Mozilla outlined a set of new features for its upcoming Firefox 148 and 149 updates, with a built-in VPN being one of the more important additions. Arriving 24 March, the browser will integrate VPN functionality directly, marking an unusual gamble on user trust in an industry notorious for privacy violations.
From a consumer protection perspective, the question is straightforward: can a free service built by a for-profit company actually deliver on privacy promises, or is this merely a gentler form of the data harvesting that haunts competing free VPNs?
Users will get 50 GB of data per month under the free tier, with rollout initially limited to users in the United States, France, Germany, and the United Kingdom, beginning March 24 as part of Firefox 149. This limited regional rollout suggests Mozilla is taking a phased approach, likely to assess performance, demand, and support requirements before expanding availability. No access for Australian users at launch.
The feature operates with a fundamental limitation. This new VPN tool will only handle browser traffic, not offering full-device protection, so it should not be assumed that activating it secures all internet traffic outside Firefox. That distinction matters: your email app, messaging services, and all non-browser activity bypass the VPN entirely. For casual web browsing on untrusted networks, that may suffice. For comprehensive device protection, it will not.
Mozilla acknowledges that free VPNs can sometimes mean sketchy arrangements compromising privacy, but frames its version as built from data principles and commitment to be the world's most trusted browser, routing browser traffic through a proxy to hide IP address and location while you browse, giving stronger privacy and protection online with no extra downloads. This framing appears genuine: Mozilla maintains Firefox is designed so that even the company itself should not know which websites users visit or what they do there, and it does not sell personal data and relies on end-to-end encryption for synced browsing data, such as history and bookmarks, before that information leaves the device.
Yet critical details remain unconfirmed. Whether the service uses AES-256 encryption or simpler proxy protocols has not been disclosed. No independent security audit has been announced. Mozilla has not confirmed a no-logs policy, or which jurisdiction would govern data retention. These omissions are not trivial; they form the actual foundation of trust.
The alternative perspective holds weight too. Some companies use free VPNs to harvest data to make a profit, while others will respect your privacy, but the business model creates constant tension; a free VPN from a reputable company is the best deal available because the business has a reason not to betray its user base. Mozilla's non-profit heritage, focus on open-source standards, and lack of dependency on advertising revenue do distinguish it from ventures built purely to monetise user data. That structural incentive alignment is genuine.
Mozilla did not disclose the underlying technical provider or infrastructure details in this announcement, but it emphasised that the service is built around its long-standing data minimisation stance. That silence on partners and infrastructure suggests either secrecy by design or information not yet finalised.
Mozilla has its own dedicated VPN app, Mozilla VPN, which is encrypted and operates a no-logs policy having undergone independent audits to confirm this; it would be assumed this technology is being used in the Firefox browser but Mozilla hasn't yet confirmed this.
For most users who check email, browse news and use social media on public Wi-Fi, the 50GB free tier offers pragmatic protection without cost or friction. For heavy users streaming video or downloading files, or anyone requiring full-device security, existing paid services remain necessary.
Mozilla's move signals that browser-integrated privacy tools are becoming standard competitive expectations. Firefox is not the first browser to introduce built-in VPN protection; rival browsers have been experimenting with similar privacy tools, with Opera offering its own integrated VPN proxy, and Vivaldi adding built-in protection through a partnership with Proton VPN. The market is consolidating around integrated rather than standalone solutions.
The real test arrives after launch. If Mozilla publishes detailed technical specifications, undergoes third-party audit, and confirms transparent data practices, users will have reason for confidence. If those documents never materialise, the scepticism surrounding free VPNs will remain justified, regardless of Mozilla's historical reputation.