
WARP is here - BCM43
https://blog.cloudflare.com/announcing-warp-plus/
======
mwcampbell
I was openly critical of Cloudflare when they announced Warp the first time.
My accusations were over-reaching, and I ultimately retracted them. But I'm
still skeptical, and I still won't use Warp.

Here's what still bothers me: Cloudflare is a single company with points of
presence all over the world, handling traffic for websites all over the world
(including some big ones), and now trying to attract consumers worldwide to
proxy their traffic through its network. That's a _lot_ of power, and we all
know the saying about power and corruption. It doesn't matter how
conscientious the leadership are. I'd prefer that the temptation to abuse that
power was just not there at all.

My idea of a better Internet is a return to the way the Internet _was_ \-- a
large number of small providers, communicating with each other over open
standard protocols. So, yes, I should switch to something other than Comcast
here in my apartment. So far, I've been afraid that doing that would leave me
with a truly abysmal quality of service. (I'm in Bellevue, Washington.) But at
least I can avoid adding Cloudflare, with its terrifying power, to the mix.

Granted, I mostly use the Internet on a stationary computer with a cable
connection at home. About the only thing I do on my phone away from a WiFi
connection is request an Uber ride. And I do need that to work reliably. But
it _is_ working just fine without Warp. So, maybe Warp is just not for me.
Still, for the people that _would_ benefit, I'm afraid of how much more power
they're going to be giving Cloudflare when they tap that "on" button.

~~~
eastdakota
Early on in Cloudflare’s history when we were asked who our competition was we
said Facebook. The concern was that the challenges of being online would get
so hard that individual websites would give up and just move to run Facebook
pages. We saw our role as providing the security and performance needed to
compete without making you give in to use an all-consuming platform.

We haven’t said that in a long time, but I was reminded of it while we were on
our IPO Road Show. One investor we met with said:

“Here’s how I think of you: Cloudflare is to Facebook as Shopify is to
Amazon.”

That resonated to me and reminded me of our earliest days and why we started
the company.

So I appreciate the concern but hope there will always be more independent web
because we exist than there would be if we didn’t.

~~~
mwcampbell
Thank you for taking time to share your perspective. However, I remain
skeptical.

It's true that a website using Cloudflare is more independent than a Facebook
page, in that in the former case, the company can take their domain to another
provider. But my idea of an independent Web is a large number of websites
depending on a large number of high-quality hosting providers. The latter
number will inevitably be smaller, but shouldn't be single-digit. That would
lead to too much potential for abuse of power.

Also, the more sites are using a single provider with its black-box algorithms
and heuristics, the more potential there is for bad consequences for innocent
users when those things misfire. That's what worries me about the bot-fighting
feature you launched on Monday.

To respond specifically to part of what you said:

> The concern was that the challenges of being online would get so hard that
> individual websites would give up and just move to run Facebook pages.

I don't think I understand how Cloudflare actually helps here. I think the
average bar, karaoke DJ (I love karaoke), spa, or other small business that
might just use a Facebook page would be served just as well by the kind of
hosting provider that gives your website a single IP address pointing to a
single machine. Are DDoS attacks and bots really that big of a problem? If so,
I haven't run into them in the 16 years that I was the programmer and sysadmin
for a small company (admittedly, online services are that company's business).
Maybe we just didn't make the right enemies? Now, maybe small web hosting
providers could make it even easier to set up a new website, but Cloudflare
doesn't do anything about that problem anyway. If the concern is performance,
maybe we need better alternatives to WordPress and Drupal, and more local
hosting providers, so the website for small businesses can be closer to their
mostly-local customers without using a CDN.

~~~
bsenftner
I ran a small web service in the video game industry for several years, and
CloudFlare was essential to our survival, as the DDoS attacks would repeat
every few weeks, and at times last 6 to 12 hours at a time. CloudFlare simply
ate that up, and our customers were not impacted. Today, at a different
company, different industry, we use CloudFlare for similar needs, but within
physical area security networks. It's essential.

~~~
shkkmo
I would not be surprised to find out that companies that have significant
exposure to video game users have much higher DDOS risks.

~~~
makomk
They do, and CloudFlare has historically been part of the reason _why_ they
have such high DDoS risks. There's a bunch of "booter" sites out there which
effectively sell botnet-as-a-service DDoS attacks to gamers, and those sites
have relied on CloudFlare to stay online. Without that protection their
competitors would DDoS their websites offline most of the time. Also, most
reputable hosting and CDN services don't allow booters because they're both
highly illegal and disruptive to the entire internet. CloudFlare, on the other
hand, openly permits them.

------
tptacek
Exciting! We're a tiny company and have sponsored WireGuard two years in a
row; you can see us on the WireGuard home page. Cloudflare is a gigantic
company who just used the WireGuard design work to fork the project. Has
Cloudflare given a cent to WireGuard? Why isn't their logo on the site?

~~~
fragmede
And why should they? WireGuard is free† so it seems (to me) a bit futile
trying to shame them on a niche site like HN and expect them to change their
behavior and support the community that they draw from. Mind you, this problem
is not limited to Wireguard/Cloudflare. The NTP servers, curl, libssl prior to
Heartbleed, the list of important open source software in need of funding goes
on. It's fighting also a basic refusal or desire to pay. When was the last
time someone you know paid Redhat for CentOS or Canonical for Ubuntu on
principal?

What/how can we do more to encourage corporate sponsorship (either time or
money) of code that's critical to a company? There are various ways the
community has tried to enable this, in different ways. Librapay and platforms
like it try to make it easier (Think Patreon but less commercial). The Linux
Foundation takes large corporate donations and distributes it out to a large
number of projects they support. Stick a paypal email address or bitcoin
address in the Readme.md as a "serverless" way to receive money.

