_-__--- on Oct 8, 2015 | parent | favorite | on: Verizon revives "zombie cookie" device tracking on...
Tor as an OS-level feature may not spark the best reaction. It's been given a bad name ("deep web," silk road, etc) in mass media and many people don't understand it enough to think of it as anything other than bad.
I think that it'd be cool to have, but I don't think that Apple would ever implement it.
jameshart on Oct 8, 2015 [–]
Agree, it's phenomenally unlikely, but then again there is a part of me which could actually imagine Apple doing something like it. They wouldn't use Tor, of course, they'd build a proprietary equivalent, and then come out on a black stage to 'introduce Apple Undercover, a revolutionary enhancement to personal network privacy and security'.
So much so that I would accept Apple using something other than Helvetica this one time for a Miami Vice typeface and a Michael Knight and Kitt intro at WWDC.
I cannot stress enough that Hasselhoff needs to stay in character the entire time or the whole concept doesn’t work.
At this point, Helvetica itself would give a retro feeling if used by Apple. They’ve been all in on San Francisco for several years.
(a) There is pressure from many governments to give backdoor for surveillance. Or just comply with subpoenas that are against human rights.
(b) Complying with local laws generates PR damage. It makes privacy and ethics as a brand strategy look disingenuous.
The solution is, of course, to generate truly secure system where Apple can't make backdoors. Those services may not be available in some countries, but then it's just missing service, not a compromised system.
The goal of this is to make it so that even if the FBI had an incident similar to 2016, Apple would not be able to fulfill their request to make a backdoor, and the FBI wouldn't be able to make a backdoor even if they had the power to sign and run any code they wanted on the phone.
That's how you make a secure system these days. You can't just make it secure to everyone but yourself and fight the government - you need to secure it from yourself as well.
Apple's already shown they don't like this behaviour with their randomised MAC addresses in iOS 8+.
I think there is a sense in which privacy was already a differentiator for Apple in iOS (as contrasted with Google’s motives in android in particular of course) - so this did feel like a not completely implausible way they could go to double down on that differentiator.
Apple's rift with Google over user data collection in Google Maps goes back to 2009 when Google held Apple to ransom for the user data in return for turn-by-turn directions. Apple refused and started building their own maps service, buying Placebase in July that year.
By making it a feature for paying subscribers only, Apple probably hopes that their solution won't be interesting for criminals. (Apple will likely cooperate with law enforcement)
"Oh, let me turn on undercover... why is my bank online account suspended and my PayPal banned?"
(No snark, I really do love it.)
Enjoy the moment, future seer.
I use a VPN for other reasons (downloading Ubuntu ISOs mostly) but I'll probably turn this on and leave it running on all my devices because of how transparent it appears to be. I trust Apple's onion-routing design more than I trust my VPN provider not to log things.
* I'm actually glad they don't try to get around region locks. I consume a lot of BBC content and live in the UK. I'm constantly struggling with my VPNs (with UK endpoints) being blocked because others outside the UK could be using them. It would be nice if the BBC didn't block like this, but UK residents do typically pay for the content whereas those outside the UK are unable to.
This made me smile. Good one.
For context, copyright trolls recently tried to extort torrent users for downloading and sharing Ubuntu ISOs.
Importantly, OpSec (the company doing this torrent-dmca-for-hire stuff) says the DMCA itself was spoofed
> OpSec Security’s DCMA notice sending program was spoofed on Wednesday, May 26, 2021, by unknown parties across multiple streaming platforms.
> We shall look forward to hearing from you.
We look forward to receiving more of your so exquisitely designed HTML
e-mails with the shiny wanna-be-police-star.
> Dear Frederik,
Hi! Please, learn to quote properly in your e-mail messages. You can
learn from how I do - I promise you that proper quoting is not patented.
So yes, Linux ISOs is an old thing indeed
The other reply told about a uni tale. I've heard about a similar story about someone torrenting actual Linux ISOs on university network. That resulted in a stern warning else the student would be barred from using the network and computers. Basically an automatic fail for future studies.
Semi-related to this, but they do offer an option to pick between preserving your approximate location and using a broader location.
The example they took in one of the sessions was, if you live in San José, with the first option, you'll get an exit node near San José so you can still get local "content". With the second one, you could get an exit node in Los Angeles.
In practice in Europe, it looks a bit different. I do live in the north west of France, and with the first option I regularly get an exit node in the southwest of France (from Fastly), about 700km away (which is pretty fine by me).
With the second one however, I get exit nodes in Germany and the Netherlands (pretty much exclusively Cloudflare), which can become an issue with region locked content. I had the issue with Prime Video last week not offering me a Tennis match for which they only bought rights for in France.
Obviously it's still early and they might tighten a bit the locations outside of the US, but overall it's definitely quick and well thought out.
