PLEASE NOTE: If you see this text, it means that certain resources could not be loaded and the website is not displayed correctly. This can happen when browsing on Apple devices (iPhone, iPad etc.) due to a bug in their software. Try the refresh button to reload this website, or use a different device not running Apple's iOS. Stop using Apple products.
Type what you’re looking for and press Enter.
Evil deplatforming Cloudflare

I don’t trust Cloudflare’s App and Warp VPN

Cloudflare announced their new VPN product called Warp, which is based on their own implementation of WireGuard. This product seems to fit into their general strategy of wanting to man-in-the-middle (MITM) themselves into most of the traffic on the Internet, like I discussed in a previous post. As I explained there, they did the same thing with IPFS as well.

Knowing their willingness to deplatform people and block content, it would be stupid to trust them with your Internet traffic. The fact that they also refused to work with Jason Donenfeld (at least so far), the creator of WireGuard, seems highly suspicious in light of their history. Here’s what Donenfeld wrote on the WireGuard mailing list:

Each time it came up, I asked them [Cloudflare] if they’d consider working with the WireGuard project itself, and they’ve repeatedly refused. They have insisted on remaining separate and expressed that they don’t want to work as part upstream. I expressed various concerns about unity of community and compatibility of implementations, as well as vision for simplicity and security, but they were pretty adamant about remaining separate. I thought the invitation to put their engineers as the head of a WireGuard subproject was a cool invitation, but alas. That’s a bummer, but that’s how it goes; folks are entitled to do what they wish with software they make. I guess they’ll make products or something and control is important to them; I just hope they don’t fragment or otherwise yank WireGuard in unfortunate directions with their access to vast engineering resources. It remains to be seen how they’ll use it or what their objectives are.

Although Cloudflare mention using WireGuard in their blog post, they didn’t even have the decency to link to the official WireGuard website. You probably shouldn’t go looking for it, you see, they want you to use Cloudflare’s implementation instead. In their blog post about Warp, Cloudflare promises that:

The App with Warp will continue to have all the privacy protections that launched with, including:

1. We don’t write user-identifiable log data to disk;

2. We will never sell your browsing data or use it in any way to target you with advertising data;

3. Don’t need to provide any personal information — not your name, phone number, or email address — in order to use the App with Warp; and

4. We will regularly hire outside auditors to ensure we’re living up to these promises.

The question is, can you trust them? Do you want to take the risk of trusting them? Keep in mind that if you use their Warp VPN product, they will be able to see and inspect all your Internet communications, and will  be able to block you from visiting certain websites if they want to. Or perhaps even serve you a completely different version of a website without you realizing it. And yes, this is a possibility for every VPN out there, not just Cloudflare’s Warp. But again, the thing about Cloudflare is that they have already demonstrated to act contrary to their promise to “protect” their users from attacks. They have demonstrated to break promises, just like other corporations such as Facebook.

So instead of being stupid enough to trust Cloudflare, I strongly advise using an official implementation of WireGuard.

Additional Notes


  1. Cloudflare proves they can never be trusted — Karel Donk (05/08/2019)
  2. Cloudflare’s WARP ‘VPN’ isn’t private nor safe; Don’t use it — Karel Donk (27/09/2019)


There’s one response. Follow any responses to this post through its comments RSS feed. You can leave a response, or trackback from your own site.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.