However at the end of the day, that seems to not work. Curl is used in
billions of devices but the majority of the work on it has been done by one
person for 20 years.

Something is not working as we hoped.

†) specifically Open Source under the GPLv2 license ‡)
[https://www.linuxfoundation.org/projects/](https://www.linuxfoundation.org/projects/)

~~~
krn
> And why should they?

Because that's a sensible thing to do when someone's open source project is at
the very core of your commercial product?

> When was the last time someone you know paid Redhat for CentOS or Canonical
> for Ubuntu on principal?

Netflix and Tarsnap have donated to FreeBSD Foundation multiple times[1], and
Jan Koum has donated over $1 million after selling WhatsApp[2].

Also, look at how many companies are sponsoring LetsEncrypt[3] – including
Akamai and Fastly – but not Cloudflare.

[1]
[https://www.freebsdfoundation.org/donors/](https://www.freebsdfoundation.org/donors/)

[2] [https://www.freebsdnews.com/2016/12/02/jan-koum-founder-
what...](https://www.freebsdnews.com/2016/12/02/jan-koum-founder-whatsapp-
donates-freebsd-foundation/)

[3] [https://letsencrypt.org/sponsors/](https://letsencrypt.org/sponsors/)

~~~
t-writescode
Sensible isn’t really the right word here. It’s sensible to buy a support
contract. It’s charitable and good PR to give them money.

~~~
krn
> It’s sensible to buy a support contract. It’s charitable and good PR to give
> them money.

If the development of an open-source project significantly affects your
commercial product, there is nothing charitable in supporting it: because you
are the one who needs that project to survive.

~~~
t-writescode
Not really, it's open source. You could just start putting resources into it
yourself. If you back up to a local copy, it's not like that source code is
just going to disappear.

------
eis
The article mentions that WARP is exposing the end user's IP to websites they
visit. I'd be interested in how they do that, especially with HTTPS websites
where they can't MITM and inject headers.

> WARP is not designed to allow you to access geo-restricted content when
> you’re traveling. It will not hide your IP address from the websites you
> visit.

~~~
zackbloom
Great eye! We haven't figured out how to expose them yet for sites not using
Cloudflare. We do have some experience solving this problem for Spectrum [1]
we're hoping to lean on. The most important thing to us is users don't expect
us to keep their IP private, as that is not the intent of WARP.

1- [https://blog.cloudflare.com/mmproxy-creative-way-of-
preservi...](https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-
client-ips-in-spectrum/)

~~~
fnordsensei
Are you going out of your way to forward the original IP to the end recipient?
What's the point of that?

Is it to support IP authenticated logins or similar?

~~~
r1ch
Most likely so the receivers of abusive traffic can contact the original ISP
rather than Cloudflare having to deal with abuse reports.

~~~
basch
analytics.

------
sebasmurphy
Just going to throw this out there for anyone who is hesitant using a vpn
managed by another service. You can set up your own easily using the ansible
scripts provided by trailofbits, which supports both IPSEC and wireguard.

[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

a small DO (Digital Ocean) instance is only $5 a month and comes with 1TB
outbound bandwidth (last I checked), which ends up being cheaper than most
commercial offerings.

~~~
tucif
Or host it for free in one of Oracle's cloud 'always free' tier VMs.

Disclaimer: I'm an employee

~~~
megous
Does it have public IP?

~~~
tucif
It does

------
mleonhard
Cloudflare WARP is an easy-to-use free VPN which protects your IP address from
businesses who haven't paid Cloudflare yet.

Companies like InfoUSA can convert 95% of US IP addresses to physical
addresses and household resident names. By inserting themselves in the network
between users and websites, Cloudflare will soon be able to get a chunk of
InfoUSA's advertising profits.

Remember, if you aren't paying for it then you are the product.

Stay away from Cloudflare WARP and use a real VPN.

~~~
est
FTA:

> What WARP Is Not

> From a technical perspective, WARP is a VPN. But it is designed for a very
> different audience than a traditional VPN. WARP is not designed to allow you
> to access geo-restricted content when you’re traveling. It will not hide
> your IP address from the websites you visit. If you’re looking for that kind
> of high-security protection then a traditional VPN or a service like Tor are
> likely better choices for you.

~~~
kabacha
Then what does it do?

> WARP, instead, is built for the average consumer. It’s built to ensure that
> your data is secured while it’s in transit. So the networks between you and
> the applications you’re using can’t spy on you.

Isn't that what ssl does already lol? What a load of sham.

~~~
KeepingItToasty
SSL/TLS encrypts your traffic between you and a server but by itself doesn't
prevent your ISP from snooping some information about your encrypted
connection. If you aren't using Secure DNS & DNSSEC, they may be able to see
and intercept your DNS queries. If you don't use TLS 1.3, they can see the SSL
certificate of the website you are connecting to. If you don't encrypt your
Server Name Indication (SNI), they can see the hostname of the server you are
connecting to.

This all allows your ISP to figure out which websites you are connecting to
and this can be used to prevent you from accessing certain websites, sell your
browsing history to an advertising agency, etc.

You can read more about it here: [https://www.cloudflare.com/ssl/encrypted-
sni/](https://www.cloudflare.com/ssl/encrypted-sni/)

P.S. I don't work for Cloudflare.

~~~
kabacha
All that to hide hostnames from your ISP? Again, what a load of sham.

------
xorcist
I fully understand why a company would like to launch this type of service.
This is the free market after all, and it would make the company insanely
valuable, should it succeed.

However I do have an issue with the marketing behind it. While not said
outright, there is a clear message here that due to some unspecified magic
your network performance will increase. That's clearly stretching the laws of
physics, at the very least. There are also nebulous privacy statements which
looks conspicuously like services that shield your identity, which does not
seem to be the case here.

If the real intent here is to help underprivileged Internet users escape their
great firewall, onboarding some regular users might be necessary to make the
service more legitimate. However even a generous reading of this announcement
does not seem to support this use case. The consumer VPN business is a
questionable business at best, and this does not look different.