Last thing, all your traffic from Safari (and presumably some other Apple services ? Still unclear) whether http or https will be routed through it. Only http traffic from 3rd party apps (Firefox, curl etc) is routed through the relays, which I think is a pretty sensible default.
As an exiled Londoner, I would love to be able to pay to access BBC programmes. Unfortunately I can’t, so a VPN is often the only solution (well, I guess torrenting would be another one, but it’s not really better).
Obviously, this is something licensing agreements do not allow for, but it seems like such an obvious user friendly concept that it will never be allowed.
In essence, what you're saying boils down to "it's already paid for, but nobody else can have it anyway". It's unreasonable and there is no need to make excuses for this behaviour.
This is big money, up-front, with no need to build out a global delivery system or deal with millions of customers.
This is one of those classic examples of something that looks really simple from an outsiders perspective but once you have to deal with the details you realise it's anything but simple. And through no fault of the BBC either, I might add. Various commercial stations and news outlets have campaigned relentlessly to shut the Beeb down. It's a miracle the service is still operating, even if their hands are tightly tied.
Hell, I thought the practice would die (or at least slow down) when Netflix started transitioning away from syndicated TV and movies; this never happened. Netflix will totally geoblock their own shows so they can, say, release a cartoon on a weekly basis in Japan but in binge-watchable chunks in America.
You will continue to see anything more premium than a high-subscriber-count YouTube channel be geoblocked until and unless one of two things happens:
- Geoblocking gets so heinous that it starts to push people away from shows and services, beyond ordinary subscriber churn. This is unlikely - the US is the biggest market for a lot of this stuff, and that's a market full of people who have no desire to watch foreign media ahead of an official release. Hell, most of us don't even have passports, and think that you can just move to another country by asking politely.
- Some country or trading bloc gets enough of a bug up their butt about getting releases late that they start amending copyright law to ban the practice. AFAIK, I've heard Australia was considering banning region locked DVD players at one point; and that the EU was considering forcing online video providers to license content on an EU-wide basis.
I have a funny feeling that a very large percentage of that market comes from VPNs. Everyone I know watches the US Netflix and we aren’t in the US.
The BBC is complete license owner of virtually zero programming. Almost all (as in 99.9%+) of their content uses substantial third party copyright works where the cost implications of selling internationally still apply (just the music rights alone will drive you mad, and it's far from uncommon for BBC content that is shown in the UK to have a different soundtrack to the internationally sold version to the likes of Netflix due to the licensing cost and complexity).
It is also worth noting that the BBC makes a lot less than people think, especially if you consider BBC studios to be a quasi-separate production entity now (which it is!).
Ha! There's SO SO MUCH. More than you can imagine.
They are a domestic ISP, so I guess iplayer should work over the service.
I'm paying around half the price for unlimited viewing of direct streams (no faffing with client protocols) which come transcoded for home and mobile usage
That number almost always works for store 'loyalty program' discounts too.
<local area code> 867-5309
This is already paid for but the next show isn’t.
If the BBC were sold to the public as a soft dollar expenditure, it would be one thing. But it wasn’t. I’m not sure it could be in today’s Britain. Ignoring the freeloader problem threatens the support on which the BBC’s funding depends.
This is a debate with reasonable arguments on both sides.
I don't think the content was identical, but it was pretty broad. Some EU countries, maybe Canada?, at least.
Do you download directly from a mirror or use BitTorrent for this? (If the latter I think I kind of understand the rationale for the VPN)
(I think I was running uTorrent on Windows, it was weird and I really didn't know how to use it.)
However, in order to "acquire" [this], torrenting was realistically the only sensible option I had. A direct download from the Internet Archive would have taken roughly 7 hours @ 100 Mb/s. The torrent file was done in an hour.
To my great surprise, the link isn't dead, so...yeah :)
Transmission CLI FTW.
Yes, 100Mbps is ~12.5 MB/s, however when I initially tried the .mp4 link I found actual speeds to be much less, (hence the hours long wait I mentioned) so there's definitely throttling going on somewhere.
Also, don't count your chickens before they hatch. I remember downloading Flight Simulator 2002 mods over a 56K modem in my youth - anything over 10MB was a stretch - and I didn't actually have a broadband connection until I went off to college in 2005.
I used to use NordVPN but found it to be much slower, less stable, worse macOS integration, not as good on the privacy front.
Everybody recommends them, but all of these things make me uneasy.
NordVPN is oversubscribed crap.
PIA was founded by Andrew Lee, the big brain behind the current Freenode drama, with help of the infamous Mark Karpeles of Mt. Gox fame. I'd rather use something else.
I was under the assumption that it was mostly Cloudflare Warp repackaged with a different name?
