Edit: fixed by blitz already! More on-topic though, I'm terrified of CloudFlare and wouldn't use this personally, unless I was really desperate for a free VPN for some reason. They're inserting...
Huh, funny that the "domain" from this shows up on the listing page as just "1". Guess I'll need to add some special treatment for IP addresses (not that it's common to post one).
Edit: fixed by blitz already!
More on-topic though, I'm terrified of CloudFlare and wouldn't use this personally, unless I was really desperate for a free VPN for some reason. They're inserting themselves (or being inserted) as a middleman in so much internet activity now, and have access to an insane amount of data about what people are doing on the internet.
I don't think they've done anything nefarious so far that we know of, but they're still a for-profit, publicly-traded company that's currently operating at a major loss ($41M loss in Q3 2019 alone). We can't really trust that they'll stay user-focused forever, and despite all the promises they make, we really have no idea what's being done with any of the data they're collecting.
The bug appears to be in the publicsuffix package. Interestingly, the PiPy page for that package says: publicsuffix2 publicsuffixlist
Huh, funny that the "domain" from this shows up on the listing page as just "1". Guess I'll need to add some special treatment for IP addresses (not that it's common to post one).
The bug appears to be in the publicsuffix package. Interestingly, the PiPy page for that package says:
Please don’t use this module. It is provided for historical reasons only. New code should instead use one of the other libraries that provide similar functionality. For example:
Yeah, publicsuffix2 is what's being used. I don't know if I'd call it a bug though, I just shouldn't be sending IP addresses through it. It's intended for looking at domain names, not IPs.
One thing to note is that, for Cloudflare's deal with Mozilla to provide DoH, they are contractually forbidden from collecting your data for those queries.
One thing to note is that, for Cloudflare's deal with Mozilla to provide DoH, they are contractually forbidden from collecting your data for those queries.
I used the 1.1.1.1 app on my Android device a couple of months ago to mixed results. It worked fine in plain 1.1.1.1 mode (their DoH service), but WARP, their VPN, was often slow for me and would...
I used the 1.1.1.1 app on my Android device a couple of months ago to mixed results.
It worked fine in plain 1.1.1.1 mode (their DoH service), but WARP, their VPN, was often slow for me and would require frequent resets. Often, when returning to my phone after an hour or two of not having used it, the internet wouldn't work until I turned WARP off and then back on again. I was using the free version of WARP, and one of my criticisms of it is that it was not really clear what the paid version does. They had the option to pay for "WARP+" but I wasn't really sure why I would want to use it over the free version.
I ultimately didn't stick with it because it drained battery life pretty significantly. The day after I installed the app I checked my phone halfway through the workday and found it at 33%. I thought I had forgotten to plug it in the previous night, but it turns out the 1.1.1.1 app had been draining charge the whole time my phone was in standby.
All of this might have changed in the months since I've used it, so take my experiences with a grain of salt.
It's using around 15% battery per day for me, which is fine since I rarely use more than 50%. Roaming between WiFi and mobile data seems to work better than with the native WireGuard app, though...
It's using around 15% battery per day for me, which is fine since I rarely use more than 50%. Roaming between WiFi and mobile data seems to work better than with the native WireGuard app, though it's still not as fast as with no VPN.
I think the paid version is faster. There are some speed test comparisons online. I believe it's not that they intentionally limit the normal version, rather that the paid one tries to find the least congested route using Cloudflare's backbone networks.
I'd dispute that. Sure, once it's set up it's more or less the same but setting up your own VPN server is beyond the abilities of most people. Downloading this onto their phones/computers and...
easier
I'd dispute that. Sure, once it's set up it's more or less the same but setting up your own VPN server is beyond the abilities of most people. Downloading this onto their phones/computers and pressing start probably isn't.
Yeah, I meant it more as in "I don't have to think what's going with my VPN provider, I don't have to trust anyone, and if something breaks, I know it's on me"
Yeah, I meant it more as in "I don't have to think what's going with my VPN provider, I don't have to trust anyone, and if something breaks, I know it's on me"
I think it also really depends on the purpose you want the VPN to serve. If you run your own, you're eliminating the privacy/anonymity aspects that come from having your traffic mixed in with...
I think it also really depends on the purpose you want the VPN to serve. If you run your own, you're eliminating the privacy/anonymity aspects that come from having your traffic mixed in with other people's, and being able to move around between different servers regularly. It can even make you easier to track in some ways if you're going through the same VPS from many different locations.
It still helps with protecting your traffic if you don't trust the internet provider, circumventing blocks, etc.
So if you don't use 1.1.1.1 due to it being Cloudflare, what's the alternative? 4.4.4.4, 8.8.8.8 and 9.9.9.9 are all easy to remember, but similarly BigCo. My ISP is the typical incompetent...
So if you don't use 1.1.1.1 due to it being Cloudflare, what's the alternative? 4.4.4.4, 8.8.8.8 and 9.9.9.9 are all easy to remember, but similarly BigCo. My ISP is the typical incompetent mid-sized American city bunch of clowns (I can choose between WOW and Time Warner), so not much help there. Running everything through my own PiHole is useful and dereferences all my DNS calls to a single source, but the PiHole has to get its upstream from somewhere.
Yeah. At least Cloudflare doesn't have the incentive to collect your data that Google does (their products are generally enterprise-focussed). If you're worrying about DNS requests being captured...
Yeah. At least Cloudflare doesn't have the incentive to collect your data that Google does (their products are generally enterprise-focussed). If you're worrying about DNS requests being captured by the source you pretty much have to use TOR or I2P (slow). There's no point in the average person thinking about this stuff, a bad actor would have to have massive resources to exploit it (i.e., if someone can exfiltrate your info from Cloudflare they can probably also hack your devices directly).