~~~
rrss
> That's clearly stretching the laws of physics, at the very least

This is not clear to me. Few mobile users have pings to anywhere pushing up
against the speed of light, and the bandwidth/loss/routing is not close to
being limited by physics.

~~~
zzzcpan
No, he's correct here, it's an extra indirection and so overall it can only
hurt performance, not improve it. For example, ISPs often have caching servers
from Google installed and Google is the biggest traffic generator. If you
route traffic through somewhere else you are going to reach different Google's
caching servers that are farther away and over more congested links.

~~~
CharlesW
> _No, he 's correct here, it's an extra indirection and so overall it can
> only hurt performance, not improve it._

Really? The cost of an extra hop is just one of tens (hundreds?) of factors
that would determine if using WARP would be faster for a particular scenario.

~~~
zzzcpan
That's not an extra hop, but essentially two different paths with many
different hops instead of a more direct one. I'm sure there will be edge cases
where this can be faster due to one of those factors, but for most
destinations it will be slower.

------
losvedir
Great that it's finally launched. I've been on the waitlist for months.

That said, I'm very ambivalent about Cloudflare.

On the one hand, I love them because they're doing a lot of cool stuff
(shoutout to kentonv whose sandstorm project I loved, who works there now),
and even own a bit of their stock.

On the other hand, them being an infrastructure company but also wading into
what travels over their pipes makes me uncomfortable. I get that 8chan was
horrible (and Stormfront before that, IIRC), but it shows more discretion than
I'd like that that level of the stack. They seemed to be more hands-off in the
past, so I wonder if the IPO changed that at all.

A policy question: forbidding 8chan as a Cloudflare customer is one thing, but
what if someone was using Warp and tried to load wherever it is they moved to?
Would Warp block that?

~~~
allworknoplay
They didn't block requests to 8chan, they simply won't provide services to the
site. If you're using cloudflare for DNS lookups, 8chan resolves just like any
other non-cloudflare customer.

~~~
teddyh
…until someone gets the media going about it, at which point they block it.
And that time, they will have a precedent.

~~~
Avamander
So far it has been tried but both registrars and DNS resolvers have resisted
such censorship attempts unless it has been law enforcement and even then it
has been local.

------
steveklabnik
There's also a technical version of this post:
[https://blog.cloudflare.com/warp-technical-
challenges/](https://blog.cloudflare.com/warp-technical-challenges/)

I'm hyped to see Rust code running on so many phones.

~~~
saagarjha
I wonder if any popular applications for a mobile platform ship with Rust code
already.

~~~
steveklabnik
There have been some instances of this before; at least one game was
implemented in Rust. But, given the length of the Warp waitlist, I'm pretty
sure this is the most popular application so far. There could be things I
don't know about though, at this point Rust is big enough that not everyone
who uses it talks about it publicly.

~~~
littlestymaar
Isn't Firefox using at least some Rust on the Android version?

~~~
steveklabnik
I forget the status of that, you may be right! That'd be a large deploy too.
The intention was to do that, for sure, I'm just not sure if it shipped or
not.

~~~
sanxiyn
Stylo (Rust rewrite of CSS engine) shipped for Android in Firefox 60, released
in 2018. [https://developer.mozilla.org/en-
US/docs/Mozilla/Firefox/Rel...](https://developer.mozilla.org/en-
US/docs/Mozilla/Firefox/Releases/60)

~~~
steveklabnik
Awesome! Thanks for letting me know.

------
ksec
Just wanted to say Thank You. I could only wish this was released a little
sooner, but better late than Never. The Hong Kong people desperately need
something like this to avoid ISP monitoring. I wonder if something similar is
planned for Windows and Mac?

P.S Regarding the 10GB, have been on the waiting list since April 1st, nothing
shown up yet.

~~~
zackbloom
We're working our way through the waitlist now, hoping to get to everyone
today. If you have an up-to-date version of the 1.1.1.1 app running you'll get
a push notification when we are ready for you to opt-into WARP.

~~~
StavrosK
I was in the waitlist on my old phone but just got a new one, is there any way
I can get the 10 GB too?

------
rmateu
1.1.1.1 DNS and mobile app have improved my internet experience considerably
outside the US (currently in Costa Rica). I'm very excited about WARP and
totally buy the "everyday user" premise.

As soon as it feels stable I'm telling my activist brother-in-law in Venezuela
to install it and enable WARP. Personally I trust Cloudflare above any ISP. I
see myself installing it over holidays to the rest of the family there.

I understand and celebrate HN's high level discussion about concentration of
power on the internet and its effects. But at the same time I want to
celebrate a geeky company, releasing something cool, with a _free_ tier – and
an evident openness about its plans and how it works. Congrats on the launch!

------
the_duke
I can't really see the value proposition here.

Most use a VPN to add a layer of anonymity (hidden IP) and to circumvent geo
blocking.

All this does is hide unencrypted traffic from the local network and _maybe_
give a moderate speedup, but one that will probably be restricted to non-
Cloudflare properties. For other properties, especially high-traffic ones with
their own fancy routing logic, this will probably be more detrimental than
helpful.

Admittedly a lot of people also just use VPNs because of the countless ads
telling them that the Web is terribly insecure without one. I don't see this
being much of a success without big ad spending.