I'm not sure if my assumption is completely incorrect. While it's onion routed, the grunt of the work seems to be done by "trusted partners".
Props to Apple for offering an (albeit low entropy) onion router on their own infrastructure. I can't imagine this is going to win them any friends in government circles but it's definitely a step in the right direction.
I'd also really like to see Apple come clean about the iCloud backup encryption debacle. A lot of people are trusting it to be something it's not and it should really be clarified on-device what it is and is not before opting in.
Are you referring to this article?:
It's why I only use my Apple ID for grabbing apps from the app store. I have disabled all the `cloud storage` features of iCloud. iCloud is a privacy nightmare.
I utterly agree that other direct-to-consumer options are in the same boat - but Apple is quite heavy-handed in it's messaging about, well, messaging being encrypted and private and no-one (including Apple) being able to read your messages. That's only true if you don't backup to iCloud.
I would expect most people on HN to be aware of all of this of course but when you're so strongly selling your privacy protections as part of your brand, it's a pretty glaring window to leave wide open.
And like the article says, they didn’t want to poke the bear anymore. Of course the FBI has congressional friends. It is possible that Apple saw the risk of it backfiring and making things worse as too great.
I think market share is another sign. Does anyone use actual Android Backup, or do they use the unencrypted “backups” in G Photos and elsewhere? For that reason should the FBI care? Maybe I’m wrong but I believe actual Android Backup is much less used than iCloud and confusingly named alternative “backups” within Google apps.
I'd just like to see Apple be more transparent with this one particular issue because it undermines so much of what they're advertising to the consumer.
A transparency label for iCloud backup showing what is and is not E2E before enabling would do. Most people (myself included) would be quite happy with photos being encrypted by an Apple-held key (I'm not worried about the police seeing my boring lunch pics, I just don't want photos of my kids being readily accessible to everyone else).
It should be made clear if they're offering E2E for some features that other settings will render it pointless is all I'm saying.
Despite there been reasonable solutions like bloom filters and client sided hash detection, so that known child abuse material can be detected, without it needing to compromise the privacy of 99.99999% of users?
And that photos present some of the most sensitive materials on your device:
- geo-IP location showing basically everywhere you have taken a photo in, ever since the dawn of time
- people's consensual sex tapes
- photos of passwords, account recovery codes, private keys, seed words
Not saying it's not possible to build an E2E image storage service that also has the protections society tends to demand. Just saying that I haven't seen anyone do it yet, because these problems are subtle.
So a 'malicious client' doesn't need to be part of the threat model here. And also, if you really stretch your argument, that's like saying we need to outlaw Linux and open source software because malicious actors can modify the code.
The whole idea that society demands content providers compromise ETE just because of child pornography isn't something I've heard of being 'accepted as common truth' outside of this post.
Some politicians demand it, but I thought at least amongst tech, there's the recognization that strong, *unbreakable* encryption is important.
There's an implicit obligation to build services and technology that is resistant to abuse, but that isn't an argument to not implement ETE.
FWIW, I wasn't really trying to make a prescriptive statement about how the world ought to be, I was more trying to describe what (I think) the perspective of these corporations has been on the matter.
In the past, I've been an encryption advocate with the knowledge that we (tech) must sacrifice some ability to appease politicians in implementing it. What you're describing sounds like an innovative way to preserve privacy and provide security for at-risk people, which is a perspective I haven't heard before.
This is not a good argument. “Known child abuse material” is the tip of the iceberg. There’s nothing stopping people from creating new “child abuse material”, and the people who are doing that sort of thing are the ones who are more important to catch.
Should we build backdoors in AES because there are terrorists in the world?
That’s not what I’m saying and I can’t possibly imagine how you could infer that in good faith.
I agree with you in terms of photos being some of the most private information we have, but the E2E argument doesn’t ever get won by the tech community without a guarantee of blocking/catching/preventing CP and being able to make that evidence available for prosecution.
To the arguments above: Any processing server side implies no real E2E. Any processing client side is by definition under the control of the client and subject to forgery/hacking/spoofing/tampering.
Facebook is the largest platform for child trafficking, and Google is the world's largest resource for finding out how to commit criminal acts.
Crime always exist. We shouldn't build a techno-totalitarian surveillance state just because crime exists.
"It is better that ten guilty persons escape than that one innocent suffer".
Chinese Communists employed similar but opposite reasoning during the uprisings in Jiangxi, China in the 1930s: "Better to kill a hundred innocent people than let one truly guilty person go free".
Geo-IP is the process of taking an IP address and attributing an location to that IP address.
I think you meant GPS location?
Are you suggesting that Apple or the government should be able to search your personal photo library stored in the cloud at any time because maybe you might have child porn in there?
I understand that companies need to scan groups and social features that are used for trafficking underage porn. But do we really need to snoop into the private libraries of innocent people just because they might have illegal material?
