Mozilla to launch free built-in VPN in upcoming Firefox 149

Posted by adrianwaj 5 hours ago

Mozilla to launch free built-in VPN in upcoming Firefox 149(cyberinsider.com)

121 points | 73 comments

userbinator 5 hours ago|

As a Firefox user: if I want a VPN I'll use an actual VPN. Focus on making a great browser, and not all this distraction.

Also, "free": "If you're not paying for it, you're the product being sold"

nl 3 hours ago||

> "If you're not paying for it, you're the product being sold"

This is such a un-nuanced take.

In this case Firefox's route-to-market is the product. It's a distribution channel where some people who receive the free version will upgrade.

Free tiers for products where some will pay to upgrade seems like a reasonable compromise, but it does depend on how the deal is structured.

If Mullvad pays Firefox for the free users then Firefox's incentives are aligned with its users.

If Mullvad pays per conversion then it's a different story.

Springtime 2 hours ago|||

I doubt Mullvad would be doing this if they weren't getting compensated given they've always said (even right now[1]) they don't offer a free tier since they don't believe it makes sense.

The other aspect is I expect it would stain the IP pool further. VPN IPs often end up on various blacklists due to abuse and introducing a wave of free users would only make it worse for paying customers.

[1] https://mullvad.net/en/pricing

> Why no free plan? "Free" services nearly always come at some cost, whether that be the time you spend watching an intro ad, the collection of your data, or by limiting the functionality of the service. We don't operate that way – at all.

darkwater 44 minutes ago|||

"Firefox’s free VPN won’t be using Mullvad’s infra though; it’s hosted on Mozilla servers around the world (if beta testing of the feature done in late 2025 tracks)."

From OMG Ubuntu

piperswe 4 hours ago|||

Mozilla only makes the integration between the browser and the VPN, not the VPN network itself - Mozilla VPN is white label Mullvad.

usr1106 2 hours ago|||

According to https://www.omgubuntu.co.uk/2026/03/firefox-adding-a-free-vp... Mullvad might not be used for the free service. Whether that's correct or incorrect extrapolation we will see...

Dylan16807 4 hours ago|||

That's an existing product that may or may not be related. Unless you know something the article doesn't?

aurareturn 1 hour ago|||

  Also, "free": "If you're not paying for it, you're the product being sold"

HN is "free" too. :)

mentalgear 1 hour ago||

At least free to data mine by everyone (as far as I know).

sunaookami 27 minutes ago|||

Do you live in 2010? Whether you pay for a service or not is irrelevant to selling your data nowadays.

crummy 4 hours ago|||

> "If you're not paying for it, you're the product being sold"

This must apply to Firefox itself, right?

chii 3 hours ago||

of course it does.

Why do you think google buys the rights to firefox's search bar (as a default setting)?

echoangle 1 hour ago|||

Don’t they buy the search bar to have another competitor and not get forced to give away chrome for antitrust reasons? I don’t think they care about the search bar THAT much, it’s basically a donation right?

chii 1 hour ago||

> for antitrust reasons?

well, a benefit is a benefit. It doesn't really matter how it manifests does it? It's not a donation, as it is not altruistic.

echoangle 1 hour ago||

But then I’m not the product? The government is basically forcing google to pay my browser developer, how does that make me the product it is bad for me?

chii 1 hour ago||

You are still "the product" even if google derives secondary benefits - because you are using firefox. Google doesn't pay the other forks of firefox money (at least, as far as i know). It's because you aren't using those browsers (you as in the royal you).

I didn't say you being a product is bad - but it does not align customer with software company. You may be OK with being sold as a product to google, as this relationship currently isn't damaging. But what if a future offer which would damage you is taken by mozilla because it's profitable?

hvb2 2 hours ago|||

That's not remotely the same? A default setting that can easily be changed for a feature the vendor didn't have a solution for?

To give you an example. Try to use Google Search without sending your data to Google. You cannot use the product without it, you cannot opt out. Firefox, you can use just fine with Google not being your search engine.

chii 2 hours ago|||

Why isn't it the same? The fact that it is possible to change that default means google simply pays less for it than they otherwise would if it wasn't changeable.