Might work out just fine for CF, but I will pass.

~~~
nlh
I'm in the (likely) target demographic for this (and just signed up for the
paid version). I don't care about true anonymity or geo-blocking - what I care
about is that Verizon/Comcast both do HEAVY traffic shaping to suit them, not
me. I.e. I'm promised "720p" video quality on Netflix when streaming over LTE
and yet, for some strange reason that goly gee I can't quite understand (/s)
it's never very good and always slow, even with full signal.

I'd rather just encrypt all my traffic and let Cloudflare make the routing
decisions - that alone is worth an extra $5/month.

~~~
rsync
I don't understand how "Warp" would help you in the long run - wouldn't we
expect Verizon et. al to treat cloudflare endpoints as "suspect" or "throttle-
worthy" ?

TOR endpoints are discriminated against by many endpoints and providers - why
not Warp endpoints ?

~~~
DenseComet
Likely because Warp endpoints are the same as cloudflare endpoints, which also
includes a large portion of the web.

------
kristofferR
It's borderline unusable for me.

It takes 20 seconds for every YouTube video to load while they load
instantaneous without WARP:

[https://streamable.com/9tp1k](https://streamable.com/9tp1k)

~~~
eastdakota
Please file a bug report.

~~~
flarex
I'm having problems recording the screen and playing back the video when
reporting a bug.

------
trollied
Someone’s already got it working on macOS:
[https://twitter.com/saurik/status/1176893448445558784](https://twitter.com/saurik/status/1176893448445558784)

~~~
OJFord
Fast work indeed, the meat of it:

(registering a `wg` generated public key with CF)

    
    
        api=https://api.cloudflareclient.com/v0i1909051800
        ins() { vrb=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/$@"; }
        sec() { ins "$@" -H 'authorization: Bearer '"${reg[1]}"''; }
    
        cfg=($(if [[ -e "${usr}" ]]; then
            reg=($(cat "${usr}"))
            test "${#reg[@]}" -eq 2
            sec GET "reg/${reg[0]}"
        else
            reg=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' |
                jq -r '.result|.id+" "+.token'))
            test "${#reg[@]}" -eq 2
            echo "${reg[@]}" >"${usr}"
            sec PATCH "reg/${reg[0]}" -d '{"warp_enabled":true}'
        fi | jq -r '.result.config|(.peers[0]|.public_key+" "+.endpoint.v4)+" "+.interface.addresses.v4'))
        test "${#cfg[@]}" -eq 3

~~~
cosmojg
Will this work on Linux?

~~~
OJFord
I can't see why that bit wouldn't, the rest of the script has some macOS-
specific network setup though.

------
throwid
I just bought a monthly 1.1.1.1 + WARP subscription, and it's slow as hell.
Maybe because I'm in Indonesia. But it works just fine with WARP disabled.

Another problem is 1.1.1.1 suddenly disconnected when I'm not browsing the
internet, like watching videos or reading something on my phone.

Hope you guys fix these problems soon.

~~~
StavrosK
I have a 300/300 symmetric connection in Barcelona and only get 80/0.07 Mbps
with Warp. The 80 is fine, but what is up with 0.07 Mbps up, and why is it so
jittery?

EDIT: Anyone in Barcelona want to go axe throwing in an hour?

~~~
steeve
Same in Paris:500 down/60 up without Warp, 300 down/1.25 up with Warp

------
fragmede
I have a different reason for being unable to use Warp: I don't want to access
a "proper" DNS server, I want a DNS server that blocks ads for me in Mobile
Chrome (I am aware that ad-blocking is fully integrated w/ Mobile Safari). I
currently use AdGuard to get this feature, which sets the DNS server to one
that blackholes ad servers.

Still, it's quite exciting that Cloudflare's finally released Warp, and that
the waitlist for Warp was so long.

~~~
hendersoon
Rather than using the Adguard local VPN app, you can set your DNS to them.

[https://adguard.com/en/adguard-
dns/overview.html](https://adguard.com/en/adguard-dns/overview.html)

Unfortunately this is only possible on wifi on iOS. On Android 9+ you can set
custom DNS on both mobile and wifi.

------
Pigo
It sounds like an interesting product, but I'm wary of anything put out by the
arbiters of the internet.

~~~
Pfhreak
Really? The arbiters of the internet? You don't think that's maybe a little
melodramatic?

Cloudflare has, time and time again demonstrated openness, transparency, and
insight into their technical and ethical frameworks. I trust them a whole lot
more than my isp or any random vpn provider.

~~~
falcolas
> The arbiters of the internet? You don't think that's maybe a little
> melodramatic?

As someone who has browsed sites "powered by cloudflare" over Tor and been
tossed into an infinite "are you human" loop, it certainly doesn't feel
melodramatic.

They've also exercised power over websites based on moral outrage. Perhaps
99.999% of people agree with the morals behind this decision, and maybe it's
even the right decision, but it's still an arbitrary decision made by
Cloudflare.

They are also bound by US law, and other entities bound by US law have been
forced to enable the exact same forms of record keeping that Cloudflare says
they will keep turned off.

Cloudflare is not a neutral party. They don't even advertise themselves as a
neutral party.

~~~
thenewnewguy
> As someone who has browsed sites "powered by cloudflare" over Tor and been
> tossed into an infinite "are you human" loop, it certainly doesn't feel
> melodramatic.

[https://privacypass.github.io/](https://privacypass.github.io/)

------
david_shaw
_> It will not hide your IP address from the websites you visit._

This is an interesting design choice.

I'm sure the idea here is to reduce the number of abuse complaints directed to
Cloudflare, but it also seems to significantly reduce the value of the
service.

