
Cloudflare's CTO Wants to Shake Up How We Think About VPNs - ilarum
https://www.pcmag.com/news/367881/cloudflares-cto-wants-to-shake-up-how-we-think-about-vpns
======
tptacek
Is this an entire story about Warp, which is what I understand Cloud Flare to
have named their Rust fork of WireGuard, that does not once mention WireGuard
or Jason Donenfeld? Jason is the hardest working person in show business. A
"thank you" might be nice, even if Cloud Flare can't work up the class to
contribute directly to Jason's projects. Even if they're not using his code,
they're using his design and formal verification work, which, in a
cryptosystem, is at least as important.

~~~
jgrahamc
I don't control what parts of an hour long interview a journalist publishes. I
told the journalist about WireGuard and talked about its modern crypto, good
performance and nice roaming capabilities.

------
rahimnathwani
This headline reminded me to check my position on the waiting list. On April
1st, I was at #166319. Now I'm at #166208.

If they keep adding capacity at the same rate, I should get access about 100
years from now :(

~~~
watersb
My wait-list number has dropped by half since I signed on. There is hope.

~~~
rahimnathwani
Did the number drop by more than 211 in the last 25 days?

If so, the wait list isn't a simple FIFO queue.

~~~
wqwh
It should not be a FIFO. They probably want diversity of countries, ISPs,
devices, etc. According to your profile you're located in China so they're
surely not short of Chinese test subjects for a VPN ;)

~~~
rat9988
It's either a FIFO or the message you are #xxxxx on the waiting list is
bullshit.

------
client4
Cloudflare is a MiTM on the internet at large.

~~~
madeofpalk
What about Akamai or Cloudfront?

Cloudfront certainly aren’t the first CDN, and I highly doubt they’re the
largest.

~~~
ridgewell
Cloudflare uses a reverse proxy design for its CDN features.

~~~
acdha
As do Akamai and CloudFront. It’s not a MITM when it’s a contracted service
sites choose to use rather than an attack.

------
ignoramous
> _But it would definitely be good for the public to understand, at least to
> dismiss this notion that the internet is a free-for-all. It 's not, in
> itself, resilient against interference._

> _And would you want that freedom? I wonder if the individual ultimately
> would. Maybe there are things governments should be protecting us from. That
> 's a valid discussion that should be had._

Governments, of the past, of the present, have left us with plenty evidence
that they are perfectly incapable of _protecting_ their citizens when it
doesn't serve either their collective self-interest or the interest of whoever
they happen to _serve_ at the time. Imo, there is literally no alternate
reality where handing the governments unabated control ends well.

\- For starters, the govts don't even _get_ technology.

\- As a parallel to the Internet, look no further than the regulations, the
standardisation processes that plague the telecommunications industry (who are
under influence of the governments world-wide and are actively trying to
wrestle the control of the internet away from traditional bodies). It's clear
who wins (hint: not the end consumer, and occasionally the governments sneak
in backdoors).

There's a reason BigTelco is what it is today (a no-escape surveillance
dragnet). It'd be sad if the Internet plunges to such depths.

I'm glad initiatives like tor, i2p, ipfs, datproject, freedombox, nyc-mesh,
community-broadband, matrix.org are trying to solve the problems in a myriad
of ways. The threat of govts meddling with the Internet irrevocably is real
though, esp since a functioning Internet requires quite an expensive yet co-
operative infrastructure which is, for all intents and purposes, in control of
the BigTech... but I don't see why individuals world-wide should go down
without a fight to keep the Internet as neutral as they can, while they can.

\--

That aside, I'm interested to know if anyone has seen any huge latency
difference between using Cloudflare Warp and using Wireguard behind Google's
GlobalLoadBalancer or AWS' GlobalAccelerator (or equivalent
StackPath/Cloudflare offering)?

~~~
smt88
> _Imo, there is literally no alternate reality where handing the governments
> unabated control ends well._

IANA, which controls domain names, is in the US, which means it's technically
under the complete control of the US government. That means the civilian-
facing Internet and World Wide Web are under the complete control of the US
(and always have been, as far as I know).

> _For starters, the govts don 't even get technology._

The US govt did all the research that led to the current Internet. The World
Wide Web was invented at CERN, another governmental organization.

Many of the major advances of the 20th century were funded, organized, and run
by governments.

If you meant to say that _legislators_ don't even get technology, that would
be a lot more valid. But legislators (in the US) provide funding to people who
are at the forefront of their fields.

~~~
ignoramous
Thanks. Valid points but when I said governments I didn't just mean the US
government. Besides, if history is any indicator, the governments (including
democratic ones) are happy to turn a blind-eye to any and all important
legislations when it make sense for whosoever is at the helm or in power at
the time.

------
cobbzilla
"Do you really want that? What if you can't take down the website? Daily
Stormer is really interesting; we shut off service for it, but you can go to
Google and read it."

I don't even know what type of content is on Daily Stormer but I presume it is
controversial. I find this quote just a tad disingenuous. I understand
Cloudflare is well within its rights to decide there are certain companies
they won't work with, but to say this causes no harm whatsoever isn't entirely
true.