Having access to millions of peoples photos is such a huge privacy risk that I can't think giving it up is worth while to make it slightly easier to catch a handful of criminals.
Cloud services offered there must store data in the country and be operated by Chinese companies. (Apple is complying with this)
But Chinese companies HAVE TO assist the authorities in obtaining systematic access to private sector data. (This is not possible with E2E for backups and photos)
But I would be happy with iOS Time Capsule. Or even sell E2E Backup solution only with an iOS Time Capsule. Great way to increase their Services Revenue.
How it all works is documented: https://support.apple.com/guide/security/welcome/web
The point is that the deep compromises made inside iCloud Backup are hidden from the user and (at best) buried deep in technical documentation. So deep in fact that I can’t find any mention of it on that site at all.
What is being misunderstood?
Apple is not without sin. If we get out of this entire epic lawsuit (another company not without sin) with consumers winning the ability to side-load, it's a win. But for the most part, Apple has a multi-decade history of usually working for customers in above-board ways, as opposed to Facebook, Googles and other(s).
re: non-encrypted iCloud storage: I agree with you. I keep medical and financial data encrypted (e.g., their Pages app supports encrypting documents, and you can encrypt PDFs, etc.) but I would rather they did this for me. That said, for the 90% of my files that I would post on a street corner, I find iCloud storage across my devices is handy.
Apple already has all the friends they need in the "government circles". They're fully enrolled in PRISM and are well-known to kowtow to the demands of corrupt leadership (see: Russian iPhones, Chinese iCloud hosting)
Quite the opposite. Governments probably already have taps to decrypted traffic.
Otherwise how come that would even be legal to run?
If someone commits a crime and government cannot find evidence, because Apple gives shielding, then isn't that making them hypothetically an accomplice?
Why wouldn’t it be? I was under the impression that what isn’t forbidden by law was legal by default. AFAIK, running a VPN platform isn’t illegal.
> If someone commits a crime and government cannot find evidence, because Apple gives shielding, then isn't that making them hypothetically an accomplice?
I hate this argument. It’s lazy and can be used to accuse anybody in any context, and shut down discussions that we should be having. By that standard we are all accomplices for some crimes.
Even beyond that, personal privacy from the government is enshrined in the 4th amendment. Just because there was some executive actions and illegal laws made does not mean the 4th amendment suddenly disappears. No person or entity has the right to dragnet all communications.
Yeaaaaah, let's just pretend Snowden and Manning never happened.
It's an aspirational document in a largely lawless land, more a historical oddity than the supreme anything. If you wait for legislators and law enforcement to fix personal privacy, you've already lost... the US law enforcement culture is actively hostile towards individual rights because it makes their jobs harder. The only real difference to, say, China, is that we like to pretend otherwise. But the reality in the ground is that nobody on the grid has had meaningful privacy for decades now.
IANAL but this sounds fundamentally wrong in every way I interpret it. The Constitution is a set of laws that cannot be contradicted by any other law, executive action, or judicial action, with the exception of an amendment.
Indeed. And the fact that this is not recognised as a fundamental human right is a serious limitation of the charter and universal declaration. And yet, it comes up regularly.
I’m the scientist who purified the water that the criminal used to get enough strength to run away. I’m an accomplice now.
We have recent and specific case law around this. The cherry on top is it was Apple on the other side.
No, this is not how being an accomplice works in the U.S. It’s not how it works anywhere with the rule of law.
> The first assigns the user an anonymous IP address that maps to their region but not their actual location. The second decrypts the web address they want to visit and forwards them to their destination. This separation of information protects the user’s privacy because no single entity can identify both who a user is and which sites they visit.
Apple is not saying nobody can deanonymize you - they are being very careful to only state that no single entity can deanonymize you. Hence you should still assume this is not a good protection against any entity with subpoena power, or the ability to compel the cooperation of Apple and their 3rd-party egress relay providers.
Are they able to assign a set for an entire country? If so, that doesn't narrow it down all that much. However, major league sports blackouts wouldn't work, so is it by city?
Apple has already confirmed that other app traffic will go through iCloud Private Relay “no matter what networking API you're using”, with some exemptions:
> Not all networking done by your app occurs over the public internet, so there are several categories of traffic that are not affected by Private Relay.
> Any connections your app makes over the local network or to private domain names will be unaffected.
> Similarly, if your app provides a network extension to add VPN or app-proxying capabilities, your extension won't use Private Relay and neither will app traffic that uses your extension.
> Traffic that uses a proxy is also exempt.
Maybe I am missing something but I view this is a rather genius move. They have plausible deniability + actually introduce some protection for their users.
Not sure how to read the original post though. Is it praising Apple? Is it mocking them? We don't have to be polar of course, I am just wondering.
