Now with general availability of warp+, I am running leak tests on http://ipleak.net and dnsleaktest.com and they are leaking dns requests from my mobile ISP and home ISP. Very disappointing to see continued dns leaks with the 1.1.1.1 DNS android app. Am on android pie with the latest updates on a Samsung galaxy J6
I noticed the same when I started to use 1.1.1.1 + Warp today.
My ISP can associate my personal IP address with the names of all the sites I connect currently when using warp so thereâs not really any privacy regarding that.
Sorry I think there may be some confusion. The sites you are linking to do not test DNS requests made by your client. They report the IP address of your client.
Cloudflare WARP provides an encrypted connection from your mobile device to Cloudflareâs edge to prevent your connection from being snooped and optimizations to improve performance. It is not intended to hide your IP address from the websites you visit. We make no attempt to hide/alter/obfuscate the identity of a visitor from a website operator.
Fro a newly published blog post from Matthew Prince:
From a technical perspective, WARP is a VPN. But it is designed for a very different audience than a traditional VPN. WARP is not designed to allow you to access geo-restricted content when youâre traveling. It will not hide your IP address from the websites you visit. If youâre looking for that kind of high-security protection then a traditional VPN or a service like Tor are likely better choices for you.
dnsleaktest.com does test which DNS resolvers are being used by my client.
When I am connected to warp+, my understand is only the Cloudflare DNS resolvers are being used.
However, I see that my ISP DNS resolvers are being used as well.
Wait, so, WARP does NOT tunnel traffic then? If not, whatâs the point?
You should probably read the article. Warp does tunnel the traffic from your device to Cloudflareâs edge.
I donât get why itâs leaking the DNS and IP though, if optimal privacy is the plan?
Optimal privacy isnât the plan, rather, encrypting the last mile is the intended purpose.
If dns requests are leaking, then the last mile is not being encrypted.
If you believe youâve found a thereâs an option in the app to report it.
That is not correct, DNS leaking is a totally different (technical) problem to solve, and is outside the scope of what Cloudflare intends to do with Warp.
I will say, it is a bit confusing.
If you havenât heard about it yet, WARP is a mobile app designed for everyone which uses our global network to secure all of your phoneâs Internet traffic.
Most people will equate âonline securityâ with âbeing hiddenâ. I thought it myself. In which case, the windscribe VPN is a slower alternative.
Ultimately there is a big difference between encrypting the last mile, providing connectivity (to internal resources), alternative routing/transport (Warp+) vs containing active content from sneaking a packet out (tor via tails is about the only thing fit for purpose here).
Please donât spam affiliate links, itâs really tacky and disrespectfulâŚ
If it is a reasonable alternative to Warp for folks who are looking for features it doesnât provide is it really spam? Iâm not familiar with the tool, but I am familiar with @jules, so I imagine itâs a decent tool. If thatâs not the case then let me know.
Anyone who signs up with that âspam affiliate linkâ gets an extra GB for free. Itâs not an affiliate link that I make money from. Note the URL has âfriendâ in it, not âaffidâ or similar.
Iâm just tired of these links everywhere, thereâs thousands of VPN services, should we allow them posting here too? Does it contribute to the conversion?
The friend links usually mean, give one get one.
I donât use any app at the moment.
To prevent DNS leaking, this is what I do.
- Go to Android Settings
- Go to Wifi & Internet
- Go to Private DNS
- Select Private DNS mode > Private DNS provider hostname > Type there
one.one.one.one
I am sure, if you run test next time there wonât be any leak. All DNS request will be answered from Cloudflare server only not your ISP default one.
Thatâs not true. A primary purpose of WARP is to encrypt DNS traffic through the last mile, thereby preventing consumer-facing ISPs from seeing its contents. When WARP is enabled and functioning correctly, simple DNS leak tests will pass:
Notice that the query is coming from Cloudflare because my DNS requests are being sent to 1.1.1.1. I would see the same result if I werenât using WARP but had manually set my DNS server to 1.1.1.1; however, my requests would most likely be unencrypted between my phone and 1.1.1.1, so my ISP could see the contents.
However, if I am using the default DNS server provided by my ISP and I have WARP disabled, Iâll see a different result:
Note that none of these are my IP addressâthese are the resolvers provided by my ISP. The IP addresses listed their will definitely see my queries and may choose to log or interfere with them.
If Iâm seeing the results in the last screenshot, I can be almost certain that the last mile is not being encrypted.