and I guess, you know, something you might stumble on, especially if someone's kind of new to Mozilla, new to Firefox.
And you mentioned this already in the interview, there's a really negative association with free VPNs.
You know, if it's free or the product is what is commonly said online.
So how are you positioning yourself and what is different about you all to make your free service more trustworthy than a typical free service?
Like what's the actual mechanism that changes why one might not be trusted and why you guys are maybe a better option?
Yeah, I think the main thing is looking at what is the motivation for the company and why does a company or organization exist?
If it is a private organization that's owned by shareholders, well, I would make the case that that organization exists to maximize value for the shareholders.
And an easy way to maximize value is you sell data.
And this is like kind of like what is very common on the Internet.
You build a service. It's a free service.
And then what you're selling is you're selling attention, you're selling data.
And so that is a rightful expectation that people have grown.
For Firefox, though, it never really started as a corporation.
It started as an open source product that happened to figure out a way to make money through default.
But ultimately, that's not the governance structure that motivates us.
There is no shareholder or publicly traded stock price that says, OK, in a year from now, we're going to have to sell this data.
Or three years from now, we're going to have to change our principles.
But that's usually why things change.
It's not because someone set out on day one to do it.
It's over time, like just things change and you compromise user experience and you compromise things.
And so one is we don't have like that North store or North store is creating the best browser. The other aspect is that the reason that we have constraints is because we wanted to build it in a way that was sustainable. And so if we had built things like device protection, unlimited gigabytes, unlimited hops, then the cost would become unsustainable for us. And so then it would be, okay, someone would come and say, why are you offering service for free? It costs you more money. And then you have to say, okay, let's take this data.
And so part of like the, you know, constraints are a good thing is our cost was a constraint.
And so we built a product that actually said that our North Star is it's free.
We don't sell data.
This is rooted in our our publicly, you know, made statements around our manifesto on our
terms that we will not sell data.
We will not know data.
We will not like know what our user is doing.
And then that just informed, well, this is what we can give is we can give 50 gigabytes,
but we can do it in a way that conforms to our values.
Yeah, there's kind of no winning.
I mean, I see it in the comments as well, because you have the 50 gig restriction.
I see comments of like, oh, this is ridiculous.
Like, how dare they not make this unlimited?
But if you did make it unlimited, I would probably see the same number of comments the other direction,
which is like, oh, this seems too good to be true.
And when it's too good to be true, then it probably is.
And so we can't trust this at all.
And so it's an interesting line to tell.
Do you, so the 50 gig thing is really impressive.
I mean, you guys sent an email as kind of a preview
that you were getting this ready.
And when I read that, I almost thought it was a typo at first.
And you meant to say 5.0,
because I think that's what Edge has in there.
Yeah, that's right.
If I'm not mistaken, it's 5.
So I thought maybe that was supposed to be an Edge competitor.
But there's nothing that's 50 that isn't just a completely free,
but capped in a different way kind of service.
So Proton has their free plan.
But it's quite restricted in some ways as well.
It's still freemium, I'd say.
just not in bandwidth. So is that 50 a hard limit that is kind of what you always expect that to be
like? Do you plan to expand that over time if the funds obviously allow it? And I guess kind of the
final question is, is the upgrade always to Mozilla VPN? Or is there a world where there's like a $1
upgrade just for Firefox VPN? We are thinking through like, are there things people can do
in order to like expand the limit.
And so an example is like,
say you set Firefox to default.
Do we give you like additional gigabytes
if you have a certain amount of usage?
And so I'd say like first it is,
can we do those kinds of things?
Then we are not looking at like the dollar
kind of like extended within Firefox VPN,
mainly because we have the Mozilla VPN
and we just don't want it to get more confusing on.
There's now three different services out there.