Courts can compel them to log this information, so all claims about not keeping logs are just theater. The second they're ordered to by a court in the US, they will.
So they can stop you from deleting existing logs, but they cannot require you to collect logs you aren't already collecting.
I have no idea how well this idea has been tested in court, but that's the theory on which providers who don't even have hard drives are relying.
Courts order individuals, businesses and officials to take actions as a matter of course: to stand trial, to comply with subpoenas, to adhere to a contract, to make restitution, and so on.
I am not deeply familiar with lawful intercept law and case law around national security letters (what little there is), but I would not gamble anything of value on the principle that courts cannot compel someone to take actions.
With an NSL, they could approach a company and require them to start collecting logs and also to not communicate about the new requirement, at which point a privacy-focused company's only choice would be to either comply or stop offering the VPN service entirely without saying why.
Without an NSL, the company would be free to communicate about why it was no longer offering the VPN service, or to announce that they were going to be logging from that point on, giving people an option to stop using the service if that's a problem for them.
But not having a hard drive in place currently, that prevents the courts from getting information about any activity before the court order or NSL is issued, as far as I can tell, which I guess is what those companies are counting on.
Not an easy business to be in, in any case.
Sounds like praise to me.
Having a US megacorporation kill a whole market segment and pull it into their monopolized walled garden sure seems like an improvement. After all, they pinky promise they will not ever abuse that! /s
Every single field you mention was thriving when there were multiple players fighting over your money and have started to become exploitative and abusive as soon as one player killed the others and started rent-seeking. Competition is crucial for market economy to work.
I find it utterly bizarre that someone educated would think that a death of market by megacorp monopoly would somehow drive improvement.
The differentiation is purely marketing. Some VPN providers are basically grey market means to bypass TV blackouts. Others claim to be privacy focused, but are in fact the opposite. A few are actually privacy focused.
IMO, having megacorp(s) roll up the junk use cases actually drives meaningful competition by putting the lousy players out of business or driving consolidation in a crowded market.
Competition is great and works, except when it isn’t and doesn’t. Dogmas are usually bad, try to avoid them.
>Preference falsification is the act of communicating a preference that differs from one's true preference. The public frequently conveys, especially to researchers or pollsters, preferences that differ from what they truly want, often because they believe the conveyed preference is more acceptable socially.
The reason why the VPN business is booming is to avoid those pesky content infringement letters, and to workaround geo restrictions.
OP is upset that they advertise themselves as privacy tools, but that's just marketing.
I find it funny that people here mistrust companies like Facebook and Google, but then turn around and hand off their entire network activity to a faceless, anonymous VPN company.
Yes, I get that now my VPN provider can build that data profile, but I am certain that my ISP is a vile monopoly that has corrupted the regulators that are supposed to represent me.
That’s complete FUD. HTTPS completely avoids this issue (especially with a bank). Very few websites use HTTP now.
While VPNs do have their valid use (preventing your ISP from spying, changing geolocation, and private networks for eg, work), most of the marketing is spreading misinformation.
They don't tend to advertise that. Some do, but it's not their main message, because "prevent ISPs from spying" is cleaner.
iCloud+ does not solve this, so there will be a sustained need for VPNs, particularly those that invest effort into into avoiding Netflix blacklists.
IME of podcast advertising they all advertise this very openly.
I've also heard this from a reputable news source (NPR) in the past few years, even though it hasn't been true for banks for at least 15 years, ~5 for most websites.
A lot of browsers have their own root chain, and also now do certificate pinning, so will (IIRC) only accept specifically designated certs for particular sites (doesn't Google/Chrome/Gmail do this?).
Not really, because, you can use on-demand certificate issuance.
Hell, if you really want to, you can even name your certificates the same as existing certificates and the only way to detect the forgery would be to compare the actual public keys (and who does THAT).
I feel like I'm writing an evil roadmap here, but, you can even do multiple root certs with different names and trust them all, do a whole "fake" PKI infrastructure which would be impossible to detect unless you were comparing the actual keys.
Yeah, just imagine being beholden to some federal statue impropriety (easiest in taxes) and running one of the these vpn organizations...
If you are only hiding from your local network and ISP its fine
If you want to do that and change your location to a website it’s fine
If you are hiding from any government for a civil or criminal charge it is not fine
If you are hiding from any government intelligence so nobody knows anything it is not fine
It doesnt matter what “no logging” claims the internet reseller has, this is not verifiable and can also change at any moment
This isn’t true though, they have specified who the independent third parties will be: CloudFlare Warp, Fastly, and Akamai. See here: https://www.barrons.com/articles/fastly-stock-outage-think-a...
I don't think Apple cares as much about video content providers, though.
A more likely reason is that video streaming services with georestrictions like Netflix, Amazon, or BBC would have lost their minds.
