search

mullvad / mullvadvpn-app

The Mullvad VPN client app for desktop and mobile
https://mullvad.net/
GNU General Public License v3.0
5.13k stars 342 forks source link

[Feature request] Warp-routed Exit #6910

Open issuant opened 1 month ago

issuant commented 1 month ago

I have checked if others have suggested this already

Feature description

More and more services are either blocking access to users connecting from 'VPN addresses' or drowning them in endless captchas. Almost always though, they use Cloudflare for these measures and that, unsurprisingly, means Cloudflare Warp IPs are generally given a pass. A very useful censorship circumvention feature would be the ability to, in a sense, 'multihop' into a Warp instance integrated in the app, especially on smartphones where VPNs have only one 'slot'.

Alternative solutions

Continue to use VMs to run Warp within a Mullvad connection. Not the most pleasant setup and definitely not the most accessible either.

Type of feature

Operating System

hulthe commented 1 month ago

Interesting suggestion. I'll bring this up internally, but we're not usually in the habit of integrating other VPN services into ours (partly because of the privacy concerns). Therefore, I don't see this getting much traction.

issuant commented 1 month ago

but we're not usually in the habit of integrating other VPN services into ours

Totally understandable but I am hoping the very rare exception is made here because of the nature of the situation.

Of the times I have been met with captchas or blocked while using Mullvad in the last year, I would say 98% has been by Cloudflare, 1% by Cloudfront (which blocks exclusively), and the remaining 1% is distributed over Google, DDoS Guard, etc. I also feel the Cloudflare censorship will only get worse and more widespread when their recently announced 'AI firewall' is released.

by (partly because of the privacy concerns)

This is actually a major reason I asked for this. Warp is actually quite 'basic'. It does not even let you choose your location but instead gives you an IP address closest to your entry IP address. So if such an exit were implemented, it would 'improve' it since the Warp instance would be masking a Mullvad IP that can be changed. But more importantly, the real IP is protected from Cloudflare which, while quite good for bypassing censorship, is not the most 'private' company out there.

issuant commented 17 hours ago

This may prove useful for an implementation https://github.com/doxx/darkflare#%EF%B8%8F-stop-network-censorship