The article mentions that WARP is exposing the end user's IP to websites they visit. I'd be interested in how they do that, especially with HTTPS websites where they can't MITM and inject headers.
> WARP is not designed to allow you to access geo-restricted content when you’re traveling. It will not hide your IP address from the websites you visit.
Great eye! We haven't figured out how to expose them yet for sites not using Cloudflare. We do have some experience solving this problem for Spectrum [1] we're hoping to lean on. The most important thing to us is users don't expect us to keep their IP private, as that is not the intent of WARP.
Thank you for your reply. I see that it's rather easy to do that for websites running behind CF as you terminate the traffic and can just set the corresponding header.
But for websites outside your network I don't see any obvious way how to do that. Wouldn't this being possible imply that it's possible to spoof traffic? That would open a whole can of worms for the web and even the internet at large.
But I also get your point that you don't want people to see WARP as a regular VPN to protect a users IP address from being exposed to the other side. Since it's not easy for a user to see which sites run behind CF and which ones don't while browsing they must keep this in mind. Or they can just firewall all CF IPs minus the ones used by WARP (assuming none are shared with other CF products and a list can be obtained).
Not step on the toes of Netflix, Amazon Prime and other services that rely on geo location for enforcing licensing of content / geo-location based artificial scarcity of digital goods?
It sounds like cloudflare spent the time to do away with hiding ip addresses. Actively removing that feature of a VPN, which you should get for free in a wireguard implementation, seems fishy to say the least. Especially since no reasonable explanation for this was given.
From the deafening silence I'm going to take the less charitable interpretation that it's meant to enable Cloudflare to essentially sell Warp users' IPs to Cloudflare customers as an added perk.
Although Warp doesn't mask IP addresses, it should be useful for these two use cases:
1) Communicating with insecure websites (HTTP instead of HTTPS)
2) Using unsecured wireless networks (e.g. Wi-Fi at a coffee shop)
Beyond these two cases, is there any advantage to using Warp? Does Warp provide any benefits for email (secure IMAP/SMTP), file sharing (BitTorrent), or other protocols?
Statistics from one of my websites running Argo show a 16.73% percent improvement for 32.3% of web traffic routed through Argo.
For my Google Cloud Washington based server, I see 5-15% improvement for some traffic from the EU and US East Coast and 15-30% improvement some traffic from Asia, Africa, and South America. (all according to CF statistics)
What's the actual vulnerability when simply using an unsecured wireless network? Sure, it's easy for them to MitM you if you're using http, but if you're only using https, what's the harm?
DNS queries and the unencrypted parts of the HTTPS protocol (like SNI without recent enhancements). So passive sniffers can at least see what sites you're visiting.
Thanks, this should have been obvious in hindsight.
One more for people with cell phone plans that don't adhere to net neutrality: Warp can probably bypass quality caps on video streaming.
Traditional VPNs are strictly better than Warp+, as far as I can see, but the free version of Warp is a generous offering for users who would otherwise not be using a VPN.
> Warp and Warp+ will not route traffic data from your device through the Cloudflare network for certain Internet properties, such as over-the-top content provider websites, as determined by Cloudflare in its sole discretion.
> WARP is not designed to allow you to access geo-restricted content when you’re traveling. It will not hide your IP address from the websites you visit.
I think that's because Warp doesn't let you select the location of the server you're connecting to. Almost all VPN services have servers in different areas, and you can choose which geographic area you want an IP address from. In contrast, Warp only lets you connect to a server that's close to you.
Based on speed tests, it doesn't look like Warp is bypassed for video content.
That’s not the same thing - they could provide your IP to the site you visit in an added header or something without compromising your privacy from your ISP. That doesn’t imply they aren’t routing traffic to some websites.
Can you have an option to do that? I imagine in some cases it might be better for people (in certain regions or roles) where their IP being hidden is a core component of "Privacy First".
Warp doesn't provide anonymity, however, for some reason Netflix in my phone can stream US TV shows with Warp on while my non warped devices can not even list the show. Weird.
Because Netflix is not a Cloudflare client, so CF can't pass the source (client) IP. The same should happen with Google, Facebook (or anyone not behind CF infrastructure).
At least, that's the way I'm currently understanding it.
It seems to not be hiding IP, but it does inadvertently(?) do so for some site's detection methods I think. When I did an IP lookup, some sites reported correct while others reported one I didn't recognize (assumed its the one from WARP).
> WARP is not designed to allow you to access geo-restricted content when you’re traveling. It will not hide your IP address from the websites you visit.