It's not a binary toggle - firefox is selling you as a source of revenue for themselves. They're just not making it as extreme as it is possible to be - in the hopes that you don't switch away.

You can compare same situation with safari in iOS. Except google pays a lot more, since you cannot switch away in iOS as easily, and culturally there's more reluctance compared to firefox users. This makes google pay more for iOS traffic, as those users are worth more.

Incipient 1 hour ago|||

It isn't the same, but it's comparable.

Google is paying Mozilla to be the default search engine. Google is only paying Mozilla because Firefox has users, regardless if they use the default search engine or not. So, indirectly everyone is the 'product'.

I'm sure if 95% of people did swap to ddg, then google may change their mind.

Also I believe there is the possibility Google also pays Mozilla to offer competition so Chrome isn't considered a monopoly (but maybe Edge has changed that to some extent?)

gzread 34 minutes ago|||

I think a VPN is a great add-on for Firefox and way for Mozilla to monetize itself, but I'm surprised it's free. Perhaps it's a free trial like Proton?

noosphr 1 hour ago||

Are you the product for Firefox too?

VPNs are no longer optional for the current internet. This is as controversial as Firefox speaking ftp.

nhinck3 1 hour ago||

Yes?

I mean it's very provable that they sell access to your data and your eyeballs other companies.

pogue 5 hours ago||

I often use Opera browser's free proxy they offer for basic browsing or blocked sites. They advertise it as a free VPN but it's merely a proxy. As far as I know, it's unlimited traffic and you can choose the region it connects to.

Edge also has some Microsoft VPN with a very small amount of bandwidth for the free tier.

I'm fine with this kind of stuff as long as people are aware it doesn't offer the same connectivity as a full paid VPN.

Dylan16807 4 hours ago|

> They advertise it as a free VPN but it's merely a proxy.

What's the difference when you're accessing it through a browser?

> I'm fine with this kind of stuff as long as people are aware it doesn't offer the same connectivity as a full paid VPN.

Are you talking about it not reaching out and affecting other programs, or is there a restriction within the browser?

corranh 3 hours ago|||

In the Firefox case, no difference. It doesn’t encrypt traffic from your device outside of Firefox but for whatever you do inside of Firefox it’s == VPN.

pogue 2 hours ago||||

In Opera, with their "VPN" it only affects traffic within the browser and it sounds like that's the same thing Firefox will offer.

A proxy isn't as secure as a full VPN. I had previously read a really good article on it but I hunted and hunted but couldn't find it.

This explains it well enough though:

https://www.quora.com/Is-Opera-browser-with-built-in-VPN-a-g...

However, reading the write up from Opera it's actually pretty decent tech that they've had audited by a third party and the whole nine:

Why browsing with Opera’s VPN is safer https://blogs.opera.com/security/2025/07/opera-vpn-is-safe/

Hopefully no one will start with the whole "they're Chinese owned" argument. If anybody is still on that whole trip, see this (and go watch SomeOrdinaryGamer's video on the subject) but in short it's really nothing to worry about.

Debunking misinformation about Opera’s browsers https://blogs.opera.com/security/2023/07/debunking-spyware-m...

Dylan16807 2 hours ago||

> it only affects traffic within the browser

Yes because it's VPN for the browser. I can do the same kind of targeting with most VPN software. Applying it to specific programs doesn't make it stop being a VPN.

> This explains it well enough though:

Which answer? The dumb bot that contradicts itself? The first human answer says it is a VPN. Though that "cyber security expert" is also not someone I would trust since they seem to think AES 128 versus 256 is actually an important difference.

The first human "no" says it's not encrypted and I don't believe that for a second.

To say more about the bot answer, it basically repeats three times that only Opera traffic goes through the VPN as its main reason. And then it says it "doesn't offer split tunneling". Come on... The rest of the answer isn't much more grounded in reality.

aragilar 2 hours ago||

Is an SSH jump server a VPN (or forwarding a port from another machine at VPN)? I'd suggest neither are because it's connection-based rather than setting up a network (with routing etc). Absent a network, it's a proxy (which can be used like some deployments of a VPN).

