If you're using mullvad you have likely already done a lot of research on which provider you want to use.

A lot of consumers are interested in a quality VPN but wouldn't do this kind of research.

Mozilla provide additional eyeballs and billing support, and mullvad provides the service itself. It's a mutually beneficial transaction.

They're not in competition for your money, they're targeting different demographics.

> they're targeting different demographics

This is the question though: who are these demographics?

I know Mozilla likely have a lot more data on this than I, but who is using Firefox / interested enough in Mozilla to read their marketing & research their VPN offerings, but is simultaneously not someone who would research VPN providers in general / use Mullvad? What is this techie/non-techie interested/not-interested hybrid person?

I'm one of those incongruent persons. Being wary of many VPN services, I never committed to using one, although I really wanted to start. Of course, I am aware of Mullvad and I could still skip the intermediary. However, I trust Mozilla more, as I've been following them for so long.

It sounds funny, because I do acknowledge exactly what you're saying. I'm in tech, interested in using VPN for years. I researched some, but was put off if they would mishandle my data. In the end, it will be Mullvad who will be dealing with my data, after all. But now I kinda trust them more after Mozilla.

I know it sounds illogical, just explaining how I feel about this.

that demographic is huge. most people under 40 today have grown up watching the surveillance industry establish itself, and those with any consciousness of their own vulnerability want to take action to minimize their surface area. until recently that's been extremely difficult and technical, but now firefox with container extensions, adblockers, and a VPN are all easily approachable for the average person, and they're all under one brand.

> now firefox with container extensions, [...] are all easily approachable for the average person

I think you might be in a bubble of you think the average person is using container extensions. There aren't even that many average people using Firefox anymore, least of all any extensions beyond adblockers (which still only reach at most 20% in general, including the all round more average Chrome users)

<off-topic-rant> Add to that there aren't even any container extensions that work well: the official Mozilla one doesn't support management of domain lists, and the best alternative (Containerise) is still limited and poorly supported (has outstanding bugs with things as simple as the www prefix). As for the individual site-specific options, the Google one is an all or nothing affair; there is no way to separate your traffic within Google's ecosystem, nor outside it: there's effectively two "zones", similar up Private Mode.

I wouldn't recommend containers to an average user in their current state

> that demographic is huge.

I just asked "who knows what VPN means" in IM group of non tech savvy folks, most under 35. No one knows.

Perhaps among us Firefox users that's different but certainly "most people under 40 today" wouldn't know even what VPN means.

Just about anybody that watches YouTube regularly knows what a VPN is. Even very mainstream, non-tech channels have been sponsored by VPN companies. It has died down a bit now, but it was insane for a while. A constant flow of sketchy VPN companies.

VPNs are heavily marketed to regular consumers these days. Mostly for region shifting or vague privacy/security benefits.

> most people under 40 today have grown up watching the surveillance industry establish itself

I'm not sure "watching" is the correct word.

> those with any consciousness of their own vulnerability want to take action to minimize their surface area

This is a pretty small minority, as demonstrated by the number of people that continue to use Google and Facebook properties by choice (refering to their actual services, not their pervasive tracking around the Internet at large)

> firefox with container extensions

As a more-technical-than-average person, my experience is that attempting to get all Google services running in a specific google-only firefox container is a non-trivial and extremely painful experience, as there doesn't appear to be a way to simply add *.google.com to the 'always open in this container' list, so each subdomain needs to be added individually. And then youtube.

> adblockers

Adblocks can break the check-out flow on multiple ecommerce sites. "Don't shop there" doesn't fly when that's the only online outlet that has the shoes she wants. What's the workaround? Spend a while working out what's causing the flow to break, and find a way to explicitly whitelist that domain for that site? Nope, just disable the adblock entirely and hope you remember to re-enable it once you're done.

I think most under 40 don't know that Google Chrome and Google Search are two separate things let alone VPNs and containers.

When these people say "surveillance" they mean they think that Facebook magically hears it when they say something out loud and they start seeing ads for it. We engineers overestimate the awareness average user has about technology.

> When these people say "surveillance" they mean they think that Facebook magically hears it when they say something out loud and they start seeing ads for it. We engineers overestimate the awareness average user has about technology.

Not "magically" - they don't trust their device. And can you blame them? Their device likely isn't trustworthy in so many different ways.

Hell, when accelerometers can be repurposed as rudimentary microphones, and when just about every modern device/app defaults to maximum "yes please track me," I tend to be paranoid myself!

This is kind of exactly what I mean too. In your case, you have a clear idea of what might be going on. But a vast majority just don't. They trust the wrong parties and place blame in the wrong places. At least this is the case with the people I know.

To give an example, after the recent WhatsApp PR crisis because of the change of toc, I see a whole bunch of my contacts changed to Telegram. They could have chosen Signal but no. They switched from an end-to-end encrypted app to an unencrypted app! That's what paranoia gets you unless you know what you're doing. I've pretty given up on the average user on these matters.