But I agree that making the exit node in the same country probably goes beyond video content providers, it avoids all sorts of potential legal, diplomatic and practical issues.
Not being able to watch Netflix, Amazon Video etc. in Safari seems like something Apple would in fact care about.
It does mean you now have to trust Apple since that's the first hop. However you're already doing this when you spin up your AWS Lightsail Wireguard instance, say. AWS can see ingress and egress traffic and so you just need AWS to not be part of your threat model. Same here. Though I dont see this as too much of a problem since it applies to devices and services where you've already made this explicit choice.
The app limitation thing is a shame and hopefully there will be an API at a later date.
The exit node choice based on exit-locality kinda makes me think Apple either:
- Want to restrict this service being (ab)used for geolocked content (Netflix etc)
- Want to speed up the service by providing the closest exit node (Performance)
Of course given all the FBI cases, you also have to consider other possibilties for the creation of this service.
This will still be your fixed IP, not adding much to your privacy.
Google, the engineering company, always plays second fiddle to Google, the advertising company.
apple having less advertising influence is more trustworthy, I think, in terms of privacy. don’t lump google in with them.
Meanwhile apple has many many anti consumer anti competitive policies so while I may trust my privacy with them more, I wouldn’t trust them to fight for my privacy rights in the long run.
Worrying about the carriers was really hot for a while especially post Snowden, but it’s really not a genuine threat.
Some of them make sense to me, i.e. China which has a long history of censoring their citizens.
But in particular, I'm trying to find out why South Africa is on that list seeing as I live there.
Edit: In , Apple is quoted as saying, "We respect national laws wherever we operate" but did not elaborate further.
And, of course it could be politics. The South African government, I wouldn’t know, but it could be possible that they wouldn’t let tech companies from the US build servers in their nation.
- This breaks DNS resolution for company-internal domains.
- This routes all my traffic through CloudFlare or another CDN I might or might not trust (yes, the IP is hidden, but not the data)
- it significantly slows down my internet access on my location.
- it tends to turn itself on again without my intervention
especially the last point is very problematic for me
I turned it on and actually forgot I did. Performance is decent here. I mean of course it's going to be worse than native, but that's the compromise.
As to trusting Cloudflare -- what do you mean? You understand your connection is still TLS end-to-end encrypted (presuming that's what we're talking about), right? I mean...presuming the site your talking to isn't using Cloudflare SSL. In no way does this reduce that security. If you're talking about HTTP, well everyone in between can already see that.
Why is it so clear? An iPhone hotspot turns itself off as soon as a device disconnects, with no option to leave it on, presumably for security or battery reasons.
Of course I’m talking about the beta version. But I can assure you that once I found out that it interferes with internal DNS, I turned it off (it’s on by default on the current betas) and a day later it was back on.
That’s what I meant with „it turns itself on again“
Funny story, I was shocked and quite annoyed that an iPhone automatically turns on Wifi and stuff every day by itself - even if you turn it off...
Still dont know how to actually turn it off
Which makes it pretty clear it’s not a wifi kill switch but just a “my current connection is shit, let me use cellular” button.
it’s not quite as egregious, but it reminds me of how a lot of desktop apps now just minimise to tray rather than actually ending the process when you click the close button. discord is probably the worst offender for that, since it’s not (that I’m aware) a customisable behaviour
Apple gains nothing from your WiFi re-engaging. But many users do because, as another comment mentioned, people turn it off in control center because their connection is temporarily shit, or more likely just accidentally. Then they get to end of month and they have a monster cell overage.
Someone was using control center wrong (despite it very clearly indicating the use of the button). It's a learning experience.
No, I'm not wrong. I'm actually completely right. Control Center has always been a temporary toggle.
In case you’re just entirely misunderstanding what we’re talking about, I’m referring to being able to turn off the wifi when you swipe up from the bottom of the screen. This has been a feature since I’ve used an apple device, which is since iOS 5 or 6. Whether it’s been called “control centre” or not is irrelevant. That’s not even what I referred to it as in my first comment.
Settings > app settings - Window settings > close button - minimize to tray.
Turning this off causes Discord to quit completely when clicking the red X in the top right.
If you disable it from settings, it stays off.
The fact they can see unencrypted HTTP data is a downside with all VPNs. At least you have the double hop going in your favor.
As for turning on by itself, it’s annoying, but it is the very first developer-only preview so I’m not complaining yet.
Is this not the case for any VPN or proxying service? In fact, it could even be a security flaw if your internal domains were accessible on external VPN style endpoints?
There’s value in talking about issues early as it allows admins of corporate networks to make adjustments to their infrastructure (like introducing split dns rather than just have *.internal.example.com resolve to internal addresses) to be prepared for the eventual launch of this feature in September
No, it's not.