Dylan16807 1 hour ago|||

I see your point, but I think that might label many uses of wireguard in tailscale "not a VPN" because they use imaginary network devices that only exist inside the tailscale process. Saying that would feel very wrong. On the other hand if process internals can be the deciding factor, then optimizing the code one way or the other could change whether a system is "VPN" or "not a VPN" even though it looks exactly the same from the outside. That doesn't feel great either.

And do we even know if Opera uses internal network addresses for its "VPN"?

I think I'm willing to say that routing all internet traffic from a program through a tunnel can be called either a VPN or a proxy.

gzread 32 minutes ago|||

Really none of these VPNs are VPNs either since they don't establish a virtual private network. They are just tunnels for your internet access. Tailscale is actual VPN software. It simulates a private network.

dyauspitr 3 hours ago|||

It comes down to encryption. Proxies aren’t usually encrypted, I don’t know what it does in opera or Firefox’s case.

notepad0x90 5 hours ago||

I usually defend Mozilla with these things, but I'm a bit bearish on this. It's not like they're not relying on big partnerships already for their survival. I don't have a problem with free to long as there is a paid plan, which I don't see on their announcement page. I don't care who is running a free-only VPN is a huge red flag, and I am one of those people that recommends using VPN services instead of running your thing on a VPS or something.

What worries me is this will get adoption and they're start talking about profiting from it via "differential privacy"

Or, even worse for the web is a more realistic problem: Firefox is notoriously hard to manage in an enterprise fleet. Their biggest hurdle to marketshare is just that, chrome works well with windows, linux and mac a like and lends itself to management. I'm frequently fighting to be allowed to use Firefox already personally. This poses a direct threat to enterprise security policies. Anyone who bans random free vpns in their networks, now has to include Firefox to that list. And I don't need to mention how bad that is for the web given Google will effectively be the gatekeeper of the entire internet, even the tiny marketshare Mozilla has will be crushed. I wonder if in retrospect, this seemingly mundane feature would be the death-blow to the only alternative browser ecosystem.

pavon 4 hours ago|

Mozilla has offered paid VPN plans for over 5 years now. This is just adding a free tier to that.

https://www.mozilla.org/en-US/products/vpn/

looopTools 3 hours ago||

As I understand it, it is just like in Opera. So a proxy not a VPN. I honestly find it distasteful that they may call it a VPN without it actually being one.

m132 3 hours ago||

What makes a proxy a "VPN" again? Most popular "VPN" companies only offer a proxy that merely runs over a VPN protocol.

nl 3 hours ago||

> Most popular "VPN" companies only offer a proxy that merely runs over a VPN protocol.

Well that doesn't seem true?

Mullvad, Proton, Private Internet Access, NordVPN, ExpressVPN etc are all VPNs. You can use them for whatever protocol you want.

ShowalkKama 2 hours ago|||

> You can use them for whatever protocol you want.

the two most commons protocols used for proxying traffic support arbitrary tcp traffic. socks is quite self explanatory but http is not limited to https either!

Of course most providers might block non https traffic by doing DPI or (more realistically) refusing to proxy ports other than 80/443 but nothing is inherent to the protocol.

edit: this is also mentioned on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

> Aside from enabling secure access to websites behind proxies, a HTTP tunnel provides a way to allow traffic that would otherwise be restricted (SSH or FTP) over the HTTP(S) protocol.

> If you are running a proxy that supports CONNECT, restrict its use to a set of known ports or a configurable list of safe request targets

> A loosely-configured proxy may be abused to forward traffic such as SMTP to relay spam email, for example.

m132 2 hours ago||

To complement your comment, SOCKS 5 also supports two, less known kinds of traffic: UDP and the server side of TCP

https://www.rfc-editor.org/rfc/rfc1928#page-6

tobz1000 3 hours ago|||

All of them offer only proxied access to the internet. They do not expose access to any "private network".

DaSHacka 2 hours ago||

Depends on the VPN, I remember Nord had a private p2p network that allowed users of their VPN service to communicate directly with each other without exposing their p2p services to the greater internet.