I'm excited to try WARP, but without IP masking, I'll need to keep paying for
a commercial VPN service. If I'm already paying for a commercial VPN, I don't
see why I'd ever use WARP.

That said, I definitely trust Cloudflare more than PIA/NordVPN/etc. Some more
"bulletproof" providers like Mullvad are probably even _more_ trustworthy, but
I don't think Cloudflare is going to mine (or sell) my data.

At this point, I'm just not sure what use-case WARP would really fill for me.

~~~
commoner
Warp is still useful for secure web browsing on public Wi-Fi networks that
aren't protected with a password.

It's not a good option for you, since you already have a VPN, but you can
recommend the free version of Warp to people who want to be more secure but
don't want to pay for a VPN subscription.

Warp+ is less defensible.

------
abtinf
Can someone explain the difference between warp and warp+? I’ve read the blog
and the App Store description, both of which completely fail to identify the
difference.

~~~
zackbloom
Hopefully I can! WARP uses a protocol called WireGuard to secure your Internet
traffic. Your encrypted traffic flows over that protocol to the closest
Cloudflare data center before it is released onto the public Internet.

WARP+ takes that one step further. Rather than releasing your traffic directly
onto the Internet, we use all the data we have from our Argo product [1] to
route your traffic to _another_ Cloudflare data center via the route over the
Internet with the best possible performance. That data center will be closer
to your traffic's destination, hopefully improving the performance. In effect
your traffic will bypass Internet congestion and slow links with the goal of
better time-to-first-byte performance.

1- [https://www.cloudflare.com/products/argo-smart-
routing/](https://www.cloudflare.com/products/argo-smart-routing/)

~~~
commoner
Why should a user pay $4.99/month for Warp+ when they can pay less than that
for a traditional VPN that masks their IP address? Does the performance
benefit make up for the relatively weaker privacy?

~~~
acdha
For me, it’s a trust issue: it’s quite hard to evaluate VPN providers so many
people might prefer to use a company with substantial visibility and other
businesses at risk if they break their privacy guarantees.

------
fnordsensei
I'd perhaps consider Warp+ on a computer or the router, but on the phone it
seems a bit overkill.

(Though I haven't tried it. So far I haven't received the 10gb Argo credits
described, despite being on the waiting list for yonks)

~~~
croon
Same here regarding the 10GB, and have been on the wait list since April 1st.

~~~
Pfhreak
Yep. Same here. I assume they are working through the waitlist. I'm going to
give them a couple days to get it sorted before asking customer support about
it.

Edit: My 10GB came through. Looks like release day latency.

~~~
max23_
Same, just receive the notification about the 10GB.

------
philliphaydon
I switched it on this morning and switched it off again after 10 minutes. It
was so slow I couldn’t load web pages or send messages on WhatsApp. Maybe too
many people joining in a short time.

~~~
zackbloom
Please be sure to file a bug report in the app if you can. Every report helps
us fix issues and make WARP better.

~~~
philliphaydon
I didn’t think it was a bug. Just too much load. Will try again in a day or
so.

~~~
sp332
On the contrary, filing a bug report now can help them get it sorted out
before lots of other people run into the same problem.

~~~
vxNsr
He's saying the issue wasn't a specific bug, rather they just haven't turned
on enough capacity.

~~~
sp332
Yes but this is unlikely given CF's response. If they were short on capacity
they wouldn't turn on two million people in one day and then ask for bug
reports.

------
ikeboy
Speedtest showing download speeds 3X slower (around 35MBPS vs 110).

On PIA, which costs me around $3/month when I buy yearly, I get around 75MBPS,
it does hide IP, and I can select the country and region I want. Also it's
available on my computer and on multiple devices at once.

I don't see the value of WARP+ at $4.99/month. Less features and slower.

~~~
cpeterso
Netflix's fast.com speed test on my iPhone:

    
    
      * Comcast without WARP:  460 Mbps
      * Comcast with WARP:      30 Mbps
      * T-Mobile without WARP: 500 Kbps
      * T-Mobile with WARP:    600 Kbps
    

Regular WARP doesn't claim any performance speedups, so I'm curious to see how
WARP+ compares. In the meantime, I will disable WARP for my home Wi-Fi.

~~~
mapniels
fast.com speed test on iPhone:

    
    
      * Hi3G (Carrier Aggregation) without WARP+: 39 Mbps
      * Hi3G (Carrier Aggregation) with WARP+:    39 Mbps
      * Hi3G without WARP+:                       12 Mbps
      * Hi3G with WARP+:                          32 Mbps

------
tosh
Super excited about 1.1.1. Warp.

kudos @ launching, have been waiting for this

How I see it: a well operated VPN service for whenever you trust Cloudflare
more than the internet connection you’re currently on (coffee shop or airport
wifi, co-working space, random mobile ISP when traveling or even at home, …).

Compare this to the current best alternative: difficult to evaluate VPNs
ranging from paid to free & non-trivial to set up.

Not saying there are no alternatives but even for me it is not easy to tell
which ones are actually better or in the same ballpark (@ trust, speed, ops-
skills, …) let alone for the longtail of users who would be better off with
something like Cloudflare than with a random shady VPN or nothing.

------
mr_puzzled
Really cool service. Using warp on my phone and it surprisingly makes a big
difference in locations with spotty 4G. Couple of questions :

* I read that cloudflare generates a unique id for each install and the purpose was to track referrals. Consider adding an option to opt out of the unique id tracking since some users will be concerned about it.