> In fact, it could even be a security flaw if your internal domains were accessible on external VPN style endpoints?
It would be, but then this is not something that happens on a network configured in the way you describe.
The root's observation is that it doesn't use the machine configured DNS. The overwhelming majority of VPNs also don't use the machine configured DNS. Maybe not "any", but if you're using a VPN you're generally going to want your DNS going over it as well.
But it is worth noting if you're on a corporate network, or if you use a DNS solution like NextDNS -- when you turn on PR those no longer play a part, at least to Safari traffic.
I’m not sure what kind of network you believe I described, but would be useful to have a clearer explanation from you.
Using TLS it certainly should be.
Because if it is instead actually unwrapping the connection somehow (eg. mitm) then they would be able to see the content, and that seems like a huge no-go -- both for the users, AND for apple as I would think it would open them up to liability.
note: they certainly would be able to see unencrypted http traffic regardless though.
This is listed as a known issue in the release notes
Why would it? The WWDC developer video clearly states that it’s only for public domains.
Isn't the great majority of your traffic HTTPS?
And to answer the original guy, no Apple does not add any headers or details to tell the destination what your IP address is. They just see that they're talking to an exit node somewhere approximal of your general region.
It doesn't replace a VPN into your company's or university's network (for accessing private resources).
It's not for accessing streaming TV in different regions.
HTTPS is already secure.
In theory it seems like it could be used for illegal torrent downloading, but given that Apple is in the media business, something tells me they'll do their best to block torrenting.
And for things like videoconferencing, it will almost certainly degrade performance to a degree (latency, bandwidth, or both).
The only thing left seems to be your ISP and/or coffee shop WiFi being able to track what IP addresses you communicate with. Instead, they don't, but Apple does. Is that really a benefit, or a benefit any average consumer cares about?
I wonder what advantage this gives over using NextDNS?
"YO, WHERE'S THE GROCERY STORE AGAIN? ALSO AFTER THAT I'M VISITING THE STRIP CLUB, AGAIN."
NextDNS turns that shout into a signal/telegram message, to a different neighbor. There's still a neighbor involved, but at least the neighborhood doesn't get to hear anymore.
If they include DNS in the onion routing scheme, it turns into a game of telephone, where the neighbor doesn't know you anymore.
Your traffic, and directions become more private.
The beauty of Apple’s double hop is that if one partner was hacked, secretly wiretapped, or had lied about not keeping logs, your connection would still be private.
But, that assumes that nobody on this network is keeping logs. If they are, then it could be theoretically possible to piece them together. However considering Apple’s marketing with privacy, it would be interesting to see whether they keep logs on each endpoint or not.
Many claim they don't have logs, and my understanding is that it has been sometimes revealed that they do have logs. Also, how do you run a server without logs? Many think those claims are BS.
I believe everything is encrypted on device before being sent to Apple.
Apple doesn’t know where you’re going.
It's in Apple's best interest to keep the bare minimum information they need from their end-user.
Courts can compel them to keep logs.
So how do you assemble “all traffic to this site” even by subpoenaing both parties?
It would work the other way around as well (going from visited sites to a given Apple id). If you can monitor all nodes in an onion routing network, you can deanonymize everybody.
This means that Apple’s logs would say this user authenticated and passed some encrypted stuff to Fastly, and Fastly would say that it received requests from Apple, without an identifier to match it up against the first request.
Once this scales and Apple has millions of requests incoming, there will be no way to conclusively prove that two requests are the same.
In which case a double subpoena is again useless. And this assuming they keep logs - if they don’t keep logs, which is more likely, it’s even more useless.
This also aligns with something we currently know. Apple says they can’t see your requests. This implies that they just pass data along in an encrypted format to their partners. So all Apple does is make it so their partners don’t know your device, and the partners ensure Apple doesn’t know your request.
Ultimately, even if logs were kept, there would have to be a unique identifier of some sort that was passed on to the second server from the first server to break the system. You decide the odds that they did that. Sounds a lot like an IP Address, in which case why not just build a classic VPN?
I wouldn’t expect them to log it, personally, I think that can only lead to headaches down the line. My reason for responding is just that I disagree that there is no way for another party to associate all requests even if Apple & exit node both fully cooperate and keep logs.
My personal threat model doesn't include state level actors, but if it did I would certainly differentiate between a solution that the NSA can break with some expense and one that my local police department can break with a warrant.
My actual threat model is advertisers, so I think the Apple solution is quite elegant and will serve me well. It shouldn't be conflated with TOR though.
Why haven't there been more onion routing projects. (Maybe there have been and I am just not aware.)
Perhaps the same reason(s) we never saw widespread adoption of remote proxies, despite their usefulness in many situations.