OpenNIC. Alternately, you can run your own root DNS server; 1.1.1.1, 4.4.4.4, 8.8.8.8, 9.9.9.9, etc. aren't source-of-truth, they're just making your life easier.
Alternately, you can run your own root DNS server; 1.1.1.1, 4.4.4.4, 8.8.8.8, 9.9.9.9, etc. aren't source-of-truth, they're just making your life easier.
This actually looks pretty good. It's fast (Cloudflare's network is massive) and Cloudflare's privacy policy appears to limit what they collect pretty harshly (anonymous data only). I believe it...
This actually looks pretty good. It's fast (Cloudflare's network is massive) and Cloudflare's privacy policy appears to limit what they collect pretty harshly (anonymous data only). I believe it is based on WireGuard.
Huh, funny that the "domain" from this shows up on the listing page as just "1". Guess I'll need to add some special treatment for IP addresses (not that it's common to post one).Edit: fixed by blitz already!
More on-topic though, I'm terrified of CloudFlare and wouldn't use this personally, unless I was really desperate for a free VPN for some reason. They're inserting themselves (or being inserted) as a middleman in so much internet activity now, and have access to an insane amount of data about what people are doing on the internet.
I don't think they've done anything nefarious so far that we know of, but they're still a for-profit, publicly-traded company that's currently operating at a major loss ($41M loss in Q3 2019 alone). We can't really trust that they'll stay user-focused forever, and despite all the promises they make, we really have no idea what's being done with any of the data they're collecting.
The bug appears to be in the
publicsuffixpackage. Interestingly, the PiPy page for that package says:Yeah, publicsuffix2 is what's being used.
I don't know if I'd call it a bug though, I just shouldn't be sending IP addresses through it. It's intended for looking at domain names, not IPs.
Good point. I'll submit a PR for fixing this in a minute.
One thing to note is that, for Cloudflare's deal with Mozilla to provide DoH, they are contractually forbidden from collecting your data for those queries.
As far as I can see the existing privacy policy for 1.1.1.1 is very good. The only thing to watch is whether it's changed in the future.
I used the 1.1.1.1 app on my Android device a couple of months ago to mixed results.
It worked fine in plain 1.1.1.1 mode (their DoH service), but WARP, their VPN, was often slow for me and would require frequent resets. Often, when returning to my phone after an hour or two of not having used it, the internet wouldn't work until I turned WARP off and then back on again. I was using the free version of WARP, and one of my criticisms of it is that it was not really clear what the paid version does. They had the option to pay for "WARP+" but I wasn't really sure why I would want to use it over the free version.
I ultimately didn't stick with it because it drained battery life pretty significantly. The day after I installed the app I checked my phone halfway through the workday and found it at 33%. I thought I had forgotten to plug it in the previous night, but it turns out the 1.1.1.1 app had been draining charge the whole time my phone was in standby.
All of this might have changed in the months since I've used it, so take my experiences with a grain of salt.
It's using around 15% battery per day for me, which is fine since I rarely use more than 50%. Roaming between WiFi and mobile data seems to work better than with the native WireGuard app, though it's still not as fast as with no VPN.
I think the paid version is faster. There are some speed test comparisons online. I believe it's not that they intentionally limit the normal version, rather that the paid one tries to find the least congested route using Cloudflare's backbone networks.
I prefer to set up my own VPN on a VPS, it's easier that way and I don't have to rely on a middle man. Currently using Wireguard, can't complain
I'd dispute that. Sure, once it's set up it's more or less the same but setting up your own VPN server is beyond the abilities of most people. Downloading this onto their phones/computers and pressing start probably isn't.
Yeah, I meant it more as in "I don't have to think what's going with my VPN provider, I don't have to trust anyone, and if something breaks, I know it's on me"
I think it also really depends on the purpose you want the VPN to serve. If you run your own, you're eliminating the privacy/anonymity aspects that come from having your traffic mixed in with other people's, and being able to move around between different servers regularly. It can even make you easier to track in some ways if you're going through the same VPS from many different locations.
It still helps with protecting your traffic if you don't trust the internet provider, circumventing blocks, etc.
So if you don't use 1.1.1.1 due to it being Cloudflare, what's the alternative? 4.4.4.4, 8.8.8.8 and 9.9.9.9 are all easy to remember, but similarly BigCo. My ISP is the typical incompetent mid-sized American city bunch of clowns (I can choose between WOW and Time Warner), so not much help there. Running everything through my own PiHole is useful and dereferences all my DNS calls to a single source, but the PiHole has to get its upstream from somewhere.
Yeah. At least Cloudflare doesn't have the incentive to collect your data that Google does (their products are generally enterprise-focussed). If you're worrying about DNS requests being captured by the source you pretty much have to use TOR or I2P (slow). There's no point in the average person thinking about this stuff, a bad actor would have to have massive resources to exploit it (i.e., if someone can exfiltrate your info from Cloudflare they can probably also hack your devices directly).
I use Adguard's DNS.
OpenNIC.
Alternately, you can run your own root DNS server; 1.1.1.1, 4.4.4.4, 8.8.8.8, 9.9.9.9, etc. aren't source-of-truth, they're just making your life easier.
This actually looks pretty good. It's fast (Cloudflare's network is massive) and Cloudflare's privacy policy appears to limit what they collect pretty harshly (anonymous data only). I believe it is based on WireGuard.
Any thoughts?