This article is more than 1 year old

Hold up, ace. Before you strap into Firefox's latest Test Pilot, ask yourself...

How much do I trust Mozilla with my data?

You just can't keep a good idea down. At least that's what Mozilla will be hoping as it resurrects its Firefox Test Pilot programme once again.

If you're keeping score at home, this marks the third time Test Pilot has been launched. First it was an add-on for the Firefox browser, then it became the name of a larger testing programme for possible Firefox features.

The third incarnation of Test Pilot is, well, pretty much the same as the second – a collection of prototypes and test features, some of which will one day make it into Mozilla's browser, and others that will be consigned to the scrap heap of failed Firefox ideas.

The new programme will only be open to what Mozilla calls "our loyal and faithful users" – that is, those who previously signed up for a Firefox account. If you'd like to participate, you still can. Just create an account.


Today in tortured tech analogies: Mozilla lets Firefox loose in the hen house, and by hen house, we mean the tracking cookie jar, er...


Mozilla's plan is to have a place to test ideas and concepts on legions of users before adding the successful ones to Firefox proper. What has changed is that Test Pilot experiments will feature "products and services outside the Firefox browser". So far that means Mozilla is testing some experimental pairings with third-party services. This sounds alarmingly like the language the browser maker used when it foisted the bookmarking service Pocket on unsuspecting users the via the toolbar button. At least in this case the test subjects will be willing.

On the plus side, Mozilla also said Test Pilot "experiments" will be less beta software and "far more polished" than some of the add-ons that shipped as part of prior Test Pilot incarnations.

The focus of these experimental efforts will be Mozilla's favourite hobby horse of late, protecting user privacy.

The first of these privacy-related experiments is a kind of quasi-VPN service, which Mozilla claims will provide users with additional security and privacy when using public Wi-Fi.

Turning on Test Pilot Firefox's VPN-like feature

Turning on Test Pilot Firefox's VPN-like feature (click to enlarge)

Mozilla calls this service a "private network", which will "keep passwords, emails, and credit card numbers safe from hackers." It also promises to obscure your location, thwarting advert trackers that rely on your IP address to get your location. It sounds a little like a VPN, and indeed, it is a little like a VPN – it's just not a very good one, given that behind the scenes your data is being logged.

Mozilla is not the first browser to hop on the built-in VPN bandwagon. Opera Software offers a similar service. If you turn on Opera's VPN-like service, your traffic is routed through VPN provider SurfEasy's API. This does provide some degree of additional privacy, stopping, for instance, someone spying on you at the coffee shop. However, in Opera's case, users still transmit a Device_ID that could conceivably be used to track them.

Chrome vs. Firefox

Mozilla says Firefox won't defang ad blockers – unlike a certain ad-giant browser


Firefox's private network is very similar, though it's using Cloudflare as a provider (a "trusted partner" in Mozilla parlance). Like Opera, Firefox's private network service will transmit some data to the network provider, in this case Cloudflare. Interestingly, despite running through Cloudflare servers, all your data is governed by Mozilla's privacy rules, not Cloudflare's privacy policy. That's a nice step in the right direction.

However, while Mozilla's intentions may be good, the reality is that Cloudflare will observe your IP address, the IP address of any site you connect to, a timestamp, and a token provided by Mozilla that shows that you are a Firefox private network user. That's a lot of data to leak, trusted partner or not.

This data will be deleted in 24 hours, but for those 24 hours all bets are off. Cloudflare's privacy notice for the service says that the company will only give up your data as required by law, and that it "will not sell, license, sublicense, or grant any rights to your [data]... without Mozilla's explicit written permission". That's pretty boilerplate, but it does raise an important question: Do you trust Mozilla with your data?

That's a question you should not have to answer. It highlights why building a VPN into the web browser is fraught with problems. The truth is, with VPNs especially, you get what you pay for and if you aren't paying, you know what they say about being the product. It seems like Mozilla's intentions are good, but that's just it – the best intentions in the world won't protect your privacy.

Trustworthy VPN providers keep no logs at all. Keeping logs for 24 hours is still keeping logs. Log files have a way of accidentally hanging around.

Many VPN providers are also based outside of the US to ensure greater privacy protection for their users than US law affords.

Firefox is a US-based company subject to US law, which may have something to do with the fact that, for now at least, the new private network add-on and service are only available to US users. ®

Similar topics

Similar topics

Similar topics


Send us news

Other stories you might like