Although in some respects onion routing seems quite an improvement over "simple" proxies.
Tor isn't very large as it is, and (I would guess) it's the largest. If another onion routing network didn't grow the audience, you would have two even smaller networks.
> the Tor network can carry most kinds of traffic
Isn't Tor limited to routing TCP? That would rule out QUIC, for example.
I seriously doubt any reasonable video streaming service would cut off such a huge chunk of their user base just because they are using an iPhone.
Expected this to take the top spot right after the keynote.
Surely TOR is a type of VPN?
Maybe there’s some details I’m missing. I’m no expert
However WARP, being more like a VPN, requires you to trust Cloudflare to not log DNS lookups / the servers you connect to and associate that with your origin IP.
Why do I hesitate to call WARP a real VPN? It reveals your actual IP address to websites you visit via X-Forwarded-For. 
Also I think the fact that iCloud Private Relay will be built-in makes it more private than WARP — more users’ traffic will come out of each node.
: Obviously this is imperfect because the Apple (which knows your IP) and third-party (which knows the network traffic) nodes will likely be in the same jurisdiction as each other, subject to the same laws, as mentioned by other commenters.
edit: typo, line break, clarified Private Relay concept
Sorry, purely a curiosity I didn't mean to come across as calling you out
It's also made by the same team as Windscribe.
- A nextDNS user having that same question answered by official team
I've also found that I still get creepily-targeted advertising, which is presumably based on IP. For example, I watched a youtube video in Firefox Focus on my iPhone. Later that day, I saw a youtube recommendation for a very similar video (on a topic that I do not ever engage with, except for the single video earlier that days) on my laptop, in Safari.
I use NextDNS on both devices. It's nice, but it's not a silver bullet.
Had few instances where some websites do not work when ad scripts are blocked. I had to debug while traveling and my wife is not too keen on tinkering with the Raspberry Pis.
NextDNS have similar issues, lots of newsletter unsubscription just fails. For NextDNS, I can just ask my wife, "Click that Shield Icon and Disable for sometime." For Mobile devices, "Open NextDNS and slide the Disable button."
Still, this is interesting.
Also the corollary would be, that anyone who is able to bypass the protection mechanisms Apple has in place to control DDoS, can use it to DDoS a service like Google, Microsoft and get the entire service banned for all iCloud+ users. Right?
Additionally, Cloudflare themselves, one of Apple's third party partners, offer DDoS protection services. Because they see all the exit traffic, they'd be able to detect the DDoS and block it.
I can't see Cloudflare putting themselves in the position of needed to protect their clients from themselves ...
Pretty sure Nord already does. Probably others.
How could it be a "sop" to video services, isn't it exactly what they want, no more no less?
However, there are many reasons why a video service might want each user to be individually identifiable by IP.
- Many media items are contractually region-locked
- The same user from too many simultaneous IPs might mean shared credentials, a perceived loss of revenue
- The same user from geographically disparate IPs might also mean shared credentials, even if not simultaneous.
I'm sure there are more.
Region locking is fine right, that’s exactly what Cloud+ provides, same thing with your third point.
As to the second one, I don’t know how big the simulated regions are but i suppose it will look like different houses at least. I’m sure netflix will think of something though.
Were we? I read "on-line video providers," which could as easily be the BBC or YouTube as Netflix. It seems like your most recent comment is the first one to mention streaming.
In any case, I think I've answered the question.
I wish there was a non-dubious VPN service with an exit in a non GDPR country, or at least one with internet privacy. I rolled a strongswan VPN through AWS EC2 but all the egress points are in countries that can be exposed.
Two part strategy as always:
1. Get yourself in-between of an already functioning system, by force if needed
2. Abuse your market position to gain millions of users, make it super easy to use this as default, and make existing players compete for their 70% share of what they already were earning.
- Enjoy new billions on top of existing trillions
A pretty decent overview of the scope of the product.
As mentioned in the video, the service also is involved if your app does HTTP over port 80, offering at least some marginal level of improvement. Otherwise it leaves your app traffic as is.
As to Mail, the linked comment mentions that but I don't remember it being a part of the solution (nor does it seem feasible that it could be). Apple offers privacy improvements in mail, but not via the private relay.
Privacy Relay is also discussed in the privacy pillars video for a few minutes, starting at 24m30s.
- VPNs are actually less private than iCloud+ double hop design, but could be much faster due to only having a single hop.
- Unlike a VPN, you can’t choose the location of the server you exit at, and the exit server cannot be in a different nation. If you are in the US, iCloud+‘s relays are in the US. No circumventing georestrictions here.
- Apple does not market their service as a VPN and never said it is one. For most customers, they don’t know this is a VPN substitute because it doesn’t call itself one. So if you have “VPN” in your mind, this isn’t something you think of as an option.