What is Cloudflare Warp+'s logs policy?

Do they keep logs of my data, e.g. DNS queries, original IP history etc.?
What is the level of privacy here? Is it at par with VPN providers such as NordVPN and ExpressVPN?

This is a great question. Here is some information to consider:

CLOUDFLARE PRIVACY

“The WARP Client application uses a VPN profile and/or service that enables us to intercept and secure your DNS queries and to transmit data from your device through the Cloudflare network, depending on the services you have enabled. We only collect limited DNS query and traffic data (excluding payload) that is sent to our network when you have the app enabled on your device. All information is handled in accordance with our Privacy Policy.”

WARP Client Privacy: https://developers.cloudflare.com/warp-client/privacy/
Application Privacy Policy: https://www.cloudflare.com/application/privacypolicy/
Privacy Policy: https://www.cloudflare.com/privacypolicy/

NORD VPN SECURITY

"We have prepared the accompanying description of how we protect the privacy of our customers by having effective policies and controls in place to ensure that our IT systems and the underlying infrastructure regarding VPN services are designed and implemented with no-log configuration. We confirm, to the best of our knowledge and belief, that:

a) The accompanying description fairly presents how NordVPN configures the IT systems and manages the supporting IT operations to ascertain that NordVPN does not record and store any user logs related to customers’ activity:

-We process only minimal user information – only as much as it is absolutely necessary to maintain our services (email address, encrypted password, basic billing information and order history).
-In order to authenticate a user, the NordVPN authentication server verifies the user credentials, subscription status (checks whether the user is active or not) and whether the user has not reached the limit of concurrent active user sessions. The authentication servers count the total number of successful connections, but no individual data is collected — only the aggregated raw number of users currently connected to the server (but not their IPs, identities, or activity).
-Session information is periodically sent to the NordVPN authentication server for as long as the session is active. The information contains the username and the timestamp of the last session status. The aforementioned information is used to limit the amount of concurrent active user sessions and is deleted within 15 minutes after a session is terminated.
-NordVPN authentication and VPN servers collect different anonymous, aggregated statistical
information:
-The authentication servers count the total number of all successful connections per user per
month. However, they collect no information about the servers the user was connected to or
the time of any of these connections.
-The VPN servers collect the total number of all connected users and some system metrics
(network traffic, CPU, memory and disk usage data, as well as running processes).
-We do not store any incoming or outgoing traffic data, including user and destination IP addresses, browsing history/websites visited, amount of data transferred, the VPN servers used, DNS queries or files downloaded.
-When a user connects to any NordVPN VPN server, all communication between the user and the server is encrypted.
-The containers are isolated at the network level and logging is turned off for them during the deployment process before users can even access the service.
-In addition to disabling logging at the container level, logs are also turned off at the service level for all services by re-directing their output to the null device (/dev/null).
-All VPN servers run on RAM. Once a VPN server loses power, all data associated with it is immediately lost.
-All new servers are deployed automatically via pre-defined playbooks including no-log configuration.

b) The NordVPN service is implemented as described in the description as of 7th December 2023.

In summary, our system architecture is designed so that NordVPN cannot be compelled to provide any type of information on its users’ VPN activity because that information does not exist. We do not know anything about our users’ online activities while they are using our services."

No Logs Policy: https://nordvpn.com/features/strict-no-logs-policy/
Privacy Policy: https://my.nordaccount.com/legal/privacy-policy/
Independent Reasonable Assurance Report:
https://s1.nordcdn.com/nord/misc/0.85.0/vpn/deloitte/ISAE_3000-NordVPN_report_13dec2023.pdf

EXPRESS VPN PRIVACY

“Our guiding principle toward data collection is to collect only the minimal data required to operate world-class Services at scale. We designed our systems (and strive to constantly improve them) to not have sensitive data about our customers. We cannot disclose, misuse, or abuse, even when compelled, data that we do not possess. We do not collect logs of your online activity while you are connected to our Services, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.”

Privacy Policy: https://www.expressvpn.com/privacy-policy

PROTON VPN PRIVACY

"In order to respect our users’ privacy, Proton VPN enforces a strict no-logs policy. This means we keep no session usage logs of what you do online, and we do not log metadata that can compromise your privacy.

We don’t log which websites you visit
We don’t log your traffic or the content of any communications
We don’t log your IP address
We don’t log your session lengths
We don’t log or track any location-based information

This level of privacy is possible in part because we are based in Switzerland, which has some of the strongest data protection and digital privacy laws in the world. Data required for maintenance and troubleshooting purposes is secured using full-disk encryption on all our bare-metal servers, over which we have full control.

Full details about the information that we do store (such as account information) are available in our Privacy Policy. Our apps are all fully open source and independently audited so that you can be sure they are trustworthy, and we aim for transparency in everything we do."

No Logs Policy: https://protonvpn.com/support/no-logs-vpn/
Privacy Policy: https://protonvpn.com/privacy-policy

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.