Any one here have an opinion about Cloud Flare Warp?

[purple379]

Cloud Flare is the DNS at 1.1.1.1, and they offer Warp includes something like a VPN, and other. Free up to one GB of Data. Then a pay for service for unlimited. (I have no affiliation)

CloudFlare says their stuff is for Security reasons.

Anyone look at either Cloud Flare or its Warp product as to whether it is what Cloud Flare is what one would pay for?

[s243a]

Cloud Flare is the DNS at 1.1.1.1, and they offer Warp includes something like a VPN, and other. Free up to one GB of Data. Then a pay for service for unlimited. (I have no affiliation)

CloudFlare says their stuff is for Security reasons.

Anyone look at either Cloud Flare or its Warp product as to whether it is what Cloud Flare is what one would pay for?

In my opinion cloudflare is about surveillance but said surveillance is done perhaps primarily to provide security-like services. Take for instance their DDOS protection. You visit a site like pastebin and it takes a long time to load at first because they scan your browser signature. They also offer content distribution systems but in such systems they might have the SSL keys of a given site, so in theory they can man in the middle you. Likely their VPN will require you to install their root certificate authority which is another why that they can man in the middle you. Sure you might get privacy and security benefits by using their VPN and using their DNS service might protect you from various DNS attacks like DNS Poisoning [1] or DDOS or DNS Flood [2] but by providing this DNS service they "potentially" get more information about what kind of sites you are visiting.

It is possible (but unlikely in my opinion) that cloudflare's motives are pure but the primary issue here is monopoly and how increased monopoly makes the internet easier to surveil and control. Even if cloudflare's motives are pure the size of them makes them a target for intelligence agencies that would try to compromise their systems either covertly or overtly (e.g. a wire tapping warrant).

Anyway, if their VPN provides you some needed privacy (with respect to some application) then sure use it. I recommend running their VPN in a virtual machine or chroot environment and using iptables, privoxy and advanced routing to only use their VPN for the traffic that you want directed through their VPN. Exactly how to do this will require more thought. Also note that if one is doing something of interest to government agencies then expect that cloudflare VPN to be more of a liability than a security/privacy tool.

As a final note, if one is looking for a free VPN then I'm sure that cloudflare provides better security and privacy than most free VPNs. However, perhaps the primary problem with such a comparison is that one is looking for a free VPN.



Notes
-------------
1 - https://dotweak.com/2019/08/17/how-to-u ... 1NWTlOdz09
2 - https://www.cloudflare.com/learning/ddo ... os-attack/

[s243a]

Just as a thought of where I might want to use the cloudflare VPN. I might use it for something like a wireless hotspot or a hotel provided wifi service or perhaps for some benign google searches. I might also consider redirecting traffic from the Iron Browser through their VPN because the Iron Browser is potentially monitoring you [1] but I happen to like the Iron browser. Given that I don't have high privacy confidence in the Iron Browser then there is low risk of redirecting the Iron browser through the cloudflare VPN, which is reputable in the business sense of the word.

P.S. I here the The Opera browser has a free built-in VPN so perhaps they are as bad or good as Iron on privacy, depending on your perspective. It might be worth reading what the ZeroNet discussion says about the Opera Browser:

https://0net.io/1SpyWkvtp8bXz5x7K8EreCB ... opera.html

And yes I did include the Opera browser in tazpup64 because I like it for things like youtube (and I didn't at the time know about the privacy concerns) but I eventually plan to move the browser into a separate sfs and maybe I can create some privacy feature like use Opera as the default browser for only sites like youtube and use GNU icecat as the default browser for sites that don't require such bleeding edge browser tech.


Notes
------------------
1 - https://www.facebook.com/groups/Ethical ... 086712214/ -- Is your Browser Spyware. Article based on the zeronet discussion: https://0net.io/Talk.ZeroNetwork.bit/?T ... nBWnXadUtS

[belham2]

Cloud Flare is the DNS at 1.1.1.1, and they offer Warp includes something like a VPN, and other. Free up to one GB of Data. Then a pay for service for unlimited. (I have no affiliation)

CloudFlare says their stuff is for Security reasons.

Anyone look at either Cloud Flare or its Warp product as to whether it is what Cloud Flare is what one would pay for?

Hi Purple,

Cloudfare Warp is set up on my iphone, and it works well. Maybe I am a goof for trusting them, but at this stage I trust them (after following the for several years) more than I do any wifi setup I might come across outside of my home. And I know I'm not the only one as friends in the security-info biz I have, it's on their phones (both Android & Iphones) and accompanying tablets too.

[rufwoof]

I have not need for Cloud Flare. For me, phone - don't care if I'm tracked/profiled and don't do any sensitive searching/stuff; Laptop with hashbang socks5 proxy (free) and/or ssh - for when I'd rather my local state/ISP didn't see what I was searching/doing (or where I'd rather sites visited didn't see my actual IP, they see hashbang's IP instead); Standard local ISP (normal connection) - for when doing sensitive stuff (online banking, tax returns etc.). Best to just use one at any one time, not for instance trying to have one browser session running via socks, another running straight ... as new browser windows/tabs may not run/route as expected.

[enrique]

I have to say I never try their VPN. But Cloudflare is mostly own by Google. In my opinion using their VPN for hiding porpoises is a waist of time.