* Any plans to add an option to use an ip from cloudflare instead of my ip address being visible to the websites I visit, at least on the paid plan? I know this opens a can of worms dealing with abuse of the service which could lead to certain ip addresses belonging to cloudflare being blacklisted.

~~~
pedrocx486
Cloudflare has made pretty clear in this thread that they don't plan on
stopping the IP from being exposed, they also plan to expose to all sites,
even the ones on non-CF networks.

------
godelmachine
Would anyone kindly elucidate on the difference between Warp vs VPN?

I recently purchased Adblock by Futuremind from AppStore, since I got really
worried about my privacy. It has some features like local proxy DNS and
setting up new rules. I keep my VPN on all day.

Before that, I used to use Hotspot Shield since that was free. I used to get
only one server viz. USA.

I see internet speaks highly of NordVPN but that’s a whopping $85 which kinda
burns a hole in my pocket. They claim that PWC has done an audit on them and
confirmed that they don’t save users data.

Would someone here kindly guide me on the most reliable VPN out there, for
iOS?

Thanks in advance for sorting me out :)

~~~
iamd3vil
Don't ever user free VPNs and especially something like Hotspot Shield. You
can check [https://thatoneprivacysite.net/](https://thatoneprivacysite.net/)
for a comparison of VPN services.

I use Mullvad VPN which supports both OpenVPN and Wireguard(which is the
reason I use Mullvad) and costs 5 euros per month. You can use something like
Bitcoin to pay if you want anonymity.

~~~
godelmachine
Thanks for opening my cautioning about HotSpot Shield.

5 euros/ month sounds expensive but does it give a bigger bang for your buck?

~~~
iamd3vil
I think it does. If you want cheaper VPNs, you should checkout Private
Internet Access(PIA). If you subscribe for annual plans, you will get it
cheaper there. PIA doesn't support Wireguard protocol though.

~~~
godelmachine
Thanks for this.

I have already bought Adblock by Futuremind from AppStore. Went through
[https://thatoneprivacysite.net/](https://thatoneprivacysite.net/) didn’t saw
Adblock anywhere. Reckon Futuremind Adblock ain’t that good :(

May I ask on what basis you judge the reliability of VPN’s?

I can already see OpenVPN and WireGuard support, but apart from that, any
other major parameter?

Any doc I could read to understand VPN’s better?

Thanks again for taking interest in my issue.

PS - Are you talking about the VPN by Private Internet Access Developer by
Anonymous VPN Service and provided by London Trust Media, Inc on AppStore?

------
vijaybritto
Installed on android. Doesn't work. Says "connection interrupted". Looks like
it needs more work.

------
throwaway9d0291
I'd really like to use this on my computer. The article says it uses the
WireGuard protocol, can I just take the private key from my device, put it in
a configuration file and use it?

~~~
fnordsensei
They've said elsewhere[1] that they're are working on desktop apps. No time
frame yet.

If you can extract the endpoints, private and public keys, it _might_ work. It
would be considered unsupported and might be considered a violation of the
terms of use. Check the license agreement.

1: [https://community.cloudflare.com/t/warp-
desktop/79072](https://community.cloudflare.com/t/warp-desktop/79072)

~~~
judge2020
Note that while community MVPs (FD: I'm one of them) are generally good for
answers, they don't represent Cloudflare or speak for them.

That answer is correct, but official word is here
[https://news.ycombinator.com/item?id=21071258](https://news.ycombinator.com/item?id=21071258)

------
scoutt
Now that Cloudflare has their own VPN, will there be an increase in showing
those annoying captcha/challenge pages for connections made from every other
VPN/Tor?

~~~
rsync
I think it is more appropriate to say that Cloudflare has their own TOR ...

As I ask elsewhere in this comment section, I don't see why "warp" endpoints
won't be discriminated against the same way TOR endpoints are.

~~~
commoner
Tor masks a user's IP address, while Warp does not.

Warp endpoints will most likely not face the same kind of "discrimination".
However, Warp does not provide any anonymity, which is the main reason people
use Tor.

------
Animats
One backdoor to rule them all. They just have to be a target for NSA, the SVR,
and the Third Department. How would you audit Cloudflare to find that?

~~~
acdha
The same way you audit Comcast, Verizon, Starbucks, etc. This is changing who
you trust from many to a single provider but not otherwise removing the need
for legal reform.

------
kylehotchkiss
Super excited to give this a few month paid trial. I've seen time and time
again that Cloudflare takes the value of privacy seriously. Alternative VPNs
seem to be running on AWS or GCP anyways.

I spend a lot of time outside the USA and have privacy concerns a bit beyond
USAs typical data collection. I've been enjoying the 1.1.1.1 app since April
without issues.

I'd love to see the speed comparison examples soon!

------
gorbypark
I'm confused as to the difference between Warp and Warp+. Upgrading to Warp+
says it routes all your traffic through Cloudflare's servers. So I guess
regular Warp doesn't, then. Is Warp "just" DNS over HTTPS/TLS and Warp+ is a
more traditional VPN?

------
hecatoncheires
If I were to use a VPN I'd stick with providers with proven track records of
responding to court orders with empty logs, not the company with a CEO who
capriciously kicks sites off their platform in response to online mobs.

I'd also feel very uneasy with continuing to feed the consolidation of the
internet's traffic. Giving full control of your phone's routing to Cloudflare
is sold as improving performance, but what it also does is give Cloudflare a
lot of flexibility to pay less in transit costs and have a stronger position
for peering agreements. Today that might be good in preventing ISP shakedowns,
but very bad tomorrow if ISPs have to pay Cloudflare for the privilege of
accessing the majority of the internet.

~~~
sp332
This is funny to me because CF's previous reputation was that they'd do
business with anyone no matter how scummy. They're notorious for selling to
both sides when criminal gangs were DDoS'ing each other. But they terminate
service for a grand total of two sites and suddenly they're "capricious".