Granted, its been a lomg time since I used Nord, not sure if they still offer that service.

gzread 30 minutes ago|||

A VPN as you refer to it isn't a VPN either. There's no private network that is virtualized. Actual VPN software is like Tailscale.

7bit 3 hours ago|||

Because people understand VPN but not necessarily proxy. It's targeted to non-tech people.

dyauspitr 3 hours ago||

Is the proxy encrypted? If so then you might as well call it a VPN.

isodev 3 hours ago||

You know what would be actually cool and a transformative improvement? Mozilla to make an iOS port of Firefox and publish it in regions where Apple has been forced to allow it.

gzread 31 minutes ago||

Apple doesn't allow alternative browsers in those regions, it just does enough to convince the regulatory body that it allows them and the other browsers just don't want to for some reason.

Fizz43 35 minutes ago||

Wouldnt be suprised if they were working on it already

ceving 1 hour ago||

The ability to nest proxy servers using TLS would be sufficient for me.

MikeDods 10 minutes ago||

Another Mozilla project to be discontinued in 18 months ...

prophesi 3 hours ago||

Do they name the service provider of this VPN or how it works? The official announcement is just as sparse on the details.

TRYEXCEPT 1 hour ago||

FireFox need to improve their integrations and offerings to be on par with Chrome at this stage. It, at times can be such a bainful browser to use and honestly I don't think a VPN is the next step. Improved account handling & switching would be huge.

bartvk 1 hour ago|

I'm not sure what you mean by account handling, but you can long-press the new tab, and you can choose a different profile (for example "work") which has a differently-colored tab. It's pretty great.

klntsky 3 hours ago|

Why are they trying to sell a VPN in the countries where users barely need it?

ShowalkKama 2 hours ago||

https://www.pornhub.com/blog/age-verification-in-the-news

Over the past year, Pornhub had to make the difficult decision to block access to users in the following American states due to Age Verification laws:

    Alabama
    Arizona
    Arkansas
    Florida
    Georgia
    Idaho
    Indiana
    Kansas
    Kentucky
    Mississippi
    Missouri
    Montana
    Nebraska
    North Carolina
    North Dakota
    Oklahoma
    South Carolina
    South Dakota
    Tennessee
    Texas
    Utah
    Virginia
    Wyoming

yichk 2 hours ago||

[flagged]

encrypted_bird 1 hour ago|||

Oh shove off with this Puritan attitude. First off, you're implying most of PornHub is rape. That'a ridiculous; no one is uploading videos of actual rape to PornHub.

Secondly, porn ≠ abuse. It's an actual industry and so obviously the treatment of women varies by company.

Simply put, if you don't like porn, DON'T WATCH IT. Don't try to shove your personal beliefs on everyoje else.

yichk 1 hour ago||

https://www.nytimes.com/2020/12/04/opinion/sunday/pornhub-ra...

https://www.bbc.co.uk/news/stories-51391981

encrypted_bird 1 hour ago||

1. That's an opinion piece, not a piece of investigative journalism.

2. That's from 5 years ago; who knows if this is even still the case, even assuming it's as widespread as the opinion piece claims.

3. See my second point.

yichk 1 hour ago||

These are a couple of examples, but there are plenty more articles like this describing the abusive and exploitative practices of the pornography industry.

You already seem to have your mind made up though. I suspect nothing would convince you of the harms.

JasonADrury 1 hour ago||||

Can gay men still watch porn, or should they feel bad too?

yichk 1 hour ago||

[flagged]

dawnerd 1 hour ago|||

I hate about full access to Reddit? Discord? Have you tried accessing the internet from a location with these laws in place?

mrweasel 34 minutes ago|||

That feels weird to me as well. I get that they need to trial it, but United States, France, Germany and the United Kingdom isn't really the countries I'd priorities for a free VPN.

I understand that a number of people in both the US and the UK is struggling right now and may not be able to affort a VPN, but their primary need is to avoid age restriction, while a large number countries are censoring the internet for political reasons. That latter seems more important to address.

sunaookami 25 minutes ago||

A VPN is more relevant than ever in Europe.

More comments...