I think depending upon how it looks like
tie the two in together and so like kind of example is if you upgrade you are automatically like it
install like a browser extension and we because you can't theoretically install like a browser
extension but do you install that automatically and then do you flip like the free vpn into like
just a mozilla vpn kind of like offering that's integrated well into the browser so it's less
two products sitting side by side but as of now like our focus is really uh still on how do we
improve the functionality of the free product as much as possible. So things like the location
selection is one that we're launching, but it's also things like how do you exclude or include
sites by default? How do you say you want to automatically turn it on if you're on like a
public Wi-Fi? Things like that is still our initial focus is how do we just keep on improving the
base free use case. Got it. And I don't know if you're able to answer this, but I figured I'd ask
anyway. But is this a service where the more people who use it, the more sustainable and
cheap it gets for you all? So then theoretically, you can begin to offer more bandwidth? Or is it
the inverse relationship where the more people using it, the more of a strain it is on your
network? It's a little complicated. But I guess the bottom line is, if more people use it, yes,
our costs go down. But then it hits a cap at a certain point where it just doesn't get any less
than that cap.
And so, yes, more people using this is good.
More people use it.
We will be able to give a better service.
So maybe that's a simple way to say,
yes, more people should use it.
We'll be able to give more if more people use it.
I have just a few more.
Sorry, I just had a few more technical questions
that came up as you were talking.
So the first one is,
what if someone's listening to this
and they have Mozilla VPN
and they've been a customer of Mozilla VPN
for, let's say, one to two years.
They really enjoy it.
Is there a use case right now
for Firefox VPN for that person?
And if so, how can you use both tools so they don't clash?
Because I know you're not supposed to have both extensions on at the same time.
So I would say that if Mozilla VPN is something that you're finding,
you need a lot of features, then I would say stick with Mozilla VPN.
There's a lot of great functionality, whether it's location selection
or more security or whole device protection.
There's a lot of things that if you probably decided to use Mozilla VPN,
I would assume that you value those features.
And so I think it probably is the right case.
I think Firefox VPN is still more for people
who have not previously had a VPN or bought a VPN
and they want some of the values of a VPN,
but they don't want to pay for it.
And so I'd say it's much more like a casual user
or one-off use cases,
like you're traveling or something like that.
Then if you're very privacy conscious,
you probably are better served with Mozilla VPN.
Got it.
And then maybe you can quickly touch on this.
It's a little bit technical,
but I'm a big fan of custom DNS providers.
I like to use NextDNS on all my devices
and I have my own profile
or I have all my filters set up.
So I love that.
But the one drawback to all proxy-based VPNs
in the browser is that they always override
whatever your DNS provider is in the browser.
Can you explain why that?
I'm genuinely curious.
Why is that?
And is there any way around this?
So that's theoretically someone,
because I think even in my first look video,
I was having some issues using like max protection
in Firefox with Firefox VPN
because it seemed like there was some clash
between Cloudflare,
which is the default DNS over HTTPS provider
and the VPN.
I think that the meaning is like
just where it goes in the stack
and then what the extension developer
is ultimately doing.
So the way I think is like the Firefox VPN
is like, say if you're using a VPN
on your computer and then you're using a VPN in your browser and you turn Firefox again what will
happen is your your VPN will give Firefox a different IP address and then Firefox will take
that IP address and give it another proxy so it's almost like you're it's not that like you're getting
an overridden but you're using multiple in succession and it's like handing it off to each
other and so then it just again goes back to like what is the purpose of what you're trying to do
Like, are you trying to like obfuscate what part of the value?
But in theory, you do get the benefits of doing both because then in our case, Fastly won't know where you're coming from.
They won't know your ISP IP address.
They would know just IP address or whatever is coming from your other VPN.
So it's almost like you're going from one spot to another spot to another spot to another spot.
It's like a pseudo multi-hop is what you're saying.
Yeah, yeah, exactly.
So I'm guessing there's some kind of interaction
between how it's serving it.
But you can kind of think it's like Firefox VPN
is probably the last hop always
because it's building the browser.
For browser use cases now, of course,
it just depends on how you're setting it up ultimately, though.
Yeah, it's quite similar.
Actually, this is how Mulvad does it with their browser
because you have Mulvad VPN,
you can use the Mulvad browser,
and they have a Mulvad extension
that's only in their browser.
You can't get, I don't think you can easily get
the Mulvad extension in other browsers.
But then it adds a proxy on top of the regular VPN connection,
and that's how they brand that feature.
