Serious Discussion Cloudflare is now powering Microsoft Edge Secure Network

SpyNetGirl

Level 3
Thread author
Jan 30, 2023
96

Cloudflare is now powering Microsoft Edge Secure Network​

Between third-party cookies that track your activity across websites, to highly targeted advertising based on your IP address and browsing data, it's no secret that today’s Internet browsing experience isn’t as private as it should be. Here at Cloudflare, we believe everyone should be able to browse the Internet free of persistent tracking and prying eyes.

That’s why we’re excited to announce that we’ve partnered with Microsoft Edge to provide a fast and secure VPN, right in the browser. Users don’t have to install anything new or understand complex concepts to get the latest in network-level privacy: Edge Secure Network VPN is available on the latest consumer version of Microsoft Edge in most markets, and automatically comes with 5 GB of data. Just enable the feature by going to [Microsoft Edge Settings & more (…) > Browser essentials, and click Get VPN for free]. See Microsoft’s Edge Secure Network page for more details.

Cloudflare’s Privacy Proxy platform isn’t your typical VPN​

To take a step back: a VPN is a way in which the Internet traffic leaving your device is tunneled through an intermediary server operated by a provider – in this case, Cloudflare! There are many important pieces that make this possible, but among them is the VPN protocol, which defines the way in which the tunnel is established and how traffic flows through it. You may have heard of some of these protocols: Wireguard, IPsec, and OpenVPN, for example. And while we’re no stranger to these, (Cloudflare’s WireGuard implementation is currently in use by millions of devices that use 1.1.1.1+WARP) – we see our Privacy Proxy Platform as a way to push forward the next frontier of Internet privacy and embrace one of Cloudflare’s core values: open Internet standards.

The Privacy Proxy Platform implements HTTP CONNECT, a method defined in the HTTP standard that proxies traffic by establishing a tunnel and then sending reliable and ordered byte streams through that tunnel. You can read more about this proxying method (and its history!) in our Primer on Proxies.

We also leverage other parts of Cloudflare’s privacy-oriented infrastructure that are already deployed at scale: requests first utilize 1.1.1.1 for DNS, a token proxy based on Privacy Pass for client authentication, and Geo-egress to choose an accurate egress IP address without exposing users’ precise location.

How it works​

Let’s dive into the details of these components. For the purposes of this blog, we’ll call the devices people are using to browse the Internet (your phone, tablet or computer) clients, and the websites they’re trying to visit origin sites.

The Privacy Proxy Platform includes three main parts:

  1. Token Proxy: this is the service that checks if you’re an Edge Secure Network user with a legitimate Microsoft account.
  2. Privacy API: based on the above, Cloudflare’s Privacy API issues authentication tokens that clients use for authenticating to the proxy itself.
  3. Privacy Proxy: this is the HTTP CONNECT-based proxy service running on Cloudflare’s network. This service checks that the client presents a valid authentication token, and if so, proxies the encrypted HTTP request to the origin site. It is also responsible for selecting a valid egress IP address to be used.

image2-24.png



When Edge Secure Network protections are on – say, when a user connects to an open Wi-Fi network at a coffee shop – our proxy will automatically prompt that client for a token to authenticate. If the client has a token, it will present one. If it doesn’t, it will utilize the token proxy to mint a new pool using the help of an attester and issuer: the attester checks the validity of the client and Microsoft account, and the issuer issues tokens for that client in return. This dance is based on the Privacy Pass protocol. Importantly, it allows Cloudflare to validate that clients are who they say they are without collecting or storing personal information from Microsoft users.

Once the client has presented the proxy server with a valid token, the Privacy Proxy then chooses a valid egress IP address based on a hash of the client’s geolocation. It then uses the DNS record (provided by Cloudflare’s DNS resolver, 1.1.1.1) to open up an encrypted session to the origin website. From there, it’s pretty straightforward: if the user continues to browse on that site, further requests will be sent through that connection, if they stop or close the browser, that connection will close as well.

Because Cloudflare proxies millions of requests per second, many of the operational aspects of the proxy are managed by Oxy, our proxying framework that handles everything from telemetry, graceful restarts, to stream multiplexing and IP fallbacks, and authentication hooks.

Low last-mile latency and geolocation parity thanks to Cloudflare’s Network​

Cloudflare’s privacy proxy implementation maximizes user experience without sacrificing privacy. When Edge Secure Network is enabled, users will have search and browsing results relevant to where they’re geographically located. At Cloudflare, we call this the pizza test: people should be able to use any of our privacy proxy products and still be able to get results for “pizza places near me”. We accomplish this by always egressing through a Cloudflare data center that has an IP address that corresponds to the user’s location – we’ve written more about how we did this for 1.1.1.1+WARP.

