WARP exposing client's IP to websites behind Cloudflare?

In the last two weeks, I started noticing that my real IP address was suddenly showing up on certain websites, even though I had WARP turned on.

After some investigation, I found that all traffic was indeed being routed to WARP’s data center (so it wasn’t because some traffic was accidentally not being proxied). Meanwhile, all the sites that can access my IP are coincidentally using Cloudflare service, such as:

• https://whatismyipaddress.com/
• What is my IP address location? Find out here | NordVPN

The real IP is kept private when visiting sites not proxied by Cloudflare. For example:

• https://httpbin.org/ip
• my ip - Google Search

Can someone clarify if this is a bug or an intended behavior? The leakage of the real IP is disturbing to me. Thanks!

WARP isn’t meant to be an anonymizer or a geo bypass. It’s a pure VPN: It tunnels your traffic out past your ISP.

Are you a staff member? Based on your statement, are you confirming that this is an expected behavior?

Yes, precisely, this is what @sdayman intended to say.

It is in the docs:

WARP does not provide anonymity. It is not designed to prevent servers you communicate with from identifying you, or to allow you to pretend to be accessing the Internet in a different country than you are currently in.

I’m just a little surprised. Apple’s privacy relay seems to be a partnership with WARP, which is designed to protect users’ original IP address. So I did get a little confused when WARP made this change. Thanks all for the clarification!

Apple appear to be using Fastly and Cloudflare at the moment, but I would expect that will change over time. You can get a complete list of the Privacy Relay egress addresses here, and start checking if there are other networks involved.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.