Quick Cyber Thoughts: Warp Terminal/Shell

Updated on
Warp Terminal Demo by Warp Team

For the past month and a half, I've been doing some form of DoD Cyber Workforce training.

That consisted mostly of a lot of slide decks, lots of lecture narration, and every so often in the Database Administrator course, actual SQL coding and SQL server related configuration work.

As one can imagine, this is very draining, especially when you're subjected to 60+ slides in a deck on some topics.

So, having completed all that, I want to think and talk about something entirely different.

Today, we're going to talk about Warp, a multi-platform (Windows, Linux, Mac) Terminal/Shell program.

Table of Contents

What is Warp?

There's a lot of features in Warp, as the video above explains, but here are some of the highlights:

  • A UI that puts commands and outputs into discrete blocks.
  • Maintaining terminal session history.
  • Git repository branch and block checking.
  • The ability to highlight and simultaneously edit identical text.
  • AI assistant integration for command assistance.
  • "Permanent" web link generation for sharing terminal blocks.

Why This is Interesting

As the Dave's Garage video points out, the old fashioned terminal dates back to the 1970s. Lacking a lot of User Experience/User Interface features and standards modern users expect makes it harder for people to actually use and get proficient with command line interfaces.

The AI integration for command assistance in particular is a game changer, especially for Linux. One of Linux's massive pain points is how infuriatingly obtuse it can be to figure out the right commands for simple tasks and input them properly. And like Windows, commands with long paths become a nightmare. That's why I use TUW to make simple GUIs for certain command line tasks I expect to do on a regular basis.

I would argue that something like Warp should replace all the existing terminal options... or at least be the default. There are too many benefits for too many people to do otherwise.

The problem is that Warp isn't that solution, at least for the personal and high security user.

The Issues with Warp

Let's get this out of the way: just looking around Warp's page tells you that this is a commercial developer first piece of software. The fact that you can use it for free as a personal user is a bonus, basically a way to expose people to the product and get them to evangelize it.

I have no problems with this part of their business model.

The issue with Warp, at least if you're a personal/high security user, is that you're dependent on Warp itself to provide your session/terminal block shares, and dependent on their AI provider for the AI capabilities.

Warp does address these issues on their privacy page.

We'll look at their own proprietary cloud features first.

How Warp Works

Warp is a fully-native local application that can run without an internet connection. The core features of the terminal will always work offline.

Cloud-based Features (Opt-in)

Warp also includes cloud-based features that power cool things like:

  • Warp AI
  • Warp Drive
  • Session Sharing
  • Block Sharing

None of your data is ever sent to Warp’s servers unless you explicitly take action to send it. If you choose to use Warp Drive or block sharing and save an item, that item will be sent to Warp’s servers and stored securely in Warp’s database. Data is encrypted at rest, and you can delete this data anytime.

The good:

  • Outright stating that the cloud connection is not necessary to obtain most of the software's functionality.
  • Specific listings of what parts of the app use the cloud connection.
  • Stating that explicit action is required to send data to their servers.
  • Stating that data is encrypted at rest.
  • Stating the data can be deleted anytime.

The not-great:

  • Not mentioning if the data in transit is encrypted, or at least encapsulated in HTTPS.
  • Needing servers to handle the sharing functionality.
  • Not being able to select your own AI/cloud/session sharing provider.

The problem for the personal/high security user is pretty much the same. You're putting all your data in one basket you may not be able to fully assess the security of, with no option to direct things to infrastructure you've configured for your needs.

(It's fairly obvious that having the streaming and sharing functionality be cloud based is to lower Warp's footprint on the machine, so I can't really blame them for that.)

There's also the fact that even if both parties have done their due diligence, the fact that everything has to pass through Warp's servers means that a determined threat might just choose to capture traffic going between your IP and Warp's. Even if they can't crack the encryption on the traffic, you'll still be giving valuable intel on your usage patterns.

