---

Message-ID: <20220118142306.GA21962@telecom.csail.mit.edu> Date: Tue, 18 Jan 2022 14:23:06 +0000 From: Bill Horne <malQRMassimilation@gmail.com> Subject: Re: T-Mobile begins blocking iPhone users from enabling iCloud Private Relay in the US On Mon, Jan 17, 2022 at 02:39:29PM -0600, Doug McIntyre wrote: > "Dave Garland" <dave.garland@wizinfo.com> writes: > >On 1/10/2022 3:35 PM, Monty Solomon wrote: > >>> Now, in addition to some carriers in Europe, it appears that >>> T-Mobile/Sprint in the United States is also blocking iCloud Private >>> Relay access when connected to cellular data. > >> Not being an Apple user, I gotta ask, does iCloud Private Relay do >> anything that a VPN doesn't? My VPN vendor has an apps for Android and >> iOS, as well as most desktop OS and the popular web browsers. This >> must be pretty standard, I checked a few of the reputable ones (Nord, >> PIA, Express, Mullvad) and they all did. Only issue is, they're not >> free and included on the phone. > > I believe many VPNs don't necessarily force DNS requests all over the > tunnel, and still uses the local DNS resolvers as defined by the > local setup (at least a few VPN services I have used have acted this > way, I can't say definitively what every service does). I'm sorry, but we're missing the point by debating the technical details. This isn't a problem caused by technical methods or procedures. This blocking is due to a squable between two major players in the mobile Internet sector of the industry: Apple wants it's users to think that their click lists aren't going to be inspected by cellular carriers. One of those carriers is fighting back by putting up a blockade and demanding that Apple share the (immense) wealth that comes from selling the click lists of iPhone users. Apple has spent a long time constructing a Potemkin Village, made from press releases and posturing, where they try to demand that their users pay attention to the smoke and mirrors, and ignore that man behind the curtain: the company has been staging Kabuki theatre episodes that feature sincerly pretty spokesmen claiming that Apple is standing on principle, and denying local law enforcement this or that detail from this or that suspect in this or that local crime, but none of it matters. We could debate - endlessly - the merits or demerits of any given company's "security" features, but it's shadow boxing: the NSA vacuums up anything it wants to see, and delivers those printouts to any government employee or officeholder that asks for them. The question we need to talk about is WHY U.S. citizens don't have anything but a small fraction of the privacy protections European cellular users enjoy. THAT is worth talking about. Bill -- Bill Horne (Please remove QRM from my email address to write to me directly)

---

Message-ID: <jqudnbFdKZKcSXj8nZ2dnUU7-RvNnZ2d@giganews.com> Date: 17 Jan 2022 14:39:29 -0600 From: "Doug McIntyre" <merlyn@dork.geeks.org> Subject: Re: T-Mobile begins blocking iPhone users from enabling iCloud Private Relay in the US "Dave Garland" <dave.garland@wizinfo.com> writes: >On 1/10/2022 3:35 PM, Monty Solomon wrote: >> Now, in addition to some carriers in Europe, it appears that >> T-Mobile/Sprint in the United States is also blocking iCloud Private >> Relay access when connected to cellular data. > Not being an Apple user, I gotta ask, does iCloud Private Relay do > anything that a VPN doesn't? My VPN vendor has an apps for Android and > iOS, as well as most desktop OS and the popular web browsers. This > must be pretty standard, I checked a few of the reputable ones (Nord, > PIA, Express, Mullvad) and they all did. Only issue is, they're not > free and included on the phone. I believe many VPNs don't necessarily force DNS requests all over the tunnel, and still uses the local DNS resolvers as defined by the local setup (at least a few VPN services I have used have acted this way, I can't say definitively what every service does). Part of the meta data providers suck up is through DNS lookups. Comcast pretty was hard opposed to DNS over HTTP until they setup their own DoH servers so they can still collect their meta data. Their xFi routers have no option to setup your own DNS servers (by some reports) to be handed out via DHCP to your network (you could always do this manually yourself, but the percentage of users that do that is a rounding error). iCloud Private Relay does tunnel both web traffic and DNS through Apple's network, and then a 2nd hop through the CDN network. Also, iCloud Private Relay does rotate exit IP addresses from time to time, while a VPN service probably will have you come out of the same exit IP everytime you connect through the endpoint you choose. Of course, you could always switch up your end VPN endpoints from time to time to mimic this, but the private relay does it automatically. So, a few differences. -- Doug McIntyre doug@themcintyres.us