~~~
makomk
As far as I know, CloudFlare are still willing to provide service to all of
the DDoS services that let anyone with a few dollars knock any company which
doesn't buy from CloudFlare off the internet. They just don't have the excuse
that they're doing it out of some kind of belief in free speech anymore.

------
pingec
Since Cloudflare have their own network, would this be useful to use in
countries where they have a reliable home internet but poor (bad
latency/speed) links outside of the country?

For example would remote desktop from Thailand or Philippines to Europe work
more reliably?

~~~
jgrahamc
Probably. That's the sort of thing that WARP Plus can help with.

------
kev009
This is a huge technical accomplishment if you peruse the related blog post
[https://blog.cloudflare.com/warp-technical-
challenges/](https://blog.cloudflare.com/warp-technical-challenges/) around
network topology. If you compare CF to Fastly, Akamai, and LLNW (the other 3
publicly traded CDNs) CF is so much better staffed and managed it is mind
boggling to see how the others will remain relevant over a longer timescale.
CF is one of the few recent tech IPOs where I haven't rolled my eyes and
groaned. I used to work at one of the others so know quite a bit about this
industry and how far behind the major players are.

------
president
How does the end user know if WARP is actually working? As I understand it, a
regular VPN will mask your IP so you can tell very easily if you’re protected
by checking your externally reported IP. How would you know with WARP?

~~~
judge2020
It uses "connect on demand", at least on iOS, so iOS will block all traffic
that doesn't go through the VPN (other than a few iOS services iirc).

------
bigmattystyles
Damn, I thought they had switched to OS/2

~~~
nocman
Glad I'm not the only one who thought of that.

:-D

------
peterwwillis
> WARP, instead, is built for the average consumer. It’s built to ensure that
> your data is secured while it’s in transit. So the networks between you and
> the applications you’re using can’t spy on you. It will help protect you
> from people sniffing your data while you’re at a local coffee shop. It will
> also help ensure that your ISP isn’t hoovering up data on your browsing
> patterns to sell to advertisers.

Most of those consumers aren't aware of any of that, so if you want them to
use it, you'll have to pay for marketing to bring it to their attention. Is
that the plan?

~~~
lm28469
They also states:

> Before today, there were approximately two million people on the waitlist to
> try WARP. That demand blew us away. It also embarrassed us. The common
> refrain is consumers don’t care about their security and privacy, but the
> attention WARP got proved to us how wrong that assumption actually is.

~~~
asdkhadsj
I feel like that misses the point though. I'd be shocked _(and happily wrong)_
if a large portion of those 2M users are none technical average people.

If anything, all I would take from that number is that the tech crowd is
perhaps larger than people give it credit for. But I highly doubt that
waitlist expands highly beyond the tech crowd.

Happy to be wrong, though :)

------
cpeterso
The 1.1.1.1 app's original UI was nice and simple: just a big switch. But
trying to cram WARP and WARP+ into the same UI is confusing. The same switch
is now used to show and control multiple states: Disconnected, Connecting,
Connected to WARP, Connected to WARP+, and Paused. In addition, there is
redundant UI to switch between WARP and WARP+ in the "Additional Settings"
menu and to unpause on the main screen.

------
Zenst
I'll give it a go, still have 1.1.1.1 installed, though disabled/stopped using
it as upon my phone it just eat up battery. Kept trying on updates every now
and then, but same. Though beyond that, can't say I've bothered to dig/look
into it and figured due to my phone being a 3 year old mid-range affair, now
what you would call low-end - though QC 430 2GB Ram kinda works ok.

------
atonse
Great news! I'm still 155k on the warp waitlist since April. Is there a plan
to push the waitlist along?

I'd love to get my non-tech family on this.

~~~
zackbloom
Yes, we are running through the waitlist now. Our hope is to get everyone
activated today.

~~~
atonse
Awesome, thank you :)

------
bithavoc
Love Warp, I was lucky enough to get into their Beta program via Testflight
and it's been great and stable. many times I disabled it thinking my internet
is broken because of Warp VPN and turns out to be my provider or wifi that is
just down.

I wish they provided a desktop version, or at least to change all the traffic
from my central MikroTik router to use Warp.

~~~
xeroaura
This might be interesting to you for running on desktop (its for Mac, but
probably can do something similar for Windows?):
[https://twitter.com/saurik/status/1176893448445558784](https://twitter.com/saurik/status/1176893448445558784)

------
Sami_Lehtinen
Nobody mentioned IPv6 support yet. It's nice as well. There are many VPN
providers out there without IPv6 support.

------
acdha
This looks like a neat idea but I’ve haven't gotten it to connect on two WiFi
networks or T-Mobile LTE. The one thing which could explain that is it showing
me as having 0MB of WARP+ but there’s no way I’m paying before I can test it
and it seems pointless if it requires the network provider to enable it.

~~~
steveklabnik
You should file a bug from within the app; you don't need WARP+ to use Warp
and it shouldn't require anything from your provider.

~~~
acdha
I did, and was later able to connect using LTE so I suspect this is due to UDP
being blocked on those WiFi networks but I don’t have an easy way to confirm
that other than seeing the timeouts in the logs.

------
kevincox
One nice thing about this is that it allows accessing IPv6 sites over and
IPv4-only connection.

I'll definitely be using this as I can only connect to my house via IPv6 and
my mobile provider doesn't offer it. This means that I can just toggle on the
VPN for when I need IPv6 connectivity.

