There goes me and my co-founder's plan of disrupting the Mobile VPN market. Or may be, we still have a chance?
Anywho, congratulations Cloudflare! I long held an opinion that the VPN market was ripe for disruption when I looked at privacy policy of some of the top players. Having analysed the market, I find that its defragmented with no clear run-away winner. I hope you're able to make a headway with all the interesting innovations that you plan to offer on top of it.
Here are some ideas that I had in mind for a Mobile VPN:
1. Ability to run a dns-blacklist, tag-based blacklist, and a ip-firewall at cloudflare's end (not on the end devices). May be you could add that as an option to your wrap+ product?
2. Auto change exit IPs underneath the covers.
3. Take over the dialer and route calls over IP whenever possible.
4. Provide ability to analyze traffic on a PC.
5. Track and warn mode per app, where the traffic is analysed for a particular app to generate a report on what its doing and how much.
Basically, bring enterprise-grade security to the end consumer.
First, thank you for the first implementation when the app was just 1.1.1.1 Ive been using it for a while.
Not sure if you can answer this question, but are the performance benefits still there in conjunction with utilizing the VPN google uses to encrypt traffic with google fi? This announcement mentions they have 2x the latency in comparison to WARP, but did not mention specifically which google VPN technology (not sure if they have multiple) but I assume something mobile related since this is a mobile application.
If I use the WARP app in conjunction with google fi, am I layering this VPN on top of the 2x latency of google fi, thus slowing down WARP VPN to gain then the other performance benefits of optimized network switching of google fi?
Neither project is open source (that I know of) so it is hard to understand how the implementations overlap or not with one another. I also am not an expert in VPNs so maybe this is not a good question, but I find myself reading Cloudflare's blogs alot and couldn't help but ask.
I’m not sure, and I think you’re kind of off-topic for this particular sub-thread, but we’ll have a ton of performance data across a matrix of device, software, and network operators. And, when we do, we’ll definitely publish it.
My biggest concern with any VPN is: do I trust you? I’ve been reluctant to sign up with any of these VPN services that seem to be advertising everywhere nowadays because I don’t know what they’ll do with my internet traffic.
The CloudFlare VPN is interesting to me because they’re a large, established company with a good reputation, so I trust them more than TunnelBear or ExpressVPN or PIA or whoever’s sponsoring YouTube this week.
If there was a way you could offer a product or service that provided a compelling case for why you won’t (or better yet can’t) snoop on my internet traffic, I’m all ears. Everything else is just gravy on top.
We thought about the trust aspect of it (we have gone through numerous VPN related threads here on news.yc and r/privacy and this has been one of the top concerns). Here's how we plan to convince folks (in our own naive way) we mean business (do serveral or all among):
1. OpenSource vpn server and client, with ability to Cloud-SSH to the server and view what's running.
2. Hands-off, one-click, spin up VPN servers on a VPS of your choice under your control, Streistand/Algo style [0][1], but find a way to provide support (think AWS marketplace).
3. Make privacy-centric commitment legally binding as part of EULA/ToS (is this sufficient?).
4. Run client-side only VPN (like intra, blockada, netguard). The idea is you're still able to analyse traffic and add blacklists client-side, without having to pay for or run a VPN server.
Sounds a bit like what Google / Alphabet / Jigsaw are already doing with Outline, but I still think there’s major opportunity there for a transparent and decentralized one-click service. Especially when you add in #4.
For some reason, Outline is still mega-targeted at journalists and activists when it could be so much more — it’s been an absolute joy to use so far, and being powered by Shadowsocks certainly doesn’t hurt.
Thanks. Yes, you're right. Not just Jigsaw (who are excellent, and I've been recommending their DNS app, intra, on news.yc for as long as I can remember), there are multiple other companies in this space (SecureMix, TheGuardianApp, KeepSafe, CopperheadOS, Proton mail/VPN, AdGuard), but not everyone is quite doing what I have in mind related to fighting trackers and censorship with a focus on 'one click and you're done' kind of simplicity (?)
I hope to get something ready to show you guys here on news.yc in may be 3 to 6 months from now.
True. That's the part where we might need to think hard: A business plan. We haven't thought that far yet, tbh.
