"Ratio of servers hosted in countries with mature legal frameworks (needs work)" is one that's pretty hard to measure and has huge capacity to misinform.
The US, UK, Russia, 5 Eyes countries, China, the EU; everyone has a stance on whether they're safe or not.
I think it better to just measure "location diversity", and give a heatmap of server locations (indicating replication and mirrors) so the user can decide for themselves.
I think the point of the ID is (partially) to reduce the chance that ad agencies will use scummy workarounds. If the ID isn't guaranteed to be there, I can see them using the scummy ways instead.
You can have issues opening an account in the UK if you're not allowed to get credit, since many bank accounts include free access to credit, or an overdraft facility, that you can't turn off or decline.
You can be banned from getting credit pretty easily too; if you've failed to pay council fines (parking, tax, etc.), or missed a repayment on a loan, a judge can give you a ban. It can be a real problem for people who get into a bad financial position and want/need a new bank account later on.
> not like the garbage you see on ATMs and gas pumps though
What don't you like about these buttons? As mentioned elsewhere in the comments, this is a proved design that works well for a great number of people. Plus, the elderly / tech averse are likely to already know how it works.
Nobody mentioned the Euro Zone before you did; they're talking about Europe "as a continent", for the most part.
Living in the UK, national payments are instant, with very few exceptions. And having lived in both Switzerland (where they use CHF), and Germany (Euros), I can say it's much the same across Europe.
International payments within Europe are fast too; a couple of days if you're changing currencies, and faster if both sides are in the Euro Zone.
Banks don't have to be slow. The only real issue I have is that the bank's exchange rates are criminal!
That money has to come from somewhere; I'd happily pay for Firefox but most people wouldn't and it's not cheap developing a browser.
Their outreach, web literacy, and STEM education work is also not cheap and is doing amazing work.
It would be nice for them to list two or three VPNs they've audited though. Their endorsement goes a long way for many people and we would still have a choice then.
That being said, you don't need to provide your real identity to sign up; in fact, you're encouraged not to. So, it's a lot harder to identify a particular user.
Switzerland has _extremely_ good banking privacy laws so they can't be required to disclose credit card details, so that's an identifying link not available to Five-Eyes. Plus, you can pay in BTC.
I'm not sure about what's required for a company in Switzerland to be compelled to share information with Five-Eyes but I expect they would have to be ordered to by the Federal government; a hard feat given how privacy friendly they are, and how the Cantonal government of Geneva have additional privacy laws.
That's exactly how it should be! The developer version isn't behind any barriers - it's trivially easy to find and install - and it keep the majority of people from installing some of the most malicious extensions.
> Public search for sources of other people's breached personal data via monitor.firefox.com
That page is powered by haveibeenpwned.com. Mozilla just made a fantastic security tool available to user who don't know about Troy's site.
> you can enter anyone's email and see results
This data is all very easily available online anyway. It's just aggregating leaks that already public, and neither HIBP or the Mozilla page provide the _actual_ personal info that was leaked.
> Someone just lost the security vs usability debate there I guess.
That's the thing though; this _is_ a valid security tool. And a powerful and valuable one at that. HIBP has been used for years by thousands of users to secure their accounts after data breaches.
I fully understand. If you can't trust Proton then you don't _actually_ benefit from anything.
If it helps however, ProtonVPN is by the people behind ProtonMail, the security-first email provider. They started in CERN as a mission to provide email to scientists that wouldn't be subject to censorship.
Their entire business - email and VPN both - embodies the same philosophy that Mozilla does.
It's rare that I trust any company but Mozilla and ProtonMail are two of a _very_ short list.
Well, not if you're physically located in in the U.S. at the tome, but the GDPR effects non-EU businesses and governments as long as the person involved is an EU citizen.