------
fc_barnes
I'm confused about who sees what IP when. I'm also confused about the
bandwidth limits on plus. Having essentially two products blended together,
and using new technology that behaves uniquely, makes the communication lift
here that much heavier.

~~~
judge2020
Plus uses their priate backbone, so it costs them money to send traffic
through it.

The IP discovery is currently only available for CF websites:
[https://news.ycombinator.com/item?id=21070828](https://news.ycombinator.com/item?id=21070828)

------
cocoggu
Works fine in Beijing, thanks!

~~~
AznHisoka
Are u able to browse blocked sites with it on? IE Gmail, Youtube, etc.

------
cj
I signed up for Cloudflare Warp last night.

Any idea why iOS apps seem to not want to update using Warp? I’ve noticed the
same when using other VPNs (including on Android).

I disabled Warp this morning after the Apple App Store wouldn’t update apps.

------
antpls
Tried on Android 9, installed the VPN and turned on "always-on" mode and
"disallow non-VPN connections". Telegram and Instagram stopped to work, so I
uninstalled.

------
dang
[https://news.ycombinator.com/item?id=21070315](https://news.ycombinator.com/item?id=21070315)
is a related post.

------
hdivider
I love it. You _always_ have to make privacy and security tradeoffs -- and to
me WARP is a promising initiative.

Question: is there an OSX version? Or am I just blind? :)

~~~
steveklabnik
Elsewhere in this thread the folks who work on this have stated that there are
plans for desktop versions in the future.

------
ummonk
Congratulations on launching another great feature! I've been patiently on the
waitlist for a very long time now, and it's great to see it out now!

------
fooey
I wonder if there's any chance they'll add an ad blocking feature.

I'd probably give WARP a shot but I'm not willing to give up DNS66 to switch
over

------
gregimba
> days before the April 1 planned roll out. Please don't launch actual
> software on April 1st.

------
sb057
Does WARP block access to websites that Cloudflare has specifically denied a
platform to their other services? It only makes sense that if they refused to
do business with a website because they are "an environment that revels in
violating [the spirit of anti-hate law]" that they would also prevent end-
users from accessing it under the same grounds, no?

------
sascha_sl
Argo is really cool... and also really unaffordable and solving a problem we
wouldn't have in the first place if "net neutrality" was something tier 3 ISPs
took seriously and stopped routing me across the world to save a few cents
because one of their upstream provider provides cheaper bandwidth on a less
congested route.

------
lone_haxx0r
After they abandoned 8chan, I don't think I'll ever trust this company again.

------
acd10j
Can't connect to Warp+ and Warp on phone when connected with office Wifi
Network.

------
toothandtail
My upload speed is horrendous using this. Usually 15mb now 0.72?

------
RyanShook
Having a hard time seeing why consumers want or need this.

------
leoplct
Can you tell me a what I am risking not using WARP?

------
hckrzulu
How would this work together with nextdns.io?

~~~
ac29
On Android it doesn't appear to override private DNS settings, so its working
just fine for me with Adguard DNS. I think nextdns works the same way.

I'm surprised, but pleased that you can use WARP without 1.1.1.1 DNS.
Hopefully thats not a bug.

~~~
hckrzulu
On iOS it doesn't seem to work. It's either WARP or nextdns. A quick google
search taught me all "custom" dns setups on iOS require some sort of VPN-like
solution (very much like the nextdns.io iOS app does).

Back to nextdns then, has more value to me.

------
lighttower
Does anyone know if it breaks VoWifi?

------
sabujp
what is this exactly? proxying all your data through cloudflare or just dns
traffic?

------
WhompingWindows
Can someone here give me a layman's rundown of WARP and why I might want to
use it on my Android phone?

~~~
Pfhreak
When you use the internet, your ISP (and some others) can see where you are
going. They might sell that info to advertisers, or you might be blocked from
accessing some websites depending on your country.

Warp essentially shields where you are going. The only folks knowing where you
go are you, your destination, and Warp.

Warp+ also gives you access to a private, faster network.

------
stunt
Nothing is free!

------
OrgNet
is that a VPN? why did it take so long to implement as they stated multiple
times?

I try to avoid Cloudflare if I have an option because they are getting too
big.

------
xwdv
Just a reminder that Cloudflare is now a publicly traded company, and if you
would have bought at the IPO at $18 you would be up 15% by now, with more
expected to come.

------
quotemstr
I'm sure as hell not going to trust Cloudflare with my DNS, and I'm especially
not going to route all my traffic through them. That company shredded its
credibility. Centralization _always_ leads to corruption.

------
sigmar
[In order to not spread bad info I'm deleting my paragraph where I
misunderstand what WARP is]

Even this blog post is confusing "From a technical perspective, WARP is a
VPN." Then contrasts WARP with a "traditional VPN"

~~~
zackbloom
This is incorrect. WARP is the VPN, WARP+ is a series of routing enhancements
designed to improve performance. Sorry for the confusion, clearly we need to
explain it better.

~~~
sigmar
Ah. I turned on WARP, then googled "what is my ip?" and it is returning the IP
address that I had before turning on WARP. Is that not the intended behavior?

edit: read your other comments and see this is (in some circumstances)
intended behavior. I don't think you should claim WARP is a VPN if you aren't
offering privacy from the endpoint. Perhaps the app should say "your browsing
traffic is now private" rather than "your internet is private."

------
GauntletWizard
I did a ctrl+f for "Onavo" and got nothing, so I'm going to say it loudly and
publicly: There's no such thing as a free (lunch) VPN. Sure, Cloudflare has a
premium product available, but the availability of a free version (not a free
trial) means that, most likely, you're not the customer - You're the product.
Your data, your browsing history, encrypted though they may be, are valauable
to Cloudflare.

