esparta.co

My Journey using Firefox Private Network

Prelude

One day of September I learnt about Firefox Private Network, as one of the Firefox fan I took the decision of use it for a while and also document what it is, and what are the good and bad things about it. I will be taking different perspectives: as a user and also as an engineer who’s looking for a better and more secure internet.

FIrefox Private Network Image

This writing may have a lot of bias because my affinity to Mozilla, and my neutral view about Cloudflare, Mozilla’s partner in this project.

So, What’s this Firefox Private Network?

Mozilla says on the main page of Firefox Private Network:

Firefox Private Network is a desktop extension that helps secure and protect your connection everywhere you use Firefox

For a technical person, there’s also a more in dept definition:

Firefox Private Network is an extension which provides a secure, encrypted tunnel to the web to protect your connection and your personal information anywhere you use Firefox

So, basically it’s a proxy, and the TOS confirms this:

Firefox Private Network is a proxy service that helps you browse more privately by placing an intermediary between your Firefox browser and the internet to obfuscate your IP address. A Firefox Account is required.

The use case is also clear: It’s a product delivery to you as a Firefox extension meant to be used as an extra protection while you are browsing the internet using Mozilla Firefox. The key features were described on their announcement:

What’s NOT Firefox Private Network?

Installing it.

The first thing to note after installing it is the new icon, and a big blue button Sign in: after installing the extension

This is a hint on why is not anonymizer.

First impresion: This is REALLY fast, y’all.

One of the complains about VPN and Proxies is the overhead and slowliness it adds to the normal operation. This is NOT what it happens using Firefox Private Network.

So, How Fast it is? 1 - 1 FAST. I mean, is literally as you are not using nothing at all. This is the report done by Speedtest.net on my network at work:

ffpn stats from work

And this is using Firefox Private Network from that same node.

stats from work using FFPN

As a table is probably better to see:

Ping – – Download (Mbps) – – Upload (Mbps) –
Normal 3 ms 372.57 280.84
FFPN 0 ms 361.12 281.82

Location. Location. Where am I?

The first to notice is the change of the IP address, from my Level 3 network to the Cloudflare Warp Network. That means we will probable have something cool here: The extension will be using the closest node geographically speaking (another hint on no-anonymized)

In order to prove the above point I ran another set of test when I was connected in Japan1 and these were the results:

ffpn from japan

Can you see that? The connection was done from a close location, Tokyo to be exact.

Maybe it was a coincidence, so later on I did the same from Netherlands 2:

ffpn from nl

The connection is now from Amsterdam, a location closest from my node now.

Location conclusion: Yes, it connects to the closets Cloudflare Warp node. This can be a good thing or bad thing depending on who see it. For a user perspective it probably doesn’t matter, from others maybe it’s a big thing (more about that later). Also Firefox Private Network honors their promise: “Your IP is hidden from everybody”, so is difficult to be tracked because for the one seeing your IP you are inside a Cloudflare network, the same as hundreds of other users.

It may block connection to sites

As part of the protection package, the extension may partially block a site doing not so normal things to your browser. This appeared when I was checking this website: https://am.i.mullvad.net

Firefox PN blocking mullvad.net

In my opinion that’s a nice thing to have in general, in other cases it will be not a good thing like doing a Video Call. It’s documented you may need to turn the extension off.

About DNS

Cloudflare would be our connection to internet while using the extension, since it’s a tunnel (proxy) that would mean they are also serving our DNS. So I ran a set of test to see how it works.

First, I ran a test about the DNS Entropy:

DNS Entropy

:notbadobama:, since I was running the test multiple times I found something kind of weird, or at least unexpected: the IP of the DNS was changing, almost randomly.

So, I ran another series of test, this time using DNS Leak Test with their extended version of their test, finding Firefox Private Network would be using up to 18 different DNS servers per node, and was not a surprise that those DNS servers were also close to the given location.

DNS in JP

This technique is of course not new, the Cloudflare’s 1.1.1.1 was also doing this since day one. One of the reason is per security concerns, the one checking on who’s your DNS provider would find that you are one of the millions of Cloudflare direct or inderect users.

DNS conclusions: I was not able to find any concerns on what is doing related to DNS, it’s the same protection provided by Cloudflare since a long time ago.

Use and Abuse

We all know what’s the first thing people would try to do: Use Firefox Private Network as a way to break region locks.

Use it only on USA

It literally takes 2 minutes to figure out you can activate the extension even when you are not physically on the United States of America 3, and after the activation you can practically use from everywhere as my screenshots above shown. Or you can use a VPN to be in USA and then use the extension to bypass streamers locks.

Since the main target of break-region-locks is to stream content, those people will be using a VPN to be in USA and then use the extension to bypass the the streamer’s locks 4. Tons of bandwidth would be using in that way within the extension, the stream providers would probably not very happy about it, having some consecuences: either they will block all Cloudflare IPs, or Cloudflare will block connection/use? At this point I’m sure about exactly what would be the case.

The above is not a technical problem, and will be difficult to solve with an Acceptable Use document (sorry, I didn’t find it). Or maybe the extension would need some kind of practical limit (around 200 GB per month?) of data transfered using the extension.

Minimal problems

In all the time I was using Firefox Private Connection I had problems only once. The extension did appear as disconnected and when I try to connect again it was asking to login again, but the Firefox network was down and I have no option but not use it that day.

FFPN issue connecting

Yes, I did try to turninf it off, and then on again the extension, even I did the same with the computer. Still didn’t work.

Conclusion

After a week of using Firefox Private Network I would say it’s good enough for what is meant to be used: an extra protection while using a (free?) public network you should never trust (as that open WiFi everybody uses). Yes, you are having an intermediary in order to have that protection, but it’s way better than just connect and use as in nothing can happen.


  1. No, I did not travel to Japan, but that would be cool. [return]
  2. I have never been in Netherlands, but that also would be cool. [return]
  3. I’m well aware the TOS prohibits their use when you are not physically in USA. [return]
  4. That’s why we can’t have nice thing. And is it's worst when are free. [return]