Anyone who uses Firefox as their browser, wants to start using a VPN, and has not yet done significant research on a VPN.

I for one would trust far more to Mozilla foundation's brand than any random small VPN company to not abuse the user's trust or lie about its actual practices. From what I've been reading most of VPNs on the market actually have some level of privacy flows, so it's not such an easy choice as it might seem - especially for people outside of US.

Me. I trust the Mozilla name, yet have never heard of mullvad.

I often have a hard time convincing someone why Mullvad is better than PIA, NordVPN, etc, because they simply don't know what to look for in a good VPN.

At least I can point at Mozilla VPN and make an appeal to authority.

> A lot of consumers are interested in a quality VPN but wouldn't do this kind of research.

In that case, they will probably use NordVPN or ProtonVPN

Mullvad is simply better than Nord and Proton by a lot. Their policies are more detailed, you can pay with cash and crypto, your accounts aren’t associated with any identifying information or email, they describe what exactly is stored in their database tables, they support WireGuard by default, their client engineering team seems more knowledgeable, etc.

I used to use Mullvad, but a lot of their servers were blocked for shows my wife wanted to watch and even on Netflix. I've had much better luck with ProtonVPN for that reason.

Maybe ProtonVPN is one of the ones using their users residential IPs to route traffic. How else do you prevent Netflix enumerating all your IP addresses?

I think for Netflix there are dedicated VPNs where privacy is less important than frequent IP changes ;)

Wait, is NordVPN something an educated VPN consumer should not use? I switched from PIA after their acquisition, so now I'm wondering what I missed.

No one educated should be using NordVPN, more or less. At best it might be acceptable to throw a ton of torrents on as long as you don't use their terrible proprietary client.

Even the front page is already freely giving away tons of data to multiple analytics providers.

Basically any VPN with an affiliate scheme you should stay away from. NordVPN, Ivacy, VPN Unlimited, FastestVPN, etc explicitly, run like fuck. The more "YOU ARE UNPROTECTED REGISTER NOW!" the faster you should run.

NB: I am a power user/developer, but I do not use either company. Objectively, a basic eyeball comparison (match bullet point indexes):

Mullvad:

- Says "Not using Mullvad" / "Using Mullvad" (a neutral statement)

- Shows their company address and registered location at the bottom of every page

- No on-page analytics

- No third party includes

- One price

NordVPN:

- "Your Status: Unprotected"

- "Copyright NordVPN.com" only

- Multiple on-page analytics and third parties

- Loads google tag manager, google analytics, bing marketing, youtube, third party web surveys, zendesk, twitter ad pixel, google ads, bing, cloudflare, ada chatbot, ravenjs, processout, multiple fingerprinting and persistent device identification/tracking services (also performs webgl/font iteration/plugin iteration/canvas fingerprinting, etc)

- Repeated upsells, lying to you about price (see JS for fake "sale ends in x seconds" countdown timers that attempt to induce FOMO and more), packed with dark patterns; "9 hours left easter special TODAY ONLY" - same sale that has been running for years

Thanks, I appreciate the thoughtful reply! Do you use Mullvad? (kyawzazaw, I'm interested in what you use as well.)

I use Outline. I used to use OpenVPN + PiHole.

They had a pretty wicked breach (for nearly an entire year) a while back: https://nordvpn.com/blog/official-response-datacenter-breach..., and I've also heard their rather expansive marketing (the usual youtube personalities) brought up as a negative, but that one doesn't register much for me.

That's right. I use NordVPN because I got suckered into it using their terrible tactics (the whole 67% off for a limited time only offer that's been running for the past what, 3 years?), because stupidly I didn't do any research, but in general I only use NordVPN for ahem torrents. All else, I'd trust my ISP more than NordVPN.

Depends. If you only need a VPN to get around geo-restrictions you can use anything.

>They bring their brand name

To someone who isn't a leet hacker or SW dev, that is the ball game. Firefox and Mozilla aren't household, but millions of less-technical people know of them. Rather than getting their VPN (if they even know the value proposition) from some podcast advertisement, Mozilla is saying "Hey, this kind of service gives you privacy and we stand behind it".

I use it upon occasion. It's dead simple to purchase, set up on any OS and I trust Mozilla not to send me to a shady backend.

If you already have VPN and they don't offer it in your country, they clearly aren't targeting you.

I was also a mullvad customer and wanted to switch to Mozilla VPN specifically because it seems to be one of the only ways to support the browser. At the time they didn't support linux at all, but someone wrote a tool[0] to squirt out the necessary configs to use with wg-quick. When I saw that, I pulled the trigger and haven't looked back.

[0] https://github.com/NilsIrl/MozWire

> it seems to be one of the only ways to support the browser

Is this the case? Is income from Mozilla VPN put toward Firefox development?

