Question DNS Vs Warp+

Please provide comments and solutions that are helpful to the author of this topic.

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Since firefox 118 there is possibility use encrypted client hello
and they recently added #encrypted-client-hello on chromium browsers too

you can check compability here : Cloudflare Browser Check

with cloudflare DOH + ech the results are

1697128769461.png



and with warp+ results are
1697128842926.png


I guess when browsing with the browser the isp cant see where you are in both cases, but wich one would you take? Would you use echi + different vpn?

in my case i would ditch warp as it uses vpn profile in phone, and replace it with trend micros vpn mode


edit: added this url here Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking * TorrentFreak

Cloudflare has enabled Encrypted Client Hello for all customers on free plans, which includes many pirate sites. The new privacy feature makes it impossible for Internet providers to track which websites subscribers visit. As a result, it also renders pirate site-blocking efforts useless, if both the site and the visitor have ECH enabled.
 
Last edited:

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,866
The ISP can see what IPs you are visiting no matter what you do with DNS. And they have pretty good techniques at figuring out which sites you are on when it's a host that has multiple sites. The benefit of encrypted DNS is the security of the connection to the DNS provider.
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
The ISP can see what IPs you are visiting no matter what you do with DNS. And they have pretty good techniques at figuring out which sites you are on when it's a host that has multiple sites. The benefit of encrypted DNS is the security of the connection to the DNS provider.
So im better off with warp+ as it works like VPN does. But should normal user enable ech even they arent warp users?
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,866
So im better off with warp+ as it works like VPN does. But should normal user enable ech even they arent warp users?
I honestly am not 100% sure how much Warp obfuscates. It didn't sound like a complete VPN tunnel to me when it first launched, but I haven't tried it since. You would have to analyze your network traffic while using it to be sure.
 

simmerskool

Level 36
Verified
Top Poster
Well-known
Apr 16, 2017
2,547
more curious here, I downloaded warp for my desktop win10 and when I go to install, it starts to install and then stops and says
Another installation is in progress. You must complete
that installation before continuing this one
o_O WTF :censored:
now I have to start digging deep and I'm not even sure what I'm looking for.
PS only running security on this hardware win10 is DeepInstinct. & Proton VPN & Mullvad are installed but not running. Mostly I go online from my VM (VMware)
PS2 my router is ubiquity & it seems to be using cloudflare dns so perhaps my system hardware software blocked warp installation...? Not going to worry about it...
 

brambedkar59

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,087
Correct me if I am wrong but ECH is still in drafting stage aka not finalized yet. That's like trusting alpha/beta software on a production machine.

I would just use WARP if hiding data from ISP is the only goal. And for more privacy I would use an actual VPN.
 

bobdoe

Level 2
Oct 10, 2020
67
Since firefox 118 there is possibility use encrypted client hello
and they recently added #encrypted-client-hello on chromium browsers too

you can check compability here : Cloudflare Browser Check

with cloudflare DOH + ech the results are

View attachment 279073


and with warp+ results are
View attachment 279074

I guess when browsing with the browser the isp cant see where you are in both cases, but wich one would you take? Would you use echi + different vpn?

in my case i would ditch warp as it uses vpn profile in phone, and replace it with trend micros vpn mode


edit: added this url here Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking * TorrentFreak
CFBCheck has only passed my browsers for Cloudflare and no other dns providers... I always get a fail on sni with SimpleDNSCrypt (latest Dnscrypt proxy) using various other servers and trying different options. One thing I always do is turn off dns caching... maybe Cloudflare needs that? I dunno

What might be good site or method to verify what CFBC reports?
 
Last edited:

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
CFBCheck has only passed my browsers for Cloudflare and no other dns providers... I always get a fail on sni with SimpleDNSCrypt (latest Dnscrypt proxy) using various other servers and trying different options. One thing I always do is turn off dns caching... maybe Cloudflare needs that? I dunno

What might be good site or method to verify what CFBC reports?
I guess its only cloudflare thing, dont think any else dns have thing like this .
have you tried enabling flag #encrypted_hello_client and using other dns throught doh?

Since @Digmor Crusher used his isps dns and passed the test im not sure at all
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
@Moonhorse makes me wonder why you still want to continue using Warp+ , if i were you just get a decent VPN.
I guess its the speed i like about it, it does basic vpn stuff, of course you cant change your country for unblocking something like netflix but for me it just works ( except social media , but not sure if vpn was the case)

But im aware of the warp+ limitions and im kind of deciding to either go with
- brave + dns0 + trend micro
- any other browser + adguard (dns0) + gdata

and the most reason is that i dont own bank account with internet aka credit card so i can only pay with paysafecard and most vpns dont acccept paysafe cards

i have avast vpn, but the speed of it is lame

Mulvad, f-secure are the ones i would pay for
 
Last edited:
  • Like
Reactions: simmerskool

TuxTalk

Level 12
Verified
Top Poster
Well-known
Nov 9, 2022
576
I guess its the speed i like about it, it does basic vpn stuff, of course you cant change your country for unblocking something like netflix but for me it just works ( except social media , but not sure if vpn was the case)

But im aware of the warp+ limitions and im kind of deciding to either go with
- brave + dns0 + trend micro
- any other browser + adguard (dns0) + gdata

and the most reason is that i dont own bank account with internet aka credit card so i can only pay with paysafecard and most vpns dont acccept paysafe cards

i have avast vpn, but the speed of it is lame

Mulvad, f-secure are the ones i would pay for
I used Avast VPN premium and my speed was great. On my 1GB fiber i get 30-40MB sec download speed.
 
  • Like
Reactions: Moonhorse

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I used Avast VPN premium and my speed was great. On my 1GB fiber i get 30-40MB sec download speed.
On my 100mbs connection i get like 20mbs with avast vpn, pages are loading very slow and everything ''tutters''

with warp im getting
1697181696164.png
 
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top