Warp AI

Warp AI includes AI Command Suggestions, AI autofill in Warp Drive, and Agent Mode. All Warp AI features are powered by OpenAI and Anthropic APIs. When you submit an AI query, Warp does not store any of this information and only passes it through our servers as we proxy requests.

OpenAI and Anthropic do not train their models on this data, and neither does Warp. OpenAI and Anthropic store this data for a maximum of 30 days.

For organizations that need to ensure OpenAI and Anthropic never store data for any period of time, a Zero Data Retention policy is available on Warp's Enterprise plan.

In terms of privacy, Warp acting as a proxy server is a decent way to obfuscate the relationships between user data and AI queries. Of course, this wouldn't be an issue if you could just route those queries to a local or private cloud AI server, but it at least adds a modicum of user protection.

Once we get past this, there's a stacking set of assumptions that need to be made:

  1. Warp does not store any data associated with AI queries.
  2. Warp does not train any using data associated with AI queries.
  3. OpenAI and Anthropic store AI query data only for 30 days maximum.
  4. OpenAI and Anthropic have a policy to not train AI on data from Warp customers.
  5. OpenAI and Anthropic AI devs actually care about any policy restricting them from using customer data.

Let's assume the first 4 points are valid. Everyone outside the AI development team has been told that the AI development team will not use customer data for training purposes.

The question is: Has anyone validated that the AI dev team is respecting that policy. Because we exist in a universe where Meta engaged in rampant piracy to acquire training data:

(I have no legal background that would allow me to comment on this in any great detail, but I do have one observation. Some of their sources were sites that host material that, in my experience, is literally crowd sourced preservation, due to the actual publishers never making legal digital copies.)

If the AI dev team decides to throw the officially stated policy out the window, there's not much of anything everyone relying on them can do until they know and have evidence policy has been broken.

This is obviously a big issue for anyone who values the confidentiality of their data.

One last thing to look at is their telemetry policy:

Telemetry (Opt-out)

Warp records a limited number of defined telemetry events for the purposes of:

  • Reporting app crashes
  • Understanding feature usage at a high-level
  • Supporting customers
  • Terminal input and output are never included in telemetry payloads.

You can review an exhaustive list of all telemetry events in Warp’s documentation.

You can also use the Network Log to monitor all communications from the Warp client to external servers.

Telemetry events and crash reports are enabled by default and associated with logged-in users. If you would like to opt out of telemetry and crash reports, you can disable the feature during sign up or under Settings > Privacy in the Warp app.

There are two main things that I appreciate in this section:

  1. A direct link to the Network Log documentation, so you can preplan how to evaluate how transparent the logging is.
  2. The telemetry events list addresses the vagueness of the phrase "feature usage at a high level"

Being able to audit the network communications is a great move for transparency and security, so it's good to see Warp's commitment there.

What Would I Like to See

Let's imagine a world where Warp exists, alongside a near feature identical clone, Blink. Warp is as it is now. But Blink is how I would make Warp to be more secure. What would be the differences between the two?

Well, Blink would have the following things:

  • The ability to connect to on-host or on-server local AI.
  • The ability to connect to your cloud AI provider of choice.
  • The ability to connect to your cloud data storage and/or web hosting provider of choice.
  • The ability to connect to your session sharing service of choice.

Unfortunately, we're a few hardware and software generations away from having storage space and memory efficient local AI, so we can't just package an AI into the program and give it Retrieval Augmented Generation capabilities. That means we're going to have to have some other AI provider do that for us.

Now, these are not the simplest changes in the world to implement, and there would be a great deal of testing and troubleshooting necessary before a finalized version would be released. But they would address most, if not all, the issues with confidentiality if you wanted to use full set of Warp's software features.

Would Warp make these changes themselves? I doubt it, given their business model blurb on their privacy page:

Warp’s Business Model

Warp’s business plan is built around billing power users and business teams for cloud-based features. Check out our pricing page to learn more.

Please note Warp’s business model is not about collecting or monetizing any of your data.

However, they eventually plan on making their client source code publicly available at some point, so perhaps that will become a reality. At the moment, it seems to be a matter of if, not when.

Related posts