Unlike your typical VPN operator that has dozens – sometimes hundreds – of servers, Cloudflare has a much larger footprint: data centers in over 300 cities. Because our network is an anycast “every service, everywhere” approach, each of our data centers can accept traffic from an Edge Secure network client. This means that Edge users will automatically detect and connect with a Cloudflare data center geographically very close to them, minimizing last-mile latency. Finally, because Cloudflare also operates a CDN, websites that are already on Cloudflare will be given a “hot-path,” and will load faster.

We at Cloudflare are always striving to bring more privacy options to the open Internet, and we are excited to provide more private and secure browsing to Edge users. To learn more, head to Microsoft’s Edge Secure Network page or Microsoft’s support page. If you’re a partner interested in using a privacy-preserving proxy like this one, fill out this form.

Source: Cloudflare is now powering Microsoft Edge Secure Network
 
Last edited by a moderator:

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,020
I was curious and went to test Edge 117.0.2045.47 new Warp vpn, and the switch to turn it ON is not visible where they say it should be, wonder if it somehow being blocked by AV...? :unsure: unless it is not in this version of Edge but this is the current version. :unsure:
 
F

ForgottenSeer 100397

I was curious and went to test Edge 117.0.2045.47 new Warp vpn, and the switch to turn it ON is not visible where they say it should be, wonder if it somehow being blocked by AV...? :unsure: unless it is not in this version of Edge but this is the current version. :unsure:
It appears MS initially pushes some settings to selected users. I disabled the VPN settings on the kids' systems but couldn't find them on mine. Later, I couldn't find the VPN on their systems either. However, the latest version has the VPN settings under Privacy.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,599
Would people recommend this over Next DNS paid? I'm currently testing WARP and browsing is quicker than next DNS.
NextDNS is quite ahead in terms of security & cloudflares speed on paper is fast but it does not make it better than nextDNS in my opinion

If cloudflare was working outside of vpn with the microsoft i would be impressed more
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,624
And here I just switched to Cloudflare WARP yesterday on my desktop. :)
Yeah, I think it's simply better to use the Cloudflare WARP app instead. It's possible to even find WARP+ keys 👀
I need to use WARP sometimes at night, mainly in weekends when the load on my ISP is high. Using WARP in that scenario makes browsing and downloading faster.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,599

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,599
I know you quoted SeriousHoax, but uBlock Origin blocks that page because of the "HaGeZi's Anti-Piracy DNS Blocklist" for me.
The site is legit, i have bought several games & antivirus keys and fortnite vbucks for my sisters son

But why it gets blocked? Because there is people selling stuff bought with stolen credit cards, this is why stuff is cheapish

Edit: I buy from there because i can use paysafecards for buying, its safest way to buy anything
 

Morro

Level 16
Verified
Well-known
Jul 8, 2012
788
The site is legit, i have bought several games & antivirus keys and fortnite vbucks for my sisters son

But why it gets blocked? Because there is people selling stuff bought with stolen credit cards, this is why stuff is cheapish

Edit: I buy from there because i can use paysafecards for buying, its safest way to buy anything

Well, that is good to know. I thought just to show the warning, just in case it is correct, but luckily it is not. :)
 

SpyNetGirl

Level 3
Thread author
Jan 30, 2023
96
Would people recommend this over Next DNS paid? I'm currently testing WARP and browsing is quicker than next DNS.

NextDNS is just DNS. Cloudflare WARP or VPN in Edge is a VPN. VPN tunnels your entire traffic whereas DNS just uses HTTPS for DNS connections.
Someone listening on your network connection, or your ISP, can still see which websites you visit.

Highly suggest reading my article about these things:


It appears MS initially pushes some settings to selected users. I disabled the VPN settings on the kids' systems but couldn't find them on mine. Later, I couldn't find the VPN on their systems either. However, the latest version has the VPN settings under Privacy.

Yes, they are controlled feature rollouts
More info here: Microsoft Edge configurations and experimentation


Yeah, I think it's simply better to use the Cloudflare WARP app instead. It's possible to even find WARP+ keys 👀
I need to use WARP sometimes at night, mainly in weekends when the load on my ISP is high. Using WARP in that scenario makes browsing and downloading faster.
Cloudflare WARP and Edge VPN are the same in terms of security and privacy. In Edge VPN you have the ability to only enable VPN for specific websites/domains.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,624

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top