Virtual private networks (VPNs) can help protect your internet traffic from prying eyes. VPN services route your email, web browsing, and other internet activity through the service provider’s servers, making it appear to outsiders that you’re only accessing those servers. VPN services help users in China, for example, reach blocked sites by making it appear they’re accessing something else. They also prevent your internet service provider from snooping on the pages you visit, and encrypt web connections that might otherwise be exposed, a handy feature on public Wi-Fi networks.
But VPNs typically come with some major trade-offs. One of the biggest is speed. After all, your traffic must pass through someone else’s server before reaching other websites. That extra step inevitably introduces lag. Security company Cloudflare claims its new mobile-only VPN service will be as fast, if not faster, than a traditional mobile connection.
“We wanted to build a VPN service that my dad would install on his phone,” says Cloudflare CEO Matthew Prince. “If you tell him that it will make his connection more private and secure, he’d never do it. But if you tell him it will make his connection faster, make his phone’s battery last longer, and make his connections more private, then it would be something he’d install.”
Mobile phone users can begin signing up for the service, dubbed Warp, through Cloudflare’s mobile app 188.8.131.52 on Monday; Cloudflare says it hopes the service is working Monday, but it might take a few days. Regardless, Warp is a sign of things to come for the rest of the internet. The technology that Cloudflare is betting will make Warp fast is a protocol invented by Google called QUIC, and it could one day make the rest of the internet faster and more reliable.
QUIC is essentially a substitute for TCP, the venerable protocol now used for most internet connections. TCP, introduced in 1981, made reliable internet connections possible, says Jana Iyengar, who worked on QUIC for Google; Iyengar is now a distinguished engineer at the cloud computing company Fastly working to help finalize QUIC with the Internet Engineering Task Force standards body.
When you download a page or a file, it might seem like a one-way connection from the server to your phone. Thanks to TCP, your phone and the server are actually engaged in a dialog, as your phone constantly checks in with the server to ensure that it’s received all the data the server sent and that the data arrived in the right order. That reliability comes at a cost. The back-and-forth chatter can result in laggy connections. It also has a tendency to sap battery life.
QUIC is built on another protocol called UDP, which is also supported by most existing internet infrastructure. Unlike TCP, UDP doesn’t offer much in the way of reliability by default. That’s OK for things that don’t require strict reliability, like streaming video; but if you’re trying to download a file and need to ensure that it isn’t corrupted, UDP isn’t much help. But Iyengar says UDP was designed to be expanded. So Google used it to create QUIC, which offers more reliability than vanilla UDP, but with less chattiness than TCP. It also adds baked-in support for encrypted connections.
According to Google’s internal testing, QUIC led to 30 percent less “rebuffering” for YouTube users—meaning videos stalled less often—and one second faster loads of Google search pages over slow connections. That might not sound like much, but other Google research found that even a delay of one-fifth of a second can prompt web users to leave a site.
Google supports its own version of the protocol in its Chrome browser and on many of its sites. But the IETF is still working on a specification for QUIC that can easily be used outside of Google. Even after that standard is finalized, it will likely take years to become widely adopted.
Cloudflare is using a draft of the IETF’s QUIC specification for the connection between its mobile app and its servers. Because all the pages and services you access are routed through its servers when you use Warp, it doesn’t matter if those pages or your mobile browser support the protocol. In other words, Warp users should get some of the benefits of QUIC without waiting around for the entire internet to support it. Iyengar isn’t willing to speculate as to how well this will work, but Cloudflare is betting that QUIC will enable it to deliver content to your phone fast enough to make up for the lag of a VPN connection.
Eventually, as more of the internet supports the newer protocol, Cloudflare should have less of an edge, since other traffic will also be delivered over QUIC. But Prince argues that Cloudflare has other advantages. The company’s primary business is a service designed to improve both the speed and security of websites by caching pages on its own servers, protecting those sites from attackers while swiftly delivering pages to legit users from nearby servers. The company has 165 data centers in 76 countries. Warp will rely on this same network of servers. That might be less of an advantage in New York or San Francisco, where most VPN providers have servers, but it means users outside of those major hubs might be more likely to find a speedy server nearby. Perhaps more important, those servers already have Cloudflare’s customers’ content cached, so that data can be delivered to Warp users without the need for an extra trip.
The company also plans to offer a paid version of Warp that Prince says will be even faster. Prince says Cloudflare plans to make money from Warp through the paid service and possibly through a future version aimed at businesses. He says the company will also benefit because sites that use Cloudflare’s core service will load faster for Warp users than for others, which will provide an extra incentive for companies to use the service.
More Great WIRED Stories