There are very few CDNs that can withstand a DDOS attack, and certainly very
rare for a small publishing company to have that capability in-house. If the
content you want is under a DDOS attack and unavailable because no CDN will
carry it, then yeah, that would kind of suck.

One can always publish to various P2P platforms that are highly DDOS-
resistant, but now the audience has some more work to get to it; it's a
barrier. Not an impassable one, but a barrier nonetheless.

For the record, I like Cloudflare, but I also really love free speech. The
quote struck me as overly minimizing.

~~~
anarchodev
It's a neo-nazi/white nationalist forum. It's still active I believe behind
Tor, but not nearly as accessible, far fewer people actually participating.
We're in an era where young men radicalize each other on message boards like
these until one of the truly unhinged members heads to a synagogue to murder
people worshiping. As we've seen so many times in the past year, they'll often
post before they do it, leaving behind a manifesto and a crowd egging them on
to get a "high score."

I wish this was actually an outlier and not very common, but unfortunately if
you monitor these forums you'll see men working up the courage to commit a
mass murder of their own every single day.

In my opinion we should try to put as many barriers we can in front of these
types of communities, and it sucks that cloudflare is still working with some
of them.

~~~
cobbzilla
yeah that is pretty controversial stuff! I guess for me this falls into that
fringe category of stuff that really should best be only found by those truly
seeking it, so I’m morally OK with barriers without total censorship. But I’d
also like to think more about how to help those people who get sucked into
such things. The more private it becomes, maybe the harder it is to see &
help?

All that said I still stand by my original comment, there is a chilling effect
on free speech, not to be so glibly dismissed.

------
mark212
Perhaps off topic but this was very difficult to read because PC Mag’s
advertising was constantly changing sizes. Thank God for Reader View or I’d
have abandoned it early

~~~
ignoramous
Often I find myself using outline.com as a mirror:
[https://outline.com/TSWvsv](https://outline.com/TSWvsv) (I realise, the same
reason you do not use an ad-blocker might stop you from using mirrors).

------
intellix
"Not looking to get around country-blocks" \- yep, as found it does not work
in China

------
formercoder
I’m not very familiar with this topic. Would this be considered a competitor
to perimeterless security like Google BeyondCorp?

~~~
ignoramous
Something like zscaler's ZIA [0] is in the same ballpark as BeyondCorp, or so
I think. Cloudflare Warp is basically a CDN turned on its head: Security and
privacy are a huge bonus, whilst low latency and high bandwidth remain its
salient features. It is more like the Silk Browser [1], the Opera Turbo/Mini
[2], or the Chrome FlyWheel [3] but operating at the network layer, and across
all apps.

[0] [https://www.zscaler.com/products/zscaler-internet-
access](https://www.zscaler.com/products/zscaler-internet-access)

[1]
[https://news.ycombinator.com/item?id=3215778](https://news.ycombinator.com/item?id=3215778)

[2]
[https://en.m.wikipedia.org/wiki/Opera_Mini#Functionality](https://en.m.wikipedia.org/wiki/Opera_Mini#Functionality)

[3]
[https://ai.google/research/pubs/pub43447](https://ai.google/research/pubs/pub43447)

------
ikeboy
I'm just waiting for them to clarify if they're ok with torrenting over their
VPN.

------
LinuxBender
I will stick with a couple VM's in a couple countries and tinc vpn + ssh
client for remote access. I can destroy and recreate them periodically to
change out IP addresses.

------
rixrax
I installed 1.1.1.1/warp+ a day or two after April 1st. My waitlist number has
stayed at 243635-something for a couple of weeks now.

Anyone know at what pace they’re letting new users in?

------
skybrian
"We're not looking to compete with the free" \- this seems garbled. Any guess
what he meant?

~~~
jgrahamc
I agree but I don't recall what I was saying.

------
saurik
(All of the comments on this post say they are from 10-15 minutes ago, but I
remember reading them hours ago, and Algolia shows they were made days ago.
<\- For potential future reference, my/this comment was posted at 3:42pm
US/Pacific on April 28th of 2019.)

~~~
rachelbythebay
View the same comments from the profile page of their authors and they’re days
old. This feels like some zombie post resurrection trickery with the time
stamps.

dang?

~~~
dang
"Zombie post resurrection trickery with timestamps" is on the nose.

See
[https://news.ycombinator.com/item?id=11662380](https://news.ycombinator.com/item?id=11662380)
and my answer to saurik above.

------
lathiat
VPNs for everyone - literally the worst idea of all time

~~~
ignoramous
ISPs/Carriers are MiTMing all kinds of traffic [0]. A VPN that promises to
protect you from this, in addition to offering low latency due to their
superior network and routing tech, might be a big plus, too [1][2]. I think
its too early to dismiss VPN-for-all as an idea dead in the water. Time will
tell. From what I know and what I've read so far, Warp might indeed be the VPN
that you've wanted all along but never knew.

[0]
[https://techscience.org/a/2015103003/](https://techscience.org/a/2015103003/)

[1]
[https://patents.justia.com/patent/9736710](https://patents.justia.com/patent/9736710)

[2]
[https://patents.justia.com/patent/20170086092](https://patents.justia.com/patent/20170086092)

------
graphememes
Cloudflare just wants access to your traffic info to resell it.

~~~
angott
Source?