If it is, that info should be front-and-centre; they'd have a lot more customers I think.

It supports Mozilla. Browser is pretty important, but they do other things like Rust.

https://wiki.mozilla.org/Projects/Complete

"Mozilla" is a complicated entity, and quite a lot of their funds go toward projects unrelated to Firefox (to the chagrin of many Firefox users as much of the donor goodwill toward Mozilla Foundation as an entity comes from Firefox).

There may be some clues in their public accounts but I guess VPN is too new a product to appear their yet https://www.mozilla.org/en-US/foundation/annualreport/2019/

> They literally bring nothing to the table except their brand name.

Isn't it the most important thing for a VPN provider? You want a company that is privacy-conscious, not one that logs your traffic and sells it or open it to the various TLAs of the world.

> They literally bring nothing to the table except their brand name.

That has been enough for me. I generally trust Mozilla when they say privacy first and if I'm going to give my money to a VPN provider I rather give it to Mozilla than say NordVPN.

> I genuinely don't understand what is the incentive for using Mozilla VPN?

Supporting browser development instead of Mozilla Foundation.

This way at least they pass through the hands of the organization that does the most important work.

(Nothing against the other issues but right now the browser should be their top priority and I was massively annoyed when I found that donations towards the foundation couldn't be used for browser development and the browser.)

> Supporting browser development instead of Mozilla Foundation.

But is it going towards Browser development though? https://calpaterson.com/mozilla.html

Or is it going towards executive salaries?

What do you suppose we do in the meantime then?

I have a hard time coming up with an alternative that isn't just playing the ball into the hands of Google so that they can kill ad blocking right away?

It's as simple as that: You are not the target group.

If a regular consumer searches for a VPN product they get a million results, all with different deals and they'd have to figure out how to find the best one and will still be around in a year. If they already trust the Mozilla brand they'll go with that. Just like people go with stock apps on their computer over some maybe better third party app.

     If a regular consumer searches for a VPN product 
     they [...] have to figure out how to find the best 
     one and will still be around in a year. 

Yep! It's a Mozilla product, so there's no guesswork and no worry. You know it won't be around in a year!

I signed up for Mozilla VPN instead of Mullvad for a two reasons:

1. It was priced in USD.

2. The price is a flat monthly $5. They don't offer discounts for longer contracts.

> 2. The price is a flat monthly $5. They don't offer discounts for longer contracts.

This is something Mulvad has been doing since 2009..

https://mullvad.net/en/pricing

Ah yes, that's correct. My bad, I confused them with someone else I was also looking at, at the time.

4.99 USD vs 5 Euro (5.87 USD) would make Mozilla VPN 15% cheaper than Mullvad.

> It would not be available in my country (Germany) right away

You could use a VPN to make it look like you are in a supported country.

>I genuinely don't understand what is the incentive for using Mozilla VPN? I'm a Mozilla and Firefox fanboy, but this new product had me sceptical since the beginning. They literally bring nothing to the table except their brand name. They don't even do the server side, but just resell Mullvad's infrastructure with their brand.

The incentive for you is that Mozilla will keep Mullvad under close watch and make sure promises are kept - so you don't have to. Furthermore, there is no limitation for Mozilla to not seek other partnerships and/or develop the server side service themselves - they have the in-house dev talent to do so.

So, yes, they do bring quite a lot to the table besides their brand name.

I like Mullvad and supporting Mozilla.

>* I would have to pay with my credit card, instead of cash-by-mail. (Great privacy improvement! /s)

Do you download your configurations from the Mullvad website over Tor via their onion service 100% of the time?

Do you connect to Tor before connecting to Mullvad in your VPN client?

"IP" is a much more private datapoint than "Credit card number" and "First name, Last Name".

I'm not afraid of governments knowing who/what I do. I'm afraid of private companies holding private data about me.

Easy steady revenue is not a bad thing. Fwiw, I'm considering switching just to show some support for Mozilla.

I suspect that if they get enough traction they'll roll their own. Until then reselling was a quick and simple way to get going.

If you don't know anything about VPN's and are unlikely to (have time, motivation to) do a lot of research then you might trust Moziala/Firefox more then some unknown company-named Mullvad.

It's slightly cheaper than Mullvad, in the US. €5 is $5.88, and Mozilla is available for $5.00/month.

If Mullvad doesn't know who the customers are, that would be the only possible upside?

But they don't really know that anyway. Your account is just a number and when you mail cash you include a token that they can tie to your account number.

Obviously they could log your IP address (which they promise not to), but that's an issue even if you go through Mozilla to purchase the service.

I wonder if the cash-by-mail payment option creates some kind of legal liability for Mullvad. If it suddenly became very popular, I would imagine the financial authorities would be rather unsatisfied with "oh, we receive a bunch of cash from anonymous customers by mail, nothing dodgy here..."