They do two hops, first to an Apple-controlled server, then to the “second relay” which is operated by Cloudflare in a lot of cases. Encryption is terminated at the second relay.
So Cloudflare sees the content (or whatever is visible in a TLS stream), and Apple sees your real IP, but neither can know both without collaboration.
Not exactly. WARP hides your content and IP from anyone but the destination website. The website can still track the user. Apple mixed it with own relay such that neither Apple nor Cloudflare can track the IP and content simultaneously.
It’s mostly an anti-tracking feature. But also now government needs cooperation from two companies.
On another note, WARP is a VPN. But Mullvad is preferred to WARP, because Cloudflare most likely logs connections for some time.
I would trust real TOR much more than Apple's pseudo-TOR. They control all the entry and exit nodes so correlation attacks are quite viable.
Might as well chain two VPNs if you want a TOR-like experience without slowdowns. Bonus feature is that you can rotate providers.
Not really equivalent. There are possible attacks based on: key generation process, stored data correlation, access patterns, etc. You're much safer if you don't store anything in the first place.
A better solution would be something like Apple’s private relay.
Also, either you trust the provider or you don’t.