Security on Wifi networks

I use only the Gateway DNS filtering, so I wanted to know, is the encrypted DNS filtering of the Gateway enough for security on Wifi networks or do I need a VPN?

Enough for security for what?

1 Like

Security from attackers, snoopers who try to steal info from people connected to the same network…

Do you mean WiFi ?

Yeah…

DNS filtering only provides encryption for the DNS traffic. If you want to encrypt your other traffic you would need to enable Warp mode

1 Like

Yeah but warp/vpn doesn’t provide any end to end encryption right? It only encrypts traffic upto the server point. From there on the traffic flows as normal. So all it does is hide the online activities from the ISP. It doesn’t exactly provide complete encryption for all traffic.It doesn’t exactly add encryption to the already present encryption of other traffic or doesn’t exactly encrypt any traffic that doesn’t support encryption like HTTP(it only encrypts it upto the server point). Dns encryption encrypts the DNS traffic and the rest is based on whether the type of traffic supports encryption or not.

As opposed to what?

Right.

Unless you control every endpoint you are communicating with no solution VPN or otherwise does.

Yes it does.

Right…. Which given that you asked if DNS only encryption was sufficient on a Wi-Fi network for security is /well/ beyond what DNS only filtering provides.

Not if you enable Warp mode which was my point. Warp mode is a VPN so whatever it is you think a VPN does that Warp mode doesn’t is likely in error.

I understand warp is just like a VPN. What I am trying to say is, the encrypted DNS , encrypts the DNS and the rest is encrypted whenever its supported anyways.So, probably a VPN doesn’t really provide any additional benefit in terms of security. All it does is unlock geo restricted content and provides privacy from ISP and other such entities.

Warp doesn’t get around geo restrictions. It’s not the type of VPN that lets you select exit nodes.

There is one extra bit it helps with: Without a VPN, your ISP can still most likely see which hostname you’re connecting to as HTTPS negotiates the encrypted connection due to SNI.

Here’s a slightly outdated article, but it does briefly explain why:

Yeah, I know, that’s why I said that the Vpn/warp helps in improving privacy but doesn’t probably offer any additional security benefits.

No.

No.

1 Like

Could you pleeeassse elaborate on why you say no? :pleading_face:

What part of “no” was unclear?

I was asking why you said no to “All it does is unlock geo restricted content and provides privacy from ISP and other such entities.” ? Does it do more than that? Does it provide additional security than DNS over TLS?

And why did you say no to “I said that the Vpn/warp helps in improving privacy but doesn’t probably offer any additional security benefits over an encrypted DNS filtering” ? Did you mean to agree on this statement of mine?

No.

Perhaps read some of Cloudflare’s blog posts about the product? Maybe read some of the documentation for it as well?

I have read numerous blogs/articles on VPNs and some on WARP. The conclusion I could make out is that a VPN offers an improvement on privacy only ,over DNS encryption by hiding/encrypting the traffic upto the server point. Because in the end the communication with the end point happens through an encrypted(like HTTPS) or unencrypted(like HTTP) path based on what the destination point supports . Which is the case when not using the VPN , and using only DNS over TLS/HTTPS.

I don’t understand the distinction you are trying to make between security and privacy. What would a “secure” solution do?

Your original question was…

Based on your answer above, your assertion is that there is no improvement in security while you are on a Wifi network using a VPN?

So you’re saying that Warp won’t help with this then? Why not?

Security would mean stopping/preventing attackers from being able to steal data or sensitive info like passwords etc or trying to hack in to compromise devices and get hold of all data available in it.
Privacy would mean hiding one’s online activities.

So what I am saying is for security, DNS encryption does all that a VPN would do in terms of online security when looked from an over all perspective.
So, what a VPN adds on , is privacy (hiding online activities).

VPN would definitely help in a wifi network for security as a VPN not only uses DNS encryption in most cases but also hides IP to hide user’s online activities.
So, in comaprison to DNS encryption a VPN adds a layer of privacy protection only. And if someone is just concerned about the security, he can go for a free DNS encryption solution instead of a paid VPN service which may slow down connections or may get blocked by ISP, apps, websites etc.

Perhaps we should just agree to disagree and you can use Warp in whatever mode best suits your own personal needs.