One of the main pieces of advice that security professionals often give to those who are less technically inclined is to avoid connecting to public WiFi networks, because they’re open to everyone, including attackers. People often ignore that advice in the name of convenience (and not going over their mobile data limits) so Cloudflare is rolling out a new free service that encrypts all of the traffic from mobile devices while also helping to speed up those connections.
The service is an add-on to the company’s existing DNS service, called 1.1.1.1, which Cloudflare introduced last year as a way to give organizations and individuals a faster and more secure option for DNS queries. A few months later, Cloudflare launched a mobile app for 1.1.1.1 that brought the same functionality to phones and other mobile devices. That app relies on Cloudflare’s massive content delivery network and the company’s own DNS resolver, as does the new service, called Warp, which essentially works as a drop-in replacement for the cleartext connections between a mobile device and remote servers, but with one important addition: encryption.
Warp is functionally a virtual private network (VPN), providing an encrypted connection between a mobile device and the edge of the Cloudflare network. The service is designed mainly for individuals who may not have detailed knowledge of security or why they would need a VPN. Whereas the 1.1.1.1 app as it stands provides security for DNS queries, Warp adds encryption for all of the device’s traffic.
“This doesn't just apply to your web browser but to all apps running on your phone. Any unencrypted connections are encrypted automatically and by default. Warp respects end-to-end encryption and doesn’t require you to install a root certificate or give Cloudflare any way to see any encrypted Internet traffic we wouldn’t have otherwise,” Matthew Prince, CEO of Cloudflare, said in a post announcing Warp Monday.
“Unfortunately, a lot of the Internet is still unencrypted. For that, Warp automatically adds encryption from your device to the edge of Cloudflare’s network — which isn’t perfect, but is all other VPNs do and it does address the largest threats typical Internet users face. One silver lining is that if you browse the unencrypted Internet through Warp, when it’s safe to do so, Cloudflare’s network can cache and compress content to improve performance and potentially decrease your data usage and mobile carrier bill.”
Like 1.1.1.1, Warp takes advantage of the huge network Cloudflare has built around the world. That network was designed to deliver content to clients as quickly and efficiently as possible through direct peering connections throughout the world. The security foundation of Warp is the WireGuard VPN protocol, which was designed to be faster and more lightweight than existing VPNs. The initial release of Warp is free and is meant mainly for individual use, but a premium version is in the works, known as Warp+, as is an enterprise version. That service will use Cloudflare’s virtual private backbone and will require a monthly fee, which will vary depending upon the region.
“Hokey as it sounds, the primary reason we built Warp is that our mission is to help build a better Internet."
There are other DNS services similar to 1.1.1.1 available, including Quad9, which is supported by a large coalition of technology companies, and Google Public DNS. Both of those services are designed primarily with desktop computing in mind, though, and don't include a VPN service.
Traditional desktop and mobile VPNs tend to be very resource-intensive, slow, and kludgy. The slowdown VPNs often cause can usually be tolerated on fast networks, but on slower mobile networks, VPNs can be all but unusable at times. And if it comes to a choice between usability and security, usability will usually win out.
“We realized a few years back that providing a VPN service wouldn’t meaningfully change the costs of the network we're already running successfully. That meant if we could pull off the technology then we could afford to offer this service,” Prince said.
“Hokey as it sounds, the primary reason we built Warp is that our mission is to help build a better Internet — and the mobile Internet wasn’t as fast or secure as it could be and VPNs all suck. Time and time again we've watched people sit around and talk about how the Internet could be better if someone would just act. We're in a position to act, and we've acted.”
Right now, Warp is in an early phase of release and individuals can sign up for a waiting list through the 1.1.1.1 app on iOS or Android. As of Monday afternoon, the waiting list already had more than 160,000 people on it. A Cloudflare spokesperson said the company doesn’t have a specific timeline for introducing the enterprise version of Warp and that it would likely be a few weeks before the current waiting list begins to dwindle as people are onboarded, and have it available for everyone on the list by the end of July.
“While companies require their employees to install and use VPNs, even the next generation of cloud VPNs are pretty terrible. Their client software slows everything down and drains your battery. We think the best way to build the best enterprise VPN is to first build the best consumer VPN and let millions of users kick the tires,” Prince said.