In below article’s “Security - Is WARP Safe?” section VPNMentor states that
This VPN does not protect your anonymity in any way. You are not assigned a new IP address, and your traffic is not hidden from your ISP.
When I asked them about it, they just kept repeating Cloudflare is hq-d in the 14 eyes founder, US.
All of my technical questions have been ignored by them.
As far as I know between my WARP client and CF colo, a wireguard tunnel gets established, so my ISP only can see which CF colo I m connected to.
Below statement is partially true:
You are not assigned a new IP address
If landing page/service runs CF, it may recover your real IP, otherwise they will see CF colo’s public IP.
Please confirm whether my thoughts are correct (or not).
Your ISP knows that you have a wireguard tunnel to the cloudflare network, nothing more.
Be advised, a small number of companies (hello Kape Technologies!) own most VPNs and review sites, which is why you see everyone recommending ExpressVPN.
Go with either Mullvad if you need to connect through different regions (unblock netflix) or WARP if you need speed (both are excellent for privacy, which sadly cannot be said for most VPNs anymore). Mullvad is also a good choice if you are paranoid, but WARP is probably good enough, as you probably don’t need to hide your IP from the site you are visiting.
WARP isn’t a VPN I think.
Also other VPNs use suspicious IPs and you may get your accounts blocked or see more captchas on sites. The best VPNs that prevent that are Cloudflare Warp and Google VPN. If you want privacy first there are better ones like Surfshark, Adguard VPN, Mullvad etc. Regarding ExpressVPN - it’s overpriced but the performance is one of the best. It’s better to test and see before you choose.
I don’t care about landing pages to know my IP. I do care about public cafes and my home’s ISP to know what pages I visit.
VPNMentor’s statement is not correct. My traffic (payload) is hidden from my ISP (whoever it is).
Warp provides an encrypted tunnel for your traffic out to the nearest CF colo. It is a VPN.
WARP is a VPN. It’s based on their own implementation of WireGuard
You may be right. CF’s definition for WARP is not clear. I don’t even know whether it moves torrent and other p2p traffic to the wireguard tunnel.
According to my pcap test it does, but that was not a comprehensive leak test.
I just wanna know if the statements from VPNMentor are right.
Agree completely. Regarding Express, I encourage people to use Mullvad or WARP depending on their needs. One issue at the moment is that there aren’t any good VPN benchmarks. It’s hard to benchmark a VPN on mobile because you need to do a ton of trials at different times. For desktop things are more consistent, but there still aren’t many trustworthy benchmarks sadly.
Yep this is why I use WARP, I don’t want some garbage reputation IP, I just don’t want my traffic to be sniffed on public Wi-Fi
Correct, the review is wrong. The review is trying to sell ExpressVPN, and is scaremongering here.
Question is a bit off-topic, but does CF retain your IP data for 24 hours or not?
They say “we may retain…” in 2.2 Operational Data section.
https://www.cloudflare.com/application/privacypolicy/
Does this mean they retain my data by law enforcement request and doesn’t retain it at all otherwise?
Warp is a VPN, but it is a transparent VPN, it uses the same protocol as many other providers (WireGuard). The difference is, that it doesn’t mask your ip, as the other providers does. It is NOT a DNS (although it does use cloudflare own dns), it does have a dns only mode though. What warp is meant for, is protecting you from “MITM” (man in the middle), like your ISP (which is maybe trying to log your activity) or a bad actor (which may be trying to hack and/or steal your private information).
EDIT: it should be routing your torrent traffic, unless you specifically have set an exclusion for your torrent.
I’d say yes but it’s not a VPN in the first place I’d say it’s more a DNS protection than a IP protection.
It is a VPN, however by design, it does not hide your IP where possible. It connects from the IP address of Cloudflare, but it also sends the IP to the website anyway
It is definetly a VPN, just not a VPN in the way most people think of it.
Not in all of the cases websites will know your real IP.
Those that don’t run CF service are usually unable to recover your real IP.
I worte a php script that extracts all headers of visitor. Only the CF colo’s public IP is there, not user’s real IP.
However, if I use
$.get('https://www.cloudflare.com/cdn-cgi/trace', function(data) {
...}
first and pass data to php, I can get the real IP too.
Yes, that’s how it is designed. Cloudflare can’t inject the original IP if the website is not proxied through Cloudflare, as they’d have to magically break TLS. Instead, whenever the website is proxied, it adds the CF-Connecting-IP header, as it would without WARP anyway.
What you’re doing there is simply getting an IP grabber (which Cloudflare conveniently hosts), and sending it back to the server.
what’s the benefit of cloudflare telling host sites your IP?
Cloudflare’s VPN was positioned as a VPN to break free from censorship and ISP/Government spying. They believed though that if you’re choosing to visit a site, they might as well know who you are (so personalised things like your location still work, plus Cloudflare didn’t want to be known for facilitating dodgy uses of VPNs being a web security company).
They’ve changed it though, I’m pretty sure they no longer do that and it just passes through your closest Cloudflare colo