I've never considered that before, but yeah, it would be cool.
I want to do more experimenting to see if there's a way to do extensions
with a custom DNS provider,
even though it might not be an optimal thing for privacy always.
But it's something I love.
Last thing, I just thought of this as you were talking.
It came across my RSS feed, I think one or two weeks ago.
I don't know if you're able to talk about it
or if I totally misunderstood the article.
It's very off topic for what we've been talking about in this interview, but I saw some indication of potentially more ad blocking coming from other browsers in the Firefox browser.
I don't know if that's a real thing, what the nuance is there.
Yeah, so I'm debating how much level of detail to go.
And so we are looking at building ad blocking built into the browser.
It is a very common extension that people want.
There are like test harnesses that have names that we are like testing with, but this is all like testing.
And it is it is it is like not the list that we're ultimately going with.
But a lot of the browsers are all using things like easy list.
There are like open source, just like how many browsers are built on top of like Chromium.
And so you get into this whole like philosophical are using open source are using it for testing or using it like a list.
Is it the server side list is a local list.
But we are not using any other technology in our public release from other browsers that came up in some of the articles.
I think there's a lot of miscommunication and information happening in the articles.
But then you're like, do we debate it or is it just confusing?
So the simple thing is we're not, but we are experimenting, but we will have an ad blocker that we're going to build.
Cool. That's exciting.
And thanks for clearing that up because I saw that and it seemed a little unconfirmed,
especially because there's a Firefox fork that recently announced they actually are implementing.
So it was kind of bad timing with all that news because then it makes it seem like, well, is it the downstream thing?
So I appreciate that.
Or upstream, not downstream.
I don't know if I clarified anything either.
I think you did.
I think we spoke well enough around that.
If you know, you know.
If you don't, then you don't need to because you just debunked it.
I guess just my final question for you before we head out, what can people kind of expect from you all going forward?
I know you guys have kind of been doing a lot of crazy stuff back there.
You've been catching me off guard, I feel like.
Yeah, just what can people expect from you all going forward?
It doesn't have to be products, but.
The main push is like back to basics.
Like, why do we exist?
We develop Firefox because we believe a lot in the open internet.
And we believe in developers.
And we believe in agency and choice and control.
And so ultimately, like this is like the values that we have as a company and it is prevalent in the features that we're building.
But also, I think you'll see much more of us in like, how do we communicate our vision?
And it's like podcast is an example of like, I'm really appreciative for your time because then we can just tell people more about like our values and why it matters.
I think most people today don't actually even think of what browser they use.
They just use whatever's in their operating system.
And the big risk around that is going back to a lot of what we talked around around motivations is that I think you're going to get into a situation where eventually these companies are incentivized to steer everybody to an app in their app store because they can take a cut of the revenue.
And so for us, like it is just important to preserve this open Internet.
And I think that that's what people talk about a lot.
It's like, why do you love the Internet?
It's all these values that were created like 20, 30, 40 years ago.
And they won't exist unless people are making choices that ensure that this future exists.
And Firefox plays a big part in that.
Got it. And then if people want to get involved with you or with Mozilla or Firefox, where would you send them?
Yeah, so we have a lot of community forums.
We have a site called Mozilla Connect where we have a lot of forums we can get to the community.
But we're on everything.
We're on Reddit, LinkedIn.
So feel free to reach out to me directly.
And I have handles on every single site out there.
So happy to work with anyone else.
Got it.
Well, thank you for your time.
I feel like I finally got kind of all the answers I was looking for.
So I really appreciate your time as well.
Thank you.
I hope that this was helpful for people too.
It was great chatting with you. Thanks.
I want to thank the Mozilla team for helping organize this interview
and connecting me with the right person.
Ajeet was wonderful to have on the podcast.
And I want to thank you all for listening.
And if you guys have any other guests that you want to hear from,
definitely let me know.
We're always open to new guest opportunities
and we love to reach out to new people to see if there's any kind of overlap.
Thank you all for listening.
And if you like this podcast, you can support it
by becoming a Techlorian down in the description.
We'll see you next time on Techlor Talks.
Субтитры сделал DimaTorzok