Our intention is to: Put the control of the mobile device back in the hands of the consumer and empower them with simple but powerful tools. Think keybase, Stripe, or pre-2014 WhatsApp in terms of UX.
Mobile VPN is key part of that vision, including building other apps around it.
A lot of things triggered this:
1. The prism/carrier-iq snafu from 7yrs back.
2. The uptick in government censorship prevelant in multiple nations (India, Turkey, Pakistan, Russia, etc).
3. Rise of app-economy and the relentless tracking behaviour that entails, esp from Facebook.
5. Not very many firms developing products like DuoSecurity did but for the end-consumer. There's a few I could find, like SecureMix (glasswire developer), Objective-See (LuLu Firewall), Jigsaw (primarily for journalists?), Purism, and KeepSafe.
Another way would be using some trusted computing technology [1] to do that. This would be a good use case for some kind of remote attestation. (Shameless pug: I did my Ph.D. thesis on this, so if you want to discuss this point, cloudflareatvernizzisdotit ;-) )
CF's reputation is terrible[1]. They are trying to MiTM the entire internet, and frustrate attempts to access some of the most important information online( including but ont limited to evidence of the holocaust, sexual health information and climate change ). They are practically a threat to humanity itself at this point - you shouldn't trust them worth anything.
The cynicism is fair and I can see where it comes from, but cloudflare CTO, jgrahamc, has replied elsewhere in this thread [0] why tor is a difficult scenario for cloudflare to handle. They did promise to make life easier for tor users but the abuse over tor is apparently relentless, according to them.
Yep, agree. Though, I thought it was an important factor for us when we are bootstrapping to consider if we are heading straight into a monopoly that we can't defeat.
Have you already started on this concept? Myself and our team are working on some of the ideas you listed for an upcoming app (https://itunes.apple.com/us/app/guardian-firewall/id13637963...). It would be great to chat further, if you have interest in working on this concept (e-mail is will.strafach@guardianapp.com).
Designing a reasonably secure and reliable mobile VPN has been a very difficult challenge to get right. If you look at existing mobile VPNs through a tool such as Charles Proxy or Burp, you will see that none of them really appear to be designed very well. There are many unsolved technical problems with managing and scaling such services, likely avoided by existing providers due to how easy the issues are to mask. That said, Cloudflare’s cautious approach with Warp gives me some confidenxe that they really are trying to do this right.
Nice. GuardianApp is very close to what I had in mind. Great landing page, btw!
> Have you already started on this concept?
Initial stages where we have looked at OSS projects to fork for a quick prototype, with our focus being exclusively on Android, and not just limited to VPN.
> Designing a reasonably secure and reliable mobile VPN has been a very difficult challenge to get right.
Thanks for the heads-up. From usability point-of-view, I've seen my share of VPNs mess up and sink hole all traffic. On one ocassion, an app simply refused to get past its loading-screen unless I turned off VPN.
> It would be great to chat further, if you have interest in working on this concept.
I don't think what we're offering instantly takes over the entire VPN market. VPNs mean different things to different people and I'd imagine you can find a valuable market that provides things that we don't.
I find amusing that ‘defragmented with no clear winner’ is what I want in most cases as a customer and what most startups see as an ‘opportunity for disruption’ (read “opportunity to dominate the market”).
Anywho, congratulations Cloudflare! I long held an opinion that the VPN market was ripe for disruption when I looked at privacy policy of some of the top players. Having analysed the market, I find that its defragmented with no clear run-away winner. I hope you're able to make a headway with all the interesting innovations that you plan to offer on top of it.
Here are some ideas that I had in mind for a Mobile VPN:
1. Ability to run a dns-blacklist, tag-based blacklist, and a ip-firewall at cloudflare's end (not on the end devices). May be you could add that as an option to your wrap+ product?
2. Auto change exit IPs underneath the covers.
3. Take over the dialer and route calls over IP whenever possible.
4. Provide ability to analyze traffic on a PC.
5. Track and warn mode per app, where the traffic is analysed for a particular app to generate a report on what its doing and how much.
Basically, bring enterprise-grade security to the end consumer.