Mozilla VPN

One tap to privacy Surf, stream, game, and get work done while maintaining your privacy online. Whether you’re traveling, using public WiFi, or simply looking for more online security, we will always put your privacy first.

See: https://vpn.mozilla.org

Getting Involved

We encourage you to participate in this open source project. We love Pull Requests, Bug Reports, ideas, (security) code reviews, or any other kind of positive contribution.

Before you attempt to make a contribution please read the Community Participation Guidelines.

Here are some useful links to start:

• View open issues
• View open pull requests
• File an issue
• File a security issue
• Join the matrix channel
• View the wiki
• View the support docs
• Localization happens on Pontoon.

Dev Setup

Docs for building the client

Pre-commit formatting hook

If you want to submit a pull-request, please, install the clang format pre-commit hook that lints code.

1. The standard conda environment includes the required clang-format libraries. If the conda environment is not being used, a clang-format library will need to manually installed. (For example, using Homebrew on macOS: brew install clang-format.)

2. The linter will need to know where to find the clang-format-diff.py file, so CLANG_FORMAT_DIFF must be exported. On a standard conda installation: export CLANG_FORMAT_DIFF=$(find ~/miniconda3/pkgs -name clang-format-diff.py)

3. Install the pre-commit hook: ./scripts/git-pre-commit-format install

Testing

Unit tests

When built for any one of the desktop platforms, this project will also generate a suite of unit tests.

The tests are built manually specifying the build_tests target.

cmake --build build --target build_tests -j $(nproc)

Once built, you can run them with ctest as follows:

ctest --test-dir build -j $(nproc) --output-on-failure

Running the functional tests

New build required: Functional tests require a dummy build of the application, which is not built by default. To build the dummyvpn target, in the root folder of this repository run:

cmake --build build -j$(nproc) --target dummyvpn

This will create a dummy build under the tests/dummyvpn folder. To run the functional tests against this build, make sure the MVPN_BIN environment variable is set:

export MVPN_BIN=$(pwd)/build/tests/dummyvpn/dummyvpn

Other dependencies:

• Install node (if needed) and then npm install to install the testing dependencies
• Compile the testing addons: ./scripts/addon/generate_all_tests.py
• Make a .env file and place it in the root folder for the repo. It should include:
• MVPN_BIN (location of compiled mvpn binary. This must be a dummy binary, see note above.)
• ARTIFACT_DIR - optional (directory to put screenshots from test failures)
• Sample .env file:

export PATH=$PATH:~/Qt/6.2.4/macos/bin:$PATH
export QT_MACOS_BIN=~/Qt/6.2.4/macos/bin
MVPN_API_BASE_URL=http://localhost:5000
MVPN_BIN=dummybuild/src/mozillavpn
ARTIFACT_DIR=tests/artifact

To run a test: from the root of the project: npm run functionalTest path/to/testFile.js. To run, say, the authentication tests: npm run functionalTest tests/functional/testAuthenticationInApp.js.

Developer Options and staging environment

To enable the staging environment, open the Get Help window, and click on the Get Help text 6 times within 10 seconds to unlock the Developer Options menu. On this menu, you can enable on the Staging Server checkbox to switch to the staging environment. A full restart of the VPN will be required for this option to take effect.

Inspector

The inspector is a debugging tool available only when the staging environment is activated. When running MozillaVPN, go to the inspector page to interact with the app. Connect the inspector to the app using the web-socket interface. On desktop, use ws://localhost:8765.

The inspector offers a number of tools to help debug and navigate through the VPN client:

• Shell: By default the inspector link will take you to the Shell. From there type help to see the list of available commands.
• Logs: Will constantly output all the app activities happening in real time. This information includes the timestamp, component and message. From the left column you can select which component(s) you'd like to monitor.
• Network Inspector: Includes a list of all incoming and outgoing network requests. This is especially helpful when debugging network related issues or monitoring how the app communicates with external components such as the Guardian.
• QML Inspector: Allows you to identify and inspect all QML components in the app by mirroring the local VPN client running on your machine and highlighting components by clicking on the QML instance on the right.

Glean

Glean is a Mozilla analytics & telemetry solution that provides a consistent experience and behavior across all of Mozilla products.

When the client is built in debug mode, pings will have the app channel set to debug. Additionally, ping contents will be logged to the client logs.

When the client is in staging mode, but not debug mode, pings will have the app channel set to staging which allows for filtering between staging and production pings through the client_info.app_channel metric present in all pings.

A note on Glean embedding

Qt only accepts major.minor versions for importing. So if, for example, you're embedding glean v0.21.2 then it will still, for Qt's purpose, be v0.21.

Working on tickets with new Glean instrumentation

If you are responsible for a piece of work that adds new Glean instrumentation you will need to do a data review. Following is the recommended process along with some pointers.

The data review process is also described here: https://wiki.mozilla.org/Data_Collection

The basic process is this:

• Implement the new instrumentation. Refer to the Glean book on how to do that.
• When adding or updating new metrics or pings, the Glean YAML files might need to be updated. When that is the case a new data-review must be requested and added to the list of data-reviews for the updated/added instrumentation. When updating data-review links on the YAML files, these are the things to keep in mind:
  • Include a link to the GitHub bug that describes the work, this must be a public link;
  • Put "TBD" in the data_reviews entry, that needs to be updated before releasing the new instrumentation and ideally before merging it;
  • Think about whether the data you are collecting is technical or interaction, sometimes it's both. In that case pick interaction which is a higher category of data. (See more details on https://wiki.mozilla.org/Data_Collection);
• Open a draft PR on GitHub;
• Fill out the data-review¹ form and request a data-review from one of the Mozilla Data Stewards². That can be done by opening a Bugzilla ticket or more easily by attaching the questionnaire as a comment on the PR that implements the instrumentation changes. For Bugzilla, there is a special Bugzilla data review request option and for GitHub it's enough to add the chosen data steward as a reviewer for the PR.
• The data-review questionnaire will result in a data review response. The link to that response is what should be added to the data_review entry on the Glean YAML files. It must be a public link.

Note:

• It is ok for a reviewer to review and approve your code while you're waiting for data review.
• It is not ok to release code that contains instrumentation changes without a data review r+. It is good practice not to merge code that does not have a data review r+.

Status