Firefox Private Network: Proxy Comes of Age
Trying to protect your security and privacy online often feels like standing in the middle of a field with an umbrella trying to protect yourself from a tornado. Sometimes, the tools just don’t measure up to the threat. But this month, the Mozilla Foundation announced a tool that can provide Firefox browser users with more firepower to fight this fight: the Firefox Private Network (FPN).
Level of Privacy
The level of privacy this feature brings is much different than browsing in a Private Window, Incognito, or InPrivate, as the feature is known in Google’s Chrome browser and Microsoft’s Internet Explorer/Edge browser, respectively. With those venerable features, the browser on your computer connects to the Internet to interact with websites, just as when those features are not being used. The browser itself modifies its behavior, discarding cookies, form data you type in, and other data stored in the browser. Although that provides a clean experience, your Internet Service Provider (ISP) such as Verizon, Cox, or Comcast can still tell where you are going, and the sites you are visiting can still tell where you came from. These are the warnings that are prominently displayed when you start a new Private Window, and they are correct. Enabling FPN fills that gap.
When you browse with FPN turned on, every request you make is sent to FPN. In turn, FPN makes the request to the site on your behalf. Besides FPN itself, your ISP only sees you going to FPN, and the sites only see requests coming from FPN. This provides a layer of insulation between you, your ISP, and the sites you visit. FPN acts as your proxy, which is not a new term.
What is a Proxy?
Almost since its inception, Internet technologies have supported the idea of a proxy. The technology originally was designed to make browsing faster, not more secure. That came later. The idea was that hundreds of people in a company could all be asking for similar pages. Internet connections were expensive and slow compared to today’s standards, so making this more efficient was an important goal. Much like FPN, proxy servers would receive requests from clients and then make the request to the site on their behalf, but only if someone else hadn’t visited the site recently. If that were the case, the proxy would respond with what it had cached. This was fine for the early days of the Internet when sites were relatively static. But, as sites grew more dynamic, every user’s request was essentially unique, so caching proxy servers fell out of favor. Using them for privacy and security, however, did not.
As early as the mid-90’s, sites were cropping up that were basically proxy servers built for privacy or safety. On the privacy front, the proxy would do exactly what FPN is doing: they would hide the details of your specific traffic, allowing prying eyes to only see that you were going to the proxy or that traffic was coming from the proxy. Most were specifically engineered to store zero traces of the transaction, so even if someone could prove you made a request to the proxy or that a request came from the proxy, the proxy had no records to trace that back to you. On the security or “safety” front, many proxy services provided parental controls and content filtering that simply didn’t make requests for sites or content that did not meet the standards defined for that proxy. But these technologies still introduced technical issues that were difficult to overcome in many cases, especially as the web became even more dynamic, and browsers became more advanced. Web applications simply ceased to function properly. And, because no one was willing to forego the gratifying experience of everything the Internet has to offer – even if it meant sacrificing security – we did just that.
Modern Security Features
Today, we rely on an untold number of security features built into our home router, browser, anti-virus software, and computer operating system to keep us safe. It is certainly still a cat-and-mouse game between the technology that keeps us safe and the threats that can circumvent them, but security today is much more evolved than it was even a few years ago. Privacy, however, still suffers.
Even with the advent of strong laws to protect our personally identifiable information, “anonymous” data fall outside the bounds of most of these laws. “Anonymous” is a misleading term. Perhaps the pinnacle of anonymous transactions are the transactions involved in cryptocurrency. Transactions are identifiable only by long strings of numbers that are seemingly impossible to trace. However, as the story of the Silk Road marketplace tells us, extremely difficult does not mean impossible.
In the case of Silk Road, an enormous amount of data was crunched to identify patterns in transactions that eventually could be paired with other data that were very low value on their own. But combined with the patterns uncovered, bad actors involved in that illicit marketplace were able to be identified and prosecuted. The same process can be applied to the Firefox Private Network, as it and its partner CloudFlare store data for 24 hours, but it may be longer, as this snippet in the privacy policy states: “unless necessary for its security or legal obligations.” Could that data be used to track where you’re going via FPN? Most certainly. Is that a concern? Beyond your trust of CloudFlare’s own security measures to protect that data and truly discard it as they promise, probably not. We need to decide what we’re protecting ourselves from.
FPN's Impact on User Experience
The amount of data collected about our activity online is staggering, and most of it is used to present us with “personalized” experiences. Realistically, personalization that provides a smoother, more ergonomic, or more pleasant experience is in the minority. Most of the personalization we encounter is in the form of carefully crafted algorithms designed to make us see, hear, or read exactly what an entity acting in their own self-interests wants us to see. Their self-interest might be to sell us something, make something or someone popular or unpopular, persuade us to think a certain way, or any other anathematic intrusion our libertarian side would abhor.
For those cases, the combination of a Private Browsing window and FPN provide a sturdy shield you can raise when browsing. Although, this will come at a cost if you use it for every site you visit. Things like suggested products, songs, articles, and other personalized experiences you may want won’t work the way they would in a normal browsing experience. So, these tools are just that - tools, to be used for the right job: browsing sites to which you’ve never been, doing things – legal things – that you don’t care to count toward your personal trends.