Hacker News new | past | comments | ask | show | jobs | submit login

I can no longer edit the comment, but I've just tested the Firefox extension, and both CF-Connecting-IP and X-Forwarded-For are set to a Cloudflare IP address, so the user's IP address is hidden. CF-IPCountry contains the location of the Cloudflare IP address.

The requests appear to be routed through the nearest Cloudflare data center [1], so the service likely reveals the coarse location of users through these proxy IP addresses.

I do not have an Enterprise account to check the True-Client-IP [2] header.

[1] https://www.cloudflare.com/network/

[2] https://support.cloudflare.com/hc/en-us/articles/206776727-W...

Damn. So you need an Enterprise account in order to determine whether this thing reveals users' IP addresses. And that probably isn't cheap, and can't be created anonymously.

Someone from Mozilla really needs to clarify this.

True-Client-IP looks like an alias for CF-Connecting-IP, so far everything points to the design goals of Firefox Private Network being respected.

If that's true, those goals are dangerous, and not clearly disclosed. They should prominently disclose something like this: "This extension does not hide your IP address from websites that use Cloudflare." And not leave it for people to discover that themselves.

The extension does hide the user's IP address from all websites, as stated in their marketing material and privacy policy. What it cannot be used for is to evade geoblocking, which is also stated in the privacy policy.

> What it cannot be used for is to evade geoblocking

By it you mean Firefox Private Network or Cloudflare Warp?

It would be disappointing if either are unable to help circumvent censorship.

To answer my own question, Cloudflare has made it clear that Warp / Firefox Private Network can't be used to access geo-blocked content like on Netflix. It may; however, help bypass government censorship not enforced by web entities themselves.

If it hides user's IP from all websites, how can it not be used to evade geoblocking? Where in the setup would evasion of geoblocking be prevented?

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact