User:Trey Maturin/1.1.1.1

Cloudflare’s 1.1.1.1 WARP is an add-on for web browsers and an app for mobile phones that claims to speed up internet connections and enhance privacy.

It is not easily compatible with Wikipedia and other collaborative websites.

Operation
1.1.1.1 WARP has three apparent functions:
 * Replacement of the standard ISP DNS look-up with their own system
 * Aggressive cacheing of web content
 * Provision of a virtual private network (VPN) that routes internet traffic through alternative servers, obscuring the IP address of the end user

Whilst the DNS look-up is not, per se, an issue with Wikipedia, the other two present serious problems.

Cacheing
WARP maintains older versions of internet content in a private cache at on Cloudflare’s servers. These have a lengthy time to live (TTL).

Wikipedia’s content is dynamic. There are hundreds of edits every minute across just the English-language site. Cloudflare’s copy may, therefore, become out of date very quickly. Poor quality edits may remain in the cache for a long period after they have been removed from the ‘live’ database.

This can result in attempts to edit or revert those changes failing, either through them not being found by the user when editing the page, or them having already been reverted. In a (rare) worst case scenario, attempts to manually revert edits may result in restoring the poor edits in error.

VPN
The VPN element works by assigning random IP addresses, both IPv4 and IPv6, and switching between them rapidly.

Some of these addresses are registered properly and work correctly, although they break geolocation attempts by other websites.

Other addresses are open proxies which can be used by anybody and as such are blocked locally or globally by Wikipedia.

A few addresses have already been used abusively and are hard blocked locally.

Workarounds
There are, at present, no satisfactory workarounds.

It is possible to make the 1.1.1.1 function not apply to *.wikipedia.org by creating an exception in the app settings. This appears to also disable the cache. However, the compatibility issue for editing is with the VPN, a part of WARP and seemingly not part of the whitelisting system for 1.1.1.1

Therefore it is necessary to suspend the 1.1.1.1 WARP app entirely when editing Wikipedia. On the desktop app, this toggle remains off until actively restarted.

In iOS, there are options to suspend the service for 15 minutes, 1 hour, or until the service is manually re-enabled.

If local IT policy requires a user to have the 1.1.1.1 WARP system running at all times, editors in good standing can apply for a local exemption to some, but not all, of the blocks when editing whilst logged in.

Implications
It is unlikely that Wikipedia’s CheckUser system will be fooled by users attempting to abuse multiple accounts via WARP as the service is very basic. Indeed, it seems likely that it would make abuse more likely to be spotted more quickly if it is deployed for that purpose.

However, for editors not abusing multiple accounts, it will leave a false trail that would imply in some cases that they are editing abusively. Fortunately, since the CheckUser function requires a human to evaluate evidence, this seems unlikely to happen.

Next steps
It is unlikely that Wikipedia’s software and processes can be modified to work correctly with 1.1.1.1 WARP without creating a lot of work that would be expensive in person-hours and actual money.

Instead, when disabling WARP on desktop, it is possible to make a bug report to Cloudflare each time. With enough of these from multiple users, they may be willing to extend the DNS whitelisting to also work with their VPN, especially as this would seem to be the behaviour users would expect of such a function.